[ { "link": "https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main", "name": "WebFrameworkTools-5.1-main", "created_at": "2023-01-08T05:21:26Z", "description": "本软件首先集成危害性较大框架和部分主流cms的rce(无需登录,或者登录绕过执行rce)和反序列化(利用链简单)。傻瓜式导入url即可实现批量getshell。批量自动化测试。例如:Thinkphp,Struts2,weblogic。出现的最新漏洞进行实时跟踪并且更...", "author": "peiqiF4ck", "language": "C#", "keyword": "sql注入" }, { "link": "https://github.com/1024-lab/smart-admin", "name": "smart-admin", "created_at": "2019-11-16T02:30:31Z", "description": "SmartAdmin国内首个以「高质量代码」为核心,「简洁、高效、安全」快速开发平台;基于SpringBoot2/3 + Sa-Token + Mybatis-Plus 和 Vue3 + Vite5 + Ant Design Vue 4.x (同时支持JavaScript和TypeScript双版本);满足国家三级等保要求、支持登录限制、接...", "author": "1024-lab", "language": "Java", "keyword": "sql注入" }, { "link": "https://github.com/ballcat-projects/ballcat", "name": "ballcat", "created_at": "2019-10-20T12:18:53Z", "description": "😸一个快速开发脚手架,快速搭建企业级后台管理系统,并提供多种便捷starter进行功能扩展。主要功能包括前后台用户分离,菜单权限,数据权限,定时任务,访问日志,操作日志,异常日志,统一异常处理,XSS过滤,SQL防注...", "author": "ballcat-projects", "language": "Java", "keyword": "sql注入" }, { "link": "https://github.com/JaveleyQAQ/SQL-Injection-Scout", "name": "SQL-Injection-Scout", "created_at": "2025-01-03T08:42:22Z", "description": "SQL Injection Scout 是一个用于 Burp Suite 的扩展,专为帮助安全研究人员和开发人员检测和分析 SQL 注入漏洞而设计。该扩展提供了丰富的配置选项和直观的用户界面,便于用户自定义扫描和分析过程。", "author": "JaveleyQAQ", "language": null, "keyword": "sql注入" }, { "link": "https://github.com/xiangyuecn/AreaCity-JsSpider-StatsGov", "name": "AreaCity-JsSpider-StatsGov", "created_at": "2018-11-28T05:11:35Z", "description": "省市区县乡镇三级或四级城市数据,带拼音标注、坐标、行政区域边界范围;2025年01月14日最新采集,提供csv格式文件,支持在线转成多级联动js代码、通用json格式,提供软件转成shp、geojson、sql、导入数据库;带浏览器里面运...", "author": "xiangyuecn", "language": "JavaScript", "keyword": "sql注入" }, { "link": "https://github.com/zlt2000/microservices-platform", "name": "microservices-platform", "created_at": "2019-03-07T07:13:37Z", "description": "基于SpringBoot2.x、SpringCloud和SpringCloudAlibaba并采用前后端分离的企业级微服务多租户系统架构。并引入组件化的思想实现高内聚低耦合,项目代码简洁注释丰富上手容易,适合学习和企业中使用。真正实现了基于RBAC、jwt和oauth2的...", "author": "zlt2000", "language": "Java", "keyword": "sql注入" }, { "link": "https://github.com/saoshao/DetSql", "name": "DetSql", "created_at": "2024-09-03T14:58:23Z", "description": "Burp插件,快速探测可能存在SQL注入的请求并标记,提高测试效率", "author": "saoshao", "language": "Java", "keyword": "sql注入" }, { "link": "https://github.com/ClearloveLA/sql-injection-defense", "name": "sql-injection-defense", "created_at": "2025-01-04T10:42:03Z", "description": "基于Node.js和Vue3技术栈,结合MySQL数据库,设计并实现了一个Web应用SQL注入防护系统,旨在解决MySQL数据库在Web应用中面临的SQL注入安全威胁。", "author": "ClearloveLA", "language": "Vue", "keyword": "sql注入" }, { "link": "https://github.com/henryxm/autumn", "name": "autumn", "created_at": "2018-10-08T12:12:12Z", "description": "采用Spring、Spring Boot、Redis、MyBatis、Shiro、Druid框架开发,搭载mysql数据。 如果你厌烦了MyBatis中需要手动创建表的事情,这个项目非常适合你,自动为你生成表。 从此你不在需要导入sql文件了,项目初始化变得异常简单,结构清...", "author": "henryxm", "language": "JavaScript", "keyword": "sql注入" }, { "link": "https://github.com/AndyWannaSing/trace-canvas", "name": "trace-canvas", "created_at": "2024-12-29T10:39:59Z", "description": "TraceCanvas 是一款专注于基础链路追踪功能的工具,旨在帮助开发者全面监控和分析系统性能。其主要功能包括方法执行树的可视化展示、SQL 操作追踪、HTTP 请求追踪、Redis 操作追踪,以及消息队列(MQ)操作追踪等。此外,TraceC...", "author": "AndyWannaSing", "language": null, "keyword": "sql注入" }, { "link": "https://github.com/Sanandd/---doAction-SQL-", "name": "---doAction-SQL-", "created_at": "2024-12-21T09:39:42Z", "description": "秒优科技-供应链管理系统doAction存在SQL注入漏洞", "author": "Sanandd", "language": null, "keyword": "sql注入" }, { "link": "https://github.com/Sanandd/yongyou", "name": "yongyou", "created_at": "2024-12-21T09:28:22Z", "description": "SQL注入", "author": "Sanandd", "language": "Python", "keyword": "sql注入" }, { "link": "https://github.com/jiaqiwang8/wjq-goods", "name": "wjq-goods", "created_at": "2024-12-21T09:03:52Z", "description": "微商城系统 goods.php SQL注入漏洞", "author": "jiaqiwang8", "language": null, "keyword": "sql注入" }, { "link": "https://github.com/zhang-nan666/-HCM-LoadOtherTreeServlet-SQL-", "name": "-HCM-LoadOtherTreeServlet-SQL-", "created_at": "2024-12-21T08:49:32Z", "description": "宏景HCM-LoadOtherTreeServlet SQL注入检测", "author": "zhang-nan666", "language": null, "keyword": "sql注入" }, { "link": "https://github.com/zhang-nan666/-FE-apprvaddNew.jsp-SQL-", "name": "-FE-apprvaddNew.jsp-SQL-", "created_at": "2024-12-21T08:48:44Z", "description": "某远互联FE协作办公平台 apprvaddNew.jsp SQL注入漏洞", "author": "zhang-nan666", "language": null, "keyword": "sql注入" }, { "link": "https://github.com/ayy138/SpringBlade_Sql", "name": "SpringBlade_Sql", "created_at": "2024-12-21T08:34:10Z", "description": "SpringBlade tenant/list SQL 注入漏洞复现及POC", "author": "ayy138", "language": "Python", "keyword": "sql注入" }, { "link": "https://github.com/Ning-0223/-HCM-LoadOtherTreeServlet-SQL-", "name": "-HCM-LoadOtherTreeServlet-SQL-", "created_at": "2024-12-21T07:54:40Z", "description": "宏景HCM-LoadOtherTreeServlet SQL注入 ", "author": "Ning-0223", "language": "Python", "keyword": "sql注入" }, { "link": "https://github.com/20142995/CNVD_crawler", "name": "CNVD_crawler", "created_at": "2024-09-02T10:54:53Z", "description": null, "author": "20142995", "language": "Python", "keyword": "cnvd" }, { "link": "https://github.com/20142995/wxvl", "name": "wxvl", "created_at": "2024-11-16T11:21:28Z", "description": "复现|漏洞|CVE|CNVD|POC|EXP|0day|1day|nday等相关微信文章收集", "author": "20142995", "language": "Python", "keyword": "cnvd" }, { "link": "https://github.com/liuguolong139/CNVD-2024-33023", "name": "CNVD-2024-33023", "created_at": "2025-01-16T04:46:44Z", "description": "CNVD-2024-33023 Python poc", "author": "liuguolong139", "language": "Python", "keyword": "cnvd" }, { "link": "https://github.com/jmtruffa/cnvDownloader", "name": "cnvDownloader", "created_at": "2024-08-13T12:57:34Z", "description": "Downloader de data de CAFCI y parser de mails de FIMA", "author": "jmtruffa", "language": "Python", "keyword": "cnvd" }, { "link": "https://github.com/j8agent/CNVD-2024-15077--AJ-Report-RCE--", "name": "CNVD-2024-15077--AJ-Report-RCE--", "created_at": "2024-12-21T08:26:43Z", "description": "CNVD-2024-15077 AJ-Report 中swagger-ui的RCE漏洞", "author": "j8agent", "language": "Python", "keyword": "cnvd" }, { "link": "https://github.com/must-bioinfo/fastCNVdata", "name": "fastCNVdata", "created_at": "2024-07-17T14:38:38Z", "description": "Datasets to run the vignettes of the R package fastCNV", "author": "must-bioinfo", "language": "R", "keyword": "cnvd" }, { "link": "https://github.com/XiaomingX/CNVD-2020-10487-Tomcat-Ajp-lfi", "name": "CNVD-2020-10487-Tomcat-Ajp-lfi", "created_at": "2024-12-08T04:14:03Z", "description": "Tomcat-Ajp协议文件读取漏洞", "author": "XiaomingX", "language": "Python", "keyword": "cnvd" }, { "link": "https://github.com/lizhianyuguangming/TomcatScanPro", "name": "TomcatScanPro", "created_at": "2024-08-29T06:38:16Z", "description": "tomcat自动化漏洞扫描利用工具,支持批量弱口令检测、后台部署war包getshell、CVE-2017-12615 文件上传、CVE-2020-1938/CNVD-2020-10487 文件包含", "author": "lizhianyuguangming", "language": "Python", "keyword": "cnvd" }, { "link": "https://github.com/GoesM/ROS-CVE-CNVDs", "name": "ROS-CVE-CNVDs", "created_at": "2024-11-04T07:55:51Z", "description": "record and public CVE/CNVD IDs discovered by my works", "author": "GoesM", "language": null, "keyword": "cnvd" }, { "link": "https://github.com/xiadaogit/CNVD-", "name": "CNVD-", "created_at": "2024-10-30T07:13:00Z", "description": "CNVD挖的多了", "author": "xiadaogit", "language": null, "keyword": "cnvd" }, { "link": "https://github.com/sxq2003/CNVD-2022-10270", "name": "CNVD-2022-10270", "created_at": "2024-10-21T08:01:28Z", "description": null, "author": "sxq2003", "language": "Python", "keyword": "cnvd" }, { "link": "https://github.com/leonooo13/CNVD-2020-10487-Tomcat-Ajp-lfi", "name": "CNVD-2020-10487-Tomcat-Ajp-lfi", "created_at": "2024-09-27T17:05:09Z", "description": null, "author": "leonooo13", "language": "Python", "keyword": "cnvd" }, { "link": "https://github.com/Bin4xin/bigger-than-bigger", "name": "bigger-than-bigger", "created_at": "2021-04-16T01:33:26Z", "description": "Expolit Lists. 相关集合💥💥💥 ;) 用友NC反序列化/ CTF/ Java Deserialization/Shiro Vulns/ CNVD or CVE Vulns/ Log4j2/ Hikvision-decrypter...✨✨✨", "author": "Bin4xin", "language": "Java", "keyword": "cnvd" }, { "link": "https://github.com/OceanSec/cnvdtools", "name": "cnvdtools", "created_at": "2024-09-11T02:50:32Z", "description": "通过fofa批量查询通用系统,配合去刷cnvd证书", "author": "OceanSec", "language": "Python", "keyword": "cnvd" }, { "link": "https://github.com/kingqaquuu/CNVDspider", "name": "CNVDspider", "created_at": "2024-08-06T10:16:12Z", "description": "爬取CNVD共享漏洞文件", "author": "kingqaquuu", "language": "Python", "keyword": "cnvd" }, { "link": "https://github.com/youxox/SeeYouOA-POC", "name": "SeeYouOA-POC", "created_at": "2024-05-12T11:45:28Z", "description": "致远OA ajax.do 任意文件上传漏洞检测 CNVD-2021-01627 ", "author": "youxox", "language": "Python", "keyword": "cnvd" }, { "link": "https://github.com/mesyedjunaidali/cnvdetection", "name": "cnvdetection", "created_at": "2024-07-16T05:57:09Z", "description": null, "author": "mesyedjunaidali", "language": "Python", "keyword": "cnvd" }, { "link": "https://github.com/bxxiaoxiong/cnvd_fofa_assets", "name": "cnvd_fofa_assets", "created_at": "2024-07-12T15:22:03Z", "description": "通过爱企查和FOFA接口获取注册资本大于5000w公司的公网通用系统,方便获得CNVD证书 在搜索公网资产数量的基础上增加使用fid参数查询,结果更精准", "author": "bxxiaoxiong", "language": "Python", "keyword": "cnvd" }, { "link": "https://github.com/rtwen/cnvdst", "name": "cnvdst", "created_at": "2018-12-01T08:36:53Z", "description": "Copy number variant detection softawre", "author": "rtwen", "language": "Python", "keyword": "cnvd" }, { "link": "https://github.com/RowtonSD/cnvdb", "name": "cnvdb", "created_at": "2024-03-14T08:17:22Z", "description": "Handles conversion between XLS, DB2, and external SQL DB sources via python dataframes", "author": "RowtonSD", "language": "Python", "keyword": "cnvd" }, { "link": "https://github.com/Janhsu/DockerAPITool", "name": "DockerAPITool", "created_at": "2024-12-29T15:10:17Z", "description": "DockerRemoteAPI未授权访问(2375端口)利用工具,支持容器逃逸", "author": "Janhsu", "language": null, "keyword": "未授权" }, { "link": "https://github.com/0xchang/RedisExp", "name": "RedisExp", "created_at": "2024-12-26T11:26:22Z", "description": "Redis未授权利用", "author": "0xchang", "language": "C#", "keyword": "未授权" }, { "link": "https://github.com/cm04918/timetask", "name": "timetask", "created_at": "2024-12-26T01:33:21Z", "description": "专为微信平台量身定制的chatgpt-on-wechat插件,不仅赋予用户自定义定时任务的能力,还提供了个性化的时间设定和轮询周期调整功能。这款插件功能全面,涵盖了任务的动态添加、取消以及任务列表的查看等,是您管理定时任务...", "author": "cm04918", "language": "Python", "keyword": "未授权" }, { "link": "https://github.com/Jilei-good/Kubelet-poc-", "name": "Kubelet-poc-", "created_at": "2024-12-26T02:58:25Z", "description": "Kubelet未授权批量检测脚本", "author": "Jilei-good", "language": "Python", "keyword": "未授权" }, { "link": "https://github.com/ajisai-babu/redis-unauth-hub", "name": "redis-unauth-hub", "created_at": "2024-09-29T08:57:32Z", "description": "基于docker的redis未授权访问漏洞复现环境", "author": "ajisai-babu", "language": "Dockerfile", "keyword": "未授权" }, { "link": "https://github.com/wsn001/-OAsap-b1config-aspx-", "name": "-OAsap-b1config-aspx-", "created_at": "2024-12-21T08:46:50Z", "description": "金和OAsap-b1config-aspx 未授权", "author": "wsn001", "language": "Python", "keyword": "未授权" }, { "link": "https://github.com/wangsec-y/JinHeOA_visit", "name": "JinHeOA_visit", "created_at": "2024-12-21T08:21:28Z", "description": "金和QA办公系统是.款集合了办公自动化协同办公工作流管理等功能的企业级管理软件。金和OA办公系统提供了多个模块,包括日程管理、文件管理、邮件管理、人事管理、客户管理、项目管理等。用户可以根据自己的需求选择需...", "author": "wangsec-y", "language": "Python", "keyword": "未授权" }, { "link": "https://github.com/zxj-hub/weishouquan2POC", "name": "weishouquan2POC", "created_at": "2024-12-21T07:05:17Z", "description": "D-Link NAS设备 sc_mgr.cgi 未授权漏洞", "author": "zxj-hub", "language": "Python", "keyword": "未授权" }, { "link": "https://github.com/zxj-hub/CVE-2024-41713POC", "name": "CVE-2024-41713POC", "created_at": "2024-12-21T02:26:26Z", "description": "Mitel MiCollab 企业协作平台 任意文件读取漏洞(CVE-2024-41713)由于Mitel MiCollab软件的 NuPoint 统一消息 (NPM) 组件中存在身份验证绕过漏洞,并且输入验证不足,未经身份验证的远程攻击者可利用该漏洞执行路径遍历攻击,成功利用可能...", "author": "zxj-hub", "language": "Python", "keyword": "未授权" }, { "link": "https://github.com/zxj-hub/channeltree-POC", "name": "channeltree-POC", "created_at": "2024-12-20T15:36:22Z", "description": "livenvr青柿视频管理系统channeltree接口处存在未授权访问漏洞", "author": "zxj-hub", "language": null, "keyword": "未授权" }, { "link": "https://github.com/ainrm/Jrohy-trojan-unauth-poc", "name": "Jrohy-trojan-unauth-poc", "created_at": "2024-11-28T07:05:30Z", "description": "Jrohy/trojan 未授权修改管理员密码", "author": "ainrm", "language": "Python", "keyword": "未授权" }, { "link": "https://github.com/hou-yy/mbkRce", "name": "mbkRce", "created_at": "2024-12-20T00:48:14Z", "description": "selectUserByOrgId 未授权访问漏洞批量检测脚本", "author": "hou-yy", "language": "Python", "keyword": "未授权" }, { "link": "https://github.com/Popo-data/-selectUserByOrgId-", "name": "-selectUserByOrgId-", "created_at": "2024-12-19T15:47:17Z", "description": "满客宝智慧食堂系统selectUserByOrgId存在未授权访问漏洞", "author": "Popo-data", "language": "Python", "keyword": "未授权" }, { "link": "https://github.com/XiaomingX/ddos_attack_script_demo", "name": "ddos_attack_script_demo", "created_at": "2024-11-22T03:34:19Z", "description": "仅用于授权情况下验证安全产品的抗DDoS能力,请不要在未经网站所有者同意的情况下进行攻击。", "author": "XiaomingX", "language": "Python", "keyword": "未授权" }, { "link": "https://github.com/qingchenhh/jwt_sec", "name": "jwt_sec", "created_at": "2024-08-21T01:36:46Z", "description": "jwt自动化测试,放入请求的URL、jwt和请求参数,自动化测试jwt,先原始访问,再未授权访问,再jwt的alg改为none测试,最后再jwt爆破测试。", "author": "qingchenhh", "language": "Python", "keyword": "未授权" }, { "link": "https://github.com/chasingboy/appsx", "name": "appsx", "created_at": "2024-11-28T08:22:46Z", "description": "appsx 是一款自动化信息收集|敏感信息识别|未授权漏洞扫描工具", "author": "chasingboy", "language": null, "keyword": "未授权" }, { "link": "https://github.com/lichunown/head-encrypt", "name": "head-encrypt", "created_at": "2024-11-22T08:31:19Z", "description": "head-encrypt 文件(头)加密工具。 在只想防止未经授权的访问者识别文件类型或内容时。由于完全加密大型文件耗时 head-encrypt提供了一种解决方案,通过仅加密文件的头部部分,减少了加密过程所需的时间。", "author": "lichunown", "language": "Python", "keyword": "未授权" }, { "link": "https://github.com/20142995/wxvl", "name": "wxvl", "created_at": "2024-11-16T11:21:28Z", "description": "复现|漏洞|CVE|CNVD|POC|EXP|0day|1day|nday等相关微信文章收集", "author": "20142995", "language": "Python", "keyword": "漏洞POC" }, { "link": "https://github.com/adysec/nuclei_poc", "name": "nuclei_poc", "created_at": "2024-05-07T03:03:34Z", "description": "Nuclei POC,每日更新 | 自动整合全网Nuclei的漏洞POC,实时同步更新最新POC,保存已被删除的POC。通过批量克隆Github项目,获取Nuclei POC,并将POC按类别分类存放,使用Github Action实现(已有14w+POC,已校验有效性并去重)", "author": "adysec", "language": "Python", "keyword": "漏洞POC" }, { "link": "https://github.com/126789t/poc_everyday", "name": "poc_everyday", "created_at": "2024-12-11T00:32:34Z", "description": "自动搜集每天的漏洞poc和exp信息。", "author": "126789t", "language": null, "keyword": "漏洞POC" }, { "link": "https://github.com/Shelter1234/VulneraLab", "name": "VulneraLab", "created_at": "2024-02-26T14:14:29Z", "description": "该项目收集了很多厂商产品CMS的漏洞环境,以web为主。漏洞环境主要以Dockerfile的文件形式呈现,用户只需一键启动相应漏斗环境,使用项目文章中提供的poc,便可进行复现。", "author": "Shelter1234", "language": "PLpgSQL", "keyword": "漏洞POC" }, { "link": "https://github.com/Threekiii/Vulnerability-Wiki", "name": "Vulnerability-Wiki", "created_at": "2022-04-29T05:36:33Z", "description": "基于 docsify 快速部署 Awesome-POC 中的漏洞文档", "author": "Threekiii", "language": "HTML", "keyword": "漏洞POC" }, { "link": "https://github.com/Threekiii/Awesome-POC", "name": "Awesome-POC", "created_at": "2022-02-20T06:43:22Z", "description": "一个漏洞POC知识库 目前数量 1000+", "author": "Threekiii", "language": null, "keyword": "漏洞POC" }, { "link": "https://github.com/Threekiii/CVE", "name": "CVE", "created_at": "2023-01-05T02:19:29Z", "description": "一个CVE漏洞预警知识库 no exp/poc", "author": "Threekiii", "language": null, "keyword": "漏洞POC" }, { "link": "https://github.com/lal0ne/vulnerability", "name": "vulnerability", "created_at": "2022-01-20T02:48:42Z", "description": "收集、整理、修改互联网上公开的漏洞POC", "author": "lal0ne", "language": "Go", "keyword": "漏洞POC" }, { "link": "https://github.com/wy876/POC", "name": "POC", "created_at": "2023-08-19T12:08:53Z", "description": "收集整理漏洞EXP/POC,大部分漏洞来源网络,目前收集整理了1400多个poc/exp,长期更新。", "author": "wy876", "language": null, "keyword": "漏洞POC" }, { "link": "https://github.com/perlh/hscan", "name": "hscan", "created_at": "2023-08-17T21:03:50Z", "description": "hscan 网络资产收集与漏洞扫描探活 服务扫描(常规 & 非常规端口)、 poc探测( xray v2 & nuclei 格式) 、数据库等弱口令爆破 、内网常见漏洞利用", "author": "perlh", "language": "Go", "keyword": "漏洞POC" }, { "link": "https://github.com/Y5neKO/Y5_VulnHub", "name": "Y5_VulnHub", "created_at": "2024-07-09T03:41:47Z", "description": "个人漏洞收集项目,包括复现环境、POC、EXP等", "author": "Y5neKO", "language": "Python", "keyword": "漏洞POC" }, { "link": "https://github.com/zan8in/afrog-pocs", "name": "afrog-pocs", "created_at": "2023-10-15T11:44:22Z", "description": "afrog-pocs 是 afrog 漏洞检测工具的官方 PoCs(Proof of Concepts)库。", "author": "zan8in", "language": null, "keyword": "漏洞POC" }, { "link": "https://github.com/xl1nv/pocs", "name": "pocs", "created_at": "2024-12-24T02:43:40Z", "description": "一些漏洞的poc", "author": "xl1nv", "language": "Python", "keyword": "漏洞POC" }, { "link": "https://github.com/ayy138/SpringBlade_Sql", "name": "SpringBlade_Sql", "created_at": "2024-12-21T08:34:10Z", "description": "SpringBlade tenant/list SQL 注入漏洞复现及POC", "author": "ayy138", "language": "Python", "keyword": "漏洞POC" }, { "link": "https://github.com/ayy138/IPVideo_Fileupload_POC", "name": "IPVideo_Fileupload_POC", "created_at": "2024-12-21T08:31:47Z", "description": "IP网络广播服务平台任意文件上传漏洞复现及POC", "author": "ayy138", "language": "Python", "keyword": "漏洞POC" }, { "link": "https://github.com/zxj-hub/sql2POC", "name": "sql2POC", "created_at": "2024-12-21T08:19:42Z", "description": "用友U8-CRM系统getDeptNameSQL注入漏洞检测POC", "author": "zxj-hub", "language": "Python", "keyword": "漏洞POC" }, { "link": "https://github.com/abyssdawn/poc_scan_web", "name": "poc_scan_web", "created_at": "2024-09-20T02:46:03Z", "description": "全自动化漏洞扫描系统。包括poc扫描、sql注入漏洞扫描、资产收集(模仿fofa)等功能。", "author": "abyssdawn", "language": null, "keyword": "漏洞POC" }, { "link": "https://github.com/cultureelerfgoed/rce-thesauri-backup", "name": "rce-thesauri-backup", "created_at": "2023-10-17T12:00:47Z", "description": "Automatic thesauri backups from RCE PoolParty", "author": "cultureelerfgoed", "language": "Python", "keyword": "RCE" }, { "link": "https://github.com/GhostTroops/TOP", "name": "TOP", "created_at": "2022-03-19T01:54:15Z", "description": "TOP All bugbounty pentesting CVE-2023- POC Exp RCE example payload Things", "author": "GhostTroops", "language": "Shell", "keyword": "RCE" }, { "link": "https://github.com/ArtemCyberLab/Project-Exploiting-CVE-2024-27198-RCE-Vulnerability", "name": "Project-Exploiting-CVE-2024-27198-RCE-Vulnerability", "created_at": "2025-01-22T00:09:41Z", "description": "In this project, I exploited the CVE-2024-27198-RCE vulnerability to perform a remote code execution (RCE) attack on a vulnerable TeamCity server.", "author": "ArtemCyberLab", "language": null, "keyword": "RCE" }, { "link": "https://github.com/StevenRCE0/StevenRCE0", "name": "StevenRCE0", "created_at": "2022-02-25T09:22:13Z", "description": "Hello meow!", "author": "StevenRCE0", "language": null, "keyword": "RCE" }, { "link": "https://github.com/MrSnowmanASOY/FantasyRCE", "name": "FantasyRCE", "created_at": "2025-01-16T07:50:53Z", "description": "A race datapack for a server, adding racism to minecraft one step at a time.", "author": "MrSnowmanASOY", "language": "mcfunction", "keyword": "RCE" }, { "link": "https://github.com/XiaomingX/proxy-pool", "name": "proxy-pool", "created_at": "2024-11-26T12:57:48Z", "description": "Python ProxyPool for web spider", "author": "XiaomingX", "language": "Python", "keyword": "RCE" }, { "link": "https://github.com/brightio/penelope", "name": "penelope", "created_at": "2021-06-05T20:32:27Z", "description": "Penelope Shell Handler", "author": "brightio", "language": "Python", "keyword": "RCE" }, { "link": "https://github.com/tencentcloud-sdk-php/rce", "name": "rce", "created_at": "2021-02-20T09:13:31Z", "description": null, "author": "tencentcloud-sdk-php", "language": "PHP", "keyword": "RCE" }, { "link": "https://github.com/element-security/check-point-gateways-rce", "name": "check-point-gateways-rce", "created_at": "2025-01-21T13:16:24Z", "description": "Check Point Security Gateways RCE via CVE-2021-40438", "author": "element-security", "language": "Python", "keyword": "RCE" }, { "link": "https://github.com/LIR794/TG_BOT_RCE", "name": "TG_BOT_RCE", "created_at": "2024-11-24T19:24:37Z", "description": null, "author": "LIR794", "language": "Python", "keyword": "RCE" }, { "link": "https://github.com/deandevl/RcensusPkg", "name": "RcensusPkg", "created_at": "2024-12-31T16:58:32Z", "description": "Contains R functions for obtaining data and Tiger simple feature geometries from the US Census API", "author": "deandevl", "language": "R", "keyword": "RCE" }, { "link": "https://github.com/instructure/canvas-rce-api", "name": "canvas-rce-api", "created_at": "2018-05-21T15:14:09Z", "description": null, "author": "instructure", "language": "JavaScript", "keyword": "RCE" }, { "link": "https://github.com/Jose4RCE/Jose4RCE", "name": "Jose4RCE", "created_at": "2025-01-21T16:41:36Z", "description": null, "author": "Jose4RCE", "language": null, "keyword": "RCE" }, { "link": "https://github.com/Huber-group-EMBL/INTeRCePT", "name": "INTeRCePT", "created_at": "2025-01-21T15:55:08Z", "description": null, "author": "Huber-group-EMBL", "language": "JavaScript", "keyword": "RCE" }, { "link": "https://github.com/deandevl/RcensusPkg_Examples", "name": "RcensusPkg_Examples", "created_at": "2025-01-19T21:46:41Z", "description": "Provides examples in using RcensusPkg", "author": "deandevl", "language": "JavaScript", "keyword": "RCE" }, { "link": "https://github.com/jamimma/RCEE", "name": "RCEE", "created_at": "2025-01-21T13:36:38Z", "description": "This project is a complete redesign of the official website for Ramchandra College of Engineering (RCCE). It showcases a modern, responsive, and user-friendly interface designed to enhance the user experience for students, staff, and visitors.", "author": "jamimma", "language": null, "keyword": "RCE" }, { "link": "https://github.com/kit4py/CVE-2024-41570", "name": "CVE-2024-41570", "created_at": "2025-01-21T09:41:05Z", "description": "Automated Reverse Shell Exploit via WebSocket | Havoc-C2-SSRF with RCE", "author": "kit4py", "language": "Python", "keyword": "RCE" }, { "link": "https://github.com/sebr-dev/Havoc-C2-SSRF-to-RCE", "name": "Havoc-C2-SSRF-to-RCE", "created_at": "2025-01-21T06:12:33Z", "description": "This is a modified version of the CVE-2024-41570 SSRF PoC from @chebuya chained with the auth RCE exploit from @hyperreality. This exploit executes code remotely to a target due to multiple vulnerabilities in Havoc C2 Framework. (https://github.com/HavocFramework/Havoc) ", "author": "sebr-dev", "language": "Python", "keyword": "RCE" }, { "link": "https://github.com/Freitaszkb/BloodHost3r", "name": "BloodHost3r", "created_at": "2025-01-21T03:30:43Z", "description": "Ferramenta para encontrar vulnerabilidade de RCE", "author": "Freitaszkb", "language": "Python", "keyword": "RCE" }, { "link": "https://github.com/RonF98/CVE-2024-11972-POC", "name": "CVE-2024-11972-POC", "created_at": "2025-01-13T15:44:08Z", "description": "CVE-2024-11972 in Hunk Companion <1.9.0 allows unauthenticated attackers to exploit insecure REST API endpoints and install vulnerable plugins, risking RCE, SQLi, XSS, and backdoors.", "author": "RonF98", "language": "Python", "keyword": "RCE" }, { "link": "https://github.com/whoopscs/scoop-security", "name": "scoop-security", "created_at": "2024-05-06T14:17:13Z", "description": "Scoop bucket for Penetration Testing and Cybersecurity related tools. 用于渗透测试和网络安全相关工具下载、安装和自动更新的Scoop软件仓库。", "author": "whoopscs", "language": "PowerShell", "keyword": "渗透测试" }, { "link": "https://github.com/lintx0/link-tools", "name": "link-tools", "created_at": "2025-01-21T16:51:01Z", "description": "link-tools为一款Windows GUI界面的渗透测试工具箱(bat启动器),支持拖拉新增工具(脚本、文件夹),支持自定义运行参数和备注,支持bat批量运行脚本,支持RapidScanner端口扫描结果服务指纹联动工具,可协助安全运维人员快速...", "author": "lintx0", "language": null, "keyword": "渗透测试" }, { "link": "https://github.com/adysec/ARL", "name": "ARL", "created_at": "2024-05-13T10:04:52Z", "description": "ARL 资产侦察灯塔系统(可运行,添加指纹,提高并发,升级工具及系统,无限制修改版) | ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产,构建基础资产信息库。 协助甲方安全团队或者渗...", "author": "adysec", "language": "Python", "keyword": "渗透测试" }, { "link": "https://github.com/Leeyangee/leeyangee.github.io", "name": "leeyangee.github.io", "created_at": "2023-06-19T02:22:19Z", "description": "个人博客,关于渗透测试和审计,请访问 leeyabug.top", "author": "Leeyangee", "language": "HTML", "keyword": "渗透测试" }, { "link": "https://github.com/arch3rPro/PST-Bucket", "name": "PST-Bucket", "created_at": "2023-04-24T06:49:11Z", "description": "Scoop-Buket for Penetration Suite Toolkit - Windows渗透测试工具仓库For Scoop", "author": "arch3rPro", "language": "PowerShell", "keyword": "渗透测试" }, { "link": "https://github.com/7r1UMPH/usernamedeformer", "name": "usernamedeformer", "created_at": "2025-01-21T01:51:33Z", "description": "根据名字列表生成用户名,用于渗透测试。", "author": "7r1UMPH", "language": "Python", "keyword": "渗透测试" }, { "link": "https://github.com/pattonant/autopen", "name": "autopen", "created_at": "2025-01-19T17:30:08Z", "description": "AutoPen是一款功能强大的自动化渗透测试工具,专为安全研究人员、渗透测试工程师和网络安全爱好者设计。它集成了多种高级安全测试功能,能够自动化完成信息收集、漏洞扫描、安全评估等任务,帮助用户快速发现目标系统...", "author": "pattonant", "language": "Python", "keyword": "渗透测试" }, { "link": "https://github.com/kkbo8005/mitan", "name": "mitan", "created_at": "2024-04-03T09:59:12Z", "description": "密探渗透测试工具包含资产信息收集,子域名爆破,搜索语法,资产测绘(FOFA,Hunter,quake, ZoomEye),指纹识别,敏感信息采集,文件扫描、端口扫描、批量信息权重查询、密码字典等功能", "author": "kkbo8005", "language": null, "keyword": "渗透测试" }, { "link": "https://github.com/vsdwef/James_synthesis_tooL", "name": "James_synthesis_tooL", "created_at": "2024-11-25T08:50:21Z", "description": "旨在帮助技术人员在日常渗透测试或攻防演练中对于漏洞及指纹的积累,形成自己强大的漏洞库及指纹库。相比于nuclei脚本可能会相对无脑简化!且采用GUI设置,使用起来也更加方便!", "author": "vsdwef", "language": null, "keyword": "渗透测试" }, { "link": "https://github.com/INotGreen/XiebroC2", "name": "XiebroC2", "created_at": "2024-02-15T15:46:07Z", "description": "渗透测试C2、支持Lua插件扩展、域前置/CDN上线、自定义profile、前置sRDI、文件管理、进程管理、内存加载、截图、反向代理、分组管理", "author": "INotGreen", "language": "Go", "keyword": "渗透测试" }, { "link": "https://github.com/cpkkcb/fuzzDicts", "name": "fuzzDicts", "created_at": "2020-11-26T04:51:29Z", "description": "渗透测试路径字典,爆破字典。内容来自互联网和实战积累。", "author": "cpkkcb", "language": null, "keyword": "渗透测试" }, { "link": "https://github.com/doimet/AuxTools", "name": "AuxTools", "created_at": "2022-05-03T16:53:11Z", "description": "图形化渗透测试辅助工具", "author": "doimet", "language": null, "keyword": "渗透测试" }, { "link": "https://github.com/birdhan/SecurityTools", "name": "SecurityTools", "created_at": "2022-03-07T07:52:37Z", "description": "渗透测试工具包 | 开源安全测试工具 | 网络安全工具", "author": "birdhan", "language": null, "keyword": "渗透测试" }, { "link": "https://github.com/SurrealSky/web_security", "name": "web_security", "created_at": "2020-03-13T09:29:24Z", "description": "web以及二进制安全,渗透测试,漏洞挖掘,工控安全学习笔记", "author": "SurrealSky", "language": "Python", "keyword": "渗透测试" }, { "link": "https://github.com/yuning029/PenSafe", "name": "PenSafe", "created_at": "2025-01-02T05:25:47Z", "description": "PenSafe(渗透测试安全扫描器),能用上此工具说明测试系统很安全!!!", "author": "yuning029", "language": "Go", "keyword": "渗透测试" }, { "link": "https://github.com/sec-report/SecReport", "name": "SecReport", "created_at": "2023-04-10T16:18:53Z", "description": "ChatGPT加持的,多人在线协同信息安全报告编写平台。目前支持的报告类型:渗透测试报告,APP隐私合规报告。", "author": "sec-report", "language": "Python", "keyword": "渗透测试" }, { "link": "https://github.com/VirgoLee/Virgol", "name": "Virgol", "created_at": "2024-11-13T05:39:11Z", "description": "Virgol渗透测试工具集", "author": "VirgoLee", "language": null, "keyword": "渗透测试" }, { "link": "https://github.com/B0T1eR/ysoSimple", "name": "ysoSimple", "created_at": "2025-01-01T09:39:20Z", "description": "ysoSimple:简易的Java漏洞利用工具,集成Java反序列化,Hessian反序列化,XStream反序列化,SnakeYaml反序列化,Shiro550,JSF反序列化,SSTI模板注入,JdbcAttackPayload,JNDIAttack,字节码生成。", "author": "B0T1eR", "language": "Java", "keyword": "反序列化" }, { "link": "https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main", "name": "WebFrameworkTools-5.1-main", "created_at": "2023-01-08T05:21:26Z", "description": "本软件首先集成危害性较大框架和部分主流cms的rce(无需登录,或者登录绕过执行rce)和反序列化(利用链简单)。傻瓜式导入url即可实现批量getshell。批量自动化测试。例如:Thinkphp,Struts2,weblogic。出现的最新漏洞进行实时跟踪并且更...", "author": "peiqiF4ck", "language": "C#", "keyword": "反序列化" }, { "link": "https://github.com/my6521/WWB.BufferSerializer", "name": "WWB.BufferSerializer", "created_at": "2025-01-13T07:49:55Z", "description": "一个非常简单的二进制序列化和反序列化工具", "author": "my6521", "language": "C#", "keyword": "反序列化" }, { "link": "https://github.com/HangZhouShuChengKeJi/ZBWJson", "name": "ZBWJson", "created_at": "2021-01-18T03:02:52Z", "description": "iOS json 序列化 、反序列化库", "author": "HangZhouShuChengKeJi", "language": "Objective-C", "keyword": "反序列化" }, { "link": "https://github.com/B0T1eR/JSFTomcatExample", "name": "JSFTomcatExample", "created_at": "2025-01-15T12:45:05Z", "description": "JSFTomcatExample: 用Tomcat搭建的JSF框架简单Demo,用于学习和研究JSF反序列化。", "author": "B0T1eR", "language": "Java", "keyword": "反序列化" }, { "link": "https://github.com/y1shiny1shin/Seri", "name": "Seri", "created_at": "2024-12-26T07:24:55Z", "description": "个人反序列化学习代码", "author": "y1shiny1shin", "language": "Java", "keyword": "反序列化" }, { "link": "https://github.com/LiSForever/unserialization", "name": "unserialization", "created_at": "2024-09-24T09:41:25Z", "description": "反序列化", "author": "LiSForever", "language": "Java", "keyword": "反序列化" }, { "link": "https://github.com/godownio/java_unserial_attackcode", "name": "java_unserial_attackcode", "created_at": "2024-09-21T10:10:44Z", "description": "Java反序列化字节码生成器", "author": "godownio", "language": "Java", "keyword": "反序列化" }, { "link": "https://github.com/miahemu/juechen-rpc", "name": "juechen-rpc", "created_at": "2025-01-13T16:05:26Z", "description": "基于 Java + Etcd + Vert.x 的高性能 RPC 框架,用新颖的技术栈从 0 到 1 开发轮子。基于 Vert.x 的网络服务器、序列化器、基于 Etcd 和 ZooKeeper 的注册中心、反射、动态代理、自定义网络协议、多种设计模式(单例 / 工厂 / 装饰者等)...", "author": "miahemu", "language": null, "keyword": "反序列化" }, { "link": "https://github.com/Ape1ron/SpringAopInDeserializationDemo1", "name": "SpringAopInDeserializationDemo1", "created_at": "2025-01-11T09:22:18Z", "description": "在spring-aop中新发现的反序列化gadget-chain", "author": "Ape1ron", "language": "Java", "keyword": "反序列化" }, { "link": "https://github.com/Ape1ron/FastjsonInDeserializationDemo1", "name": "FastjsonInDeserializationDemo1", "created_at": "2025-01-11T09:17:33Z", "description": "高版本Fastjson在Java原生反序列化中的利用演示", "author": "Ape1ron", "language": "Java", "keyword": "反序列化" }, { "link": "https://github.com/jar-analyzer/jar-analyzer", "name": "jar-analyzer", "created_at": "2023-10-07T15:42:35Z", "description": "Jar Analyzer - 一个JAR包分析工具,批量分析,SCA漏洞分析,方法调用关系搜索,字符串搜索,Spring组件分析,信息泄露检查,CFG程序分析,JVM栈帧分析,进阶表达式搜索,字节码指令级的动态调试分析,反编译JAR包一键导出,一...", "author": "jar-analyzer", "language": "Java", "keyword": "反序列化" }, { "link": "https://github.com/H4cking2theGate/ysogate", "name": "ysogate", "created_at": "2023-10-21T13:20:19Z", "description": "Java反序列化/JNDI注入/恶意类生成工具,支持多种高版本bypass,支持回显/内存马等多种扩展利用。", "author": "H4cking2theGate", "language": "Java", "keyword": "反序列化" }, { "link": "https://github.com/864381832/xJavaFxTool", "name": "xJavaFxTool", "created_at": "2017-08-27T04:38:06Z", "description": "基于JavaFx搭建的实用小工具集合,方便开发过程中的代码编写与调试,想学习javaFx的同学可以参考参考。其中包括文件复制、Cron表达式生成器、编码转换、加密解密、Time转换、路径转换、二维码生成工具、身份证生成器、正则...", "author": "864381832", "language": "Java", "keyword": "反序列化" }, { "link": "https://github.com/cooker-sast/gx", "name": "gx", "created_at": "2024-10-19T14:39:29Z", "description": "This is a repository representing how cooker-sast implements gadget exploring.这个仓库分享了cooker实现java反序列化利用链自动化挖掘的设计思路和核心细节", "author": "cooker-sast", "language": null, "keyword": "反序列化" }, { "link": "https://github.com/Java-Chains/web-chains", "name": "web-chains", "created_at": "2024-11-02T10:41:25Z", "description": "Web 版 Java Payload 生成与利用工具,提供 Java 反序列化、Hessian 1/2 反序列化等Payload生成,以及 JNDI、Fake Mysql、JRMPListener 等利用|The web version of Java Payload generation and utilization tool provides Payload generation such as Java deserialization and Hessian...", "author": "Java-Chains", "language": "Dockerfile", "keyword": "反序列化" }, { "link": "https://github.com/CaoMeiYouRen/safe-json-type", "name": "safe-json-type", "created_at": "2019-12-23T15:44:13Z", "description": "将json中不支持的Date和Bytes(Buffer)用安全的方法序列化,并在反序列化后找回对应的类型(而不是字符串)", "author": "CaoMeiYouRen", "language": "TypeScript", "keyword": "反序列化" }, { "link": "https://github.com/ngc660sec/NGCBot", "name": "NGCBot", "created_at": "2022-12-12T03:40:22Z", "description": "一个基于✨HOOK机制的微信机器人,支持🌱安全新闻定时推送【FreeBuf,先知,安全客,奇安信攻防社区】,👯Kfc文案,⚡漏洞查询,⚡手机号归属地查询,⚡知识库查询,🎉星座查询,⚡天气查询,🌱摸鱼日历,⚡微步威胁...", "author": "ngc660sec", "language": "Python", "keyword": "攻防" }, { "link": "https://github.com/DPCau/UESTC-Network-Security-Attack-and-Defense", "name": "UESTC-Network-Security-Attack-and-Defense", "created_at": "2024-09-04T09:16:35Z", "description": "UESTC电子科技大学网络安全攻防期末复习知识总结", "author": "DPCau", "language": null, "keyword": "攻防" }, { "link": "https://github.com/hhuayuan/spiderbuf", "name": "spiderbuf", "created_at": "2023-07-24T17:53:41Z", "description": "Spiderbuf 是一个python爬虫学习及练习网站: 保姆式引导关卡 + 免费在线视频教程,从Python环境的搭建到最简单的网页爬取,让零基础的小白也能获得成就感。 在已经入门的基础上强化练习,在矛与盾的攻防中不断提高技术水平...", "author": "hhuayuan", "language": "Python", "keyword": "攻防" }, { "link": "https://github.com/h4m5t/SecNotes", "name": "SecNotes", "created_at": "2023-05-24T13:30:28Z", "description": "SecNotes: 记录安全学习之路。包含红蓝攻防,安全运营,甲方安全建设,威胁情报,安全事件响应,蜜罐,安全证书考试等。", "author": "h4m5t", "language": null, "keyword": "攻防" }, { "link": "https://github.com/coronatusvi/VoiceAntiSpoofingAI", "name": "VoiceAntiSpoofingAI", "created_at": "2024-12-31T10:28:20Z", "description": "VoiceAntiSpoofingAI A cutting-edge AI-based system for detecting and preventing voice spoofing attacks. Enhance the security of voice authentication systems with advanced anti-spoofing technology. VoiceAntiSpoofingAI 一个基于人工智能的尖端系统,用于检测和防止语音欺骗攻击...", "author": "coronatusvi", "language": "Jupyter Notebook", "keyword": "攻防" }, { "link": "https://github.com/vsdwef/James_synthesis_tooL", "name": "James_synthesis_tooL", "created_at": "2024-11-25T08:50:21Z", "description": "旨在帮助技术人员在日常渗透测试或攻防演练中对于漏洞及指纹的积累,形成自己强大的漏洞库及指纹库。相比于nuclei脚本可能会相对无脑简化!且采用GUI设置,使用起来也更加方便!", "author": "vsdwef", "language": null, "keyword": "攻防" }, { "link": "https://github.com/zhou274/Forestdefense", "name": "Forestdefense", "created_at": "2025-01-06T07:22:34Z", "description": "森林攻防", "author": "zhou274", "language": "C#", "keyword": "攻防" }, { "link": "https://github.com/guchangan1/All-Defense-Tool", "name": "All-Defense-Tool", "created_at": "2022-04-25T11:45:06Z", "description": "本项目集成了全网优秀的攻防武器工具项目,包含自动化利用,子域名、目录扫描、端口扫描等信息收集工具,各大中间件、cms、OA漏洞利用工具,爆破工具、内网横向、免杀、社工钓鱼以及应急响应、甲方安全资料等其他安全...", "author": "guchangan1", "language": null, "keyword": "攻防" }, { "link": "https://github.com/Threekiii/Awesome-Redteam", "name": "Awesome-Redteam", "created_at": "2022-02-08T00:45:03Z", "description": "一个攻防知识仓库 Red Teaming and Offensive Security", "author": "Threekiii", "language": "Python", "keyword": "攻防" }, { "link": "https://github.com/CJ-Labs/zk-red-packet", "name": "zk-red-packet", "created_at": "2025-01-09T02:24:43Z", "description": "使用 Poseidon 哈希和零知识证明来实现安全的红包领取机制,防止重入攻击和保护用户隐私", "author": "CJ-Labs", "language": "Solidity", "keyword": "攻防" }, { "link": "https://github.com/Jackyy330/CDN-", "name": "CDN-", "created_at": "2025-01-09T06:41:51Z", "description": "高防CDN过国内移动屏蔽、地区屏蔽、无限抗T级DDOS以及CC攻击、证书SSL在内免费申请、可添加地区白名单。自主独立后台,可设置WAF以及异常地区IP访问等等", "author": "Jackyy330", "language": null, "keyword": "攻防" }, { "link": "https://github.com/official-free12/an_gY", "name": "an_gY", "created_at": "2024-12-31T06:45:43Z", "description": "(安全稳定版)8月份新版理财投资金融P2P分红经营版/投资理财/防黑防攻击", "author": "official-free12", "language": null, "keyword": "攻防" }, { "link": "https://github.com/AJCDN003/jubilant-tribble", "name": "jubilant-tribble", "created_at": "2024-12-26T08:30:11Z", "description": "AJCDN服务:支持无限抗攻击🛡🛡、非绕美🇺🇸、本地抗和国内加速,免实名可测试✅,享受极速网络和强大防御。🎆🎆🥰🥰 🟢 TG:ajcdn003", "author": "AJCDN003", "language": null, "keyword": "攻防" }, { "link": "https://github.com/just0rg/Security-Interview", "name": "Security-Interview", "created_at": "2023-10-30T07:03:32Z", "description": "安全方向知识点(包含web攻防、java攻防、企业安全、内网/域、提权、免杀)", "author": "just0rg", "language": null, "keyword": "攻防" }, { "link": "https://github.com/nu0l/Send_Email", "name": "Send_Email", "created_at": "2024-12-12T13:54:08Z", "description": "一款轻量化可定制模板的邮件批量发送工具 | 可用于攻防钓鱼或其他邮件个性化的场景 | 可启动JavaFX或SpringWeb环境", "author": "nu0l", "language": "Java", "keyword": "攻防" }, { "link": "https://github.com/Zpyzpyy/-", "name": "-", "created_at": "2024-12-21T07:17:58Z", "description": "大华DSS数字监控系统 attachment_downloadAtt.action 任意文件读取漏洞 漏洞描述: 大华城市安防监控系统平台 attachment_downloadByUrlAtt.action接口存在任意文件下载漏洞,未经身份验证的攻击者 可以获取系统内部敏感文件信息,使系统处...", "author": "Zpyzpyy", "language": "Python", "keyword": "攻防" }, { "link": "https://github.com/ViporMiner/RMS", "name": "RMS", "created_at": "2023-08-30T08:52:48Z", "description": "本地隧道、数据压缩、加密、公网连接数压缩的强大本地客户端,极限降低延迟,防止中间人攻击, 最大限度提升安全性及矿场利润。 Powerful local client for local tunnel, data compression, encryption, and public network connection number compression can...", "author": "ViporMiner", "language": "Shell", "keyword": "攻防" }, { "link": "https://github.com/Xnuvers007/webshells", "name": "webshells", "created_at": "2023-08-03T01:18:25Z", "description": null, "author": "Xnuvers007", "language": "Python", "keyword": "webshell" }, { "link": "https://github.com/MCSManager/MCSManager", "name": "MCSManager", "created_at": "2017-11-12T01:41:58Z", "description": "Free, Secure, Distributed, Modern Control Panel for Minecraft and most Steam Game Servers.", "author": "MCSManager", "language": "TypeScript", "keyword": "webshell" }, { "link": "https://github.com/macOnGit/sam-webshell", "name": "sam-webshell", "created_at": "2024-11-01T16:50:20Z", "description": "app for generating shells", "author": "macOnGit", "language": "Python", "keyword": "webshell" }, { "link": "https://github.com/X3RX3SSec/HackThePlanet", "name": "HackThePlanet", "created_at": "2025-01-21T19:05:43Z", "description": "Fully Functional PHP Webshell", "author": "X3RX3SSec", "language": "PHP", "keyword": "webshell" }, { "link": "https://github.com/HackfutSec/DeadZone", "name": "DeadZone", "created_at": "2025-01-21T16:55:50Z", "description": "GHOST - Shell Status Finder is a tool that checks the validity of URLs, determines if they are live or dead, and logs the results in a CSV file, handling redirects and network errors.", "author": "HackfutSec", "language": "Python", "keyword": "webshell" }, { "link": "https://github.com/hackingyseguridad/fuzzer", "name": "fuzzer", "created_at": "2018-08-11T16:37:52Z", "description": "fuzzer http ( hackingyseguridad.com ) busca ficheros interesantes en un sitio web", "author": "hackingyseguridad", "language": "Shell", "keyword": "webshell" }, { "link": "https://github.com/GanestSeven/webshell-raw-txt", "name": "webshell-raw-txt", "created_at": "2024-07-06T10:01:46Z", "description": "Main shell code", "author": "GanestSeven", "language": "PHP", "keyword": "webshell" }, { "link": "https://github.com/Cvar1984/sussyfinder", "name": "sussyfinder", "created_at": "2023-06-02T10:23:44Z", "description": "Single file php webshell scanner to detect potentially malicious backdoor based on token and hash with web interface and VirusTotal integration. Subscribe to get API Key", "author": "Cvar1984", "language": "PHP", "keyword": "webshell" }, { "link": "https://github.com/dromara/orion-visor", "name": "orion-visor", "created_at": "2023-06-20T08:01:55Z", "description": "一款高颜值、现代化的自动化运维及轻量堡垒机,提供服务器智能运维解决方案。支持资产管理分组、SSH SFTP 终端、文件上传下载、文件在线编辑、命令批量执行、多主机文件分发、cron 表达式配置计划任务,安全保障等。该项...", "author": "dromara", "language": "Java", "keyword": "webshell" }, { "link": "https://github.com/MLT-0x539/Non-alphanumeric-PHP-shells", "name": "Non-alphanumeric-PHP-shells", "created_at": "2025-01-21T01:39:00Z", "description": "Some examples of PHP webshells incorporating non-alphanumericism.", "author": "MLT-0x539", "language": "PHP", "keyword": "webshell" }, { "link": "https://github.com/MLT-0x539/Fake-404-page-webshell-PHP", "name": "Fake-404-page-webshell-PHP", "created_at": "2025-01-21T01:36:31Z", "description": "A lightweight fully functional webshell disguised as a HTTP 404 error page", "author": "MLT-0x539", "language": "PHP", "keyword": "webshell" }, { "link": "https://github.com/aditi-dsi/webshell", "name": "webshell", "created_at": "2025-01-19T20:41:25Z", "description": null, "author": "aditi-dsi", "language": "TypeScript", "keyword": "webshell" }, { "link": "https://github.com/LT-lanthau/Webshell", "name": "Webshell", "created_at": "2024-10-04T06:34:18Z", "description": "A collection of webshells for learning only. All forms of misuse and violations are not our responsibility.", "author": "LT-lanthau", "language": "PHP", "keyword": "webshell" }, { "link": "https://github.com/exploit-haxor/webshell", "name": "webshell", "created_at": "2024-12-13T23:46:35Z", "description": "webshell", "author": "exploit-haxor", "language": "PHP", "keyword": "webshell" }, { "link": "https://github.com/ReaJason/MemShellParty", "name": "MemShellParty", "created_at": "2024-09-01T05:17:19Z", "description": "JavaWeb 内存马开聚会 🎉", "author": "ReaJason", "language": "Java", "keyword": "webshell" }, { "link": "https://github.com/nyingimaina/jattac.libs.webshell", "name": "jattac.libs.webshell", "created_at": "2024-10-18T13:13:51Z", "description": null, "author": "nyingimaina", "language": "TypeScript", "keyword": "webshell" }, { "link": "https://github.com/aels/wso-ng", "name": "wso-ng", "created_at": "2021-12-20T18:41:23Z", "description": "The new generation of famous WSO web shell. With perks included", "author": "aels", "language": "PHP", "keyword": "webshell" }, { "link": "https://github.com/CloudyKhan/crossweb", "name": "crossweb", "created_at": "2025-01-18T07:29:31Z", "description": "An interactive, password protected, aspx webshell with file upload capabilities and directory management.", "author": "CloudyKhan", "language": "PHP", "keyword": "webshell" }, { "link": "https://github.com/Boubouss/Webshell", "name": "Webshell", "created_at": "2025-01-17T10:29:41Z", "description": null, "author": "Boubouss", "language": null, "keyword": "webshell" }, { "link": "https://github.com/ChinaRan0/HuntBack", "name": "HuntBack", "created_at": "2024-12-22T10:27:31Z", "description": "针对护网行动中红队溯源工具", "author": "ChinaRan0", "language": "Python", "keyword": "红队" }, { "link": "https://github.com/azx1573/frontend-algorithms", "name": "frontend-algorithms", "created_at": "2024-11-17T07:23:53Z", "description": "渐进式收集整理及手动实现前端算法基础知识点包括栈、队列、链表、哈希表、树(二叉树、红黑树等)、图常见的各种基础算法、高阶算法等等。", "author": "azx1573", "language": "JavaScript", "keyword": "红队" }, { "link": "https://github.com/chainreactors/gogo", "name": "gogo", "created_at": "2022-06-16T07:13:40Z", "description": "面向红队的, 高度可控可拓展的自动化引擎", "author": "chainreactors", "language": "Go", "keyword": "红队" }, { "link": "https://github.com/ranhn/Goby-Poc", "name": "Goby-Poc", "created_at": "2025-01-08T06:20:06Z", "description": "此次更新共包含1314个自定义gobypoc,是否含有后门和重复自行判断,如果无红队版,可直接poc管理处导入自定义poc即可,共计1314个。", "author": "ranhn", "language": null, "keyword": "红队" }, { "link": "https://github.com/b0bac/ApolloScanner", "name": "ApolloScanner", "created_at": "2022-03-17T01:34:24Z", "description": "自动化巡航扫描框架(可用于红队打点评估)", "author": "b0bac", "language": "JavaScript", "keyword": "红队" }, { "link": "https://github.com/safe6Sec/command", "name": "command", "created_at": "2021-08-22T16:16:09Z", "description": "红队常用命令速查", "author": "safe6Sec", "language": null, "keyword": "红队" }, { "link": "https://github.com/KPF888/Starmark", "name": "Starmark", "created_at": "2024-08-28T10:20:58Z", "description": "红队信息收集工具", "author": "KPF888", "language": null, "keyword": "红队" }, { "link": "https://github.com/official-free12/tai_yg", "name": "tai_yg", "created_at": "2024-12-30T17:53:38Z", "description": "【太阳线】直销分润模式静态分红|动态奖金|分享奖|团队奖|积分模式|报单中心", "author": "official-free12", "language": null, "keyword": "红队" }, { "link": "https://github.com/official-free12/tui_Sy", "name": "tui_Sy", "created_at": "2024-12-30T17:34:23Z", "description": "推荐奖/三三见点/团队奖/报单奖/购物分红/直销系统/软件/源码", "author": "official-free12", "language": null, "keyword": "红队" }, { "link": "https://github.com/official-free12/shuang_GO", "name": "shuang_GO", "created_at": "2024-12-29T20:59:04Z", "description": "双轨直销返利分红系统/会员管理系统/购物商城团队级差系统", "author": "official-free12", "language": null, "keyword": "红队" }, { "link": "https://github.com/P0lar1ght/JVMHeapAnalyzer", "name": "JVMHeapAnalyzer", "created_at": "2024-12-26T10:07:13Z", "description": "JVMHeapAnalyzer是一款自动化的 Java 堆转储分析工具,支持多种操作系统和 Java 版本。旨在通过简单的Shell终端,自动生成堆转储文件并分析其中的敏感信息,包括但不限于JDK信息,Env信息,ShiroKey,存储Cookie,authorization,oss,数据...", "author": "P0lar1ght", "language": null, "keyword": "红队" }, { "link": "https://github.com/cvestone/JsExtractor", "name": "JsExtractor", "created_at": "2024-12-15T09:59:53Z", "description": "红队渗透中js文件批量信息提取器,待优化完善", "author": "cvestone", "language": "Python", "keyword": "红队" }, { "link": "https://github.com/crazymartinzhang/RedOpt-AI", "name": "RedOpt-AI", "created_at": "2024-12-10T15:05:37Z", "description": "RedOpt AI 是一个开源的 AI 工具集,专注于社交媒体内容优化和营销效果提升。通过整合自然语言处理和机器学习技术,为内容创作者和营销团队提供智能推荐和优化策略,助力在社交媒体平台(如小红书、抖音、Instagram)上实现...", "author": "crazymartinzhang", "language": null, "keyword": "红队" }, { "link": "https://github.com/FunnyWolf/Viper", "name": "Viper", "created_at": "2020-05-29T12:53:42Z", "description": "Attack Surface Management & Red Team Simulation Platform 互联网攻击面管理&红队模拟平台", "author": "FunnyWolf", "language": null, "keyword": "红队" }, { "link": "https://github.com/zidanfanshao/befree", "name": "befree", "created_at": "2024-11-27T05:51:54Z", "description": "一款红队在信息收集时规避IP封禁的傻瓜式一键代理池,通过大量代理节点轮询的代理池工具", "author": "zidanfanshao", "language": "C#", "keyword": "红队" }, { "link": "https://github.com/lsq0713/datacon-RedDragon", "name": "datacon-RedDragon", "created_at": "2024-11-11T13:10:25Z", "description": "2024 datacon 红龙战队 队伍仓库", "author": "lsq0713", "language": "Jupyter Notebook", "keyword": "红队" }, { "link": "https://github.com/xzajyjs/ThunderSearch", "name": "ThunderSearch", "created_at": "2022-01-14T14:53:32Z", "description": "macOS上的小而美【Fofa、Shodan、Hunter、Zoomeye、Quake网络空间搜索引擎】闪电搜索器;GUI图形化(Mac/Windows)渗透测试信息搜集工具;资产搜集引擎;hw红队工具hvv", "author": "xzajyjs", "language": "Python", "keyword": "红队" } ]