keven1z's repositories

weblogic_memshell

适用于weblogic和Tomcat的无文件的内存马(memshell)

Language:JavaStargazers:264Issues:5Issues:0

DHook

DHook是一个支持动态debug,动态修改java程序的web应用.

XXEDemo

收集了java XXE漏洞的demo及修复方式

Language:JavaStargazers:17Issues:2Issues:0

CVE-2021-22205

CVE-2021-22205 检测脚本,支持getshell和命令执行

Language:PythonStargazers:13Issues:1Issues:0

cify

web信息收集的集成工具,包含: 1.备案信息 2.cms 3.端口 4.waf 5.CDN

Language:PythonLicense:Apache-2.0Stargazers:12Issues:0Issues:1

xssing

Xssing is a simple semantic analysis based on the location of the vulnerability, to determine the existence of the vulnerability, and use chromium to verify that xss is existed.

Language:PythonStargazers:10Issues:2Issues:0

CVE-2022-26134

远程攻击者在Confluence未经身份验证的情况下,可构造OGNL表达式进行注入,实现在Confluence Server或Data Center上执行任意代码,在现有脚本上修改了poc,方便getshell。

redTeamGadget

该工具基于django的一个web应用,主要集合一些常见的RCE poc,方便在模拟攻击中使用这些poc完成攻击。

Language:PythonLicense:Apache-2.0Stargazers:7Issues:1Issues:0

CodeQLScanner

集成CodeQL生成数据库,分析数据库的能力,更方便的使用CodeQL扫描代码

simpleIAST

simpleIAST- 基于污点追踪的交互式应用检测工具。

Language:JavaLicense:Apache-2.0Stargazers:3Issues:1Issues:2

ProtectAgent

一个JAVA agent来防止XXE、s2-032等攻击

Language:JavaStargazers:1Issues:1Issues:0

SolrfilereadPOC

Apache Solr 任意文件下载/SSRF POC

Language:PythonStargazers:1Issues:1Issues:0

ant-application-security-testing-benchmark

xAST评价体系,让安全工具不再“黑盒”. The xAST evaluation benchmark makes security tools no longer a "black box".

License:Apache-2.0Stargazers:0Issues:0Issues:0

CheatSheetSeries

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

Language:PythonLicense:NOASSERTIONStargazers:0Issues:0Issues:0

collection-document

Collection of quality safety articles

Stargazers:0Issues:0Issues:0

headless-chrome-crawler

Distributed crawler powered by Headless Chrome

Language:JavaScriptLicense:MITStargazers:0Issues:0Issues:0

metasploit-framework

Metasploit Framework

Language:RubyLicense:NOASSERTIONStargazers:0Issues:0Issues:0
Stargazers:0Issues:0Issues:0

rhino

Rhino is an open-source implementation of JavaScript written entirely in Java

Language:C++License:NOASSERTIONStargazers:0Issues:0Issues:0

vulhub

Pre-Built Vulnerable Environments Based on Docker-Compose

Language:ShellLicense:MITStargazers:0Issues:0Issues:0

webshell

This is a webshell open source project

Language:PHPLicense:GPL-3.0Stargazers:0Issues:0Issues:0

wydomain

to discover subdomains of your target domain

Language:PythonStargazers:0Issues:0Issues:0