chen1sheng's repositories
2021_Hvv
2021 hw
2021hvv_vul
2021hvv漏洞汇总
bylibrary
白阁文库是白泽Sec安全团队维护的一个漏洞POC和EXP公开项目
CVE-2021-1675
Impacket implementation of CVE-2021-1675
dnscat2-powershell
A Powershell client for dnscat2, an encrypted DNS command and control tool.
gitlab_RCE
RCE for old gitlab version <= 11.4.7 & 12.4.0-12.8.1 and LFI for old gitlab versions 10.4 - 12.8.1
Intranet_Penetration_Tips
2018年初整理的一些内网渗透TIPS,后面更新的慢,所以公开出来希望跟小伙伴们一起更新维护~
JNDI-Inject-Exploit
解决FastJson、Jackson、Log4j2、原生JNDI注入漏洞的高版本JDKBypass利用,探测本地可用反序列化gadget达到命令执行、回显命令执行、内存马注入
MemoryShellLearn
分享几个直接可用的内存马,记录一下学习过程中看过的文章
passive-scan-client
Burp被动扫描流量转发插件
PeiQi-WIKI-POC
鹿不在侧,鲸不予游🐋
PocList
Alibaba-Nacos-Unauthorized/ApacheDruid-RCE_CVE-2021-25646/MS-Exchange-SSRF-CVE-2021-26885/Oracle-WebLogic-CVE-2021-2109_RCE/RG-CNVD-2021-14536/RJ-SSL-VPN-UltraVires/Redis-Unauthorized-RCE/TDOA-V11.7-GetOnlineCookie/VMware-vCenter-GetAnyFile/yongyou-GRP-U8-XXE/Oracle-WebLogic-CVE-2020-14883/Oracle-WebLogic-CVE-2020-14882/Apache-Solr-GetAnyFile/F5-BIG-IP-CVE-2021-22986/Sonicwall-SSL-VPN-RCE/GitLab-Graphql-CNVD-2021-14193/D-Link-DCS-CVE-2020-25078/WLAN-AP-WEA453e-RCE/360TianQing-Unauthorized/360TianQing-SQLinjection/FanWeiOA-V8-SQLinjection/QiZhiBaoLeiJi-AnyUserLogin/QiAnXin-WangKangFirewall-RCE/金山-V8-终端安全系统/NCCloud-SQLinjection/ShowDoc-RCE
RemoteObjectInvocationHandler
bypass JEP290 RaspHook code
RouteVulScan
Burpsuite - Route Vulnerable Scanning 递归式被动检测脆弱路径的burp插件
Vulnerability
此项目将不定期从棱角社区对外进行公布一些最新漏洞。
weaverOA_sql_injection
泛微OA某版本的SQL注入漏洞
webshell
This is a webshell open source project
webshell-venom
免杀webshell无限生成工具
wxappUnpacker
wxml被“编译“后”压缩“一下多好!😀
ysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.