Pinned Repositories
awesome-jenkins-rce-2019
There is no pre-auth RCE in Jenkins since May 2017, but this is the one!
bug-bounty-reference
Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature
JNDI-Injection-Bypass
Some payloads of JNDI Injection in JDK 1.8.0_191+
My-CTF-Web-Challenges
Collection of CTF Web challenges I made
My-Presentation-Slides
Collections of Orange Tsai's public presentation slides.
pysslShells
Finally, reverse/bind shells written in python, encrypted with ssl!
Some-PoC-oR-ExP
各种漏洞poc、Exp的收集或编写
Tiny-URL-Fuzzer
A tiny and cute URL fuzzer
tsh
Tiny SHell is an open-source UNIX backdoor.
Vulnerable-Django
orangetw's Repositories
orangetw/My-CTF-Web-Challenges
Collection of CTF Web challenges I made
orangetw/My-Presentation-Slides
Collections of Orange Tsai's public presentation slides.
orangetw/awesome-jenkins-rce-2019
There is no pre-auth RCE in Jenkins since May 2017, but this is the one!
orangetw/Tiny-URL-Fuzzer
A tiny and cute URL fuzzer
orangetw/bug-bounty-reference
Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature
orangetw/Some-PoC-oR-ExP
各种漏洞poc、Exp的收集或编写
orangetw/pysslShells
Finally, reverse/bind shells written in python, encrypted with ssl!
orangetw/JNDI-Injection-Bypass
Some payloads of JNDI Injection in JDK 1.8.0_191+
orangetw/J2EEScan
J2EEScan is a plugin for Burp Suite Proxy. The goal of this plugin is to improve the test coverage during web application penetration tests on J2EE applications.
orangetw/Java-Deserialization-Cheat-Sheet
The cheat sheet about Java Deserialization vulnerabilities
orangetw/how2heap
A repository for learning various heap exploitation techniques.
orangetw/wooyun_articles
wooyun_articles fork from
orangetw/Micro8
orangetw/pentest_study
orangetw/python-websocket-server
A simple fully working websocket-server in Python with no external dependencies
orangetw/scapy
Scapy: the Python-based interactive packet manipulation program & library. Supports Python 2 & Python 3.
orangetw/Windows-Exploit-Suggester
This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins.
orangetw/de4dot
.NET deobfuscator and unpacker.
orangetw/network-emulator
LD_PRELOAD POSIX network API emulator
orangetw/S2-046-PoC
S2-046-PoC
orangetw/ActiveScan3Plus
Modified version of ActiveScan++ Burp Suite extension
orangetw/asset-pipeline
The core implementation of the asset pipeline for the jvm
orangetw/gatekeeper
GATEKEEPER: Inline and on-target defense
orangetw/ModSecurity
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx that is developed by Trustwave's SpiderLabs. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. With over 10,000 deployments world-wide, ModSecurity is the most widely deployed WAF in existence.
orangetw/pathod
A pathological HTTP daemon
orangetw/Responder
Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
orangetw/sinatra
Classy web-development dressed in a DSL (official / canonical repo)
orangetw/spring-framework
Spring Framework
orangetw/test
orangetw/tw.edu-ctf-website
tw.edu-ctf-website