twoday's repositories
Rogue-jndi-1.2
增加自定义gadget触发客户端代码执行 绕过高版本JDK远程加载限制
threaten-wxpush
获取威胁情报数据,并实时推送到微信
sec-java-sdk
JAVA安全SDK
JavaMemShell
记录总结Java内存马的类型和相关代码示例
Some-PoC-oR-ExP
各种漏洞poc、Exp的收集或编写
checkiplocal
用于快速查询IP归属地的小型工具
CVE-2022-39197
CobaltStrike <= 4.7.1 RCE
cve2022-26134exp
cve2022-26134
Ghostcat-CNVD-2020-10487
Ghostcat read file/code execute,CNVD-2020-10487(CVE-2020-1938)
hakrawler
Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application
JavaThings
Share Things Related to Java - Java安全漫谈笔记相关内容
javaweb-sec
攻击Java Web应用-[Java Web安全]
Ladon
大型内网渗透扫描器&Cobalt Strike,Ladon6.6内置74个模块,包含信息收集/存活主机/IP扫描/端口扫描/服务识别/网络资产/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010、SMBGhost、Weblogic、ActiveMQ、Tomcat、Struts2系列,密码口令爆破(Mysql、Oracle、MSSQL)、FTP、SSH(Linux)、VNC、Windows(IPC、WMI、SMB、LDAP、SmbHash、WmiHash、Winrm),远程执行命令(wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem,Poc/Exploit,支持Cobalt Strike 3.X-4.0
N-DecodeAllUnicode
Burpsuite插件:自动解码Burpsuite中被Unicode编码的内容
nginx_log_check
Nginx日志安全分析脚本
php-webshell
PHP各种一句话收集
PowerSploit
PowerSploit - A PowerShell Post-Exploitation Framework
Spring4Shell-POC
Dockerized Spring4Shell (CVE-2022-22965) PoC application and exploit
SpringBootVulExploit
SpringBoot 相关漏洞学习资料,利用方法和技巧合集,黑盒安全评估 check list
SpringShell
Spring4Shell - Spring Core RCE - CVE-2022-22965
Struts2-Scan
Struts2全漏洞扫描利用工具
threaten_flask_vue
爬取外部威胁漏洞情报数据做展示并做微信推送,可自己加爬威胁漏洞情报源,前后端分离,前端vue,后台使用py3-flask
vulhub
Pre-Built Vulnerable Environments Based on Docker-Compose
weui
A UI library by WeChat official design team, includes the most useful widgets/modules in mobile web applications.