m01e's repositories
cors-jsonp-pocs
用于利用不安全的CORS漏洞和JSONP漏洞Demo程序
jackson-poc-collections
收集jackson-databind的PoC,且包括用于复现的IDEA工程。
fastjson-vulns
A personal project that used to recurrence and debug fastjson vulnerabilities.
learnjavabug
Java安全相关的漏洞和技术demo,原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security Manager绕过、Dubbo-Hessian2安全加固等等实践代码。
ARL_from_Aabyss-Team
ARL官方仓库备份项目:ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产,构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产,发现存在的薄弱点和攻击面。
ClazzSearcher
一款使用Yaml定义搜索规则来搜索Class的工具
cors-jsonp-test
使用Node.js写的测试不安全的CORS和JSONP的示例程序
dsl
DSL engine
fa1c0n-vim
There are my commonly used Vim plugins and .vimrc.
FakeToa
Fake IP sources using Linux's BPF feature
find-sec-bugs
The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
Java-Deserialization-Cheat-Sheet
The cheat sheet about Java Deserialization vulnerabilities
JNDIExploit
A malicious LDAP server for JNDI injection attacks
keyhacks
Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
misc-classes
Some evil classes used to penetration.
NacosRce
Nacos JRaft Hessian 反序列化 RCE 加载字节码 注入内存马 不出网利用
nuclei
Fast and customizable vulnerability scanner based on simple YAML based DSL.
nuclei-burp-plugin
Nuclei plugin for BurpSuite
nuclei-templates
Community curated list of templates for the nuclei engine to find security vulnerabilities.
pocsuite3
pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.
poi-tl
Generate awesome word(docx) with template
revsuit
RevSuit is a flexible and powerful reverse connection platform designed for receiving connection from target host in penetration.
springboot-memshell-test
A memshell injection testing project in Springboot environment.
tabby
A CAT called tabby ( Code Analysis Tool )
vulhub
Pre-Built Vulnerable Environments Based on Docker-Compose
ysomap
A helpful Java Deserialization exploit framework based on ysoserial
ysuserial
ysoserial for su18