Beast code in Giters

orzchen's starred repositories

docker container escape check || Docker 容器逃逸检测

Language:ShellMIT53800

reflex

🕸️ Web apps in pure Python 🐍

Language:PythonApache-2.01942400

windows-api-function-cheatsheets

A reference of Windows API function calls, including functions for file operations, process management, memory management, thread management, dynamic-link library (DLL) management, synchronization, interprocess communication, Unicode string manipulation, error handling, Winsock networking operations, and registry operations.

82900

Docker-TCP-Scan

旨在以攻促防，针对Docker TCP socket的开源利用工具

Language:PythonGPL-3.032500

fastapi

FastAPI framework, high performance, easy to learn, fast to code, ready for production

Language:PythonMIT7603000

pocsuite3

Language:Python10400

RCE-labs

【Hello-CTF labs】一个想帮你收集所有RCE技巧的靶场。

Language:HackApache-2.012600

woodpecker-framework-release

高危漏洞精准检测与深度利用框架

134900

ysoserial-for-woodpecker

给woodpecker框架量身定制的ysoserial

Language:Java50900

readme-typing-svg

⚡ Dynamically generated, customizable SVG that gives the appearance of typing and deleting text for use on your profile page, repositories, or website.

Language:PHPMIT558400

dotnet-deserialization

dotnet 反序列化学习笔记

42900

JavaRce

Common Exploitation Techniques for Java RCE Vulnerabilities in Real-World Scenarios | 实战场景较通用的 Java Rce 相关漏洞的利用方式

Language:Java45300

learnjavabug

Java安全相关的漏洞和技术demo，原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security Manager绕过、Dubbo-Hessian2安全加固等等实践代码。

Language:JavaMIT258900

JSP-WebShells

Collect JSP webshell of various implementation methods. 收集JSP Webshell的各种姿势

Language:Java135100

javassist

Java bytecode engineering toolkit

Language:JavaNOASSERTION409900

corretto-8

Amazon Corretto 8 is a no-cost, multi-platform, production-ready distribution of OpenJDK 8

Language:JavaGPL-2.0211000

undetected-chromedriver

Custom Selenium Chromedriver | Zero-Config | Passes ALL bot mitigation systems (like Distil / Imperva/ Datadadome / CloudFlare IUAM)

Language:PythonGPL-3.0966700

winlog

一款基于go的windows信息收集工具，主要收集目标机器rdp端口、mstsc远程连接记录、mstsc密码和安全事件中4624、4625登录事件记录

Language:Go28300

CTF-Java-Gadget

CTF-Java-Gadget专注于收集CTF中Java赛题的反序列化片段

Language:Java18100

Sec-Interview-4-2023

一个2023届毕业生在毕业前持续更新、收集的安全岗面试题及面试经验分享~

240500

FindEverything

内网渗透过程中搜寻指定文件内容，从而找到突破口的一个小工具

Language:PythonMIT24800

SocialEngineeringPayloads

This is a collection of social engineering tricks and payloads being used for credential theft and spear phishing attacks.

Language:CSS33100

MDUT-Extend-Release

MDUT-Extend(扩展版本)

51300

dirsearch_bypass403

目录扫描+JS文件中提取URL和子域+403状态绕过+指纹识别

Language:Python70600

Supershell

Supershell C2 远控平台，基于反向SSH隧道获取完全交互式Shell

MIT144600

KillWxapkg

自动化反编译微信小程序，小程序安全评估工具，发现小程序安全问题，自动解密，解包，可还原工程目录，支持Hook，小程序修改

Language:GoMIT328200

CVE-2024-38077

RDL的堆溢出导致的RCE

Language:Python19600

ast-hook-for-js-RE

浏览器内存漫游解决方案（探索中...）

Language:JavaScriptNOASSERTION151200

GoDhijacking

Red team tool designed for quickly identifying hijackable programs, evading antivirus software, and EDR (Endpoint Detection and Response) systems. 红队工具旨在快速识别可劫持程序、逃避防病毒软件和 EDR（端点检测和响应）系统。

5600

orzchen