枫少's repositories
2022-HW-POC
2022 护网行动 POC 整理
btpanel-v7.7.0
宝塔v7.7.0官方原版备份
CVE-2021-4034
PoC for PwnKit: Local Privilege Escalation Vulnerability in polkit’s pkexec (CVE-2021-4034)
CVE-2022-0847
CVE-2022-0847-DirtyPipe-Exploit CVE-2022-0847 是存在于 Linux内核 5.8 及之后版本中的本地提权漏洞。攻击者通过利用此漏洞,可覆盖重写任意可读文件中的数据,从而可将普通权限的用户提升到特权 root。 CVE-2022-0847 的漏洞原理类似于 CVE-2016-5195 脏牛漏洞(Dirty Cow),但它更容易被利用。漏洞作者将此漏洞命名为“Dirty Pipe”
cve-2022-44268
Payload generator and extractor for CVE-2022-44268 written in Python.
dex2jar
Tools to work with android .dex and java .class files
ffuf
Fast web fuzzer written in Go
FindSomething
基于chrome、firefox插件的被动式信息泄漏检测工具
FRIDA-DEXDump
Fast search and dump dex on memory.
fscan
一款内网综合扫描工具,方便一键自动化、全方位漏扫扫描。
HackPHP
《深入理解PHP代码审计》
hooker
🔥🔥hooker是一个基于frida实现的逆向工具包。为逆向开发人员提供统一化的脚本包管理方式、通杀脚本、自动化生成hook脚本、内存漫游探测activity和service、firda版JustTrustMe、disable ssl pinning
java-sec-code
Java web common vulnerabilities and security code which is base on springboot and spring security
jd-gui
A standalone Java Decompiler GUI
JNDIScan
无须借助dnslog且完全无害的JNDI反连检测工具,解析RMI和LDAP协议实现,可用于甲方内网自查
LSPosed
LSPosed Framework
Magisk
The Magic Mask for Android
magisk-files
Magisk File Host
MYExploit
OAExploit一款基于产品的一键扫描工具。
sam-the-admin
Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user
Sec-Interview-4-2023
一个2023届毕业生在毕业前持续更新、收集的安全岗面试题及面试经验分享~
SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
shiro_attack
shiro反序列化漏洞综合利用,包含(回显执行命令/注入内存马)
ShuiZe_0x727
信息收集自动化工具
v2rayN
A GUI client for Windows, support Xray core and v2fly core and others
v2rayNG
A V2Ray client for Android, support Xray core and v2fly core
wxappUnpacker
Wechat App(微信小程序,.wxapkg)解包及相关文件(.wxss,.json,.wxs,.wxml)还原工具