Stars
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
Hunt for security weaknesses in Kubernetes clusters
Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本,最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-…
💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh
cve-search - a tool to perform local searches for known vulnerabilities
weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力:CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-32…
收集的文章 https://mrwq.github.io/tools/paper/
GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. - Do not use for illegal testing ;)
There is no pre-auth RCE in Jenkins since May 2017, but this is the one!
A collection of curated Java Deserialization Exploits
Labtainers: A Docker-based cyber lab framework
Supplemental templates for securing the cloud.
CVE-2018-19276 - OpenMRS Insecure Object Deserialization RCE
Repository to host scripts discussed in https://www.notsosecure.com/crafting-way-json-web-tokens/
Jboss Java Deserialization RCE (CVE-2017-12149)