FastJson全版本Docker漏洞环境(涵盖1.2.47/1.2.68/1.2.80等版本)，主要包括JNDI注入及高版本绕过、waf绕过、文件读写、原生反序列化、利用链探测绕过、不出网利用等。从黑盒的角度覆盖FastJson深入利用

A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.

An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws

一个漏洞POC知识库

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

LSPosed Framework

Decrypt passwords/cookies/history/bookmarks from the browser. 一款可全平台运行的浏览器数据导出解密工具。

HeapDump敏感信息提取工具

程序员在家做饭方法指南。Programmer's guide about how to cook at home (Chinese only).

大型内网渗透扫描器&Cobalt Strike，Ladon7.2内置94个模块，包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2，密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB…

Graphical frontend to PS1-to-EXE-compiler PS2EXE.ps1

“冰蝎”动态二进制加密网站管理客户端

前端参数加密渗透测试通用解决方案

MDUT - Multiple Database Utilization Tools

哥斯拉

generate CobaltStrike's cross-platform payload

APIKit：Discovery, Scan and Audit APIs Toolkit All In One.burp plugin

JNDI服务利用工具 RMI/LDAP，支持部分场景回显、内存shell，高版本JDK场景下利用等，fastjson rce命令执行，log4j rce命令执行 漏洞检测辅助工具

heapdump敏感信息查询工具，例如查找 spring heapdump中的密码明文，AK,SK等

shiro反序列化漏洞综合利用,包含（回显执行命令/注入内存马）修复原版中NoCC的问题 https://github.com/j1anFen/shiro_attack

项目是根据LandGrey/SpringBootVulExploit清单编写，目的hvv期间快速利用漏洞、降低漏洞利用门槛。

CVE-2021-44228 Log4j2 BurpSuite Scanner,Customize ceye.io api or other apis,including internal networks

Defeating Windows User Account Control

☕️ Java Security，安全编码和代码审计

Trying to tame the three-headed dog.

Automatic SQL injection and database takeover tool

pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.

Tool for Active Directory Certificate Services enumeration and abuse

Impacket is a collection of Python classes for working with network protocols.