fairyming's repositories
CVE-2020-8840
CVE-2020-8840:FasterXML/jackson-databind 远程代码执行漏洞
CVE-2020-9548
CVE-2020-9548:FasterXML/jackson-databind 远程代码执行漏洞
CVE-2020-9547
CVE-2020-9547:FasterXML/jackson-databind 远程代码执行漏洞
CVE-2019-17564
CVE-2019-17564:Apache Dubbo反序列化漏洞
fastjson_vul
fastjson漏洞学习
nofile_webshell
无文件webshell
CVE-2020-0796-LPE-POC
CVE-2020-0796 Local Privilege Escalation POC
CVE-2020-1472
PoC for Zerologon - all research credits go to Tom Tervoort of Secura
Fastjson-1.2.62-RCE
Fastjson <=1.2.62 远程代码执行漏洞
APTSimulator
A toolset to make a system look as if it was the victim of an APT attack
awesome-books
:books: 开发者推荐阅读的书籍
browser_pwn
browser pwn, main work now
ctf-wiki
Come and join us, we need you!
Dictionary-Of-Pentesting
Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。
Digital-Privacy
一个关于数字隐私搜集、保护、清理集一体的方案,外加开源信息收集(OSINT)对抗
javasec
自己学习java安全的一些总结,主要是安全审计相关
JNDIExploit-1
一款用于JNDI注入利用的工具,大量参考/引用了Rogue JNDI项目的代码,支持直接植入内存shell,并集成了常见的bypass 高版本JDK的方式,适用于与自动化工具配合使用。
JSP-Webshells
Collect JSP webshell of various implementation methods. 收集JSP Webshell的各种姿势
MemShellDemo
内存马Demo合集 memshell demo for java / php / python
nuclei-templates
Community curated list of templates for the nuclei engine to find security vulnerabilities.
OA-tongda-RCE
Office Anywhere网络智能办公系统
PoC-in-GitHub
🚀PoC auto collect from GitHub.
PowerSploit
PowerSploit - A PowerShell Post-Exploitation Framework
Tentacle
Tentacle is a POC vulnerability verification and exploit framework. It supports free extension of exploits and uses POC scripts. It supports calls to zoomeye, fofa, shodan and other APIs to perform bulk vulnerability verification for multiple targets.
Threathunting-book
Threat hunting Web Windows AD linux ATT&CK TTPs
weblogic_exploit
weblogic漏洞利用工具