Leocodefocus

CVE-2024-20931-Poc

0day

各种CMS、各种平台、各种系统、各种软件漏洞的EXP、POC ,该项目将持续更新

atomic-red-team

Small and highly portable detection tests based on MITRE's ATT&CK.

Bug-Bounty-Roadmaps

Bug Bounty Roadmaps

BurpSuitePro-2.1

什么? 你想用免费的BurpSuitePro版本!!!

CharcoalFire

炭火，渗透测试全流程工具

CTFCrackTools

China's first CTFTools framework.**国内首个CTF工具框架,旨在帮助CTFer快速攻克难关

CVE-2021-1675

Impacket implementation of CVE-2021-1675

DefaultCreds-cheat-sheet

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

FastjsonExploit

Fastjson vulnerability quickly exploits the framework（fastjson漏洞快速利用框架）

hackerone-reports

Top disclosed reports from HackerOne

HackPHP

《深入理解PHP代码审计》

HackReport

渗透测试报告/资料文档/渗透经验文档/安全书籍

http

JavaCodeAudit

Getting started with java code auditing 代码审计入门的小项目

JavaSecurityLearning

记录一下 Java 安全学习历程，也算是半条学习路线了

JNDIExploit

对原版https://github.com/feihong-cs/JNDIExploit 进行了实用化修改

Online_tools

该工具是一个集成了非常多渗透测试工具，类似软件商城的工具可以进行工具下载，工具的更新，工具编写了自动化的安装脚本，不用担心工具跑不起来。

oopixy

PeiQi-WIKI-POC

鹿不在侧，鲸不予游🐋

PHPCodeToTAC

tranform php code to tac

pixy

Pixy is a scanner static code analysis tools that scans PHP applications for security vulnerabilities.

PocList

Alibaba-Nacos-Unauthorized/ApacheDruid-RCE_CVE-2021-25646/MS-Exchange-SSRF-CVE-2021-26885/Oracle-WebLogic-CVE-2021-2109_RCE/RG-CNVD-2021-14536/RJ-SSL-VPN-UltraVires/Redis-Unauthorized-RCE/TDOA-V11.7-GetOnlineCookie/VMware-vCenter-GetAnyFile/yongyou-GRP-U8-XXE/Oracle-WebLogic-CVE-2020-14883/Oracle-WebLogic-CVE-2020-14882/Apache-Solr-GetAnyFile/F5-BIG-IP-CVE-2021-22986/Sonicwall-SSL-VPN-RCE/GitLab-Graphql-CNVD-2021-14193/D-Link-DCS-CVE-2020-25078/WLAN-AP-WEA453e-RCE/360TianQing-Unauthorized/360TianQing-SQLinjection/FanWeiOA-V8-SQLinjection/QiZhiBaoLeiJi-AnyUserLogin/QiAnXin-WangKangFirewall-RCE

pocsuite3

pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.

Resources-for-Beginner-Bug-Bounty-Hunters

A list of resources for those interested in getting started in bug bounties

SpringBootVulExploit

SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 check list

Sylas

新一代子域名主/被动收集工具 - Subdomain automatic/passive collection tool

TeachYourselfCS-CN

TeachYourselfCS 的中文翻译 | A Chinese translation of TeachYourselfCS

Ventoy

A new bootable USB solution.

Vulnerability

此项目将不定期从棱角社区对外进行公布一些最新漏洞。