X1r0z

X1r0z X1r0z

Web Security @Nu1LCTF

763 followers · 224 following

NJUPT
Nanjing, China
exp10it.io
@X1r0z

Achievements

x3 x2

Achievements

x3 x2

Highlights

Developer Program Member
Pro

Organizations

X1r0z Public

Profile

2 Updated Dec 9, 2025
JNDIMap Public

A powerful JNDI injection exploitation framework that supports RMI, LDAP and LDAPS protocols, including various bypass methods for high-version JDK restrictions

java ldap jdbc rmi deserialize bypass jndi

Java 553 37 MIT License Updated Dec 9, 2025
macro-rce Public

Rust Updated Nov 24, 2025
presentations Public

My presentation slides

18 1 Updated Oct 31, 2025
hacking-espresso Public

Hacking GraalVM Espresso - Abusing Continuation API to Make ROP-like Attack

Java 37 6 Updated Aug 27, 2025
ClassNameObfuscator Public

基于多种策略, 对已有 JAR 包中的全限定类名进行变换, 无限生成高度相似的虚假类名

Java 18 Updated Jul 30, 2025
pivot-rs Public

A lightweight port-forwarding and socks proxy tool written in Rust 🦀

tunnel proxy socks5 intranet port-forwarding red-team pivoting

Rust 50 3 MIT License Updated Feb 6, 2025
Nacos-Hessian-RCE Public

PoC of Nacos JRaft Hessian RCE

Java 4 Updated Jan 1, 2025
EBurstGo Public

利用 Exchange 服务器 Web 接口爆破邮箱账户 | Brute force email accounts using Exchange server web endpoints

windows active-directory bruteforce exchange ews mail-account

Go 92 11 Updated Sep 13, 2024
go-ntlmssp Public

NTLM/Negotiate authentication over HTTP that supports Pass The Hash Mode (PtH)

go http ntlm pth

Go 16 3 MIT License Updated Sep 13, 2024
JettyFuzz Public

Java 32 2 Updated May 27, 2024
Godzilla-Suo5MemShell Public archive

使用 Godzilla 一键注入 Suo5 内存马

java proxy godzilla memshell suo5

Java 440 48 Updated Apr 29, 2024
hessian-overlong-encoding Public

Hessian UTF-8 Overlong Encoding

Java 19 1 Updated Mar 9, 2024
frp Public archive

基于原版 frp 二开, 添加了一些小功能

Go 107 9 Apache License 2.0 Updated Jan 29, 2024
Dubbo-RCE Public

PoC of Apache Dubbo CVE-2023-23638

Java 34 7 Updated Jan 29, 2024
spring-amqp-deserialization Public

PoC of Spring AMQP Deserialization Vulnerability (CVE-2023-34050)

Java 12 3 Updated Jan 29, 2024
ActiveMQ-RCE Public

ActiveMQ RCE (CVE-2023-46604) 漏洞利用工具

Go 250 32 Updated Jan 29, 2024
MirrorScan Public archive

bugscan scanner

Python 1 2 Updated Aug 2, 2023
cpploader Public archive

c++ shellcode loader

C++ 40 12 Updated Aug 18, 2022
DllHijackTest Public archive

test dll hijacking

C++ 2 Updated Aug 9, 2019
dork Public archive

dork everything

Python 5 1 Updated Jul 13, 2018
msfvenom-ng Public archive

MSFvenom-NG

Python Updated Jun 25, 2018
webscan Public archive

Find the same IP site

HTML 1 Updated Jan 5, 2018

X1r0z X1r0z

Achievements

Achievements

Highlights

Organizations

X1r0z Public

Uh oh!

JNDIMap Public

Uh oh!

macro-rce Public

Uh oh!

presentations Public

Uh oh!

hacking-espresso Public

Uh oh!

ClassNameObfuscator Public

Uh oh!

pivot-rs Public

Uh oh!

Nacos-Hessian-RCE Public

Uh oh!

EBurstGo Public

Uh oh!

go-ntlmssp Public

Uh oh!

JettyFuzz Public

Uh oh!

Godzilla-Suo5MemShell Public archive

Uh oh!

hessian-overlong-encoding Public

Uh oh!

frp Public archive

Uh oh!

Dubbo-RCE Public

Uh oh!

spring-amqp-deserialization Public

Uh oh!

ActiveMQ-RCE Public

Uh oh!

MirrorScan Public archive

Uh oh!

cpploader Public archive

Uh oh!

DllHijackTest Public archive

Uh oh!

dork Public archive

Uh oh!

msfvenom-ng Public archive

Uh oh!

webscan Public archive

Uh oh!