Pinned Repositories
AVByPass
一款Web在线自动免杀工具
BypassAntiVirus
远控免杀系列文章及配套工具,汇总测试了互联网上的几十种免杀工具、113种白名单免杀方式、8种代码编译免杀、若干免杀实战技术,并对免杀效果进行了一一测试,为远控的免杀和杀软对抗免杀提供参考。
CVE-2020
2020一些漏洞
CVE-2021-1675
C# and Impacket implementation of CVE-2021-1675/PrintNightmare
CVE-2021-21972
CVE-2021-21972 Exploit
exphub
Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat的漏洞利用脚本,优先更新高危且易利用的漏洞利用脚本,最新添加CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2019-17558、CVE-2019-6340
Penetration_Testing_POC
渗透测试有关的POC、EXP、脚本、提权、小工具等,欢迎补充、完善---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
POC-
汇总一些POC
POC-2022-HW-POC
2022 护网行动 POC 整理
redteam_vul
红队作战中比较常遇到的一些重点系统漏洞整理。
yshdxm's Repositories
yshdxm/awvs13_batch_py3
针对 AWVS扫描器开发的批量扫描脚本,支持log4j漏洞专项,支持联动xray、burp、w13scan等被动批量
yshdxm/CVE-2021-44228-Apache-Log4j-Rce
Apache Log4j 远程代码执行
yshdxm/fingerprint
各种工具指纹收集分享
yshdxm/HackJava
《Java安全-只有Java安全才能拯救世界》
yshdxm/InformationParadox
信息输入,论文/PPT/博客/文章/书籍/. . .
yshdxm/Java
关于学习java安全的一些知识,正在学习中ing,欢迎fork and star
yshdxm/JavaSec
Java安全☞流下了不会Java的眼泪 : )
yshdxm/JNDI-Inject-Exploit
解决FastJson、Jackson、Log4j2、原生JNDI注入漏洞的高版本JDKBypass利用,探测本地可用反序列化gadget达到命令执行、回显命令执行、内存马注入
yshdxm/JSPHorse
结合反射调用、动态编译、BCEL、defineClass0,ScriptEngine、Expression等技术的一款免杀JSP Webshell生成工具
yshdxm/learning-codeql
CodeQL Java 全网最全的中文学习资料
yshdxm/Learning_summary
对于安全学习的一些总结,更新ing,期待 Fork & Star!
yshdxm/log4j-fuzz-head-poc
批量检测log4j漏洞,主要还是批量fuzzz 头
yshdxm/Log4j2-CVE-2021-44228
Remote Code Injection In Log4j
yshdxm/log4j2burpscanner
CVE-2021-44228 Log4j2 BurpSuite Scanner,Customize ceye.io api or other apis,including internal networks
yshdxm/Log4j2Scan
Log4j2 RCE Passive Scanner plugin for BurpSuite
yshdxm/log4shell
Operational information regarding the vulnerability in the Log4j logging library.
yshdxm/log4shell-detector
Detector for Log4Shell exploitation attempts
yshdxm/noPac
CVE-2021-42287/CVE-2021-42278 Scanner & Exploiter.
yshdxm/PentestNote
个人输出,经验/思路/想法/总结/笔记/. . .
yshdxm/reapoc
OpenSource Poc && Vulnerable-Target Storage Box.
yshdxm/reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
yshdxm/sam-the-admin
Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user
yshdxm/supplier
主流供应商的一些攻击性漏洞汇总
yshdxm/todesk-silently
Todesk静默运行补丁
yshdxm/tomcat-backdoor
yshdxm/vcenter_saml_login
A tool to extract the IdP cert from vCenter backups and log in as Administrator
yshdxm/vhost_password_decrypt
vhost password decrypt
yshdxm/Vm4J
A tool for detect&exploit vmware product log4j(cve-2021-44228) vulnerability.Support VMware HCX/vCenter/NSX/Horizon/vRealize Operations Manager
yshdxm/vscan
开源、轻量、快速、跨平台 的红队(redteam)外网打点扫描器,功能 端口扫描(port scan) 指纹识别(fingerprint) nday检测(nday check) 智能爆破 (admin brute) 敏感文件扫描(file fuzz)
yshdxm/ysoserial-
ysoserial修改版,着重修改ysoserial.payloads.util.Gadgets.createTemplatesImpl使其可以通过引入自定义class的形式来执行命令、内存马、反序列化回显。