Pinned Repositories
CVE-2020-13937
Apache Kylin API未授权访问漏洞;CVE-2020-13937;Apache Kylin漏洞
CVE-2021-21972
cve-2021-25646
Apache Druid 远程代码执行;检测脚本
cve-2021-3156
cve-2021-3156;sudo堆溢出漏洞;漏洞检测
CVE-202122986-EXP
F5 BIG-IP远程代码执行;cve-2021-22986,批量检测;命令执行利用
passToJs
爆破js加密的后台登陆;JS加密;爆破密码;PyExecJS
s2-061-rce
s2-061批量扫描兼命令执行exp
seeyon_fileupload
致远oa文件上传;批量检测;getshell
sshpam
记录ssh或sudo明文密码
yonyouEdr-NC-exp
用友EDR-NC目录遍历、文件读取漏洞
yaunsky's Repositories
yaunsky/passToJs
爆破js加密的后台登陆;JS加密;爆破密码;PyExecJS
yaunsky/sshpam
记录ssh或sudo明文密码
yaunsky/s2-061-rce
s2-061批量扫描兼命令执行exp
yaunsky/cve-2021-25646
Apache Druid 远程代码执行;检测脚本
yaunsky/CVE-2020-13937
Apache Kylin API未授权访问漏洞;CVE-2020-13937;Apache Kylin漏洞
yaunsky/CVE-202122986-EXP
F5 BIG-IP远程代码执行;cve-2021-22986,批量检测;命令执行利用
yaunsky/seeyon_fileupload
致远oa文件上传;批量检测;getshell
yaunsky/CVE-2021-21972
yaunsky/yonyouEdr-NC-exp
用友EDR-NC目录遍历、文件读取漏洞
yaunsky/cve-2021-3156
cve-2021-3156;sudo堆溢出漏洞;漏洞检测
yaunsky/2021hw-exp
2021年hvv期间收集的漏洞POC;EXP;其他项目里有某些相关漏洞的利用脚本
yaunsky/CVE-2017-11610
Supervisord远程命令执行漏洞脚本
yaunsky/SolrFileRead
apache solr 任意文件读取 exp
yaunsky/thinkadminreadfile
ThinkAdmin任意文件读取
yaunsky/Unomi-CVE-2020-13942
CVE-2020-13942 Apache Unomi 远程代码执行漏洞脚getshell
yaunsky/EmailVerifiy
验证邮箱真实性,对Tzeross师傅的代码稍作了修改
yaunsky/EmergencyResponse
Linux服务器应急响应简单脚本
yaunsky/ClusterEngine_EXP
浪潮ClusterEngine v4 命令执行; 漏洞检测
yaunsky/webshell
webshell免杀收集,逐步添加
yaunsky/CVE-2020-17519-Apache-Flink
CVE-2020-17519; Apache Flink 任意文件读取; 批量检测
yaunsky/yaunsky.github.io
YaunSky Blog
yaunsky/bad-bpf
A collection of eBPF programs demonstrating bad behavior, presented at DEF CON 29
yaunsky/cf
Cloud Exploitation Framework 云环境利用框架,方便安全人员在获得 AK 的后续工作
yaunsky/Emergency-Response-Notes
应急响应实战笔记,一个安全工程师的自我修养。
yaunsky/libbpf-bootstrap
Scaffolding for BPF application development with libbpf and BPF CO-RE
yaunsky/nacos-poc
yaunsky/OA-EXP
红队工具:各大OA利用工具,万户、致远、通达等
yaunsky/POC
收集整理漏洞EXp/POC
yaunsky/sshd_backdoor
/root/.ssh/authorized_keys evil file watchdog with ebpf tracepoint hook.
yaunsky/TripleCross
A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.