Pinned Repositories
jsEncrypter
一个用于前端加密Fuzz的Burp Suite插件
ysoserial.net
Deserialization payload generator for a variety of .NET formatters
BurpAPIFinder
攻防演练过程中,我们通常会用浏览器访问一些资产,但很多未授权/敏感信息/越权隐匿在已访问接口过html、JS文件等,该插件能让我们发现未授权/敏感信息/越权/登陆接口等。
go-zabbix-get
zabbix-get compatible command (Golang version)
JNDI-Inject-Exploit
解决FastJson、Jackson、Log4j2、原生JNDI注入漏洞的高版本JDKBypass利用,探测本地可用反序列化gadget达到命令执行、回显命令执行、内存马注入
test
traitor
:arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock
unveilr
小程序反编译工具
vulhub
Pre-Built Vulnerable Environments Based on Docker-Compose
rustdesk
基于rustdesk修改的远程桌面软件,将agent部分分离出来
wpf97's Repositories
wpf97/go-zabbix-get
zabbix-get compatible command (Golang version)
wpf97/JNDI-Inject-Exploit
解决FastJson、Jackson、Log4j2、原生JNDI注入漏洞的高版本JDKBypass利用,探测本地可用反序列化gadget达到命令执行、回显命令执行、内存马注入
wpf97/test
wpf97/traitor
:arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock
wpf97/unveilr
小程序反编译工具
wpf97/vulhub
Pre-Built Vulnerable Environments Based on Docker-Compose