Skip to content
View octa's full-sized avatar

Block or report octa

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Please don't include any personal information such as legal names or email addresses. Maximum 100 characters, markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
21 stars written in Python
Clear filter

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Python 62,088 14,808 Updated Dec 4, 2024

Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.

Python 9,211 2,732 Updated Dec 23, 2024

Hunt for security weaknesses in Kubernetes clusters

Python 4,775 587 Updated Mar 19, 2024

Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本,最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-…

Python 4,147 1,099 Updated Apr 4, 2021

💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh

Python 2,896 388 Updated Oct 20, 2024

cve-search - a tool to perform local searches for known vulnerabilities

Python 2,340 595 Updated Dec 23, 2024

weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力:CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-32…

Python 2,014 340 Updated Nov 24, 2023

收集的文章 https://mrwq.github.io/tools/paper/

Python 1,825 414 Updated Nov 20, 2024

Reverse proxies cheatsheet

Python 1,787 207 Updated Nov 4, 2023

GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. - Do not use for illegal testing ;)

Python 1,409 200 Updated Mar 11, 2024

There is no pre-auth RCE in Jenkins since May 2017, but this is the one!

Python 601 132 Updated May 17, 2019

A collection of curated Java Deserialization Exploits

Python 589 219 Updated May 16, 2021

Apache Shiro 反序列化漏洞检测与利用工具

Python 513 124 Updated Jan 29, 2020

Labtainers: A Docker-based cyber lab framework

Python 277 69 Updated Nov 22, 2024

Repo for proof of concept exploits and tools.

Python 56 25 Updated Oct 15, 2020

MD5长度扩展攻击

Python 40 22 Updated Jun 8, 2016

Supplemental templates for securing the cloud.

Python 35 30 Updated Nov 19, 2024

CVE-2018-19276 - OpenMRS Insecure Object Deserialization RCE

Python 16 6 Updated Mar 11, 2019

Repository to host scripts discussed in https://www.notsosecure.com/crafting-way-json-web-tokens/

Python 15 10 Updated Aug 4, 2018

Jboss Java Deserialization RCE (CVE-2017-12149)

Python 12 1 Updated Aug 22, 2019