XiaOkuoAi

followers

following

stars

老公's starred repositories

nuclei-templates

Community curated list of templates for the nuclei engine to find security vulnerabilities.

Language:JavaScriptMIT8352 194 1425

Recaf

The modern Java bytecode editor

Language:JavaMIT5734 164 549

lamda

⚡️ Android reverse engineering & automation framework | 史上最强安卓抓包/逆向/HOOK & 云手机/远程桌面/自动化取证框架，你的工作从未如此简单快捷。

Language:Python5635 58 85

SharpWxDump

微信客户端取证，可获取用户个人信息(昵称/账号/手机/邮箱/数据库密钥(用来解密聊天记录))；支持获取多用户信息，不定期更新新版本偏移，目前支持所有新版本、正式版本

Language:C#4030 37 64

bbot

A recursive internet scanner for hackers.

Language:PythonGPL-3.03969 33 690

CSAPP-Labs

Solutions and Notes for Labs of Computer Systems: A Programmer's Perspective 3rd Editon // 《深入理解计算机系统》第三版的实验文件、解答与笔记

Language:C2356 29 8

JavaSec

a rep for documenting my study, may be from 0 to 0.1

Language:JavaApache-2.01713 27 3

murphysec

An open source tool focused on software supply chain security. 墨菲安全专注于软件供应链安全，具备专业的软件成分分析（SCA）、漏洞检测、专业漏洞库。

Language:GoApache-2.01601 24 41

Fastjson

Fastjson姿势技巧集合

wsMemShell

WebSocket 内存马/Webshell，一种新型内存马/WebShell技术

Language:Java1377 22 16

VcenterKiller

一款针对Vcenter的综合利用工具，包含目前最主流的CVE-2021-21972、CVE-2021-21985以及CVE-2021-22005、One Access的CVE-2022-22954、CVE-2022-22972/31656以及log4j，提供一键上传webshell，命令执行或者上传公钥使用SSH免密连接

Language:GoApache-2.01271 14 13

tabby

A CAT called tabby ( Code Analysis Tool )

Language:JavaApache-2.01226 22 62

deershare

小鹿快传，一款在线P2P文件传输工具，使用WebSocket + WebRTC技术

Language:JavaScriptMIT1118 13 24

gadgetinspector

A byte code analyzer for finding deserialization gadget chains in Java applications

Language:JavaMIT960 26 6

alicloud-tools

阿里云ECS、策略组辅助小工具

Language:GoApache-2.0795 13 6

fastjson-blacklist

Language:Java781 30 6

tsh

Tiny SHell is an open-source UNIX backdoor.

Language:C635 20 1

EasyPen

EasyPen is a GUI program which helps pentesters do target discovery, vulnerability scan and exploitation

Language:JavaScript600 16 6

JNDIEXP

JDNI在java高版本的利用工具,FUZZ利用链

Language:Java480 2 3

gradejs

GradeJS analyzes production Webpack bundles without having access to the source code of a website. Instantly see vulnerabilities, outdated packages, and more just by entering a web application URL.

Language:TypeScriptMIT405 6 5

CVE-2022-26134-Godzilla-MEMSHELL

Language:Java327 7 2

PHP-binary-bugs

PHP binary bugs advisory

Language:Python177 80

poc-cve-2021-4034

PoC for CVE-2021-4034 dubbed pwnkit

Language:GoMIT112 40

fastjson-exp

fastjson利用，支持tomcat、spring回显，哥斯拉内存马；回显利用链为dhcp、ibatis、c3p0。

FastjsonVulns

[fastjson 1.2.80] CVE-2022-25845 aspectj fileread & groovy remote classload

Language:Java90 1 1

CVE-2021-4034-NoGCC

CVE-2021-4034简单优化，以应对没有安装gcc和make的目标环境

Language:C75 30

postwoman

👽 A free, fast and beautiful API request builder (web alternative to Postman) https://postwoman.io

Language:VueMIT73 10

BytecodeScreen

Language:Java51 1 2

pseudo-protocals-digger

system pseudo protocals digger for windows -- Windows 系统下的伪协议查看工具

Language:Python1100

cpp_disassembly_code

C++反汇编与逆向分析技术揭秘源码

Language:Max5 10