juneman's repositories
hetty
An HTTP toolkit for security research.
draw-graph
IDEA插件:生成 方法调用图 和 Maven依赖图
my-re0-k8s-security
:atom: [WIP] 整理过去的分享,从零开始的Kubernetes攻防 🧐
pinduoduo_backdoor
拼多多apk内嵌提权代码,及动态下发dex分析
scalpel
scalpel是一款命令行漏洞扫描工具,支持深度参数注入,拥有一个强大的数据解析和变异算法,可以将常见的数据格式(json, xml, form等)解析为树结构,然后根据poc中的规则,对树进行变异,包括对叶子节点和树结构 的变异。变异完成之后,将树结构还原为原始的数据格式。 原理:https://mp.weixin.qq.com/s/U_llBwC05vb84U9wb8NZog
How-To-Ask-Questions-The-Smart-Way
本文原文由知名 Hacker Eric S. Raymond 所撰寫,教你如何正確的提出技術問題並獲得你滿意的答案。
CVE-2023-21839
Weblogic CVE-2023-21839 RCE (无需Java依赖一键RCE)
tabby
A CAT called tabby ( Code Analysis Tool )
ysomap
A helpful Java Deserialization exploit framework.
yakit
Cyber Security ALL-IN-ONE Platform
appshark
Appshark is a static taint analysis platform to scan vulnerabilities in an Android app.
super-xray
Web漏洞扫描工具XRAY的GUI启动器 (Web Vulnerability Scanner GUI Starter)
jar-analyzer
一个用于分析Jar包的GUI工具,可以用多种方式搜索你想要的信息,自动构建方法调用关系,支持分析Spring框架(A Java GUI Tool for Analyzing Jar)
SSTImap
Automatic SSTI detection tool with interactive interface
CyberChef
The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis
xss-payload-list
🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
excalidraw
Virtual whiteboard for sketching hand-drawn like diagrams
PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
xray
一款完善的安全评估工具,支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档
code-inspector
JavaWeb漏洞审计工具,构建方法调用链并模拟栈帧进行分析
gixy
Nginx configuration static analyzer
crawlergo
A powerful browser crawler for web vulnerability scanners
freeinternals
Free Tools to View Internals of Binary File
ReDoSHunter
ReDoSHunter: A Combined Static and Dynamic Approach for Regular Expression DoS Detection
jsonhero-web
JSON Hero is an open-source, beautiful JSON explorer for the web that lets you browse, search and navigate your JSON files at speed. 🚀
rogue_mysql_server
A rouge mysql server supports reading files from most mysql libraries of multiple programming languages.
ysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.