Pinned Repositories
ctf-wiki
Easy access to start playing CTF
CVE-2018-17456
Proof of concept of CVE-2018-17456
FIshare
log4j-payload-generator
Log4j jndi injects the Payload generator
Openload-downloader
ScanSpider
ShellManager
A ShellManager based on Twisted
snakeplayer
xichawai's Repositories
xichawai/CVE-2018-17456
Proof of concept of CVE-2018-17456
xichawai/log4j-payload-generator
Log4j jndi injects the Payload generator
xichawai/acefile
POC of https://research.checkpoint.com/extracting-code-execution-from-winrar/
xichawai/BestShell
世界上最好用的php大马
xichawai/BypassAV
Cobalt Strike插件,用于快速生成免杀的可执行文件
xichawai/CTFReposityStore
打过的 CTF 的附件
xichawai/CVE-2018-17182
Linux 内核VMA-UAF 提权漏洞(CVE-2018-17182),0day
xichawai/CVE-2020-2555
Weblogic com.tangosol.util.extractor.ReflectionExtractor RCE
xichawai/CVE-2021-4034
CVE-2021-4034 1day
xichawai/exphub
Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本,最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340
xichawai/Fast-RDP-Brute-GUI-v2.0-by_Stas-M--Official
Fast-RDP-Brute(frdpb)官方版,及获取来源
xichawai/go-shellcode
Load shellcode into a new process
xichawai/hangzhou_house_knowledge
2017年买房经历总结出来的买房购房知识分享给大家,希望对大家有所帮助。买房不易,且买且珍惜。Sharing the knowledge of buy an own house that according to the experience at hangzhou in 2017 to all the people. It's not easy to buy a own house, so I hope that it would be useful to everyone.
xichawai/JavaEETest
Spring、SpringMVC、MyBatis、Spring Boot案例
xichawai/javasec
自己学习java安全的一些总结,主要是安全审计相关
xichawai/javaweb-sec
攻击Java Web应用-[Java Web安全]
xichawai/K8tools
K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)
xichawai/Kysoserial
ysoserial for su18
xichawai/labs_campaigns
xichawai/Log4j2Scan
Log4j2 RCE Passive Scanner plugin for BurpSuite
xichawai/log4j_POC
xichawai/MS17-010
MS17-010
xichawai/MySQL_Fake_Server
MySQL Fake Server use to help MySQL Client File Reading and JDBC Client Java Deserialize
xichawai/PoC-in-GitHub
📡PoC auto collect from GitHub.
xichawai/reGeorg
The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.
xichawai/rmi-jndi-ldap-jrmp-jmx-jms
rmi、jndi、ldap、jrmp、jmx、jms一些demo测试
xichawai/rtcp
利用 Python 的 Socket 端口转发,用于远程维护
xichawai/SweetBabyScan
Red Tools 渗透测试
xichawai/wsMemShell
WebSocket 内存马/Webshell,一种新型内存马/WebShell技术
xichawai/ysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.