ThinkPHP Framework

CTF中任意文件读取的fuzz列表 (Arbitrary file read fuzz list in CTF)

更改后的脏牛提权代码，可以往任意文件写入任意内容，去除交互过程

基于Golang实现的Shellcode内存加载器,共实现3中内存加载shellcode方式,UUID加载,MAC加载和IPv4加载,目前能过主流杀软(包括Windows Defender)

CobaltStrike4.4 一键部署脚本 随机生成密码、key、端口号、证书等，解决cs4.x无法运行在Linux上报错问题 灰常银杏化设计

A little proxy tool based on Tencent Cloud Function Service.

360 QuakeAPI批量查询工具

The classic email sending library for PHP

My experiments in weaponizing Nim (https://nim-lang.org/)

Signature base for my scanner tools

VMware vCenter Server远程代码执行漏洞 (CVE-2021-21972)批量检测脚本

致远oa文件上传；批量检测；getshell

致远OA seeyon未授权漏洞批量getshell

This is a public repository for the Social Warfare WordPress plugin created primarily for the purpose of publishing and maintaining a public list of bugs, known issues, and feature requests with th…

Ladon Scanner For Golang (Full platform penetration scanner framework)LadonGo一款开源渗透扫描器框架，使用它可轻松批量探测C段、B段存活主机、指纹识别、端口扫描、密码爆破、高危漏洞检测等。1.0版本包含11个模块功能，高危漏洞检测MS17010、SmbGhost，密码爆破SmbScan、SshScan、FtpScan…

2011-2019年Top100弱口令密码字典 Top1000密码字典 服务器SSH/VPS密码字典 后台管理密码字典 数据库密码字典 子域名字典

webshell writen in python

通达OA 任意用户登录漏洞

This is a webshell open source project

SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 checklist

Issues has been disabled for these PoC's, as they are simply PoC, Public Domain and unsupported.

扫描常见未授权访问（redis、mongodb、memcached、elasticsearch、zookeeper、ftp、CouchDB、docker、Hadoop）

利用任意文件下载漏洞循环下载反编译 Class 文件获得网站 Java 源代码