A V2Ray client for Android, support Xray core and v2fly core

A GUI client for Windows, Linux and macOS, support Xray and sing-box and others

Proof of Concept Exploit for vCenter CVE-2021-21972

Magisk File Host

The Magic Mask for Android

LSPosed Framework

Tools to work with android .dex and java .class files

A standalone Java Decompiler GUI

PoC for CVE-2018-0802 And CVE-2017-11882

CVE-2022-0847-DirtyPipe-Exploit CVE-2022-0847 是存在于 Linux内核 5.8 及之后版本中的本地提权漏洞。攻击者通过利用此漏洞，可覆盖重写任意可读文件中的数据，从而可将普通权限的用户提升到特权 root。 CVE-2022-0847 的漏洞原理类似于 CVE-2016-5195 脏牛漏洞（Dirty Cow），但它更容易被利用。漏洞作者将此漏洞…

PoC for PwnKit: Local Privilege Escalation Vulnerability in polkit’s pkexec (CVE-2021-4034)

A frida tool to dump dex in memory to support security engineers analyzing malware.

红蓝对抗交流心得

CVE-2017-11882 from https://github.com/embedi/CVE-2017-11882

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

log4jScanner provides the ability to scan internal subnets for vulnerable log4j web services

Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user

PHP代码审计分段讲解

代码审计相关的一些知识

记录自己对《代码审计》的理解和总结，对危险函数的深入分析以及在p牛的博客和代码审计圈的收获

一个关于PHP的代码审计项目

《PHP安全-只有PHP安全才能拯救世界》Only PHP Security Can Save The World.

Venom - A Multi-hop Proxy for Penetration Testers

SQLI labs to test error based, Blind boolean based, Time based.

信息收集自动化工具

C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.

一款内网综合扫描工具，方便一键自动化、全方位漏扫扫描。(An intranet comprehensive scanning tool, enabling one-click automated, all-round vulnerability scanning)

ServerScan一款使用Golang开发的高并发网络扫描、服务探测工具。