yangbh's starred repositories
static-analysis
⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.
LLM4Decompile
Reverse Engineering: Decompiling Binary Code with Large Language Models
Supershell
Supershell C2 远控平台,基于反向SSH隧道获取完全交互式Shell
NacosExploitGUI
Nacos漏洞综合利用GUI工具,集成了默认口令漏洞、SQL注入漏洞、身份认证绕过漏洞、反序列化漏洞的检测及其利用
FastJsonParty
FastJson全版本Docker漏洞环境(涵盖1.2.47/1.2.68/1.2.80等版本),主要包括JNDI注入及高版本绕过、waf绕过、文件读写、原生反序列化、利用链探测绕过、不出网利用等。从黑盒的角度覆盖FastJson深入利用
Z-Godzilla_ekp
哥斯拉webshell管理工具二次开发规避流量检测设备
java-echo-generator
一款支持自定义的 Java 回显载荷生成工具|A customizable Java echo payload generation tool.
CVE-2024-4577
PHP CGI Argument Injection (CVE-2024-4577) Remote Code Execution PoC
WebFrameworkTools-5.1-main
本软件首先集成危害性较大框架和部分主流cms的rce(无需登录,或者登录绕过执行rce)和反序列化(利用链简单)。傻瓜式导入url即可实现批量getshell。批量自动化测试。例如:Thinkphp,Struts2,weblogic。出现的最新漏洞进行实时跟踪并且更新例如:log4jRCE,向日葵 禅道RCE 瑞友天翼应用虚拟化系统sql注入导致RCE大华智慧园区上传,金蝶云星空漏洞等等.
Deserial_Sink_With_JDBC
Some ReadObject Sink With JDBC
CTF-Java-Gadget
CTF-Java-Gadget专注于收集CTF中Java赛题的反序列化片段
CodeQL-Community-Packs
Collection of community-driven CodeQL query, library and extension packs
pypi_malregistry
The repository has collected about 6000 malicious pypi packages. This dataset is the work of the ASE 2023 paper "An Empirical Study of Malicious Code In PyPI Ecosystem". Of course, we will continue to expand the dataset. Latest update time: 19 Aug. 2024
CVE-2024-4577
PHP CGI Argument Injection vulnerability