w0lfzhang's Stars
fenixsoft/awesome-fenix
讨论如何构建一套可靠的大型分布式系统
e11i0t4lders0n/SAML-SSO
feihong-cs/ShiroExploit-Deprecated
Shiro550/Shiro721 一键化利用工具,支持多种回显方式
lwch/natpass
🔥居家办公,远程开发神器
github/codeql
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
felixgr/pytaint
cdaller/security_taint_propagation
Java taint propagation for java. Define tainted sources, sanitizer methods and sinks via aspects.
zerothoughts/spring-jndi
Proof of concept exploit, showing how to do bytecode injection through untrusted deserialization with Spring Framework 4.2.4
knownsec/pocsuite3
pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.
projectdiscovery/nuclei-templates
Community curated list of templates for the nuclei engine to find security vulnerabilities.
projectdiscovery/nuclei
Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.
roadwy/RIP
baidu/openrasp
🔥Open source RASP solution
HXSecurity/DongTai
Dongtai IAST is an open-source Interactive Application Security Testing (IAST) tool that enables real-time detection of common vulnerabilities in Java applications and third-party components through passive instrumentation. It is particularly suitable for use in the testing phase of the development pipeline.
tangxiaofeng7/SecExample
JAVA 漏洞靶场 (Vulnerability Environment For Java)
HXSecurity/DongTai-agent-java
Java Agent is a Java application probe of DongTai IAST, which collects method invocation data during runtime of Java application by dynamic hooks.
phith0n/JavaThings
Share Things Related to Java - Java安全漫谈笔记相关内容
JackOfMostTrades/gadgetinspector
A byte code analyzer for finding deserialization gadget chains in Java applications
httpvoid/writeups
wh1t3p1g/tabby
A CAT called tabby ( Code Analysis Tool )
wh1t3p1g/ysomap
A helpful Java Deserialization exploit framework.
ossec/ossec-hids
OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
snail007/goproxy
🔥 Proxy is a high performance HTTP(S) proxies, SOCKS5 proxies,WEBSOCKET, TCP, UDP proxy server implemented by golang. Now, it supports chain-style proxies,nat forwarding in different lan,TCP/UDP port forwarding, SSH forwarding.Proxy是golang实现的高性能http,https,websocket,tcp,socks5代理服务器,支持内网穿透,链式代理,通讯加密,智能HTTP,SOCKS5代理,黑白名单,限速,限流量,限连接数,跨平台,KCP支持,认证API。
rushter/socks5
A toy socks 5 server written in Python
LandGrey/SpringBootVulExploit
SpringBoot 相关漏洞学习资料,利用方法和技巧合集,黑盒安全评估 check list
GrrrDog/Java-Deserialization-Cheat-Sheet
The cheat sheet about Java Deserialization vulnerabilities
joaomatosf/jexboss
JexBoss: Jboss (and Java Deserialization Vulnerabilities) verify and EXploitation Tool
w0lfzhang/sonicwall-cve-2019-7482
neex/phuip-fpizdam
Exploit for CVE-2019-11043
frohoff/ysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.