willsonch's repositories
ysoserial.net
Deserialization payload generator for a variety of .NET formatters
Fastjson
Fastjson姿势技巧集合
cpp-httplib
A C++ header-only HTTP/HTTPS server and client library
libsmb2
SMB2/3 userspace client
proxy.py
⚡ Fast • 🪶 Lightweight • 0️⃣ Dependency • 🔌 Pluggable • 😈 TLS interception • 🔒 DNS-over-HTTPS • 🔥 Poor Man's VPN • ⏪ Reverse & ⏩ Forward • 👮🏿 "Proxy Server" framework • 🌐 "Web Server" framework • ➵ ➶ ➷ ➠ "PubSub" framework • 👷 "Work" acceptor & executor framework
CVE-2022-2333
SXF VPN RCE
JNDI-Exploit-Kit
JNDI-Exploitation-Kit(A modified version of the great JNDI-Injection-Exploit created by @welk1n. This tool can be used to start an HTTP Server, RMI Server and LDAP Server to exploit java web apps vulnerable to JNDI Injection)
winrmdll
C++ WinRM API via Reflective DLL
Goby-POC
来源于网络收集的Goby&POC,实时更新。
LandrayExploit
蓝凌OA漏洞利用工具
redteam_vul
红队作战中比较常遇到的一些重点系统漏洞整理。
CVE-2021-21973
CVE-2021-21972 Exploit
AttackWebFrameworkTools
本软件首先集成危害性较大前台rce(无需登录,或者登录绕过执行rce)。反序列化(利用链简单)。上传getshell。sql注入等高危漏洞直接就可以拿权限出数据。其次对一些构造复杂exp漏洞进行检测。傻瓜式导入url即可实现批量测试,能一键getshell检测绝不sql注入或者不是只检测。其中thinkphp 集成所有rce Exp Struts2漏洞集成了shack2 和k8 漏洞利用工具所有Exp并对他们的exp进行优化和修复此工具的所集成漏洞全部是基于平时实战中所得到的经验从而写入到工具里。例如:通达oA一键getshell实战测试 struts2一键getshell 等等
Middleware-Vulnerability-detection
CVE、CMS、中间件漏洞检测利用合集 Since 2019-9-15
CVE-2021-21972
Proof of Concept Exploit for vCenter CVE-2021-21972
coprhd-controller
read-only mirror - look at info below
webshell
This is a webshell open source project
http_proxy_server
Multithreaded HTTP Server & Proxy Server with Python3
CVE-2020-17144-EXP
Exchange2010 authorized RCE
Makefile_templet
My Makefile for Linux, application & driver
Citrix-ADC-RCE-CVE-2020-8193
Citrix ADC从权限绕过到RCE
cpp-netlib
The C++ Network Library Project -- header-only, cross-platform, standards compliant networking library.
uri
cpp-netlib URI
Shiro_721_Padding_Oracle_RCE
Shiro_721 exp 纯手工实现Padding Oracle整个过程