Heartway's repositories
AlliN
A flexible scanner
ARL
ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产,构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产,发现存在的薄弱点和攻击面。
BurpSuite_403Bypasser
Burpsuite Extension to bypass 403 restricted directory
CDK
CDK is an open-sourced container penetration toolkit, offering stable exploitation in different slimmed containers without any OS dependency. It comes with penetration tools and many powerful PoCs/EXPs helps you to escape container and takeover K8s cluster easily.
copagent
java memory web shell extracting tool
CVE-2021-3156
CVE-2021-3156
Fuzz_dic
参数 | 字典 collections
gadgetinspector
一个利用ASM对字节码进行污点传播分析的静态代码审计应用(添加了大量代码注释,适合大家进行源码学习)。也加入了挖掘Fastjson反序列化gadget chains和SQLInject(JdbcTemplate、MyBatis、JPA、Hibernate、原生jdbc等)静态检测功能。并且加入了很多功能以方便进行漏洞自动化挖掘。
GoFileBinder
golang免杀捆绑器
HackBrowserData
Decrypt passwords/cookies/history/bookmarks from the browser. 一款可全平台运行的浏览器数据导出解密工具。
host_scan
这是一个用于IP和域名碰撞匹配访问的小工具,旨意用来匹配出渗透过程中需要绑定hosts才能访问的弱主机或内部系统。
HowToHunt
Tutorials and Things to Do while Hunting Vulnerability.
java-sec-code
Java web common vulnerabilities and security code which is base on springboot and spring security
ksubdomain
无状态子域名爆破工具
LandrayExploit
蓝凌OA漏洞利用工具/前台无条件RCE/文件写入
Packer-Fuzzer
Packer Fuzzer is a fast and efficient scanner for security detection of websites constructed by javascript module bundler such as Webpack.
rogue_mysql_server
一个支持 go, php, python, java, 原生命令行等多种语言下客户端的 mysql 恶意服务器
SAP_EEM_CVE-2020-6207
PoC for CVE-2020-6207 (Missing Authentication Check in SAP Solution Manager)
SecConArchive
Security Conference Archive
sectool
zheyangzi
shiro_attack
shiro反序列化漏洞综合利用,包含(回显执行命令/注入内存马)
SNETCracker
超级弱口令检查工具是一款Windows平台的弱口令审计工具,支持批量多线程检查,可快速发现弱密码、弱口令账号,密码支持和用户名结合进行检查,大大提高成功率,支持自定义服务端口和字典。
V7_bus_anddriver
拼车司机
xray-crack
xray社区高级版证书生成,仅供学习研究,正常使用请支持正版
zerologon
Exploit for zerologon cve-2020-1472