XiaOkuoAi

webscan

使用Django编写的WEB漏洞扫描框架

Bayonet

Python3版本Poc-T(渗透测试插件化并发框架)

BurpDomain

新一代子域名收集工具 - Subdomain automatic/passive collection tool

Jingdong-fresh

使用php+mysql混编写的京东生鲜基础项目

NetEase-Kola

使用Thinkphp编写的网易考拉项目，喜欢的话不妨下载试试？

pentest

记性差，找不到工具在哪，放一下（附说明）

syst1m.com

这是y4教我的

4-ZERO-3

403/401 Bypass Methods + Bash Automation + Your Support ;)

AwesomeEncoder

AntSword 自定义编(解)码器分享

burp-api-drops

burp插件开发指南

chrome-0day

Chrome-0day-1

chromeNday

chrome rce利用脚本，采用go编写

ChromeRce

2021年4月15日出现的Chrome payload

CNVD-2020-10487-Tomcat-Ajp-lfi

Tomcat-Ajp协议文件读取漏洞

custom-protocol-detection

Detect whether a custom protocol is available in browser (FF, Chrome, IE8, IE9, IE10, IE11, and Edge)

CVE-2019-13720

PoC of CVE

CVE-2020-14645

Weblogic CVE-2020-14645 UniversalExtractor JNDI injection getDatabaseMetaData()

Exploit-Google-Chrome-86.0.4240_V8_RCE

Google Chrome 86.0.4240 V8 - Remote Code Execution

exploits

exploits-1

'>"><img src=x onerror=alert(1) /><b>asd</b>

HackJava

《Java安全-只有Java安全才能拯救宇宙》Only Java Security Can Save The Universe.

Homework-of-Python

Python codes of my blog.

openam-CVE-2021-35464

openam-CVE-2021-35464 tomcat 执行命令回显

SecLists

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

svgxss

SVGXSS-1

This repo contains SVG file which has xss payload in it.

WebLogic-Shiro-shell

WebLogic利用CVE-2020-2883打Shiro rememberMe反序列化漏洞，一键注册蚁剑filter内存shell

webshell

This is a webshell open source project

ysoserial-for-woodpecker

给woodpecker框架量身定制的ysoserial