idaking's repositories
2021_Hvv
2021 hw
ATTCK-PenTester-Book
ATTCK-PenTester-Book
Awesome-CobaltStrike
cobaltstrike的相关资源汇总 / List of Awesome CobaltStrike Resources
can-i-take-over-xyz
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
Cas_Exploit
CAS反序列化漏洞利用工具
CNVD-2020-10487-Tomcat-Ajp-lfi
Tomcat-Ajp协议文件读取漏洞
CNVD-2020-10487-Tomcat-Ajp-lfi-Scanner
CNVD-2020-10487/CVE-2020-1938,批量扫描工具
CyberSecurityRSS
CyberSecurityRSS: 优秀的网络安全知识来源 / A collection of cybersecurity rss to make you better!
Github-Monitor
Github Sensitive Information Leakage Monitor(Github信息泄漏监控系统)
HackBrowserData
Decrypt passwords/cookies/history/bookmarks from the browser. 一款可全平台运行的浏览器数据导出解密工具。
Intranet_Penetration_Tips
2018年初整理的一些内网渗透TIPS,后面更新的慢,所以公开出来希望跟小伙伴们一起更新维护~
JavaLearnVulnerability
Java漏洞学习笔记 Deserialization Vulnerability
JNDIExploit
一款用于JNDI注入利用的工具,大量参考/引用了Rogue JNDI项目的代码,支持直接植入内存shell,并集成了常见的bypass 高版本JDK的方式,适用于与自动化工具配合使用。
LangSrcCurise
SRC子域名资产监控
Pentest-and-Development-Tips
A collection of pentest and development tips
Pentest101
每周分享一些关于渗透测试的知识点
PocList
Alibaba-Nacos-Unauthorized/ApacheDruid-RCE_CVE-2021-25646/MS-Exchange-SSRF-CVE-2021-26885/Oracle-WebLogic-CVE-2021-2109_RCE/RG-CNVD-2021-14536/RJ-SSL-VPN-UltraVires/Redis-Unauthorized-RCE/TDOA-V11.7-GetOnlineCookie/VMware-vCenter-GetAnyFile/yongyou-GRP-U8-XXE/Oracle-WebLogic-CVE-2020-14883/Oracle-WebLogic-CVE-2020-14882/Apache-Solr-GetAnyFile/F5-BIG-IP-CVE-2021-22986/Sonicwall-SSL-VPN-RCE/GitLab-Graphql-CNVD-2021-14193/D-Link-DCS-CVE-2020-25078/WLAN-AP-WEA453e-RCE/360TianQing-Unauthorized/360TianQing-SQLinjection/FanWeiOA-V8-SQLinjection/QiZhiBaoLeiJi-AnyUserLogin/QiAnXin-WangKangFirewall-RCE
proxyshell
Proof of Concept for CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207
ProxyVulns
[ProxyLogon] CVE-2021-26855 & CVE-2021-27065 Fixed RawIdentity Bug Exploit. [ProxyOracle] CVE-2021-31195 & CVE-2021-31196 Exploit Chains. [ProxyShell] CVE-2021-34473 & CVE-2021-34523 & CVE-2021-31207 Exploit Chains.
RedTeam
RedTeam资料收集整理
spring-boot-upload-file-lead-to-rce-tricks
spring boot Fat Jar 应用文件上传漏洞到 RCE 的利用技巧
SpringBootVulExploit
SpringBoot 相关漏洞学习资料,利用方法和技巧合集,黑盒安全评估 checklist
SuperWordlist
基于实战沉淀下的各种弱口令字典
top10webseclist
Top Ten Web Hacking Techniques List
vulhub
Pre-Built Vulnerable Environments Based on Docker-Compose
Web-Fuzzing-Box
Web Fuzzing Box - Web 模糊测试字典与一些Payloads,主要包含:弱口令暴力破解、目录以及文件枚举、Web漏洞...字典运用于实战案例:https://gh0st.cn/archives/2019-11-11/1
WeblogicEnvironment
Weblogic环境搭建工具
xray-crack
xray社区高级版证书生成,支持到 1.2.0 版本
ZhouYu
(周瑜)Java - SpringBoot 持久化 WebShell 学习demo(不仅仅是SpringBoot,适合任何符合JavaEE规范的服务)