Stars
🇨🇳 GitHub中文排行榜,各语言分设「软件 | 资料」榜单,精准定位中文好项目。各取所需,高效学习。
SpringBoot 相关漏洞学习资料,利用方法和技巧合集,黑盒安全评估 check list
An xposed module that disables SSL certificate checking for the purposes of auditing an app with cert pinning
An Open Source Java Decompiler Gui for Procyon
一个漏洞 PoC 知识库。A knowledge base for vulnerability PoCs(Proof of Concept), with 1k+ vulnerabilities.
Java安全相关的漏洞和技术demo,原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security Manager绕过、Dubbo-Hessian2安全加固等等实践代码。
Java web common vulnerabilities and security code which is base on springboot and spring security
红蓝对抗以及护网相关工具和资料,内存shellcode(cs+msf)和内存马查杀工具
shiro反序列化漏洞综合利用,包含(回显执行命令/注入内存马)修复原版中NoCC的问题 https://github.com/j1anFen/shiro_attack
APIKit:Discovery, Scan and Audit APIs Toolkit All In One.
MDUT - Multiple Database Utilization Tools
一款支持自定义的 Java 内存马生成工具|A customizable Java in-memory webshell generation tool.
domain_hunter的高级版本,SRC挖洞、HW打点之必备!自动化资产收集;快速Title获取;外部工具联动;等等
溯光 (TrackRay) 3 beta⚡渗透测试框架(资产扫描|指纹识别|暴力破解|网页爬虫|端口扫描|漏洞扫描|代码审计|AWVS|NMAP|Metasploit|SQLMap)
Shiro550/Shiro721 一键化利用工具,支持多种回显方式
A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅
项目是根据LandGrey/SpringBootVulExploit清单编写,目的hvv期间快速利用漏洞、降低漏洞利用门槛。
captcha-killer的修改版,支持关键词识别base64编码的图片,添加免费ocr库,用于验证码爆破,适配新版Burpsuite
Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules thro…
Burp extension to evade TLS fingerprinting. Bypass WAF, spoof any browser.
TCP/UDP Non-HTTP Proxy Extension (NoPE) for Burp Suite.
BurpCrypto is a collection of burpsuite encryption plug-ins, support AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite). 支持多种加密算法或直接执行JS代码的用于爆破前端加密的BurpSuite插件