cckuailong

vulbase

各大漏洞文库合集

py2sec

:snake: py2sec is a Cross-Platform, Fast and Flexible tool to change the .py to .so(Linux and Mac) or .pyd(Win).

HackChrome

:snowman: Get the User:Password from Chrome(include version < 80 and version > 80)

YarnRpcRCE

InformationGather

SRC Assets Information Gather Website(SRC资产信息聚合网站)

PocCollect

Poc Collected for study and develop

Log4j_CVE-2021-45046

Log4j 2.15.0 Privilege Escalation -- CVE-2021-45046

log4shell_1.x

log4j 1.x RCE Poc -- CVE-2021-4104

Log4j_dos_CVE-2021-45105

Log4j_dos_CVE-2021-45105

nginx_vultarget

awesome-ml-for-cybersecurity-books

PDF books for awesome-ml-for-cybersecurity-books

KerGaNs

Various GANs with Keras (With diginmon generator as example)

log4j_RCE_CVE-2021-44832

CVE-2021-2471

Offensive-Resources

A Huge Learning Resources with Labs For Offensive Security Players

vultarget_web

apereo-cas-docker

apereo cas docker-compose (can customize cas version)

clonehub

clone all images(with all tags) on dockerhub to your own dockerhub repo

Hyuga

Hyuga 是一个用来记录DNS查询和HTTP请求的监控工具。

Learning

好文章收集整理

gunicorn_request_smuggling

gunicorn 20.0.4 request smuggling

cckuailong

cckuailongTalk

gittalk

expbox

Vulnerability Exploitation Code Collection Repository

git-lfs-RCE-exploit-CVE-2020-27955

Git-lfs RCE exploit CVE-2020-27955 - tested on Windows on: git, gh cli, GitHub Desktop, Visual Studio, SourceTree etc.

joystick

Joystick is a tool that gives you the ability to transform the ATT&CK Evaluations data into concise views that brings forward the nuances in the results.

Log4jAttackSurface

logbackRceDemo

The project is a simple vulnerability Demo environment written by SpringBoot. Here, I deliberately wrote a vulnerability environment where there are arbitrary file uploads, and then use the `scan` attribute in the loghack configuration file to cooperate with the logback vulnerability to implement RCE.

MoAn_Honey_Pot_Urls

X安蜜罐用的一些存在JSonp劫持的API

xray

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档