leo's repositories
0day
各种CMS、各种平台、各种系统、各种软件漏洞的EXP、POC ,该项目将持续更新
atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
Bug-Bounty-Roadmaps
Bug Bounty Roadmaps
BurpSuitePro-2.1
什么? 你想用免费的BurpSuitePro版本!!!
CharcoalFire
炭火,渗透测试全流程工具
CTFCrackTools
China's first CTFTools framework.**国内首个CTF工具框架,旨在帮助CTFer快速攻克难关
CVE-2021-1675
Impacket implementation of CVE-2021-1675
DefaultCreds-cheat-sheet
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
FastjsonExploit
Fastjson vulnerability quickly exploits the framework(fastjson漏洞快速利用框架)
hackerone-reports
Top disclosed reports from HackerOne
HackReport
渗透测试报告/资料文档/渗透经验文档/安全书籍
JavaCodeAudit
Getting started with java code auditing 代码审计入门的小项目
JavaSecurityLearning
记录一下 Java 安全学习历程,也算是半条学习路线了
JNDIExploit
对原版https://github.com/feihong-cs/JNDIExploit 进行了实用化修改
Online_tools
该工具是一个集成了非常多渗透测试工具,类似软件商城的工具可以进行工具下载,工具的更新,工具编写了自动化的安装脚本,不用担心工具跑不起来。
PeiQi-WIKI-POC
鹿不在侧,鲸不予游🐋
PHPCodeToTAC
tranform php code to tac
pixy
Pixy is a scanner static code analysis tools that scans PHP applications for security vulnerabilities.
PocList
Alibaba-Nacos-Unauthorized/ApacheDruid-RCE_CVE-2021-25646/MS-Exchange-SSRF-CVE-2021-26885/Oracle-WebLogic-CVE-2021-2109_RCE/RG-CNVD-2021-14536/RJ-SSL-VPN-UltraVires/Redis-Unauthorized-RCE/TDOA-V11.7-GetOnlineCookie/VMware-vCenter-GetAnyFile/yongyou-GRP-U8-XXE/Oracle-WebLogic-CVE-2020-14883/Oracle-WebLogic-CVE-2020-14882/Apache-Solr-GetAnyFile/F5-BIG-IP-CVE-2021-22986/Sonicwall-SSL-VPN-RCE/GitLab-Graphql-CNVD-2021-14193/D-Link-DCS-CVE-2020-25078/WLAN-AP-WEA453e-RCE/360TianQing-Unauthorized/360TianQing-SQLinjection/FanWeiOA-V8-SQLinjection/QiZhiBaoLeiJi-AnyUserLogin/QiAnXin-WangKangFirewall-RCE
pocsuite3
pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.
Resources-for-Beginner-Bug-Bounty-Hunters
A list of resources for those interested in getting started in bug bounties
SpringBootVulExploit
SpringBoot 相关漏洞学习资料,利用方法和技巧合集,黑盒安全评估 check list
Sylas
新一代子域名主/被动收集工具 - Subdomain automatic/passive collection tool
TeachYourselfCS-CN
TeachYourselfCS 的中文翻译 | A Chinese translation of TeachYourselfCS
Vulnerability
此项目将不定期从棱角社区对外进行公布一些最新漏洞。