Stars
A VSCode Workspace based hacking environment utils. Starting your Note-Driven Hacking experience. Checkout the following link to sample of HackThebox mist.htb
ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
Pre-Built Vulnerable Environments Based on Docker-Compose
Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist
trzsz is a simple file transfer tools, similar to lrzsz ( rz / sz ), and compatible with tmux.
An open-source, lightweight note-taking solution. The pain-less way to create your meaningful notes. Your Notes, Your Way.
evil-mysql-server is a malicious database written to target jdbc deserialization vulnerabilities and requires ysoserial.
A rouge mysql server supports reading files from most mysql libraries of multiple programming languages.
MySQL Fake Server (纯Java实现,支持GUI版和命令行版,提供Dockerfile,支持多种常见JDBC利用)
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
MySQL Fake Server use to help MySQL Client File Reading and JDBC Client Java Deserialize
Fastjson扫描器,可识别版本、依赖库、autoType状态等。A tool to distinguish fastjson ,version and dependency
FastJson全版本Docker漏洞环境(涵盖1.2.47/1.2.68/1.2.80等版本),主要包括JNDI注入及高版本绕过、waf绕过、文件读写、原生反序列化、利用链探测绕过、不出网利用等。从黑盒的角度覆盖FastJson深入利用
FASTJSON 2.0.x has been released, faster and more secure, recommend you upgrade.
Java安全相关的漏洞和技术demo,原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security Manager绕过、Dubbo-Hessian2安全加固等等实践代码。
A damn simple library for building production-ready RESTful web services.
A FREE comprehensive reverse engineering tutorial covering x86, x64, 32-bit/64-bit ARM and embedded RISC-V architectures.
The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis