keven1z's repositories
weblogic_memshell
适用于weblogic和Tomcat的无文件的内存马(memshell)
CVE-2021-22205
CVE-2021-22205 检测脚本,支持getshell和命令执行
CVE-2022-26134
远程攻击者在Confluence未经身份验证的情况下,可构造OGNL表达式进行注入,实现在Confluence Server或Data Center上执行任意代码,在现有脚本上修改了poc,方便getshell。
redTeamGadget
该工具基于django的一个web应用,主要集合一些常见的RCE poc,方便在模拟攻击中使用这些poc完成攻击。
CodeQLScanner
集成CodeQL生成数据库,分析数据库的能力,更方便的使用CodeQL扫描代码
simpleIAST
simpleIAST- 基于污点追踪的交互式应用检测工具。
ProtectAgent
一个JAVA agent来防止XXE、s2-032等攻击
SolrfilereadPOC
Apache Solr 任意文件下载/SSRF POC
ant-application-security-testing-benchmark
xAST评价体系,让安全工具不再“黑盒”. The xAST evaluation benchmark makes security tools no longer a "black box".
CheatSheetSeries
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
collection-document
Collection of quality safety articles
headless-chrome-crawler
Distributed crawler powered by Headless Chrome
metasploit-framework
Metasploit Framework
rhino
Rhino is an open-source implementation of JavaScript written entirely in Java
vulhub
Pre-Built Vulnerable Environments Based on Docker-Compose
webshell
This is a webshell open source project
wydomain
to discover subdomains of your target domain