Pio's repositories
Active-Directory-Pentest-Notes
个人域渗透学习笔记
CSRF
Bypass CSRF-XMLRequestWith
FileMonitor
文件变化实时监控工具(代码审计/黑盒/白盒审计辅助工具)
Fortify
源代码漏洞の审计
GScan
本程序旨在为安全应急响应人员对Linux主机排查时提供便利,实现主机侧Checklist的自动全面化检测,根据检测结果自动数据聚合,进行黑客攻击路径溯源。
javaweb-codereview
javaweb-codereview
My-CTF-Web-Challenges
Collection of CTF Web challenges I made
MysqlT
伪造Myslq服务端,并利用Mysql逻辑漏洞来获取客户端的任意文件反击攻击者
PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
reverse-shell
Reverse Shell as a Service
rules
通用的指纹识别规则
SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
tomcat-cluster-session-sync-exp
tomcat使用了自带session同步功能时,不安全的配置(没有使用EncryptInterceptor)导致存在的反序列化漏洞,通过精心构造的数据包, 可以对使用了tomcat自带session同步功能的服务器进行攻击