用于自动搜索 Python 沙箱逃逸、SSTI 攻击链的小工具
☆38Jan 22, 2025Updated last year
Alternatives and similar repositories for dibber
Users that are interested in dibber are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- xsleaks-wiki 中文版☆15May 31, 2022Updated 3 years ago
- A tool for converting Python source code to opcode(pickle)☆21Mar 19, 2026Updated 3 weeks ago
- 一些总结出来的gadget的flow,后续合适和加入新的flow☆68Dec 6, 2025Updated 4 months ago
- ☆97Sep 2, 2024Updated last year
- 自动化的 Python 沙箱逃逸 payload bypass 框架 / Automated Python Sandbox(pyjail) Escape Payload Bypass Framework☆97Apr 5, 2026Updated last week
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- 第十七届全国大学生信息安全竞赛创新实践能力赛决赛 - AWDP☆11Jul 20, 2024Updated last year
- 基于多种策略, 对已有 JAR 包中的全限定类名进行变换, 无限生成高度相似的虚假类名☆18Jul 30, 2025Updated 8 months ago
- 抽离出 utf-8-overlong-encoding 的序列化逻辑,实现 2 3 字节加密序列化数组☆140Mar 11, 2024Updated 2 years ago
- Java JDK 8-18 CodeQL databases☆17Jun 2, 2024Updated last year
- CTF-Java-Gadget专注于收集CTF中Java赛题的反序列化片段☆284Dec 13, 2024Updated last year
- 一款基于污点分析的PHP扫描工具,能快速匹配从常见Source点如$_POST、$GET到Sink点system等的路径,同时支持单独对函数的扫描。☆171Apr 10, 2025Updated last year
- 关于我在CTF中的所有东西☆426Sep 22, 2025Updated 6 months ago
- ctf awd比赛快速hook java题,提供一键流量转发,无痛修复☆61Mar 17, 2025Updated last year
- 一个基于 Vineflower 引擎的多线程 Java 批量反编译工具,支持快速处理大量的 class 文件和 JAR 文件。☆58Apr 28, 2025Updated 11 months ago
- Serverless GPU API endpoints on Runpod - Bonus Credits • AdSkip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
- [Bugku-AWD专版]一款用于AWD比赛中的自动化攻击框架☆54Feb 4, 2022Updated 4 years ago
- 专为CTF设计的Jinja2 SSTI全自动绕WAF脚本 | A Jinja2 SSTI cracker for bypassing WAF, designed for CTF☆1,260Updated this week
- ☆16Apr 20, 2023Updated 2 years ago
- A lab to help you learning SSTI☆123Aug 30, 2023Updated 2 years ago
- 高版本Fastjson在Java原生反序列化中的利用演示☆26Jan 12, 2025Updated last year
- 某软最新公开gadgegt,新加入不出网利用。☆88Sep 6, 2024Updated last year
- Many yaml scanner plugin parser [nuclei-template, xray-poc, ez-poc] - for Python☆13Mar 27, 2022Updated 4 years ago
- 收集整理漏洞EXP/POC,大部分漏洞来源网络,目前收集整理了900多个poc/exp,长期更新。☆42Jun 13, 2025Updated 10 months ago
- 使用 Docker 一键构建 JDK 源码的 CodeQL 数据库,方便使用 CodeQL 查找 JDK 中的数据。☆27May 14, 2025Updated 11 months ago
- GPUs on demand by Runpod - Special Offer Available • AdRun AI, ML, and HPC workloads on powerful cloud GPUs—without limits or wasted spend. Deploy GPUs in under a minute and pay by the second.
- ☆22Mar 4, 2019Updated 7 years ago
- Official Writeup of SUCTF 2025☆67Feb 25, 2025Updated last year
- ☆28Apr 6, 2022Updated 4 years ago
- NCTF 2023 challenges and writeups☆15Dec 30, 2023Updated 2 years ago
- 本来不屑于看面试题的,直到碰到大聪明面试官问的大聪明问题,所以就爬了一份,欢迎PR,一起维护一个。☆27Sep 12, 2025Updated 7 months ago
- RexLeo / ByPassDownLoadFile / Code By:Tas9er / A.E.0.S Security Team☆27May 8, 2025Updated 11 months ago
- Apache OFBIZ Path traversal leading to RCE POC[CVE-2024-32113 & CVE-2024-36104]☆27Jun 3, 2024Updated last year
- 0xGame 2023 challenges and writeups☆20Nov 7, 2023Updated 2 years ago
- 《深入JDBC安全:特殊URL构造与不出网反序列化利用技术揭秘》对应研究总结项目 "Deep Dive into JDBC Security: Special URL Construction and Non-Networked Deserialization Explo…☆575Feb 7, 2026Updated 2 months ago
- Bare Metal GPUs on DigitalOcean Gradient AI • AdPurpose-built for serious AI teams training foundational models, running large-scale inference, and pushing the boundaries of what's possible.
- Vulnerability database generator: a submodule for VUDDY☆14May 28, 2024Updated last year
- 手把手教你写IAST系列☆24Jan 12, 2024Updated 2 years ago
- Challenge examples for GZ::CTF☆36Mar 6, 2024Updated 2 years ago
- ExprInject / Java表达式注入自动化扫描 / Code By:Tas9er☆41Sep 11, 2025Updated 7 months ago
- 添加图标以及版本信息,实现自动化bypass360QVM☆25Jul 16, 2025Updated 8 months ago
- idea插件,快速生成反序列化中常用的方法,比如setFieldValue、createTemplatesImpl等☆29Oct 2, 2024Updated last year
- MQTT协议的Broker(服务器)端实现,单机最低可支持2w+并发连接数,支持SSL加密及WebSocket连接。与Eclipse的Mosquitto功能类似,但拥有更高的并发承受能力。☆13Mar 8, 2022Updated 4 years ago