rootsecurity

rootsecurity's starred repositories

traefik

The Cloud Native Application Proxy

Language:GoMIT51262 673 6039

apollo

Apollo is a reliable configuration management system suitable for microservice configuration management scenarios.

Language:JavaApache-2.029161 1255 3265

fastjson

FASTJSON 2.0.x has been released, faster and more secure, recommend you upgrade.

Language:JavaApache-2.025752 1290 3630

FastGPT is a knowledge-based platform built on the LLMs, offers a comprehensive suite of out-of-the-box capabilities such as data processing, RAG retrieval, and visual AI workflow orchestration, letting you easily develop and deploy complex question-answering systems without the need for extensive setup or configuration.

Language:TypeScriptNOASSERTION18049 117 1975

dex2jar

Tools to work with android .dex and java .class files

Language:JavaApache-2.012333 442 583

CMAK

CMAK is a tool for managing Apache Kafka clusters

Language:ScalaApache-2.011833 531 688

metersphere

MeterSphere 是新一代的开源持续测试工具，让软件测试工作更简单、更高效，不再成为持续交付的瓶颈。

Language:JavaGPL-3.011648 187 10019

sonarqube

Continuous Inspection

Language:JavaLGPL-3.09090 3290

jmeter

Apache JMeter open-source load testing tool for analyzing and measuring the performance of a variety of services

Language:JavaApache-2.08396 319 5325

Archery

SQL 审核查询平台

Language:PythonApache-2.06081 126 1606

linux-kernel-exploits

linux-kernel-exploits Linux平台提权漏洞集合

Language:CMIT5285 287 4

Biny

Biny is a tiny, high-performance PHP framework for web applications

Language:PHPBSD-3-Clause1687 99 119

Fastjson

Fastjson姿势技巧集合

1635 17 5

DongTai

Dongtai IAST is an open-source Interactive Application Security Testing (IAST) tool that enables real-time detection of common vulnerabilities in Java applications and third-party components through passive instrumentation. It is particularly suitable for use in the testing phase of the development pipeline.

Language:PythonApache-2.01244 12 343

Hosts_scan

这是一个用于IP和域名碰撞匹配访问的小工具，旨意用来匹配出渗透过程中需要绑定hosts才能访问的弱主机或内部系统。

Language:Python1129 10 3

NextScan

飞刃是一套完整的企业级黑盒漏洞扫描系统，集成漏洞扫描、漏洞管理、扫描资产、爬虫等服务。拥有强大的漏洞检测引擎和丰富的插件库，覆盖多种漏洞类型和应用程序框架。

Language:JavaScript1128 19 46

ScopeSentry

ScopeSentry-网络空间测绘、子域名枚举、端口扫描、敏感信息发现、漏洞扫描、分布式节点

Language:Python747 12 79

DongTai-agent-java

Java Agent is a Java application probe of DongTai IAST, which collects method invocation data during runtime of Java application by dynamic hooks.

Language:JavaApache-2.0682 22 118

nuclei_poc

Nuclei POC，每日更新 | 自动整合全网Nuclei的漏洞POC，实时同步更新最新POC，保存已被删除的POC。通过批量克隆Github项目，获取Nuclei POC，并将POC按类别分类存放，使用Github Action实现（已有11wPOC，已校验有效性并去重）

Language:PythonCC0-1.0662 142 3

blazehttp

BlazeHTTP 是一款简单易用的 WAF 防护效果测试工具。BlazeHTTP stands as a user-friendly WAF protection efficacy evaluation tool.

Language:GoGPL-3.0662 9 13

Hyacinth

一款java漏洞集合工具

603 6 6

cube

内网渗透测试工具，弱密码爆破、信息收集和漏洞扫描

Language:Go593 12 3

Komo

🚀Komo, a comprehensive asset collection and vulnerability scanning tool. Komo 一个综合资产收集和漏洞扫描工具，集成了20余款工具，通过多种方式对子域进行获取，收集域名邮箱，进行存活探测，域名指纹识别，域名反查ip，ip端口扫描，web服务链接爬取并发送给xray，对web服务进行POC漏洞扫描，对主机进行主机漏洞扫描。

Language:Python518 14 23

lc

LC（List Cloud）是一个多云攻击面资产梳理工具

Language:GoMIT494 6 1

fscan-POC

强化fscan的漏扫POC库

460 13 9

info_scan

自动化漏洞扫描系统，一键完成相关漏洞扫描和信息收集、资产处理、IP基础信息探测，系统采用B/S架构，系统分为源码安装和配置好环境的虚拟机，项目会持续更新，欢迎在Issues中提交需求，如果对您有所帮助，欢迎留下宝贵的star！！！

Language:Python185 4 9

CVE-2023-25157

CVE-2023-25157 - GeoServer SQL Injection - PoC

Language:Python163 2 3

2023_Hvv

80 70

CVE-2024-37032

Path traversal in Ollama with rogue registry server

Language:PythonMIT20 10

IIS_exploit

Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016.

Language:Python400