Pinned Repositories
0day
各种CMS、各种平台、各种系统、各种软件漏洞的EXP、POC ,该项目将持续更新
1earn
ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
404StarLink
404StarLink - 推荐优质、有意义、有趣、坚持维护的安全开源项目
Above
Invisible network protocol sniffer
akamai-security-research
This repository includes code and IoCs that are the product of research done in Akamai's various security research teams.
Android-Vulnerability-Mining
Android APP漏洞之战系列,主要讲述如何快速挖掘APP漏洞
hackingtool
ALL IN ONE Hacking Tool For Hackers
ituring_books
图灵程序设计丛书分享
Tbed
Hellohao图床、图像托管/分享/水印、存储源分发、图像管理、前后端分离。https://tbed.wwery.com
Vuln-POC
一个各类漏洞POC知识库
only-sunny's Repositories
only-sunny/Above
Invisible network protocol sniffer
only-sunny/Challenges_2024_Public
Files + Solutions for DownUnderCTF 2024 Challenges
only-sunny/CVE-2024-38077-POC
原文已被作者删除,备份用,非原创,EXP & POC
only-sunny/CVE-2024-39943-Poc
CVE-2024-39943 rejetto HFS (aka HTTP File Server) 3 before 0.52.10 on Linux, UNIX, and macOS allows OS command execution by remote authenticated users (if they have Upload permissions). This occurs because a shell is used to execute df (i.e., with execSync instead of spawnSync in child_process in Node.js).
only-sunny/DecryptTools
DecryptTools-综合解密
only-sunny/docker_practice
Learn and understand Docker&Container technologies, with real DevOps practice!
only-sunny/eBSploit
eBSploit适用于内网渗透中遇到MS17-010漏洞的情况快速上线公网msf及cs,同时支持自定义dll命令执行、会话迁移等操作。
only-sunny/ElectricRat
电气鼠靶场系统是一种带有漏洞的Web应用程序,旨在为Web安全渗透测试学习者提供学习和实践的机会。The Electrical Mouse Target Range System is a web application with vulnerabilities designed to provide learning and practice opportunities for web security penetration testing learners.
only-sunny/enhanced-FaaS-in-China
提升部署在cloudflare、vercel或netlify的网页在**的访问速度和稳定性 Improve the access speed and stability in China of web pages hosted on cloudflare, vercel or netlify by merely changing your CNAME record
only-sunny/FastJsonParty
FastJson全版本Docker漏洞环境(涵盖1.2.47/1.2.68/1.2.80等版本),主要包括JNDI注入及高版本绕过、waf绕过、文件读写、原生反序列化、利用链探测绕过、不出网利用等。从黑盒的角度覆盖FastJson深入利用
only-sunny/FindEverything
内网渗透过程中搜寻指定文件内容,从而找到突破口的一个小工具
only-sunny/fuso
一款体积小, 快速, 稳定, 高效, 轻量的内网穿透, 端口转发工具 支持多连接,级联代理,传输加密 (A small volume, fast, stable, efficient, and lightweight intranet penetration, port forwarding tool supports multiple connections, cascading proxy, and transmission encryption)
only-sunny/hacktricks
Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
only-sunny/Helios
Helios: Automated XSS Testing
only-sunny/JavaThings
Share Things Related to Java - Java安全漫谈笔记相关内容
only-sunny/MultiDump
MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly.
only-sunny/OpenArk
The Next Generation of Anti-Rookit(ARK) tool for Windows.
only-sunny/OSCP
OSCP Cheat Sheet
only-sunny/Pearcleaner
A free, source-available and fair-code licensed mac app cleaner
only-sunny/Penetration_Testing_POC1
渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
only-sunny/Proxyman
Modern. Native. Delightful Web Debugging Proxy for macOS, iOS, and Android ⚡️
only-sunny/SafeLine
serve as a reverse proxy to protect your web services from attacks and exploits.
only-sunny/SecAutoBan
恶意IP全自动封禁平台。支持收集如下安全设备告警:长亭WAF社区版(SafeLine)、微步蜜罐HFish、奇安信天眼、奇安信椒图、绿盟WAF、科来网络安全分析审计系统。支持如下设备联动封禁:RouterOS、OPNsense、CheckPoint、奇安信防火墙、旁路阻断(无需设备配合)
only-sunny/SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
only-sunny/study
Java全栈工程师学习笔记;Spring、shiro、CAS、oauth2单点登录;cache 、Redis; web 安全及解决思路;redis、mq、quartz、docker;Docker各种组件实践等;mybatis、spring、spring boot实践;分布式锁;基于分库分表等等;Java full-stack engineer study notes; Spring, shiro, CAS, oauth2 single sign-on; cache, Redis; web security and solutions; redis, mq, quartz, docker; Docker various component practices, etc.;
only-sunny/toolkit
The essential toolkit for reversing, malware analysis, and cracking
only-sunny/Training-Malware-BC
Training-Malware-BC | Threat Hunting
only-sunny/Translate_video_slides
自动提取的翻译视频中未提供的PPT部分
only-sunny/vulhub
Pre-Built Vulnerable Environments Based on Docker-Compose
only-sunny/ysogate
Java反序列化/JNDI注入利用工具,支持多种高版本bypass,支持回显/内存马等多种扩展利用。