Tj1ngwe1's starred repositories
ShiroAttack2
shiro反序列化漏洞综合利用,包含(回显执行命令/注入内存马)修复原版中NoCC的问题 https://github.com/j1anFen/shiro_attack
webshell-detect-bypass
绕过专业工具检测的Webshell研究文章和免杀的Webshell
BountyHunterInChina
重生之我在安全行业讨口子系列,分享在安全行业讨口子过程中,SRC、项目实战的有趣案例
shellcode-bypass-go
go语言免杀shellcode
turbo-intruder
Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
CVE-2019-1458
CVE-2019-1458 Windows LPE Exploit
TongDaOA-Fake-User
通达OA 任意用户登录漏洞
Tiny-PHP-Webshell
several list of simple and obfuscate PHP shell
ParamSpider
Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing
jsql-injection
jSQL Injection is a Java application for automatic SQL database injection.
Antivirus_R3_bypass_demo
分别用R3的0day与R0的0day来干掉杀毒软件
IntruderPayloads
A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.
pentest-tools
A collection of custom security tools for quick needs.
Resources-for-Beginner-Bug-Bounty-Hunters
A list of resources for those interested in getting started in bug bounties
AwesomeXSS
Awesome XSS stuff
XSS-LOADER
Xss Payload Generator ~ Xss Scanner ~ Xss Dork Finder
filterbypass
Browser's XSS Filter Bypass Cheat Sheet
Ladon
Ladon大型内网渗透工具,可PowerShell模块化、可CS插件化、可内存加载,无文件扫描。含端口扫描、服务识别、网络资产探测、密码审计、高危漏洞检测、漏洞利用、密码读取以及一键GetShell,支持批量A段/B段/C段以及跨网段扫描,支持URL、主机、域名列表扫描等。Ladon 12.2内置262个功能,网络资产探测模块32个通过多种协议(ICMP\NBT\DNS\MAC\SMB\WMI\SSH\HTTP\HTTPS\Exchange\mssql\FTP\RDP)以及方法快速获取目标网络存活主机IP、计算机名、工作组、共享资源、网卡地址、操作系统版本、网站、子域名、中间件、开放服务、路由器、交换机、数据库、打印机等信息,高危漏洞检测16个含MS17010、Zimbra、Exchange
weblogicScanner
weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力:CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551、CVE-2020-14750、CVE-2020-14882、CVE-2020-14883