令狐冲's repositories
api_wordlist
A wordlist of API names for web application assessments
BehinderClientSource
冰蝎客户端源码-3.0-BETA7源码并且修复“虚拟终端”无法输入命令。
browser_pwn
browser pwn, main work now
BurpBountyProfiles
BurpBounty插件的配置文件收集项目
Computer-Science-Glossary
aka CSG, English -> Chinese
Content-Bruteforcing-Wordlist
Wordlist for content(directory) bruteforce discovering with Burp or dirsearch
cve-2020-1472
cve-2020-1472 复现利用及其exp
CVE-2020-16947
PoC of CVE-2020-16947 (Microsoft Outlook RCE vulnerablility)
dictionaries
Misc dictionaries for directory/file enumeration, username enumeration, password dictionary/bruteforce attacks
exphub
Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本,最新添加CVE-2020-5902、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340
FART
ART环境下自动化脱壳方案
janusec
Janusec Application Gateway, Provides Fast and Secure Application Delivery. JANUSEC应用网关,提供快速、安全的应用交付。
Neo-reGeorg
Neo-reGeorg is a project that seeks to aggressively refactor reGeorg
Platypus
:hammer: A modern multiple reverse shell sessions manager written in go
poc_and_exp
搜集的或者自己写的poc或者exp
security-research
This project hosts security advisories and their accompanying proof-of-concepts related to research conducted at Google which impact non-Google owned code.
shiro-exploit
Shiro反序列化利用工具,支持新版本(AES-GCM)Shiro的key爆破,配合ysoserial,生成回显Payload
ShiroScan
Shiro<=1.2.4反序列化,一键检测工具
Spring-Boot-Actuator-Exploit
Spring Boot Actuator (jolokia) XXE/RCE
spring-boot-upload-file-lead-to-rce-tricks
spring boot Fat Jar 任意写文件漏洞到稳定 RCE 利用技巧
SpringBootVulExploit
SpringBoot 相关漏洞学习资料,利用方法和技巧合集,黑盒安全评估 check list
ss-tproxy
搭建 SS/SSR/V2Ray/Socks5 透明代理环境的简陋脚本
Web-Fuzzing-Box
Web Fuzzing Box - Web 模糊测试字典与一些Payloads,主要包含:弱口令暴力破解、目录以及文件枚举、Web漏洞...字典运用于实战案例:https://gh0st.cn/archives/2019-11-11/1
WebAliveScan
对目标域名进行快速的存活扫描、简单的指纹识别、目录扫描
WeblogicScan
Weblogic一键漏洞检测工具,V1.5,更新时间:20200730