Stars
MySQL Fake Server use to help MySQL Client File Reading and JDBC Client Java Deserialize
ByPassTamperPlus / SQLMap加强绕WAF / Code By:Tas9er
前端加密对抗练习靶场,包含非对称加密、对称加密、加签以及禁止重放的测试场景,比如AES、DES、RSA,用于渗透测试练习
基于Chrome开发者协议(CDP)的AI自动化JavaScript逆向分析工具
FastJson全版本Docker漏洞环境(涵盖1.2.47/1.2.68/1.2.80等版本),主要包括JNDI注入及高版本绕过、waf绕过、文件读写、原生反序列化、利用链探测绕过、不出网利用等。从黑盒的角度覆盖FastJson深入利用
Java编写,Python作为辅助依赖的漏洞验证、利用工具,添加了进程查找模块、编码模块、命令模块、常见漏洞利用GUI模块、shiro rememberMe解密模块,加快测试效率
Java Vulnerability Exploitation Platform
爬网站JS文件,自动fuzz api接口,指定api接口(针对前后端分离项目,可指定后端接口地址),回显api响应
Packer Fuzzer is a fast and efficient scanner for security detection of websites constructed by javascript module bundler such as Webpack.
A powerful JNDI injection exploitation framework that supports RMI, LDAP and LDAPS protocols, including various bypass methods for high-version JDK restrictions
Deserialization payload generator for a variety of .NET formatters
高性能 HTTP 正向代理工具 | A high-performance http tunneling tool
Community curated list of templates for the nuclei engine to find security vulnerabilities.
承影,愿你在光影之间,找到属于自己的锋芒。开源的类 BurpSuite 应用 ChYing — may you find your own edge between light and shadow. An open-source, BurpSuite-like application.
一个漏洞 PoC 知识库。A knowledge base for vulnerability PoCs(Proof of Concept), with 1k+ vulnerabilities.
Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64.
一个用于处理fsacn输出结果的图形化工具(尤其面对大量资产的fscan扫描结果做输出优化,让你打点快人五步!!!)
Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...
Awesome Github Profile Readme. Github ReadMe Github Profile Readme Dynamic Github ReadMe Dynamic Github Profile ReadMe. Please Star and Fork