Pinned Repositories
AVByPass
一款Web在线自动免杀工具
BypassAntiVirus
远控免杀系列文章及配套工具,汇总测试了互联网上的几十种免杀工具、113种白名单免杀方式、8种代码编译免杀、若干免杀实战技术,并对免杀效果进行了一一测试,为远控的免杀和杀软对抗免杀提供参考。
CVE-2020
2020一些漏洞
CVE-2021-1675
C# and Impacket implementation of CVE-2021-1675/PrintNightmare
CVE-2021-21972
CVE-2021-21972 Exploit
exphub
Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat的漏洞利用脚本,优先更新高危且易利用的漏洞利用脚本,最新添加CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2019-17558、CVE-2019-6340
Penetration_Testing_POC
渗透测试有关的POC、EXP、脚本、提权、小工具等,欢迎补充、完善---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
POC-
汇总一些POC
POC-2022-HW-POC
2022 护网行动 POC 整理
redteam_vul
红队作战中比较常遇到的一些重点系统漏洞整理。
yshdxm's Repositories
yshdxm/POC-2022-HW-POC
2022 护网行动 POC 整理
yshdxm/2023Hvv
2023 HVV情报速递~
yshdxm/BehinderClientSource
❄️冰蝎客户端源码-V4.0.6🔞
yshdxm/CVE-2022-23222
CVE-2022-23222: Linux Kernel eBPF Local Privilege Escalation
yshdxm/CVE-2022-26134-Godzilla-MEMSHELL
yshdxm/CVE-2022-47966
POC for CVE-2022-47966 affecting multiple ManageEngine products
yshdxm/CVE-2024-4577-PHP-RCE
全球首款利用PHP默认环境的CVE-2024-4577 PHP-CGI RCE 漏洞 EXP,共享原创EXP,支持SSRF,支持绕过WAF。The world's first CVE-2024-4577 PHP-CGI RCE exploit utilizing the default PHP environment. Sharing original exploit, supports SSRF, supports WAF bypass.
yshdxm/dddd
一款高可拓展的指纹识别、供应链漏洞探测工具。支持从Hunter、Fofa批量拉取目标。
yshdxm/evil_minio
EXP for CVE-2023-28434 MinIO unauthorized to RCE
yshdxm/GodzillaMemoryShellProject
yshdxm/HowToCook
程序员在家做饭方法指南。Programmer's guide about how to cook at home (Chinese only).
yshdxm/Java-Js-Engine-Payloads
Java-Js-Engine-Payloads
yshdxm/Leaked-Credentials
how to look for Leaked Credentials !
yshdxm/msmap
Msmap is a Memory WebShell Generator.
yshdxm/no-defender
A slightly more fun way to disable windows defender. (through the WSC api)
yshdxm/PostConfluence
哥斯拉Confluence后渗透插件 MakeToken SearchPage ListAllUser AddAdminUser ListAllPage ........
yshdxm/SCAMagicScan
yshdxm/ScreenConnect-AuthBypass-RCE
ScreenConnect AuthBypass(cve-2024-1709) --> RCE!!!
yshdxm/Sec-Interview-4-2023
一个2023届毕业生在毕业前持续更新、收集的安全岗面试题及面试经验分享~
yshdxm/SecurityList
A list for Web Security and Code Audit
yshdxm/shiro_attack
shiro attack
yshdxm/thinkphp_lang_RCE
about thinkphp lang RCE QVD-2022-46174 v6.0.1 <= Thinkphp <= v6.0.13 Thinkphp v5.0.x Thinkphp v5.1.x
yshdxm/utf-8-overlong-encoding
抽离出 utf-8-overlong-encoding 的序列化逻辑,实现 2 3 字节加密序列化数组
yshdxm/WeChatMsg
提取微信聊天记录,将其导出成HTML、Word、CSV文档永久保存,对聊天记录进行分析生成年度聊天报告
yshdxm/XG_NTAI
用于Webshell木马免杀、流量加密传输
yshdxm/Xray-crack
Xray 1.9.3
yshdxm/ysomap
A helpful Java Deserialization exploit framework.
yshdxm/Zentao-Captcha-RCE
禅道研发项目管理系统`misc-captcha-user`认证绕过后台命令注入漏洞
yshdxm/zentaopms_poc
禅道相关poc
yshdxm/zip-slip-vulnerability
Zip Slip Vulnerability (Arbitrary file write through archive extraction)