Panda's repositories
JavaCodeAudit
Getting started with java code auditing 代码审计入门的小项目
logbackRceDemo
The project is a simple vulnerability Demo environment written by SpringBoot. Here, I deliberately wrote a vulnerability environment where there are arbitrary file uploads, and then use the `scan` attribute in the loghack configuration file to cooperate with the logback vulnerability to implement RCE.
ThymeleafSSTIBypass
Thymeleaf SSTI Bypass
AllAboutBugBounty
All about bug bounty (bypasses, payloads, and etc)
CVE-2020-14882
CVE-2020-14882/14883/14750
CVE-2021-2394
POC of CVE-2021-2394
DNSlog-GO
DNSLog-GO 是一款golang编写的监控 DNS 解析记录的工具,自带WEB界面
ExpDemo-JavaFX
图形化漏洞利用Demo-JavaFX版
exphub
Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本,最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340
HslCommunication
A very popular industrial Internet of Things communication plug-in. Using this dll can be very convenient, stable, and fast to obtain data from PLC equipment of multiple brands, and also supports redis, mqtt, websocket, etc., which can let your data on the network Free transmission, reducing enterprise development costs.
java-memshell-scanner
通过jsp脚本扫描java web Filter/Servlet型内存马
JavaVulnSummary
Java漏洞分析汇合
jd-gui
A standalone Java Decompiler GUI
JDumpSpider
HeapDump敏感信息提取工具
JNDI-Injection-Exploit
JNDI注入测试工具(A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc)
Markdown-XSS-Payloads
XSS payloads for exploiting Markdown syntax
mybatis-3
MyBatis SQL mapper framework for Java
MYExploit
OAExploit一款基于产品的一键扫描工具。
notebook-public
网上笔记文件/图床
poc_exploits
🕳️ Proof of Concept exploits and their descriptions for various products
router-router
Java web路由内存分析工具
ScanShiro
一个批量扫描shiro漏洞的工具,支持AES/CMG
Some-PoC-oR-ExP
各种漏洞poc、Exp的收集或编写
su18-ysoserial
此项目为su18大佬的仓库镜像,如有问题可发issuse删库
Tools
Tools
WeChatTweak-CLI
A command line utility to work with WeChatTweak-macOS - WeChatTweak 命令行工具
ysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.