--java

代码审计知识点整理-Java

0wned

Code execution via Python package installation.

alcatraz

x64 binary obfuscator

am0n-eye

attackwebframeworktools-5.0

本软件首先集成危害性较大框架和部分主流cms的rce(无需登录,或者登录绕过执行rce)和反序列化(利用链简单)。傻瓜式导入url即可实现批量getshell。批量自动化测试。例如:Thinkphp,Struts2,weblogic。出现的最新漏洞进行实时跟踪并且更新例如:log4jRCE,向日葵RCE 等等.

awesome-chatgpt-prompts

This repo includes ChatGPT prompt curation to use ChatGPT better.

b64.c

Base64 encode/decode

callstackspoofingpoc

C++ self-Injecting dropper based on various EDR evasion techniques.

cf

Cloud Exploitation Framework 云环境利用框架，方便安全人员在获得 AK 的后续工作

cobaltstrike-update

Cobalt Strike is a powerful threat emulation tool that provides a post-exploitation agent and covert channels ideal for Adversary Simulations and Red Team exercises. With Cobalt Strike, companies can emulate the tactics and techniques of a quiet long-term embedded threat actor in an IT network. Malleable C2 lets you change your network indicators to look like different malware each time. These tools complement Cobalt Strike's solid social engineering process, its robust collaboration capability, and unique reports designed to aid blue team training.

cobaltstrikesource

Cobaltstrike4.1 Source

codeql

CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security (code scanning), LGTM.com, and LGTM Enterprise

codeqlpy

CodeQLpy是一款基于CodeQL实现的半自动化代码审计工具，目前仅支持java语言。实现从源码反编译，数据库生成，脆弱性发现的全过程，可以辅助代码审计人员快速定位源码可能存在的漏洞。

ctf-docker-template

Deployment template for docker target machine in ctf for CTFd and other platforms that support dynamic flags

cve-2021-22005

cve-2021-31805

S2-062 (CVE-2021-31805) / S2-061 / S2-059 RCE

cve-2021-43297-poc

CVE-2021-43297 POC，Apache Dubbo<= 2.7.13时可以实现RCE

cve-2022-21907

Windows HTTP协议栈远程代码执行漏洞 CVE-2022-21907

cve-2022-40684

PoC for CVE-2022-40684 - Authentication bypass lead to Full device takeover (Read-only)

cve-2022-40684-rce-poc

fortinet auth bypass analyze and exploit

cve-2023-21707

CVE-2023-21707 EXP

cve-2023-7028

This repository presents a proof-of-concept of CVE-2023-7028

cve-2024-21887

A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.

cve-2024-3400

This script is designed to demonstrate the exploitation of vulnerabilities in PAN-OS firewalls. It sends a specially crafted payload to the firewall's API endpoint to execute arbitrary commands.

cyber-security-chatgpt-prompt

some prompt about cyber security

dismember

:knife: Scan memory for secrets and more. Maybe eventually a full /proc toolkit.

docker-cobaltstrike

CobaltStrike Server With Docker

docker-php-xdebug

Docker images with PHP and xdebug installed, configured and ready to debug and profile applications in modern IDEs.

dongtai

DongTai is an interactive application security testing(IAST) product that supports the detection of OWASP WEB TOP 10 vulnerabilities, multi-request related vulnerabilities (including logic vulnerabilities, unauthorized access vulnerabilities, etc.), third-party component vulnerabilities, etc.

dongtai-agent-java

Java Agent is a Java application probe of DongTai IAST, which collects method invocation data during runtime of Java application by dynamic hooks.