Stars
SpringBoot 相关漏洞学习资料,利用方法和技巧合集,黑盒安全评估 check list
HaE - Highlighter and Extractor, Empower ethical hacker for efficient operations.
JNDI注入测试工具(A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc)
Java安全相关的漏洞和技术demo,原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security Manager绕过、Dubbo-Hessian2安全加固等等实践代码。
Java web common vulnerabilities and security code which is base on springboot and spring security
APIKit:Discovery, Scan and Audit APIs Toolkit All In One.
domain_hunter的高级版本,SRC挖洞、HW打点之必备!自动化资产收集;快速Title获取;外部工具联动;等等
Shiro550/Shiro721 一键化利用工具,支持多种回显方式
A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅
A simple FOFA client written in JavaFX. Made by WgpSec, Maintained by f1ashine.
Fiora:漏洞PoC框架Nuclei的图形版。快捷搜索PoC、一键运行Nuclei。即可作为独立程序运行,也可作为burp插件使用。
Spring Boot web application vulnerable to Log4Shell (CVE-2021-44228).
Alibaba-Nacos-Unauthorized/ApacheDruid-RCE_CVE-2021-25646/MS-Exchange-SSRF-CVE-2021-26885/Oracle-WebLogic-CVE-2021-2109_RCE/RG-CNVD-2021-14536/RJ-SSL-VPN-UltraVires/Redis-Unauthorized-RCE/TDOA-V11.…
🐱💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks
CVE-2021-44228 Log4j2 BurpSuite Scanner,Customize ceye.io api or other apis,including internal networks
spring boot Fat Jar 任意写文件漏洞到稳定 RCE 利用技巧
Some payloads of JNDI Injection in JDK 1.8.0_191+
woodpecker框架weblogic信息探测插件
woodpecker-framework框架http发包库,专门为漏洞检测与利用场景设计。