octa's Stars
BlackFan/content-type-research
Content-Type Research
yunxu1/jboss-_CVE-2017-12149
CVE-2017-12149 jboss反序列化 可回显
insightglacier/Shiro_exploit
Apache Shiro 反序列化漏洞检测与利用工具
andrewkrug/securing-the-cloud-supplemental
Supplemental templates for securing the cloud.
Swordfish-Security/Checkmarx-Custom-Query-Rules
GrrrDog/weird_proxies
Reverse proxies cheatsheet
jas502n/Grafana-CVE-2021-43798
Grafana Unauthorized arbitrary file reading vulnerability
splitline/How-to-Hack-Websites
開源的正體中文 Web Hacking 學習資源 - 程式安全 2021 Fall
orangetw/awesome-jenkins-rce-2019
There is no pre-auth RCE in Jenkins since May 2017, but this is the one!
orangetw/My-CTF-Web-Challenges
Collection of CTF Web challenges I made
orangetw/My-Presentation-Slides
Collections of Orange Tsai's public presentation slides.
KingOfBugbounty/KingOfBugBountyTips
Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wish to influence Onelinetips and explain the commands, for the better understanding of new hunters..
hakluke/hakoriginfinder
Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs!
anunay-bhatt/secure-serverless-reference-architecture
A walkthrough of security controls for a serverless architecture via a demo application
jonaslejon/malicious-pdf
💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh
JDArmy/DCSec
域控安全one for all
sourque/louis
Linux EDR written in Golang and based on eBPF.
yuyan-sec/RedisEXP
Redis 漏洞利用工具
MrWQ/vulnerability-paper
收集的文章 https://mrwq.github.io/tools/paper/
DataDog/security-labs-pocs
Proof of concept code for Datadog Security Labs referenced exploits.
ffffffff0x/1earn
ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
IDouble/x86-Assembly-Reverse-Engineering
🛠 Knowledge about the topic of x86 assembly & disassembly 🛠
pimps/JNDI-Exploit-Kit
JNDI-Exploitation-Kit(A modified version of the great JNDI-Injection-Exploit created by @welk1n. This tool can be used to start an HTTP Server, RMI Server and LDAP Server to exploit java web apps vulnerable to JNDI Injection)
welk1n/JNDI-Injection-Exploit
JNDI注入测试工具(A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc)
sindresorhus/awesome
😎 Awesome lists about all kinds of interesting topics
paragonie/awesome-appsec
A curated list of resources for learning about application security
shack2/javaserializetools
Java反序列化漏洞利用工具V1.0 Java反序列化相关漏洞的检查工具,采用JDK 1.8+NetBeans8.2开发,软件运行必须安装JDK 1.8或者以上版本。 支持:weblogic xml反序列化漏洞 CVE-2017-10271/CNVD-C-2019-48814/CVE-2019-2725检查。
Veraxy00/XStream-vul-poc
XStream相关漏洞POC及分析复现环境
sh377c0d3/Payloads
Payload Arsenal for Pentration Tester and Bug Bounty Hunters
ffffffff0x/Pentest101
一些关于渗透测试的Tips