wzqs's Stars
python-telegram-bot/python-telegram-bot
We have made you a wrapper you can't refuse
drduh/macOS-Security-and-Privacy-Guide
Guide to securing and improving privacy on macOS
GoogleChrome/chrome-extensions-samples
Chrome Extensions Samples
it-ebooks-0/geektime-books
:books: 极客时间电子书
threedr3am/learnjavabug
Java安全相关的漏洞和技术demo,原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security Manager绕过、Dubbo-Hessian2安全加固等等实践代码。
wendux/ajax-hook
Intercepting browser's http requests which made by XMLHttpRequest.
phith0n/JavaThings
Share Things Related to Java - Java安全漫谈笔记相关内容
nccgroup/house
A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python.
wh1t3p1g/tabby
A CAT called tabby ( Code Analysis Tool )
fransr/postMessage-tracker
A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon
jar-analyzer/jar-analyzer
Jar Analyzer - 一个JAR包分析工具,SCA漏洞分析,批量分析JAR包,方法调用关系搜索,字符串搜索,Spring组件分析,CFG程序分析,JVM栈帧分析,进阶表达式搜索,字节码指令级的动态调试分析,反编译JAR包一键导出,一键提取序列化数据恶意代码,一键分析BCEL字节码
R4gd0ll/I-Wanna-Get-All
OA漏洞利用工具
Drun1baby/JavaSecurityLearning
记录一下 Java 安全学习历程,也算是半条学习路线了
f0ng/autoDecoder
Burp插件,根据自定义来达到对数据包的处理(适用于加解密、爆破等),类似mitmproxy,不同点在于经过了burp中转,在自动加解密的基础上,不影响APP、网站加解密正常逻辑等。
lemono0/FastJsonParty
FastJson全版本Docker漏洞环境(涵盖1.2.47/1.2.68/1.2.80等版本),主要包括JNDI注入及高版本绕过、waf绕过、文件读写、原生反序列化、利用链探测绕过、不出网利用等。从黑盒的角度覆盖FastJson深入利用
0x727/BypassPro
对权限绕过自动化bypass的burpsuite插件
lemonlove7/dirsearch_bypass403
目录扫描+JS文件中提取URL和子域+403状态绕过+指纹识别
outlaws-bai/Galaxy
Burp插件,让你测试加密报文时像明文一样简单,支持用js/python/java实现hook脚本或任意语言实现grpc/http hook服务来自动解密报文。A Burp plugin makes testing encrypted messages as simple as plain text, supporting the use of js/python/java to implement hook scripts or any language to implement grpc/http hook services to automatically decrypt messages.
praetorian-inc/fingerprintx
Standalone utility for service discovery on open ports!
7hang/--Java
代码审计知识点整理-Java
abc123info/UserNameDictTools
用户名密码字典生成工具(将中文汉字姓名转成14种格式的拼音、IP地址处理、网络设备密码生成)
snchengqi/course-robot
知学云网上大学学习助手(**电信、**移动、**人民保险、国家电投、**石油、**广核集团)(知学云要求,永久关闭该仓库!)
blocksecteam/metasuites
MetaSuites powered by BlockSec. Help crypto users explore blockchain smoothly.
noobpk/frida-intercept-encrypted-api
A tool to help you intercept encrypted APIs in iOS or Android apps
PortSwigger/bambdas
Bambdas collection for Burp Suite Professional and Community.
jitcor/frida-ios-cipher
Intercept all cryptography-related functions on iOS with Frida Api.
ChiChou/gossip-summer-school-2018
Source code repo for Let's GOSSIP summer school 2018
KTH-LangSec/server-side-prototype-pollution
A collection of Server-Side Prototype Pollution gadgets and exploits
z3n70/Frida-Script-Runner
Frida Script Runner is a versatile web-based tool designed for Android and iOS penetration testing purposes.
JSREI/js-xhr-monitor-debugger-hook
ajax请求加密逆向神器:监控可视化、Hook打断点