aaaaaaa-ops's repositories
JNDIExploit-1
一款用于JNDI注入利用的工具,大量参考/引用了Rogue JNDI项目的代码,支持直接植入内存shell,并集成了常见的bypass 高版本JDK的方式,适用于与自动化工具配合使用。
ClassHound
利用任意文件下载漏洞循环下载反编译 Class 文件获得网站 Java 源代码
codeql-jdk-docker
Unofficial Dockerfile and scripts for building CodeQL databases for the OpenJDK
fingerprint
各种工具指纹收集分享
gadgetinspector-1
利用链、漏洞检测工具
Gadgets
Java反序列化漏洞利用链补全计划,仅用于个人归纳总结。
gosint
Gosint is a distributed asset information collection and vulnerability scanning platform
Holmes
Website FingerPrint Recognition
Java-Shellcode-Loader
基于Java实现的Shellcode加载器
JNDIScan
无须借助dnslog且完全无害的JNDI反连检测工具,解析RMI和LDAP协议实现,可用于甲方内网自查
linglong
一款甲方资产巡航扫描系统。系统定位是发现资产,进行端口爆破。帮助企业更快发现弱口令问题。主要功能包括: 资产探测、端口爆破、定时任务、管理后台识别、报表展示
metarget
Metarget is a framework providing automatic constructions of vulnerable infrastructures.
MySQL_Fake_Server
MySQL Fake Server use to help MySQL Client File Reading and JDBC Client Java Deserialize
nuclei-templates
Community curated list of templates for the nuclei engine to find security vulnerabilities.
Packer-Fuzzer
Packer Fuzzer is a fast and efficient scanner for security detection of websites constructed by javascript module bundler such as Webpack.
pyvmomi-community-samples
A place for community contributed samples for the pyVmomi library.
QingScan
一个漏洞扫描器粘合剂;支持 web扫描、系统扫描、子域名收集、目录扫描、主机扫描、主机发现、组件识别、URL爬虫、XRAY扫描、AWVS自动扫描、POC批量验证,SSH批量测试、vulmap。
shiro_attack
shiro反序列化漏洞综合利用,包含(回显执行命令/注入内存马)
spring-boot
Spring Boot
tabby
A CAT called tabby ( Code Analysis Tool )
ThinkPHPLogScan
tp日志泄露扫描工具
vcenter_saml_login
A tool to extract the IdP cert from vCenter backups and log in as Administrator
w5
Security Orchestration, Automation and Response (SOAR) Platform. 安全编排与自动化响应平台,无需编写代码的安全自动化,使用 SOAR 可以让团队工作更加高效
webogram
Telegram web application, GPL v3
xmap
XMap is a fast network scanner designed for performing Internet-wide IPv6 & IPv4 network research scanning.
yakit
yak gRPC Client GUI - 集成化单兵工具平台
ysomap
A helpful Java Deserialization exploit framework based on ysoserial