Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.

Space_view 是一款Hunter(鹰图平台)或者FOFA平台 资产展示的浏览器油猴插件

Tomcat常见漏洞GUI利用工具。CVE-2017-12615 PUT文件上传漏洞、tomcat-pass-getshell 弱认证部署war包、弱口令爆破、CVE-2020-1938 Tomcat AJP文件读取/包含

醉考拉tomcat后台弱口令扫描器，命令行版 图形界面版。

Scriptable Headless Browser

sqlmap Xplus 基于 sqlmap，对经典的数据库注入漏洞利用工具进行二开！

An unidentifiable mechanism that helps you bypass GFW.

NoMoney 是一款集成了fofa，奇安信的鹰图平台，360quake，且完全免费的信息收集工具。fofa 借助爬虫实现，其余平台利用各自的api进行信息收集。

CMS漏洞测试用例集合

Golang Version Manager

command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by…

A Bypass Anti-virus Software Lateral Movement Command Execution Tool

用友NC反序列化漏洞payload生成

A swiss army knife for pentesting networks

Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user

Azure Data Exporter for BloodHound

CVE-2021-42287/CVE-2021-42278 Scanner & Exploiter.

Test tool for CVE-2020-1472

Exploit for zerologon cve-2020-1472

A full-featured download manager.

❤️ Streaming torrent app for Mac, Windows, and Linux

CVE-2022-46463(Harbor 未授权)

Wscan is a web security scanner that focuses on web security, dedicated to making web security accessible to everyone.

Automatically crawls proxy nodes on the public internet, de-duplicates and tests for usability and then provides a list of nodes

Notes about attacking Jenkins servers

JetBrains License Server Docker image

Change your current Java version with one line

Manage your Java environment

Official GeoServer repository

Remote Code Execution (RCE) Vulnerability In Evaluating Property Name Expressions with multies ways to exploit