vanirxxx's repositories
java-sec-code
Java web common vulnerabilities and security code which is base on springboot and spring security
awesome-aws-security
Curated list of links, references, books videos, tutorials (Free or Paid), Exploit, CTFs, Hacking Practices etc. which are related to AWS Security
Awesome-Bugbounty-Writeups
A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference
Awesome-Red-Teaming
List of Awesome Red Teaming Resources
Awesome-web3-Security
A curated list of web3Security materials and resources For Pentesters and Bug Hunters.
burpsuite-pro-installation
😁 BurpSuite Pro Auto Installation Script For Linux And Windows! 👍
Challenges_2022_Public
Files + Writeups for DownUnderCTF 2022 Challenges
client-side-prototype-pollution
Prototype Pollution and useful Script Gadgets
exploits
Pwn stuff.
gadgetinspector
A byte code analyzer for finding deserialization gadget chains in Java applications
go
The Go programming language
idol-ctf-challenges
a repository of all the CTF challenges I've made for public events
Java-Deserialization-Cheat-Sheet
The cheat sheet about Java Deserialization vulnerabilities
JavaSec
a rep for documenting my study, may be from 0 to 0.1
MemoryShellLearn
分享几个直接可用的内存马,记录一下学习过程中看过的文章
OSCE-Complete-Guide
OSWE, OSEP, OSED
Pickora
A toy compiler that can convert Python scripts 🐍 to pickle bytecode 🥒
pker
Automatically converts Python source code to Pickle opcode
PoC-in-GitHub
📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
PowerSploit
PowerSploit - A PowerShell Post-Exploitation Framework
SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
unzipper
Small class to extract + compress .zip, .gz, .rar archives via browser.
uri-schemes-wordlist
Wordlist used while bruteforcing/fuzzing schemes in XXE,SSRF, LFI, etc.
vulhub
Pre-Built Vulnerable Environments Based on Docker-Compose
Web-CTF-Cheatsheet
Web CTF CheatSheet 🐈
webshell
This is a webshell open source project
weevely3
Weaponized web shell
ysomap
A helpful Java Deserialization exploit framework.
ysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.