Giters
arongmh

arongmh

Geek Repo

8

followers

13

following

94

stars

Github PK Tool:Github PK Tool

arongmh's repositories

APT_CyberCriminal_Campagin_Collections

APT & CyberCriminal Campaign Collection

Stargazers:0Issues:0Issues:0

AssetScan

资产探测工具,检测存活,检测风险端口,常规端口,全端口探测等等,对探测的端口的脆弱面进行安全分析进行

Stargazers:0Issues:0Issues:0

Bug-Project-Framework

漏洞利用框架模块分享仓库

Stargazers:0Issues:0Issues:0

CNVD-2020-10487-Tomcat-Ajp-lfi

Tomcat-Ajp协议文件读取漏洞

Stargazers:0Issues:0Issues:0

CodeQL

《深入理解CodeQL》Finding vulnerabilities with CodeQL.

Stargazers:0Issues:0Issues:0

CVE-2019-3396

Confluence 未授权 RCE (CVE-2019-3396) 漏洞

Stargazers:0Issues:0Issues:0

CVE-2020-1938

CVE-2020-1938

Stargazers:0Issues:0Issues:0

deserizationEcho

反序列化回显测试代码

Stargazers:0Issues:0Issues:0

dtd-finder

List DTDs and generate XXE payloads using those local DTDs.

Stargazers:0Issues:0Issues:0

exphub

Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本,最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340

Stargazers:0Issues:0Issues:0

Fastjson

Fastjson姿势技巧集合

Stargazers:0Issues:0Issues:0

fastjson-blacklist

Stargazers:0Issues:0Issues:0

fuzzDicts

Web Pentesting Fuzz 字典,一个就够了。

Stargazers:0Issues:0Issues:0

gadgetinspector

一个利用ASM对字节码进行污点传播分析的静态代码审计应用(添加了大量代码注释,适合大家进行源码学习)。也加入了挖掘Fastjson反序列化gadget chains和SQLInject(JdbcTemplate、MyBatis、JPA、Hibernate、原生jdbc等)静态检测功能。并且加入了很多功能以方便进行漏洞自动化挖掘。

License:MITStargazers:0Issues:0Issues:0

GScan

本程序旨在为安全应急响应人员对Linux主机排查时提供便利,实现主机侧Checklist的自动全面化检测,根据检测结果自动数据聚合,进行黑客攻击路径溯源。

Stargazers:0Issues:0Issues:0

java-sec-code

Java web common vulnerabilities and security code which is base on springboot and spring security

Stargazers:0Issues:0Issues:0

javasec

自己学习java安全的一些总结,主要是安全审计相关

Stargazers:0Issues:0Issues:0

JDSRC-Small-Classroom

京东SRC小课堂系列文章

Stargazers:0Issues:0Issues:0

JNDI-Injection-Exploit

JNDI注入测试工具(A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc)

Language:JavaLicense:MITStargazers:0Issues:0Issues:0

JWTPyCrack

JWT 弱口令 Key 爆破以及生成 NONE 加密的无 Key 的 JWTString

License:GPL-3.0Stargazers:0Issues:0Issues:0

learnjavabug

Java安全相关的漏洞和技术demo,原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security Manager绕过、Dubbo-Hessian2安全加固等等实践代码。

License:MITStargazers:0Issues:0Issues:0

LinkFinder

A python script that finds endpoints in JavaScript files

License:MITStargazers:0Issues:0Issues:0

Penetration_Testing_POC

渗透测试有关的POC、脚本、提权小工具等,欢迎补充、完善

License:Apache-2.0Stargazers:0Issues:0Issues:0

redis-rce

Redis 4.x/5.x RCE

Stargazers:0Issues:0Issues:0

RedTeamTools

记录自己写的部分工具

Stargazers:0Issues:0Issues:0

SpringBootVulExploit

SpringBoot 相关漏洞学习资料,利用方法和技巧合集,黑盒安全评估 checklist

Stargazers:0Issues:0Issues:0

swagger-hack

自动化爬取并自动测试所有swagger-ui.html显示的接口

Stargazers:0Issues:0Issues:0

WebCrack

网站后台弱口令/万能密码批量检测工具

Stargazers:0Issues:0Issues:0

wooyun-payload

从wooyun中提取的payload,以及burp插件

Language:JavaStargazers:0Issues:1Issues:0

ysoserial_echo

Generates Java Deserialization echo payload in ysoserial(反序列化漏洞回显)

Stargazers:0Issues:0Issues:0