hxazzzz Goto Github PK
Name: hxaZzzz
Type: User
Name: hxaZzzz
Type: User
各种CMS、各种平台、各种系统、各种软件漏洞的EXP、POC ,该项目将持续更新
APIKit:Discovery, Scan and Audit APIs Toolkit All In One.
资产狩猎框架-AssetsHunter,信息收集是一项艺术~
本软件首先集成危害性较大框架和部分主流cms的rce(无需登录,或者登录绕过执行rce)和反序列化(利用链简单)。上传getshell。sql注入等高危漏洞直接就可以拿权限出数据。其次对一些构造复杂exp漏洞进行检测。傻瓜式导入url即可实现批量测试,能一键getshell检测绝不sql注入或者不是只检测。其中thinkphp 集成所有rce Exp Struts2漏洞集成了shack2 和k8 漏洞利用工具所有Exp并对他们的exp进行优化和修复此工具的所集成漏洞全部是基于平时实战中所得到的经验从而写入到工具里。例如:通达oA一键getshell实战测试 struts2一键getshell 等等
一个利用OneForAll进行子域收集、Shodan API端口扫描、Xray漏洞Fuzz、Server酱的自动化漏洞扫描、即时通知提醒的漏洞挖掘辅助工具
Banli是一款简单好用的高危资产和高危漏洞扫描工具!
小型漏洞库,提供FOFA语法及批量脚本,具体利用法请参考别的漏洞库,共4种类型47项
一款基于BurpSuite的被动式FastJson检测插件
一款基于BurpSuite的被动式shiro检测插件
这是一个全世界最强的抓包工具之一
burpsuite插件:主动和被动进行JS扫描并分析其中的可利用点
视频课件和工具分享
PoC for PwnKit: Local Privilege Escalation Vulnerability in polkit’s pkexec (CVE-2021-4034)
一些弱口令、fuzz字典
根据WebBatchRequest图形化二次开发:增加了指纹识别模块,可识别大概上千条指纹,增加了IP段处理,支持C段和B段处理,增加了301处理,增加了去重空节点的功能,可节省内存消耗,推荐勾选此选项
在edusrc平台上对于一些通用漏洞检测时编写的简单python POC脚本
Fastjson姿势技巧集合
Fastjson <= 1.2.47 远程命令执行漏洞利用工具及方法
一个简单的Fastjson反序列化检测burp插件
fastjson漏洞burp插件,检测fastjson<1.2.68基于dnslog,fastjson<=1.2.24和1.2.33<=fatjson<=1.2.47的不出网检测和TomcatEcho,SpringEcho回显方案。
前渗透:资产、指纹、漏洞、口令、钓鱼
Commonly used tools
山屿.EQr开发的python黑客工具库
Config files for my GitHub profile.
批量查询ip对应域名及百度权重、备案信息;ip反查域名;ip查备案信息;资产归属查询;百度权重查询
一些Java编写的小工具。
KunLun-M是一个完全开源的静态白盒扫描工具,支持PHP、JavaScript的语义扫描,基础安全、组件安全扫描,Chrome Ext\Solidity的基础扫描。
SRC子域名资产监控
Log4j2 RCE Passive Scanner plugin for BurpSuite
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.