ianxtianxt

ShiroScan

shiro 1.2.47 反序列化

CVE-2015-7501

（CVE-2015-7501）JBoss JMXInvokerServlet 反序列化漏洞

CVE-2020-7799

ysoserial.net

fastjson-1.2.47-RCE-1

Fastjson <= 1.2.47 远程命令执行漏洞利用工具及方法

PageMyadmin_file_upload_getshell

PageMyadmin文件上传getshell

CVE-2020-2551

Weblogic IIOP CVE-2020-2551

springboot_actuator

actuator_vulnerability

CVE-2019-5096-GoAhead-Web-Server-Dos-Exploit

CVE-2019-5096(UAF in upload handler) exploit cause Denial of Service

D-Link-DIR-859-RCE

D-Link DIR-859 - RCE UnAutenticated (CVE-2019–17621)

FileMonitor

文件变化实时监控工具(代码审计/黑盒/白盒审计辅助工具)

HackBrowserData

Decrypt passwords/cookies/history/bookmarks from the browser. 一款支持全平台的浏览器数据导出工具

phpggc

PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.

AJPy

awesome-industrial-control-system-security

A curated list of resources related to Industrial Control System (ICS) security.

CVE-2019-0230

CVE-2019-0230 & s2-059 poc.

CVE-2020-0796

CVE-2020-0796 - Windows SMBv3 LPE exploit #SMBGhost

CVE-2020-1472

Test tool for CVE-2020-1472

CVE-2020-7471

django 漏洞：CVE-2020-7471 Potential SQL injection via StringAgg(delimiter) 的漏洞环境和 POC

dcpwn

an impacket-dependent script exploiting CVE-2019-1040

hikvision-xor-decrypter

Used for breaking XOR encryption on Hikvision configuration files that have been decrypted using aes-128-ecb

JNDI

JNDI 注入利用工具

knock

Knock Subdomain Scan

SMBGhost_RCE_PoC

springboot-shiro

Stowaway

👻Stowaway -- Multi-hop Proxy Tool for pentesters

subfinder

Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.

vulhub

Pre-Built Vulnerable Environments Based on Docker-Compose

ysoserial

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

zendframework3-