$root: Whoami's repositories
FastJson-JdbcRowSetImpl-RCE
JNDI加载RMIServer,对FastJson的反序列化攻击,附漏洞环境 & 利用Exp。护网杯CTF比赛原型题目“easy_web”。
big-list-of-naughty-strings
The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.
android_vuln_poc-exp
This project contains pocs and exploits for android vulneribilities
assemblytutorials
This project was put together to teach myself NASM assembly language on linux.
awesome-burp-extensions
A curated list of amazingly awesome Burp Extensions
awesome-static-analysis
Static analysis tools for all programming languages
burp-wildcard
Burp extension intended to compact Burp extension tabs by hijacking them to own tab.
burpbuddy
burpbuddy exposes Burp Suites's extender API over the network through various mediums, with the goal of enabling development in any language without the restrictions of the JVM
Code-Audit-Challenges
Code-Audit-Challenges
CS-Notes
:books: Computer Science Learning Notes
CTF-Writeups
Sharing is caring. CTF challenge writeups
Danger-zone
Correlate data between domains, IPs and email addresses, present it as a graph and store everything into Elasticsearch and JSON files.
fuzzdata
Fuzzing resources for feeding various fuzzers with input. 🔧
Github-Hunter
This tool is for sensitive information searching on Github.
Gopherus
This tool generates gopher link for exploiting SSRF and gaining RCE in various servers
MobileApp-Pentest-Cheatsheet
The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.
NullCTF
A Discord bot that provides ctf tools for collaboration in Discord servers!
on-pwning
My solutions to some CTF challenges and a list of interesting resources about pwning stuff
OSCP-Archives
An archive of everything related to OSCP
puppeteer
Headless Chrome Node API
reddit-py-challenges
Solution for reddit for python challenges.
shelling
SHELLING - a comprehensive OS command injection payload generator
ssrf-playground
A playground to practice SSRF Attacks against web apps
Summit_PPT
各种安全大会PPT PDF
Tips
:hammer_and_pick: Useful tips by OTA CTF members :hammer_and_pick:
tldr
:books: Simplified and community-driven man pages
upload-fuzz-dic-builder
上传漏洞fuzz字典生成脚本
uxss-db
🔪Browser logic-based vulnerabilities DB :skull_and_crossbones:
vmware-exploitation
A bunch of links related to VMware escape exploits
zen-rails-security-checklist
Checklist of security precautions for Ruby on Rails applications.