willsonch's repositories
AttackWebFrameworkTools
本软件首先集成危害性较大前台rce(无需登录,或者登录绕过执行rce)。反序列化(利用链简单)。上传getshell。sql注入等高危漏洞直接就可以拿权限出数据。其次对一些构造复杂exp漏洞进行检测。傻瓜式导入url即可实现批量测试,能一键getshell检测绝不sql注入或者不是只检测。其中thinkphp 集成所有rce Exp Struts2漏洞集成了shack2 和k8 漏洞利用工具所有Exp并对他们的exp进行优化和修复此工具的所集成漏洞全部是基于平时实战中所得到的经验从而写入到工具里。例如:通达oA一键getshell实战测试 struts2一键getshell 等等
Citrix-ADC-RCE-CVE-2020-8193
Citrix ADC从权限绕过到RCE
coprhd-controller
read-only mirror - look at info below
cpp-httplib
A C++ header-only HTTP/HTTPS server and client library
cpp-netlib
The C++ Network Library Project -- header-only, cross-platform, standards compliant networking library.
CVE-2020-17144-EXP
Exchange2010 authorized RCE
CVE-2021-21972
Proof of Concept Exploit for vCenter CVE-2021-21972
CVE-2021-21973
CVE-2021-21972 Exploit
CVE-2022-2333
SXF VPN RCE
Fastjson
Fastjson姿势技巧集合
Goby-POC
来源于网络收集的Goby&POC,实时更新。
http_proxy_server
Multithreaded HTTP Server & Proxy Server with Python3
JNDI-Exploit-Kit
JNDI-Exploitation-Kit(A modified version of the great JNDI-Injection-Exploit created by @welk1n. This tool can be used to start an HTTP Server, RMI Server and LDAP Server to exploit java web apps vulnerable to JNDI Injection)
LandrayExploit
蓝凌OA漏洞利用工具
libsmb2
SMB2/3 userspace client
Makefile_templet
My Makefile for Linux, application & driver
Middleware-Vulnerability-detection
CVE、CMS、中间件漏洞检测利用合集 Since 2019-9-15
proxy.py
⚡ Fast • 🪶 Lightweight • 0️⃣ Dependency • 🔌 Pluggable • 😈 TLS interception • 🔒 DNS-over-HTTPS • 🔥 Poor Man's VPN • ⏪ Reverse & ⏩ Forward • 👮🏿 "Proxy Server" framework • 🌐 "Web Server" framework • ➵ ➶ ➷ ➠ "PubSub" framework • 👷 "Work" acceptor & executor framework
redteam_vul
红队作战中比较常遇到的一些重点系统漏洞整理。
Shiro_721_Padding_Oracle_RCE
Shiro_721 exp 纯手工实现Padding Oracle整个过程
uri
cpp-netlib URI
webshell
This is a webshell open source project
winrmdll
C++ WinRM API via Reflective DLL
ysoserial.net
Deserialization payload generator for a variety of .NET formatters