kuron3k0's repositories
CVE-2022-34265
CVE-2022-34265 Vulnerability
extractor-java
CodeQL extractor for java, which don't need to compile java source
K8s-Mind-Map
K8S安全攻防思维导图 | Docker安全攻防思维导图
degoogle_hunter
Simple fork from degoogle original project with bug hunting purposes
verifyemail
Python在线验证邮箱真实性,支持批量验证
myJNDIExploit
对原版https://github.com/feihong-cs/JNDIExploit 进行了实用化修改
momo-code-sec-inspector-java
IDEA静态代码安全审计及漏洞一键修复插件
nuclei-templates
Community curated list of template files for the nuclei engine to find security vulnerability and fingerprinting the targets.
bounty-targets
This project crawls bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) hourly and dumps them into the bounty-targets-data repo
CVE-2022-21882
win32k LPE
ShortPayload
如何将Java反序列化Payload极致缩小
java_memshell
java各中间件的内存马、回显研究
reflector
Burp plugin able to find reflected XSS on page in real-time while browsing on site
EgGateWayGetShell
锐捷EG易网关批量GetShell / Code By:Tas9er
JNDIExploit
A malicious LDAP server for JNDI injection attacks
ARL
ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产,构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产,发现存在的薄弱点和攻击面。
SQLEXP
SQL 注入利用工具,存在waf的情况下自定义编写tamper脚本 dump数据
SRCScanner
资产发现、子域名枚举、C段扫描、资产变更监测、端口变更监测、域名解析变更监测、Awvs扫描、POC检测、web指纹探测、端口指纹探测、CDN探测、操作系统指纹探测、泛解析探测、WAF探测、敏感信息检测等等
Pentest-Notes
📖《内网安全攻防-渗透测试实战指南》
gitGraber
gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...
JNDI-Injection-Bypass
Some payloads of JNDI Injection in JDK 1.8.0_191+
bayonet
bayonet是一款src资产管理系统,从子域名、端口服务、漏洞、爬虫等一体化的资产管理系统
Sublist3r
Fast subdomains enumeration tool for penetration testers