此处是【炼石计划@Java代码审计】知识星球课程目录整理处。 【炼石计划@Java代码审计】专注Java代码审计入门与提升,我将学习路线分成了六个阶段也对应着六大套课程分享。 课程内容不深入开发细节,只关注Java代码审计应学应会的内容。
☆32Nov 15, 2022Updated 3 years ago
Alternatives and similar repositories for SmeltingStone
Users that are interested in SmeltingStone are comparing it to the libraries listed below
Sorting:
- Cobalt Strike二次开发笔记,记录功能和思路☆16Jul 9, 2022Updated 3 years ago
- 在学习Java反序列化漏洞的过程中,用来理解Java RMI程序的执行流程,演示如何攻击Java RMI程序的几个示例。☆11May 6, 2020Updated 5 years ago
- 常用的frida脚本☆16Mar 7, 2023Updated 2 years ago
- ☆12Feb 12, 2020Updated 6 years ago
- 批量获取攻防资产访问截图☆34Apr 17, 2025Updated 10 months ago
- 语雀敏感信息泄露搜索工具☆13Jan 20, 2023Updated 3 years ago
- 通信流量加密webshell管理客户端☆16Sep 7, 2025Updated 5 months ago
- 利用云函数实现端口扫描☆15Nov 17, 2025Updated 3 months ago
- burpsuite 的Spring漏洞扫描插件。SpringVulScan:支持检测:路由泄露|CVE-2022-22965|CVE-2022-22963|CVE-2022-22947|CVE-2016-4977☆154Jan 23, 2023Updated 3 years ago
- java代码审计笔记☆19Jun 8, 2024Updated last year
- 一款快速查询收集小程序域名工具☆18Dec 30, 2021Updated 4 years ago
- CVE-2025-31324, SAP Exploit☆25Apr 28, 2025Updated 10 months ago
- Java安全学习历程☆41Jul 7, 2023Updated 2 years ago
- 爬取全国的手机号码/Get all the Chinese phone number from web☆19Nov 1, 2019Updated 6 years ago
- go语言免杀shellcode☆19Dec 31, 2021Updated 4 years ago
- Personal notes for Java Deserialization Vulnerability. 对应Java反序列化漏洞利用链集合详解、个人笔记☆18Jan 10, 2022Updated 4 years ago
- CVE-2024-21006 exp☆18Jul 29, 2024Updated last year
- Hello, Attack Surface Scan, BurpSuite完全被动扫描插件,不主动发送任何请求,适合挂机使用。☆24Jul 10, 2022Updated 3 years ago
- 一个java代码审计辅助工具☆29Nov 2, 2022Updated 3 years ago
- go免杀项目☆27Nov 10, 2022Updated 3 years ago
- XxlJob<=2.1.2配置不当情况下反序列化RCE☆120Nov 2, 2020Updated 5 years ago
- Django QuerySet.annotate(), aggregate(), extra() SQL 注入☆25May 31, 2022Updated 3 years ago
- ☆30Dec 6, 2024Updated last year
- Burp Extension in Python hilighting DOM Sinks and Hosts using DOM XSS Wiki regex☆24Aug 28, 2013Updated 12 years ago
- 一款终端扫描工具☆30Jul 19, 2022Updated 3 years ago
- Cobalt Strike 上线提醒,飞书、钉钉、企业微信机械人,cs上线提醒。☆59May 30, 2022Updated 3 years ago
- ☆198Sep 26, 2024Updated last year
- 内网自动化快速打点工具|资产探测|漏洞扫描|服务扫描|弱口令爆破☆456Nov 29, 2023Updated 2 years ago
- jmx未授权访问 弱口令批量检测 GUI工具☆31Apr 28, 2023Updated 2 years ago
- The function of the tool is to inject JNDI through LDAP☆28Dec 21, 2021Updated 4 years ago
- 整理本人在2021年10月-12月期间写的一些爬虫demo,比如用于渗透测试中SQL注入的URL收集脚本(爬取必应和百度搜索结果的URL),子域名爆破demo,各大高校漏洞信息收集爬虫,以及入门爬虫时写的一些基础代码☆27Sep 7, 2022Updated 3 years ago
- 一些总结出来的gadget的flow,后续合适和加入新的flow☆66Dec 6, 2025Updated 2 months ago
- 红队|域渗透重要漏洞汇总(持续更新)☆290Dec 23, 2022Updated 3 years ago
- 本项目是记录自己在Java代码审计过程中遇到的一些优秀文章内容,以及涉及到的Java项目源文件,汇总起来方便初学者下载分析。☆31Jun 14, 2022Updated 3 years ago
- Java代码审计学习笔记☆13Dec 20, 2024Updated last year
- golang写的批量对目标网站进行截图的小工具,适合目标资产比较多时,快速定位薄弱点。☆33Oct 14, 2022Updated 3 years ago
- A IntelliJ Plugin for Tabby to Find Vulnerabilities Easily☆39Nov 12, 2024Updated last year
- 一款扫描js中敏感api的burp插件☆38Aug 30, 2023Updated 2 years ago
- Java CVE Vulnerability Environment☆43Jun 11, 2024Updated last year