khanhhnahk1

PHPSerialize-labs

【Hello CTF】PHPSerialize-labs是一个使用php语言编写的，用于学习CTF中PHP反序列化的入门靶场。旨在帮助大家对PHP的序列化和反序列化有一个全面的了解。

awesome-nodejs-security

Awesome Node.js Security resources

web-fuzz-wordlists

Common Web Managers Fuzz Wordlists

SpringBootVulExploit

SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 check list

ysoserial

ysoserial 图形化，探测 gadget，命令执行，注入哥斯拉冰蝎内存马，加载字节码等

JS2PDFInjector

Inject a JS file into a PDF file.

ctf-archives

CTF Archives: Collection of CTF Challenges.

CVE-2020-28032_PoC

PoC for CVE-2020-28032 (It's just a POP chain in WordPress < 5.5.2 for exploiting PHP Object Injection)

CVE-2024-34102

POC for CVE-2024-34102 : Unauthenticated Magento XXE and bypassing WAF , You will get http connection on ur webhook

PayloadsAllThePDFs

PDF Files for Pentesting

yaml-payload

A tiny project for generating SnakeYAML deserialization payloads

CVE-2022-22978-PoC

PoC of CVE-2022-22978 vulnerability in Spring Security framework

google-dorks

Useful Google Dorks for WebSecurity and Bug Bounty

Bug-Bounty-Wordlists

ScopeSentry

ScopeSentry-网络空间测绘、子域名枚举、端口扫描、敏感信息发现、漏洞扫描、分布式节点

ffuf

Fast web fuzzer written in Go

actuator-testbed

A vulnerable application exposing Spring Boot Actuators

pdfjs-vuln-demo

This project is intended to serve as a proof of concept to demonstrate exploiting the vulnerability in the PDF.js (pdfjs-dist) library reported in CVE-2024-4367

ReverseShell-Java

Generating payloads to reverse shell in different contexts of java.

SpringBoot-ImprookCare

Research and Develop Restful APIs for a Health Consultation And Management System (Spring Boot).

POP-CHAIN-LAB1

laravel-poc-CVE-2018-15133

PoC for CVE-2018-15133 (Laravel unserialize vulnerability)

CVE-2024-4577

POC & $BASH script for CVE-2024-4577

LearnJavaMemshellFromZero

【三万字原创】完全零基础从0到1掌握Java内存马，公众号：追梦信安

dirsearch

Web path scanner

JSFinder

JSFinder is a tool for quickly extracting URLs and subdomains from JS files on a website.

CVE-2024-32113

Apache OFBIZ Path traversal leading to RCE POC[CVE-2024-32113 & CVE-2024-36104]

aws-enumerator

The AWS Enumerator was created for service enumeration and info dumping for investigations of penetration testers during Black-Box testing. The tool is intended to speed up the process of Cloud review in case the security researcher compromised AWS Account Credentials.

java-echo-generator

一款支持高度自定义的 Java 回显载荷生成工具｜A highly customizable Java echo payload generation tool.

laravel_cookie_killer