Stars
一个用 Go 写的轻量聊天室:基于 TCP 长连接、自定义帧协议(4-byte length + payload)、AES-GCM 端到端加密,支持命令行交互、在线用户列表、改名、以及文件上传/下载。
a rep for documenting my study, may be from 0 to 0.1
Jar Analyzer - 一个 JAR 包 GUI 分析工具,方法调用关系搜索,方法调用链 DFS 算法分析,模拟 JVM 的污点分析验证 DFS 结果,字符串搜索,Java Web 组件入口分析,CFG 程序分析,JVM 栈帧分析,自定义表达式搜索,支持 MCP 调用,文档:https://docs.qq.com/doc/DV3pKbG9GS0pJS0tk
A vul-finder for loading CPG and automated finding vul-call-chains
A IntelliJ Plugin for Tabby to Find Vulnerabilities Easily
DuckDB extension allowing shell commands to be used for input and output.
JNDI-Exploitation-Kit(A modified version of the great JNDI-Injection-Exploit created by @welk1n. This tool can be used to start an HTTP Server, RMI Server and LDAP Server to exploit java web apps v…
一款支持自定义的 Java 回显载荷生成工具|A customizable Java echo payload generation tool.
拿来即用的Tomcat7/8/9/10版本Listener/Filter/Servlet内存马,支持注入CMD内存马和冰蝎内存马
JavaSecLab is a comprehensive Java vulnerability platform| JavaSecLab是一款综合型Java漏洞平台,提供相关漏洞缺陷代码、修复代码、漏洞场景、审计SINK点、安全编码规范,覆盖多种漏洞场景,友好用户交互UI……
Nuclei POC,每2小时更新 | 自动整合全网Nuclei的漏洞POC,实时同步更新最新POC,保存已被删除的POC。通过批量克隆Github项目,获取Nuclei POC,并将POC按类别分类存放,使用Github Action实现。已有41w+POC,其中3.5w+高质量POC
A lightweight tool for integrating and testing SheerID verification workflows. It simplifies API requests, handles responses, and supports eligibility checks for programs like student.
MySQL fake server for read files of connected clients
A rouge mysql server supports reading files from most mysql libraries of multiple programming languages.
A powerful JNDI injection exploitation framework that supports RMI, LDAP and LDAPS protocols, including various bypass methods for high-version JDK restrictions
An OOB interaction gathering server and client library
⬆️ ☠️ 🔥 Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock