Pinned Repositories
awesome-jenkins-rce-2019
There is no pre-auth RCE in Jenkins since May 2017, but this is the one!
blog.orange.tw
static sites for blog.orange.tw
bug-bounty-reference
Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature
JNDI-Injection-Bypass
Some payloads of JNDI Injection in JDK 1.8.0_191+
My-CTF-Web-Challenges
Collection of CTF Web challenges I made
My-Presentation-Slides
Collections of Orange Tsai's public presentation slides.
pysslShells
Finally, reverse/bind shells written in python, encrypted with ssl!
Some-PoC-oR-ExP
各种漏洞poc、Exp的收集或编写
Tiny-URL-Fuzzer
A tiny and cute URL fuzzer
tsh
Tiny SHell is an open-source UNIX backdoor.
orangetw's Repositories
orangetw/My-CTF-Web-Challenges
Collection of CTF Web challenges I made
orangetw/My-Presentation-Slides
Collections of Orange Tsai's public presentation slides.
orangetw/awesome-jenkins-rce-2019
There is no pre-auth RCE in Jenkins since May 2017, but this is the one!
orangetw/Tiny-URL-Fuzzer
A tiny and cute URL fuzzer
orangetw/bug-bounty-reference
Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature
orangetw/Some-PoC-oR-ExP
各种漏洞poc、Exp的收集或编写
orangetw/blog.orange.tw
static sites for blog.orange.tw
orangetw/pysslShells
Finally, reverse/bind shells written in python, encrypted with ssl!
orangetw/JNDI-Injection-Bypass
Some payloads of JNDI Injection in JDK 1.8.0_191+
orangetw/Java-Deserialization-Cheat-Sheet
The cheat sheet about Java Deserialization vulnerabilities
orangetw/J2EEScan
J2EEScan is a plugin for Burp Suite Proxy. The goal of this plugin is to improve the test coverage during web application penetration tests on J2EE applications.
orangetw/how2heap
A repository for learning various heap exploitation techniques.
orangetw/wooyun_articles
wooyun_articles fork from
orangetw/python-websocket-server
A simple fully working websocket-server in Python with no external dependencies
orangetw/Micro8
orangetw/pentest_study
orangetw/scapy
Scapy: the Python-based interactive packet manipulation program & library. Supports Python 2 & Python 3.
orangetw/Windows-Exploit-Suggester
This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins.
orangetw/de4dot
.NET deobfuscator and unpacker.
orangetw/network-emulator
LD_PRELOAD POSIX network API emulator
orangetw/S2-046-PoC
S2-046-PoC
orangetw/ActiveScan3Plus
Modified version of ActiveScan++ Burp Suite extension
orangetw/asset-pipeline
The core implementation of the asset pipeline for the jvm
orangetw/ModSecurity
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx that is developed by Trustwave's SpiderLabs. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. With over 10,000 deployments world-wide, ModSecurity is the most widely deployed WAF in existence.
orangetw/pdfkit
A Ruby gem to transform HTML + CSS into PDFs using the command-line utility wkhtmltopdf
orangetw/Responder
Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
orangetw/sinatra
Classy web-development dressed in a DSL (official / canonical repo)
orangetw/spring-framework
Spring Framework
orangetw/test
orangetw/tw.edu-ctf-website
tw.edu-ctf-website