forlin

CVE-2018-2628

CVE-2018-2628

xss_html_dom

HTML DOM事件对象下的XSS

CVE-2018-8174_EXP

CVE-2018-8174_python

burpExtender

burp的漏洞检测插件扩展

CNVD-C-2019-48814

WebLogic wls9-async反序列化远程命令执行漏洞

CVE-2018-14729

Discuz backend getshell

CVE-2018-3191

CVE-2018-3191 payload generator

CVE-2018-9206

A Python PoC for CVE-2018-9206

CVE-2019-11581

Atlassian JIRA Template injection vulnerability RCE

CVEScript

easyXssPayload

XssPayload List . Usage:

EventCleaner

A tool mainly to erase specified records from Windows event logs, with additional functionalities.

fuzzDicts

Web Pentesting Fuzz 字典,一个就够了。

HTTPHeadModifer

一款快速修改HTTP数据包头的Burp Suite插件

insight

洞察-宜信集应用系统资产管理、漏洞全生命周期管理、安全知识库管理三位一体的平台。

Intranet_Penetration_Tips

2018年初整理的一些内网渗透TIPS，后面更新的慢，所以公开出来希望跟小伙伴们一起更新维护~

K8tools

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/Exploit/APT/0day/Shellcode/Payload/priviledge/OverFlow/WebShell/PenTest)

laravel-poc-CVE-2018-15133

PoC for CVE-2018-15133 (Laravel unserialize vulnerability)

LaZagne

Credentials recovery project

lxhToolHTTPDecrypt

HTTPDecrypt

NodeJS-Red-Team-Cheat-Sheet

NodeJS Red-Team Cheat Sheet

pentest

渗透测试用到的东东

Project

rdpy

Remote Desktop Protocol in Twisted Python

redis-rogue-getshell

利用redis 4.x/5.x master/slave 模式getshell

SecLists

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

sh00t

Security Testing is not as simple as right click > Scan. It's messy, a tough game. What if you had missed to test just that one thing and had to regret later? Sh00t is a highly customizable, intelligent platform that understands the life of bug hunters and emphasizes on manual security testing.

SSRFmap

Automatic SSRF fuzzer and exploitation tool

vulhub

Docker-Compose file for vulnerability environment

zimbra_poc

Zimbra XXE+SSRF+UPLOAD Poc