octa

octa's Stars

• BlackFan/content-type-research

  Content-Type Research

  46248

• yunxu1/jboss-_CVE-2017-12149

  CVE-2017-12149 jboss反序列化 可回显

  Language:Java20658

• insightglacier/Shiro_exploit

  Apache Shiro 反序列化漏洞检测与利用工具

  Language:Python501124

• andrewkrug/securing-the-cloud-supplemental

  Supplemental templates for securing the cloud.

  Language:Python3228

• Swordfish-Security/Checkmarx-Custom-Query-Rules

  131

• GrrrDog/weird_proxies

  Reverse proxies cheatsheet

  Language:Python1.8k204

• jas502n/Grafana-CVE-2021-43798

  Grafana Unauthorized arbitrary file reading vulnerability

  Language:Go35090

• splitline/How-to-Hack-Websites

  開源的正體中文 Web Hacking 學習資源 - 程式安全 2021 Fall

  Language:PHP49749

• orangetw/awesome-jenkins-rce-2019

  There is no pre-auth RCE in Jenkins since May 2017, but this is the one!

  Language:Python603132

• orangetw/My-CTF-Web-Challenges

  Collection of CTF Web challenges I made

  Language:PHP2.7k476

• orangetw/My-Presentation-Slides

  Collections of Orange Tsai's public presentation slides.

  70577

• KingOfBugbounty/KingOfBugBountyTips

  Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wish to influence Onelinetips and explain the commands, for the better understanding of new hunters..

  Language:Go4.2k792

• hakluke/hakoriginfinder

  Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs!

  Language:Go837108

• anunay-bhatt/secure-serverless-reference-architecture

  A walkthrough of security controls for a serverless architecture via a demo application

  Language:HCL11

• jonaslejon/malicious-pdf

  💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh

  Language:Python2.8k378

• JDArmy/DCSec

  域控安全one for all

  684110

• sourque/louis

  Linux EDR written in Golang and based on eBPF.

  Language:Go22943

• yuyan-sec/RedisEXP

  Redis 漏洞利用工具

  Language:Go776104

• MrWQ/vulnerability-paper

  收集的文章 https://mrwq.github.io/tools/paper/

  Language:Python1.7k396

• DataDog/security-labs-pocs

  Proof of concept code for Datadog Security Labs referenced exploits.

  Language:C41558

• ffffffff0x/1earn

  ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

  Language:C++5.3k1.2k

• IDouble/x86-Assembly-Reverse-Engineering

  🛠 Knowledge about the topic of x86 assembly & disassembly 🛠

  Language:Assembly12730

• pimps/JNDI-Exploit-Kit

  JNDI-Exploitation-Kit（A modified version of the great JNDI-Injection-Exploit created by @welk1n. This tool can be used to start an HTTP Server, RMI Server and LDAP Server to exploit java web apps vulnerable to JNDI Injection）

  Language:Java886166

• welk1n/JNDI-Injection-Exploit

  JNDI注入测试工具（A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc）

  Language:Java2.6k723

• sindresorhus/awesome

  😎 Awesome lists about all kinds of interesting topics

  323k27.6k

• paragonie/awesome-appsec

  A curated list of resources for learning about application security

  Language:PHP6.3k730

• shack2/javaserializetools

  Java反序列化漏洞利用工具V1.0 Java反序列化相关漏洞的检查工具，采用JDK 1.8+NetBeans8.2开发，软件运行必须安装JDK 1.8或者以上版本。 支持：weblogic xml反序列化漏洞 CVE-2017-10271/CNVD-C-2019-48814/CVE-2019-2725检查。

  Language:Java452115

• Veraxy00/XStream-vul-poc

  XStream相关漏洞POC及分析复现环境

  Language:Java43

• sh377c0d3/Payloads

  Payload Arsenal for Pentration Tester and Bug Bounty Hunters

  Language:PHP851178

• ffffffff0x/Pentest101

  一些关于渗透测试的Tips

  57885