Pinned Repositories
Bridge
无回显漏洞测试辅助平台,平台使用Java编写,提供DNSLOG,HTTPLOG等功能,辅助渗透测试过程中无回显漏洞及SSRF等漏洞的验证和利用。
ByteCodeDL
A declarative static analysis tool for jvm bytecode based Datalog like CodeQL
codeql
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
crazy-email-recv-srv
模拟邮件服务器,批量注册利器
dpkt
fast, simple packet creation / parsing, with definitions for the basic TCP/IP protocols
extractor-java
CodeQL extractor for java, which don't need to compile java source
Hammer
A web vulnerability scanner framework
pyAntiSSRF
anti ssrf by hijack requests
ysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
yangbh's Repositories
yangbh/Hammer
A web vulnerability scanner framework
yangbh/crazy-email-recv-srv
模拟邮件服务器,批量注册利器
yangbh/Bridge
无回显漏洞测试辅助平台,平台使用Java编写,提供DNSLOG,HTTPLOG等功能,辅助渗透测试过程中无回显漏洞及SSRF等漏洞的验证和利用。
yangbh/pyAntiSSRF
anti ssrf by hijack requests
yangbh/ByteCodeDL
A declarative static analysis tool for jvm bytecode based Datalog like CodeQL
yangbh/codeql
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
yangbh/dpkt
fast, simple packet creation / parsing, with definitions for the basic TCP/IP protocols
yangbh/extractor-java
CodeQL extractor for java, which don't need to compile java source
yangbh/fastjson-blacklist
yangbh/ysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
yangbh/Bugscan_exploits
yangbh/fastjson_gadgets_scanner
yangbh/FastjsonExploit
Fastjson vulnerability quickly exploits the framework(fastjson漏洞快速利用框架)
yangbh/Java_deserialize_vuln_lab
Java 反序列化学习的实验代码 Java_deserialize_vuln_lab
yangbh/mrva
mrva test
yangbh/MySootScript
oh my soot !
yangbh/phpvul
php8 mysqli sql injections
yangbh/poc
poc from bugscan beebeeto
yangbh/rogue_mysql_server
一个支持 go, php, python, java, 原生命令行等多种语言下客户端的 mysql 恶意服务器
yangbh/sarif-web-component
A React-based component for viewing SARIF files.
yangbh/semgrep-rules
Semgrep rules registry
yangbh/SootTutorial
A step-by-step tutorial for Soot (a Java static analysis framework)
yangbh/Spark
✨Spark is a web-based, cross-platform and full-featured Remote Administration Tool (RAT) written in Go that allows you control all your devices anywhere. Spark是一个Go编写的,网页UI、跨平台以及多功能的远程控制和监控工具,你可以随时随地监控和控制所有设备。
yangbh/Struts2-Vuln-Demo
Struts2漏洞实例源码
yangbh/tabby
A CAT called tabby ( Code Analysis Tool )
yangbh/tabby-path-finder
A neo4j procedure for tabby (dev)
yangbh/Tai-e
An easy-to-learn/use static analysis framework for Java
yangbh/vulhub
Pre-Built Vulnerable Environments Based on Docker-Compose
yangbh/yangbh.github.io
blog
yangbh/ysomap
A helpful Java Deserialization exploit framework based on ysoserial