0x153's starred repositories
spring-boot-upload-file-lead-to-rce-tricks
spring boot Fat Jar 任意写文件漏洞到稳定 RCE 利用技巧
SpringBootVulExploit
SpringBoot 相关漏洞学习资料,利用方法和技巧合集,黑盒安全评估 check list
BurpCrypto
BurpCrypto is a collection of burpsuite encryption plug-ins, support AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite). 支持多种加密算法或直接执行JS代码的用于爆破前端加密的BurpSuite插件
auth_analyzer
Burp Extension for testing authorization issues. Automated request repeating and parameter value extraction on the fly.
DongTai
Dongtai IAST is an open-source Interactive Application Security Testing (IAST) tool that enables real-time detection of common vulnerabilities in Java applications and third-party components through passive instrumentation. It is particularly suitable for use in the testing phase of the development pipeline.
openrasp-iast
IAST 灰盒扫描工具
HackReport
渗透测试报告/资料文档/渗透经验文档/安全书籍
Java-Deserialization-Cheat-Sheet
The cheat sheet about Java Deserialization vulnerabilities
ShiroExploit-Deprecated
Shiro550/Shiro721 一键化利用工具,支持多种回显方式
domain_hunter_pro
domain_hunter的高级版本,SRC挖洞、HW打点之必备!自动化资产收集;快速Title获取;外部工具联动;等等
AES-Killer
Burp Plugin to decrypt AES encrypted traffic on the fly
source-code-hunter
😱 从源码层面,剖析挖掘互联网行业主流技术的底层实现原理,为广大开发者 “提升技术深度” 提供便利。目前开放 Spring 全家桶,Mybatis、Netty、Dubbo 框架,及 Redis、Tomcat 中间件等
CTF-All-In-One
CTF竞赛权威指南
openrasp-testcases
OpenRASP 漏洞测试环境
java-sec-code
Java web common vulnerabilities and security code which is base on springboot and spring security
Packer-Fuzzer
Packer Fuzzer is a fast and efficient scanner for security detection of websites constructed by javascript module bundler such as Webpack.
spring-boot-examples
about learning Spring Boot via examples. Spring Boot 教程、技术栈示例代码,快速简单上手教程。
MysqlMonitor
Mysql 语句执行记录监控