hahaheihei's repositories
0day
各种CMS、各种平台、各种系统、各种软件漏洞的EXP、POC ,该项目将持续更新
0day-1
各种CMS、各种平台、各种系统、各种软件漏洞的EXP、POC 该项目将不断更新
2021hvv_vul
2021hvv漏洞汇总
backend-init
一个 go后端的模板框架,有很多重复性的初始化代码。从这里开始,只需要专心写业务逻辑。
bypass_disablefunc_via_LD_PRELOAD
bypass disable_functions via LD_PRELOA (no need /usr/sbin/sendmail)
CNVD-2020-10487-Tomcat-Ajp-lfi
Tomcat-Ajp协议文件读取漏洞
CNVD-2020-10487-Tomcat-Ajp-lfi-Scanner
CNVD-2020-10487/CVE-2020-1938,批量扫描工具
exphub
Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本,最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340
exploits
Pwn stuff.
fuzzdb
Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
GitLab-11.4.7-RCE
POC for GitLabs Authenticated RCE in version 11.4.7 community edition
jexboss
JexBoss: Jboss (and Java Deserialization Vulnerabilities) verify and EXploitation Tool
linux-exploit-suggester
Linux privilege escalation auditing tool
OSCPRepo
A list of commands, scripts, resources, and more that I have gathered and attempted to consolidate for use as OSCP (and more) study material. Commands in 'Usefulcommands' Keepnote. Bookmarks and reading material in 'BookmarkList' CherryTree. Reconscan Py2 and Py3. Custom ISO building.
PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
POC-CVE-2018-10933
LibSSH Authentication Bypass Exploit using RCE
PocList
Alibaba-Nacos-Unauthorized/ApacheDruid-RCE_CVE-2021-25646/MS-Exchange-SSRF-CVE-2021-26885/Oracle-WebLogic-CVE-2021-2109_RCE/RG-CNVD-2021-14536/RJ-SSL-VPN-UltraVires/Redis-Unauthorized-RCE/TDOA-V11.7-GetOnlineCookie/VMware-vCenter-GetAnyFile/yongyou-GRP-U8-XXE/Oracle-WebLogic-CVE-2020-14883/Oracle-WebLogic-CVE-2020-14882/Apache-Solr-GetAnyFile/F5-BIG-IP-CVE-2021-22986/Sonicwall-SSL-VPN-RCE/GitLab-Graphql-CNVD-2021-14193/D-Link-DCS-CVE-2020-25078/WLAN-AP-WEA453e-RCE/360TianQing-Unauthorized/360TianQing-SQLinjection/FanWeiOA-V8-SQLinjection/QiZhiBaoLeiJi-AnyUserLogin/QiAnXin-WangKangFirewall-RCE/金山-V8-终端安全系统/NCCloud-SQLinjection/ShowDoc-RCE
RedTeaming-Tactics-and-Techniques
Red Teaming Tactics and Techniques
sec-chart
安全思维导图集合
SpringBootVulExploit
SpringBoot 相关漏洞学习资料,利用方法和技巧合集,黑盒安全评估 check list
Sublist3r
Fast subdomains enumeration tool for penetration testers
webshell
This is a webshell open source project
webshell-detect-bypass
绕过专业工具检测的Webshell研究文章和免杀的Webshell
xssplatform
一个经典的XSS渗透管理平台