tcyba Goto Github PK

fastjson-c3p0

fastjson不出网利用、c3p0

fromjavasasttodocx

SAST

frp

A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.

fscan

一款内网综合扫描工具，方便一键自动化、全方位漏扫扫描。

fuzzdicts

Web Pentesting Fuzz 字典,一个就够了。

gittestss

godzilla

哥斯拉

gopherus

This tool generates gopher link for exploiting SSRF and gaining RCE in various servers

hackerone-reports

Top disclosed reports from HackerOne

happy

第一个库

information_collection_handbook

Handbook of information collection for penetration testing and src

inject_und3ad

👻inject_und3ad -- 蚁剑(AntSword)插件

javasec

自己学习java安全的一些总结，主要是安全审计相关

javathings

Share Things Related to Java - Java安全漫谈笔记相关内容

jndi-injection-exploit

JNDI注入测试工具（A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc）

k8tools

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

ladon

大型内网渗透扫描器&Cobalt Strike，Ladon8.9内置120个模块，包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2，密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem，Poc/Exploit,支持Cobalt Strike 3.X-4.0

ladongo

Ladon Pentest Scanner framework 全平台Go开源内网渗透扫描器框架,Windows/Linux/Mac内网渗透，使用它可轻松一键批量探测C段、B段、A段存活主机、高危漏洞检测MS17010、SmbGhost，远程执行SSH/Winrm，密码爆破SMB/SSH/FTP/Mysql/Mssql/Oracle/Winrm/HttpBasic/Redis，端口扫描服务识别PortScan指纹识别/HttpBanner/HttpTitle/TcpBanner/Weblogic/Oxid多网卡主机，端口扫描服务识别PortScan。

learnjavabug

Java安全相关的漏洞和技术demo，原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security Manager绕过、Dubbo-Hessian2安全加固等等实践代码。

logout4shell

Use Log4Shell vulnerability to vaccinate a victim server against Log4Shell

ms17_010_eternalblue_doublepulsar

nust_postgraduateexam

jjjjj

payloadsallthethings

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

peiqi-wiki-poc

鹿不在侧，鲸不予游🐋

penetration_testing_poc

有关渗透测试的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

phpggc

PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.

powersploit

PowerSploit - A PowerShell Post-Exploitation Framework

python-fastcgi-client

A FastCGI Client for Python (directly communicate with fastcgi-server such as PHP-FPM etc.) NOTE: Do not support python 3.x.

redis-rogue-server

Redis(<=5.0.5) RCE

safe-eval

Safer version of eval()