Kai's starred repositories
java-sec-code
Java web common vulnerabilities and security code which is base on springboot and spring security
find-sec-bugs
The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
LearningJDK
JDK源码阅读笔记
intellij-sdk-code-samples
Mirror of the IntelliJ SDK Docs Code Samples
FastjsonScan
Fastjson扫描器,可识别版本、依赖库、autoType状态等。A tool to distinguish fastjson ,version and dependency
chainbreaker
Mac OS X Keychain Forensic Tool
WeblogicEnvironment
Weblogic环境搭建工具
JNDI-Injection-Exploit-Plus
80+ Gadgets(30 More than ysoserial). JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and provide background services by starting RMI server,LDAP server and HTTP server.
SharpHostInfo
SharpHostInfo是一款快速探测内网主机信息工具(深信服深蓝实验室天威战队强力驱动)
shell-analyzer
已集成到 jar-analyzer 中 https://github.com/jar-analyzer/jar-analyzer
Apache-Solr-RCE
Apache Solr Exploits 🌟
ByteCodeDL
A declarative static analysis tool for jvm bytecode based Datalog like CodeQL
WebHashcat
Hashcat web interface
CVE-2022-26133
Atlassian Bitbucket Data Center RCE(CVE-2022-26133) verification.
CVE-2023-2825
GitLab CVE-2023-2825 PoC. This PoC leverages a path traversal vulnerability to retrieve the /etc/passwd file from a system running GitLab 16.0.0.
SSH-Remote-Code-Execution
SSH Zero-Day Made By ClumsyLulz
HackingFernFlower
2023白帽补天大会部分代码