Dr34d's repositories
CVE-2022-40684
PoC for CVE-2022-40684 - Authentication bypass lead to Full device takeover (Read-only)
AttackWebFrameworkTools-5.0
本软件首先集成危害性较大框架和部分主流cms的rce(无需登录,或者登录绕过执行rce)和反序列化(利用链简单)。傻瓜式导入url即可实现批量getshell。批量自动化测试。例如:Thinkphp,Struts2,weblogic。出现的最新漏洞进行实时跟踪并且更新例如:log4jRCE,向日葵RCE 等等.
codeql
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security (code scanning), LGTM.com, and LGTM Enterprise
CVE-2021-31805
S2-062 (CVE-2021-31805) / S2-061 / S2-059 RCE
CVE-2021-43297-POC
CVE-2021-43297 POC,Apache Dubbo<= 2.7.13时可以实现RCE
CVE-2022-21907
Windows HTTP协议栈远程代码执行漏洞 CVE-2022-21907
CVE-2022-40684-RCE-POC
fortinet auth bypass analyze and exploit
DongTai-agent-java
Java Agent is a Java application probe of DongTai IAST, which collects method invocation data during runtime of Java application by dynamic hooks.
f8x
红/蓝队环境自动化部署工具 | Red/Blue team environment automation deployment tool
Fiora
Fiora:漏洞PoC框架的图形版,快捷搜索PoC、一键运行Nuclei
hacktricks
Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
JNDIExploit
对原版https://github.com/feihong-cs/JNDIExploit 进行了实用化修改
JSP-WebShells
Collect JSP webshell of various implementation methods. 收集JSP Webshell的各种姿势
log4j-fuzz-head-poc
批量检测log4j漏洞,主要还是批量fuzzz 头
log4j-scan
A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228
MalwareSourceCode
Collection of malware source code for a variety of platforms in an array of different programming languages.
maupassant-hexo
A simple Hexo theme forked from icylogic.
rogue_mysql_server
一个支持 go, php, python, java, 原生命令行等多种语言下客户端的 mysql 恶意服务器
rp
rp++ is a fast C++ ROP gadget finder for PE/ELF/Mach-O x86/x64/ARM binaries.
scan4all
Vulnerabilities Scan: 15000+PoCs; 20 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty...
spring-framework
Spring Framework
TscanCode
A static code analyzer for C++, C#, Lua
ysomap
A helpful Java Deserialization exploit framework.
ysoserial-fork-su18
ysoserial for su18
ysoserial.net
Deserialization payload generator for a variety of .NET formatters