备份的漏洞库，3月开始我们来维护

Fastjson姿势技巧集合

An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws

Say goodbye to the complex, verbose, and laggy interaction mode of IDA Pro MCP

Original Proof-of-Concepts for React2Shell CVE-2025-55182

腾讯ai渗透黑客松参赛作品（xjtuHunter）

antix's baby intent runtime and meta-tooling design.

Explanation and full RCE PoC for CVE-2025-55182

Fastjson + MySQL 条件下不出网利用测试环境

High Fidelity Detection Mechanism for RSC/Next.js RCE (CVE-2025-55182 & CVE-2025-66478)

腾讯云黑客松 - 智能渗透挑战赛 Top9

一个专注于 Java Web 特性、配置和 Trick 的安全谜题集合

AI agent for autonomous cyber operations

🔐 H-Pentest v2.0 🥷 AI-Powered Penetration Testing Platform

Agent system for XBOW Benchmark

A benchmark for Java gadget chain detecting algorithms.

Cybersecurity AI (CAI), the framework for AI Security

XBOW Validation Benchmarks

在xxe中使用smb外带多行内容

web3百科全书👏🏻 打造 web3 全球第一中文资源

Apache OFBiz is an open source product for the automation of enterprise processes. It includes framework components and business applications for ERP, CRM, E-Business/E-Commerce, Supply Chain Manag…

My presentation slides

CTF-Java-Gadget专注于收集CTF中Java赛题的反序列化片段

[IEEE S&P'26] WebCloak: Characterizing and Mitigating the Threats of LLM-Driven Web Agents as Intelligent Scrapers

免杀所有杀软、bypass all，绕过WB、VT ，0检测。

业务风险枚举与规避知识框架（Business Risk Enumeration & Avoidance Kownledge）

📚 《Go语言高级编程》开源图书，涵盖CGO、Go汇编语言、RPC实现、Protobuf插件实现、Web框架实现、分布式系统等高阶主题(完稿)