Mochazz

rathole

A lightweight and high-performance reverse proxy for NAT traversal, written in Rust. An alternative to frp and ngrok.

Yasso

强大的内网渗透辅助工具集-让Yasso像风一样 支持rdp，ssh，redis，postgres，mongodb，mssql，mysql，winrm等服务爆破，快速的端口扫描，强大的web指纹识别，各种内置服务的一键利用（包括ssh完全交互式登陆，mssql提权，redis一键利用，mysql数据库查询，winrm横向利用，多种服务利用支持socks5代理执行）

Mloger

安全测试平台

mojarragadget

cfr

This is the public repository for the CFR Java decompiler

CVE-2021-2456

CVE-2021-2456

CVE-2021-39115

Template Injection in Email Templates leads to code execution on Jira Service Management Server

solr-injection

Apache Solr Injection Research

nuclei-templates

Community curated list of templates for the nuclei engine to find security vulnerabilities.

RCE-0-day-for-GhostScript-9.50

RCE 0-day for GhostScript 9.50 - Payload generator

macos-virtualbox

Push-button installer of macOS Catalina, Mojave, and High Sierra guests in Virtualbox on x86 CPUs for Windows, Linux, and macOS

deobfuscator

The real deal

pocassist

傻瓜式漏洞PoC测试框架

fastjson-blacklist

WMCTF2020-WriteUp

WMCTF2020-WriteUp

exploits

Some of my public exploits

enphp

a Open Source PHP Code Confusion + Encryption Project

desharialize

SRC-experience

工欲善其事，必先利其器

spring-boot-actuator-h2-rce

Sample Spring Boot App Demonstrating RCE via Exposed env Actuator and H2 Database

CVE-2020-5398

CVE-2020-5398 - RFD(Reflected File Download) Attack for Spring MVC

chainoffools

A PoC for CVE-2020-0601

fastadmin

基于 ThinkPHP5 和 Bootstrap 的极速后台开发框架，一键生成 CRUD，自动生成控制器、模型、视图、JS、语言包、菜单、回收站。

mt_rand-reverse

Script to recover mt_rand()'s seed with only two outputs and without any bruteforce.

CVE-2019-10758

django_cve_2019_19844_poc

PoC for CVE-2019-19844(https://www.djangoproject.com/weblog/2019/dec/18/security-releases/)

wordpress-dos-poc

WordPress <= 5.3.? DoS

wooyun-payload

从wooyun中提取的payload，以及burp插件

Rogue-MySql-Server

Rogue MySql Server

PHP-Antimalware-Scanner

AMWScan (PHP Antimalware Scanner) is a free tool to scan php files and analyze your project to find any malicious code inside it.