SourByte05/Vulnerability-Wiki-PoC

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/SourByte05/Vulnerability-Wiki-PoC)

SourByte05 / Vulnerability-Wiki-PoC

🚀 2024-至今 1Day 漏洞 PoC 深度研究与复现归档。涵盖 OA、ERP、安防、数通、大模型及容器等高价值资产漏洞，实战导向，助力安全研究与合规检测。

☆613

Alternatives and similar repositories for Vulnerability-Wiki-PoC

Users that are interested in Vulnerability-Wiki-PoC are comparing it to the libraries listed below

Sorting:

R4gd0ll / I-Wanna-Get-All
View on GitHub
综合漏洞后渗透利用工具
☆1,666Dec 11, 2025Updated 2 months ago
vulhub / java-chains
View on GitHub
Java Vulnerability Exploitation Platform
☆1,990Jan 6, 2026Updated last month
ax1sX / SecurityList
View on GitHub
A list for Web Security and Code Audit
☆1,214Dec 3, 2024Updated last year
ReaJason / MemShellParty
View on GitHub
一款专注于 Java 主流 Web 中间件的内存马快速生成工具，致力于简化安全研究人员和红队成员的工作流程，提升攻防效率
☆1,339Feb 8, 2026Updated 3 weeks ago
leveryd / x-waf
View on GitHub
让"WAF绕过"变得简单
☆433Jan 26, 2025Updated last year
eeeeeeeeee-code / POC
View on GitHub
备份的漏洞库，3月开始我们来维护
☆1,809Dec 11, 2025Updated 2 months ago
pen4uin / java-memshell-generator
View on GitHub
一款支持自定义的 Java 内存马生成工具｜A customizable Java in-memory webshell generation tool.
☆2,157Aug 21, 2025Updated 6 months ago
DeEpinGh0st / MDUT-Extend-Release
View on GitHub
MDUT-Extend(扩展版本)
☆797Dec 19, 2024Updated last year
Lotus6 / JavaGadgetGenerator
View on GitHub
JavaGadgetGenerator 工具，支持 ysoserial，Hessian，字节码，Expr/SSTI，Shiro，JDBC 等 Gadget 生成，封装，混淆，出网延迟探测，内存马注入等...
☆549Dec 7, 2025Updated 2 months ago
byname66 / SerializeJava
View on GitHub
用Go+Fyne开发的，展示JAVA序列化流以及集成一键插入脏数据,UTF过长编码绕WAF(Utf OverLoad Encoding),修改类SerializeVersionUID功能的图形化工具。
☆125Jan 14, 2025Updated last year
wafinfo / DecryptTools
View on GitHub
DecryptTools-综合解密
☆1,310Mar 2, 2025Updated last year
lemono0 / FastJsonParty
View on GitHub
FastJson全版本Docker漏洞环境(涵盖1.2.47/1.2.68/1.2.80等版本)，主要包括JNDI注入及高版本绕过、waf绕过、文件读写、原生反序列化、利用链探测绕过、不出网利用等。从黑盒的角度覆盖FastJson深入利用
☆1,186Jul 12, 2024Updated last year
shuanx / BurpAPIFinder
View on GitHub
攻防演练过程中，我们通常会用浏览器访问一些资产，但很多未授权/敏感信息/越权隐匿在已访问接口过html、JS文件等，该插件能让我们发现未授权/敏感信息/越权/登陆接口等。
☆1,375Oct 3, 2024Updated last year
SleepingBag945 / dddd
View on GitHub
dddd是一款使用简单的批量信息收集,供应链漏洞探测工具，旨在优化红队工作流，减少伤肝的机械性操作。支持从Hunter、Fofa批量拉取目标
☆1,806Aug 2, 2024Updated last year
bcvgh / daydayExp-pocs
View on GitHub
daydayExp的漏洞POC仓库，慢慢更新...
☆370Nov 4, 2024Updated last year
0x727 / ChkApi_0x727
View on GitHub
辅助甲方安全人员巡检网站资产，发现并分析API安全问题
☆516Jan 20, 2025Updated last year
myzxcg / NoNameExploit
View on GitHub
集权利用工具
☆165Feb 28, 2025Updated last year
vaycore / OneScan
View on GitHub
OneScan 是一款用于递归目录扫描的 BurpSuite 插件
☆1,231Jun 24, 2025Updated 8 months ago
Lotus6 / ConfluenceMemshell
View on GitHub
Confluence CVE 2021，2022，2023 利用工具，支持命令执行，哥斯拉，冰蝎内存马注入
☆554Feb 1, 2024Updated 2 years ago
W01fh4cker / LearnJavaMemshellFromZero
View on GitHub
【三万字原创】完全零基础从0到1掌握Java内存马，公众号：追梦信安
☆987May 25, 2025Updated 9 months ago
wgpsec / cloudsword
View on GitHub
一款帮助云租户发现和测试云上风险、增强云上防护能力的综合性开源工具
☆596Feb 3, 2026Updated last month
dark-kingA / cloudTools
View on GitHub
云资产管理工具目前工具定位是云安全相关工具，目前是两个模块云存储工具、云服务工具，云存储工具主要是针对oss存储、查看、删除、上传、下载、预览等等云服务工具主要是针对rds、服务器的管理，查看、执行命令、接管等等
☆1,140Feb 26, 2026Updated last week
xiaogang000 / XG_NTAI
View on GitHub
用于Webshell木马免杀、流量加密传输，多多支持star
☆1,028Jun 27, 2025Updated 8 months ago
TheBeastofwar / JenkinsExploit-GUI
View on GitHub
一款Jenkins的综合漏洞利用工具
☆461Mar 20, 2024Updated last year
wgpsec / YongYouNcTool
View on GitHub
用友NC系列漏洞检测利用工具，支持一键检测、命令执行回显、文件落地、一键打入内存马、文件读取等
☆580Aug 19, 2023Updated 2 years ago
cckuailong / JNDI-Injection-Exploit-Plus
View on GitHub
80+ Gadgets(30 More than ysoserial). JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and provide background serv…
☆866Jun 24, 2024Updated last year
Y4tacker / JavaSec
View on GitHub
a rep for documenting my study, may be from 0 to 0.1
☆2,248Nov 10, 2025Updated 3 months ago
yulate / jdbc-tricks
View on GitHub
《深入JDBC安全：特殊URL构造与不出网反序列化利用技术揭秘》对应研究总结项目 "Deep Dive into JDBC Security: Special URL Construction and Non-Networked Deserialization Explo…
☆571Feb 7, 2026Updated 3 weeks ago
shuanx / BurpFingerPrint
View on GitHub
BurpSuite插件集成Ehole指纹库并进行常见OA弱口令爆破插件
☆741Sep 5, 2024Updated last year
Zjackky / CodeScan
View on GitHub
一款轻量级匹配Sink点的代码审计扫描器，为了帮助红队过程中快速代码审计的小工具
☆409Oct 6, 2024Updated last year
savior-only / Spring_All_Reachable
View on GitHub
Spring漏洞综合利用工具
☆675Jul 5, 2023Updated 2 years ago
h0ny / NacosExploit
View on GitHub
Nacos 综合漏洞利用工具
☆601Nov 3, 2025Updated 4 months ago
lintstar / SharpHunter
View on GitHub
Automated Hosting Information Hunting Tool - Windows 主机信息自动化狩猎工具
☆551Apr 15, 2025Updated 10 months ago
T3nk0 / Upload_Auto_Fuzz
View on GitHub
一个用于测试文件上传功能安全性的 Burp Suite 插件。通过 Intruder 模块自动生成各类绕过 payload，覆盖常见的文件上传限制场景。共1000+条payload
☆566Dec 24, 2025Updated 2 months ago
Tsojan / TsojanScan
View on GitHub
An integrated BurpSuite vulnerability detection plug-in.
☆1,457Jan 29, 2026Updated last month
SexyBeast233 / SecDictionary
View on GitHub
实战沉淀字典
☆1,529Dec 8, 2025Updated 2 months ago
X1r0z / JNDIMap
View on GitHub
A powerful JNDI injection exploitation framework that supports RMI, LDAP and LDAPS protocols, including various bypass methods for high-v…
☆570Feb 4, 2026Updated last month
Shelter1234 / VulneraLab
View on GitHub
该项目收集了很多厂商产品CMS的漏洞环境，以web为主。漏洞环境主要以Dockerfile的文件形式呈现，用户只需一键启动相应漏斗环境，使用项目文章中提供的poc，便可进行复现。
☆67May 2, 2025Updated 10 months ago
qwqdanchun / Pillager
View on GitHub
Pillager是一个适用于后渗透期间的信息收集工具
☆1,268Sep 7, 2024Updated last year