jweny

pocassist

傻瓜式漏洞PoC测试框架

MemShellDemo

内存马Demo合集 memshell demo for java / php / python

shiro-cve-2020-17523

shiro-cve-2020-17523 漏洞的两种绕过姿势分析 以及配套的漏洞环境

CVE-2022-23131

cve-2022-23131 exp

check_jsonp_based_on_ast

基于AST的JSONP劫持漏洞自动化挖掘

pocassistdb

database of pocassist（漏洞库）

pocassistweb

web ui of pocassist

Distributed_Docker_Openvas

基于Docker集群的分布式Openvas(GVM)。本项目包括：GVM-Docker镜像，Openvas-Scanner-Docker镜像，GVM远程调度(golang)。

Awesome-Security-Books

一个搬运工项目，分享一点点之前看过的文档/结构图/思维导图/ppt/电子书

gosqlmap

golang 实现 sqlmap

HTTP-Request-Smuggling-Checker

A tool to quickly check HTTP-Request-Smuggling, written by python3

log4j-vul-env

log4j tomcat web漏洞环境

cve-2022-22980

CVE-2022-22980 exp && 靶场

threat-intelligence

capsule8

Capsule8: open-source cloud-native behavioral security monitoring

CDK

CDK is an open-sourced container penetration toolkit, offering stable exploitation in different slimmed containers without any OS dependency. It comes with useful net-tools and many powerful PoCs/EXPs helps you to escape container and takeover K8s cluster easily.

crawlergo

A powerful browser crawler for web vulnerability scanners

DongTai-agent-java

“火线～洞态IAST”是一款专为甲方安全人员、代码审计工程师和0 Day漏洞挖掘人员量身打造的辅助工具，可用于集成devops环境进行漏洞检测、作为代码审计的辅助工具和自动化挖掘0 Day。

jweny

jweny.github.io

一个小博客

PetitPotato

Local privilege escalation via PetitPotam

xray

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

CobaltStrike

CobaltStrike's source code

goysoserial

go-ysoserial

PayloadsAllTheThings

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

PoC-in-GitHub

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

reapoc

OpenSource Poc && Vulnerable-Target Storage Box.

screenshot-to-code

Drop in a screenshot and convert it to clean code (HTML/Tailwind/React/Vue)

vulhub

Pre-Built Vulnerable Environments Based on Docker-Compose

ysoserial

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.