p0si0n0's Stars
SNCKER/CVE-2022-26134
[CVE-2022-26134]Confluence OGNL expression injected RCE with sandbox bypass.
cdk-team/CDK
📦 Make security testing of K8s, Docker, and Containerd easier.
Al1ex/CVE-2021-27928
CVE-2021-27928 MariaDB/MySQL-'wsrep provider' 命令注入漏洞
CsEnox/CVE-2022-2992
Authenticated Remote Command Execution in Gitlab via GitHub import
safe6Sec/Fastjson
Fastjson姿势技巧集合
su18/hack-fastjson-1.2.80
GrrrDog/Java-Deserialization-Cheat-Sheet
The cheat sheet about Java Deserialization vulnerabilities
wyzxxz/jndi_tool
JNDI服务利用工具 RMI/LDAP,支持部分场景回显、内存shell,高版本JDK场景下利用等,fastjson rce命令执行,log4j rce命令执行 漏洞检测辅助工具
nikaiw/CVE-2021-4034
PoC for CVE-2021-4034
vishnudevtj/exploits
RhinoSecurityLabs/pacu
The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
nixawk/labs
Vulnerability Labs for security analysis
lgandx/Responder-Windows
Responder Windows Version Beta
lgandx/PCredz
This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface.
horizon3ai/CVE-2021-38647
Proof on Concept Exploit for CVE-2021-38647 (OMIGOD)
uknowsec/Active-Directory-Pentest-Notes
个人域渗透学习笔记
luijait/PwnKit-Exploit
Proof of Concept (PoC) CVE-2021-4034
dirkjanm/CVE-2020-1472
PoC for Zerologon - all research credits go to Tom Tervoort of Secura
GoSecure/pyrdp
RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact
tomcarver16/SimpleInjector
A simple injector that uses LoadLibraryA
ffffffff0x/AboutSecurity
Everything for pentest. | 用于渗透测试的 payload 和 bypass 字典.
ffffffff0x/1earn
ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
PeiQi0/PeiQi-WIKI-Book
面向网络安全从业者的知识文库🍃
CCob/SweetPotato
Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019
HatBoy/Struts2-Scan
Struts2全漏洞扫描利用工具
thewhiteh4t/cve-2020-10977
GitLab 12.9.0 Arbitrary File Read
mindspoof/MSSQL-Fileless-Rootkit-WarSQLKit
WarSQLKit is a fileless rootkit and attack tool I developed for MS-SQL. With this tool you can rootkit the SQL service that uses CLR on MS-SQL servers. Thus, malicious code can be executed in the process memory of the SQL service without creating a malicious function
r0eXpeR/redteam_vul
红队作战中比较常遇到的一些重点系统漏洞整理。
c0ny1/FastjsonExploit
Fastjson vulnerability quickly exploits the framework(fastjson漏洞快速利用框架)
Wh04m1001/DFSCoerce