Pinned Repositories
2022-HW-POC
2022 护网行动 POC 整理
AD_Pentest
红队|域渗透重要漏洞汇总(持续更新)
AltDeploy
And64InlineHook
Lightweight ARMv8-A(ARM64, AArch64, Little-Endian) Inline Hook Library for Android C/C++
android-afl
Fuzzing Android program with american fuzzy lop (AFL)
blasting
JADXecute
JADX-gui scripting plugin for dynamic decompiler manipulation
modernization
summary for code analysis and auto-refactor。《代码分析与自动化重构》 - 如何自己动手设计源码解析、构建代码的代码模型、可视化代码、以及如何进行自动化的重构和守护。
rita
Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis.
SoFixer
sanchahua's Repositories
sanchahua/JADXecute
JADX-gui scripting plugin for dynamic decompiler manipulation
sanchahua/Arjun
HTTP parameter discovery suite.
sanchahua/BabukRansomwareSourceCode
Leaked source code of the babuk ransomware by VXUG
sanchahua/CDK
📦 Make security testing of K8s, Docker, and Containerd easier.
sanchahua/CVE-2024-3596-Detector
sanchahua/cve-2024-6387-poc
a signal handler race condition in OpenSSH's server (sshd)
sanchahua/DecryptTools
DecryptTools-综合解密
sanchahua/donut
DONUTS DONUTS DONUTS 🍩
sanchahua/donut-1
Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters
sanchahua/dumpall
一款信息泄漏利用工具,适用于.git/.svn/.DS_Store泄漏和目录列出
sanchahua/FastJsonParty
FastJson全版本Docker漏洞环境(涵盖1.2.47/1.2.68/1.2.80等版本),主要包括JNDI注入及高版本绕过、waf绕过、文件读写、原生反序列化、利用链探测绕过、不出网利用等。从黑盒的角度覆盖FastJson深入利用
sanchahua/gitlab-version-nse
Nmap script to guess* a GitLab version.
sanchahua/grype
A vulnerability scanner for container images and filesystems
sanchahua/inspector
IDEA代码审计辅助插件(深信服深蓝实验室天威战队强力驱动)
sanchahua/java-memshell-scanner
通过jsp脚本扫描并查杀Tomcat内存马,当前支持Servlet-api、Tomcat-Value、Timer、Websocket 、Upgrade 、ExecutorShell内存马的查杀逻辑。
sanchahua/JavaRce
Common Exploitation Techniques for Java RCE Vulnerabilities in Real-World Scenarios | 实战场景较通用的 Java Rce 相关漏洞的利用方式
sanchahua/JavaSec
a rep for documenting my study, may be from 0 to 0.1
sanchahua/Mshell
Memshell-攻防内存马研究
sanchahua/mysql-fake-server
MySQL Fake Server (纯Java实现,内置常见Java反序列化Payload,支持GUI版和命令行版,提供Dockerfile)
sanchahua/NextScan
飞刃是一套完整的企业级黑盒漏洞扫描系统,集成漏洞扫描、漏洞管理、扫描资产、爬虫等服务。 拥有强大的漏洞检测引擎和丰富的插件库,覆盖多种漏洞类型和应用程序框架。
sanchahua/passive-scan-client
Burp被动扫描流量转发插件
sanchahua/POC
2023HW漏洞整理,收集整理漏洞EXp/POC,大部分漏洞来源网络,目前收集整理了100多个poc/exp
sanchahua/ProcMonXv2
Process Monitor X v2
sanchahua/RuoYi-Vue
:tada: (RuoYi)官方仓库 基于SpringBoot,Spring Security,JWT,Vue & Element 的前后端分离权限管理系统,同时提供了 Vue3 的版本
sanchahua/secguide
面向开发人员梳理的代码安全指南
sanchahua/SecurityList
A list for Web Security and Code Audit
sanchahua/sshd_backdoor
/root/.ssh/authorized_keys evil file watchdog with ebpf tracepoint hook.
sanchahua/SSLShell
sanchahua/swallow
代码审计自动化系统,底层架构为蜻蜓编排系统,墨菲SCA,fortify,SemGrep,hema
sanchahua/zui
Zui is a powerful desktop application for exploring and working with data. The official front-end to the Zed lake.