- 本人学生!学习网络安全!
- 以后想从事安全研究或者安全开发方向!
- 学习使我快乐!🐔🐔🐔🐔🐱👓🐱👓🐱👓🐱👓
- 博客
- 学习目标! php --> java--> nodejs/js --> go -->python-->
- 虽然有的学完了!但还是会忘的!慢慢来!冲冲冲冲冲冲冲冲冲冲冲冲!😈👾
- 学起来!🙄🙄🥗🥗🥗
😶🥗🥗🥗🥗🥗🥗🥗🥗🥗😁
Name: upload
Type: User
Bio: 本人学生,爱好网络安全!励志成为一名安全研究员!
Twitter: upload_ilscy
Blog: https://upload.love/
fastjson不出网利用、c3p0
SAST
A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
一款内网综合扫描工具,方便一键自动化、全方位漏扫扫描。
Web Pentesting Fuzz 字典,一个就够了。
哥斯拉
This tool generates gopher link for exploiting SSRF and gaining RCE in various servers
Top disclosed reports from HackerOne
第一个库
Handbook of information collection for penetration testing and src
👻inject_und3ad -- 蚁剑(AntSword)插件
自己学习java安全的一些总结,主要是安全审计相关
Share Things Related to Java - Java安全漫谈笔记相关内容
JNDI注入测试工具(A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc)
K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)
大型内网渗透扫描器&Cobalt Strike,Ladon8.9内置120个模块,包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2,密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem,Poc/Exploit,支持Cobalt Strike 3.X-4.0
Ladon Pentest Scanner framework 全平台Go开源内网渗透扫描器框架,Windows/Linux/Mac内网渗透,使用它可轻松一键批量探测C段、B段、A段存活主机、高危漏洞检测MS17010、SmbGhost,远程执行SSH/Winrm,密码爆破SMB/SSH/FTP/Mysql/Mssql/Oracle/Winrm/HttpBasic/Redis,端口扫描服务识别PortScan指纹识别/HttpBanner/HttpTitle/TcpBanner/Weblogic/Oxid多网卡主机,端口扫描服务识别PortScan。
Java安全相关的漏洞和技术demo,原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security Manager绕过、Dubbo-Hessian2安全加固等等实践代码。
Use Log4Shell vulnerability to vaccinate a victim server against Log4Shell
jjjjj
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
鹿不在侧,鲸不予游🐋
有关渗透测试的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.
PowerSploit - A PowerShell Post-Exploitation Framework
A FastCGI Client for Python (directly communicate with fastcgi-server such as PHP-FPM etc.) NOTE: Do not support python 3.x.
Redis(<=5.0.5) RCE
Safer version of eval()
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.