Starred repositories
Web 版 Java Payload 生成与利用工具,提供 Java 反序列化、Hessian 1/2 反序列化等Payload生成,以及 JNDI、Fake Mysql、JRMPListener 等利用|The web version of Java Payload generation and utilization tool provides Payload generation su…
This repository houses HiddenPromise, a dissassembler and compiler for R .rdx, .rdb, and .rds files.
This repository houses HiddenPickle, a dissassembler, patcher, and compiler for Python Pickle files.
一个Golang的web实战化靶场 | A Golang-based web combat range
Exploiting XXE Vulnerabilities on Microsoft SharePoint Server and Cloud via Confused URL Parsing
A slightly more fun way to disable windows defender + firewall. (through the WSC api)
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
Xtools 是一款 Sublime Text 插件,同时是一款简单的资产处理|命令行调用工具。
ZKar is a Java serialization protocol analysis tool implement in Go.
darkPulse是一个用go编写的shellcode Packer,用于生成各种各样的shellcode loader,免杀火绒,360核晶等国内常见杀软。
通过 Java 反序列化利用 Java Agent 技术来实现 UTF-8 Overlong Encoding,从而绕过某些 WAF 的防护。
The production-scale datacenter profiler (C/C++, Go, Rust, Python, Java, NodeJS, .NET, PHP, Ruby, Perl, ...)
CVE-2023-20198-RCE, support adding/deleting users and executing cli commands/system commands.
PoC exploits I wrote. They're as is and I will not offer support
An exploit for CVE-2022-42475, a pre-authentication heap overflow in Fortinet networking products
RevSuit is a flexible and powerful reverse connection platform designed for receiving connection from target host in penetration.
【三万字原创】完全零基础从0到1掌握Java内存马,公众号:追梦信安