rce

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cm...

SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 check list

#安全#Top disclosed reports from HackerOne

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞验证功能

This tool generates gopher link for exploiting SSRF and gaining RCE in various servers

Java web common vulnerabilities and security code which is base on springboot and spring security

翻译 - Java Web常见漏洞和安全代码。

利用大量高威胁poc/exp快速获取目标权限，用于渗透和红队快速打点

Notes about attacking Jenkins servers

翻译 - 有关攻击Jenkins服务器的注意事项

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

#Awesome#Awesome list of step by step techniques to achieve Remote Code Execution on various apps!

🇺🇦 Windows driver with usermode interface which can hide processes, file-system and registry objects, protect processes and etc

#网络爬虫#A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

翻译 - 一个基于Python的Web应用程序扫描程序，用于在目标网站上收集OSINT和fuzz以获得OWASP漏洞。

Miscellaneous exploit code

Check your WAF before an attacker does

Redis(<=5.0.5) RCE

Automatic SSTI detection tool with interactive interface

Getting started with java code auditing 代码审计入门的小项目

Penelope Shell Handler

CVE-2021-40444 - Fully Weaponized Microsoft Office Word RCE Exploit

翻译 - CVE-2021-40444 - 完全武器化的 Microsoft Office Word RCE 漏洞利用

spring boot Fat Jar 任意写文件漏洞到稳定 RCE 利用技巧