Stars
IngressNightmare POC. world first non-blind remote execution exploitation with multi-advanced exploitation methods. allow on disk exploitation. CVE-2025-24514 - auth-url injection, CVE-2025-1097 - …
A repository of Windows Shellcode runners and supporting utilities. The applications load and execute Shellcode using various API calls or techniques.
A Golang library that transforms any net.Conn or io.ReadWriter stream to an encrypted and/or authenticated stream
PolicyKit CVE-2021-3560 Exploit (Authentication Agent)
awesome cloud security 收集一些国内外不错的云安全资源,该项目主要面向国内的安全人员
pineapple lang 是一个简单的编程语言 demo. 它包含了个手写的递归下降解析器和一个简单的解释器. 虽然该语言甚至不是图灵完备的. 但 pineapple 的主要目的是让编译原理初学者有一个预热, 简单了解一个编程语言是怎么构建的.
写博客时产生的示例代码,如反射封装Gorm分页、Go 1.18的泛型封装Gorm分页、Gin中使用JWT
a simple benchmark testing tool implemented in golang with some small features
Kscan是一款纯go开发的全方位扫描器,具备端口扫描、协议检测、指纹识别,暴力破解等功能。支持协议1200+,协议指纹10000+,应用指纹20000+,暴力破解协议10余种。
A Distributed, Fault-Tolerant Cron-Style Job System.
Dkron - Distributed, fault tolerant job scheduling system https://dkron.io
Statically-linked ssh server with reverse shell functionality for CTFs and such
MySQL Fake Server use to help MySQL Client File Reading and JDBC Client Java Deserialize
✨ Finder Toolbar app for macOS to open the current directory in Terminal, iTerm, Hyper or Alacritty.
Share Things Related to Java - Java安全漫谈笔记相关内容
Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted file
WeBank Blockchain Application Software Extension
致远OA通过发送特殊请求获取管理员cookie,再通过文件上传接口上传webshell压缩文件,最后发送解压请求获取webshell
FilterBased/ServletBased in memory shell for Tomcat and some other middlewares
JavaPayload is a collection of pure Java payloads to be used for post-exploitation from pure Java exploits or from common misconfigurations (like not password protected Tomcat manager or debugger p…
For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙