miner67

0day

各种CMS、各种平台、各种系统、各种软件漏洞的EXP、POC 该项目将不断更新

Aggressor-VYSEC

angr-doc

Documentation for the angr suite

Audit-Learning

记录自己对《代码审计》的理解和总结，对危险函数的深入分析以及在p牛的博客和代码审计圈的收获

awd_auto_attack_framework

AWD 自动化攻击框架

awvs_script_decode

解密好的AWVS10.5 data/script/目录下的脚本

china_ip_list

CVE-2018-1111

Environment for DynoRoot (CVE-2018-1111)

CVE-2018-8120

CVE-2018-8120 Windows LPE exploit

EtherTokens

created by miner67

FuckJsonp-RCE-CVE-2022-26809-SQL-XSS-FuckJsonp

警惕 一种针对红队的新型溯源手段!

fuzzDicts

Web Pentesting Fuzz 字典,一个就够了。

how2heap

A repository for learning various heap exploitation techniques.

IIS_exploit

Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016.

Intranet_Penetration_Tips

2018年初整理的一些内网渗透TIPS，后面更新的慢，所以公开出来希望跟小伙伴们一起更新维护~

IntruderPayloads

A collection of Burpsuite Intruder payloads, fuzz lists and file uploads

Java-Deserialization-Cheat-Sheet

The cheat sheet about Java Deserialization vulnerabilities

metasploit-framework

Metasploit Framework

Micro8

pentest

渗透测试用到的东东

PoC

Proofs-of-concept

SRCHunter

SRCHunter一款基于python的开源扫描器

trackerslist

Updated list of public BitTorrent trackers

TrojanSourceFinder

🔎 Help find Trojan Source vulnerability in code 👀 . Useful for code review in project with multiple collaborators (CI/CD)

webdav_exploit

An exploit for Microsoft IIS 6.0 CVE-2017-7269

WeblogicScan

增强版WeblogicScan、检测结果更精确、插件化、添加CVE-2019-2618，CVE-2019-2729检测，Python3支持

webshell

This is a webshell open source project

webshell-find-tools

分析web访问日志以及web目录文件属性，用于根据查找可疑后门文件的相关脚本。

wongoose_lib

wongoose网络库

ydxred_tools

一些实用的小工具