基于BurpShiroPassiveScan修改增加了Xray回显链生成
☆56Sep 6, 2022Updated 3 years ago
Alternatives and similar repositories for ShiroScan2
Users that are interested in ShiroScan2 are comparing it to the libraries listed below
Sorting:
- [fastjson 1.2.80] CVE-2022-25845 aspectj fileread & groovy remote classload☆91Sep 2, 2022Updated 3 years ago
- 哥斯拉nacos后渗透插件 maketoken adduser☆150Jul 7, 2023Updated 2 years ago
- 使用java编写的CRLF-Injection-burp被动扫描插件☆46Dec 20, 2022Updated 3 years ago
- Yapi mock script RCE another version. Webshell way. 另一种 Webshell 方式的 Yapi 命令执行的方法 相比于其他的利用方式 更加微操和可控 影响更小☆66Jul 4, 2024Updated last year
- CVE-2024-36401 图形化利用工具,支持各个JDK版本利用以及回显、内存马实现☆37Jul 16, 2025Updated 7 months ago
- Assassin是一款精简的基于命令行的webshell管理工具,它有着多种payload发送方式和编码方式,以及精简的payload代码,使得它成为隐蔽的暗杀者,难以被很好的防御。☆123May 17, 2022Updated 3 years ago
- CVE-2022-30525 Zyxel 防火墙命令注入漏洞 POC&EXPC☆12May 28, 2022Updated 3 years ago
- rmi打内存马工具,适用于目标用不了ldap的情况☆254Jul 12, 2023Updated 2 years ago
- BurpHttpHelper是一款Burpsuite插件,主要用于简化和解决Burpsuite对Http的一些操作.☆107Jan 22, 2023Updated 3 years ago
- 帆软bi反序列化漏洞利用工具☆56Jun 4, 2024Updated last year
- 支持注入内存马和Bypass WAF☆29Dec 12, 2023Updated 2 years ago
- CVE-2022-22947注入哥斯拉内存马☆28Jun 21, 2023Updated 2 years ago
- 常用功能的DLL插件☆86Sep 24, 2025Updated 5 months ago
- Load CLR to get RWX 通过加载clr在自身内存中产生rwx空间☆22Sep 28, 2022Updated 3 years ago
- A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.☆14Jul 28, 2023Updated 2 years ago
- 一款用于辅助渗透测试工程师日常渗透测试的Burp被动漏扫插件☆242Nov 25, 2022Updated 3 years ago
- Apache Ofbiz CVE-2023-51467 图形化漏洞利用工具☆39Jan 6, 2024Updated 2 years ago
- 自己的JNDI 利用工具,添加一些人性化功能☆131Sep 4, 2022Updated 3 years ago
- Shiro文件上传工具☆100Jun 28, 2023Updated 2 years ago
- Java内存马注入工具☆252Apr 8, 2023Updated 2 years ago
- 本工具的定位是快速生成Java安全相关的Payload,如内存马、反序列化链、JNDI url、Fastjson等,动态生成相关Payload,并附带相应的文档。☆93Feb 25, 2025Updated last year
- 用友的一些反序列化链子以及1day,二开了狼组的YongYouNcTool,改了一下逻辑以及poc☆123Oct 12, 2024Updated last year
- Text4Shell的burp被动扫描插件☆36Dec 29, 2022Updated 3 years ago
- 命令执行不回显但DNS协议出网的命令回显场景解决方案☆277Jan 10, 2023Updated 3 years ago
- fastjson 80 远程代码执行漏洞复现☆199Sep 7, 2022Updated 3 years ago
- 一个用友漏洞检测工具☆29May 15, 2024Updated last year
- 用友 nc 系列密码解密☆61Apr 7, 2023Updated 2 years ago
- 收集内存马打入方式☆506May 20, 2022Updated 3 years ago
- 一些自己常用的渗透字典☆230Aug 19, 2022Updated 3 years ago
- asp.net内存马检测工具☆283Aug 22, 2023Updated 2 years ago
- An improvement over the original Mimikatz wrapper.☆19Aug 11, 2021Updated 4 years ago
- SpringFramework 远程代码执行漏洞CVE-2022-22965☆73Apr 1, 2022Updated 3 years ago
- 内存马学习☆172May 29, 2022Updated 3 years ago
- 泛微oa漏洞利用工具☆255Jan 4, 2023Updated 3 years ago
- jsfind burp插件版☆18May 27, 2022Updated 3 years ago
- 帆软bi反序列化漏洞利用工具☆190Mar 23, 2024Updated last year
- 渗透辅助 BurpSuite 小插件☆232Nov 26, 2025Updated 3 months ago
- 2023泛微0A漏洞poc检测工具☆39Aug 6, 2023Updated 2 years ago
- 基于dbcp的fastjson rce 回显☆197Jun 28, 2021Updated 4 years ago