keven1z

weblogic_memshell

适用于weblogic和Tomcat的无文件的内存马(memshell)

DHook

DHook是一个支持动态debug，动态修改java程序的web应用.

XXEDemo

收集了java XXE漏洞的demo及修复方式

cify

web信息收集的集成工具，包含： 1.备案信息 2.cms 3.端口 4.waf 5.CDN

CVE-2021-22205

CVE-2021-22205 检测脚本,支持getshell和命令执行

xssing

Xssing is a simple semantic analysis based on the location of the vulnerability, to determine the existence of the vulnerability, and use chromium to verify that xss is existed.

CVE-2022-26134

远程攻击者在Confluence未经身份验证的情况下，可构造OGNL表达式进行注入，实现在Confluence Server或Data Center上执行任意代码,在现有脚本上修改了poc，方便getshell。

redTeamGadget

该工具基于django的一个web应用，主要集合一些常见的RCE poc，方便在模拟攻击中使用这些poc完成攻击。

simpleIAST

simpleIAST- 基于污点追踪的灰盒漏洞扫描工具。

CodeQLScanner

集成CodeQL生成数据库，分析数据库的能力，更方便的使用CodeQL扫描代码

ProtectAgent

一个JAVA agent来防止XXE、s2-032等攻击

SolrfilereadPOC

Apache Solr 任意文件下载/SSRF POC

ant-application-security-testing-benchmark

xAST评价体系，让安全工具不再“黑盒”. The xAST evaluation benchmark makes security tools no longer a "black box".

CheatSheetSeries

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

collection-document

Collection of quality safety articles

headless-chrome-crawler

Distributed crawler powered by Headless Chrome

metasploit-framework

Metasploit Framework

pic

rhino

Rhino is an open-source implementation of JavaScript written entirely in Java

vulhub

Pre-Built Vulnerable Environments Based on Docker-Compose

webshell

This is a webshell open source project

wydomain

to discover subdomains of your target domain