SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
☆141Feb 19, 2019Updated 7 years ago
Alternatives and similar repositories for SecLists
Users that are interested in SecLists are comparing it to the libraries listed below
Sorting:
- CVE-2019-3396 confluence SSTI RCE☆174Oct 1, 2020Updated 5 years ago
- 🐱💻 Poc of CVE-2019-7238 - Nexus Repository Manager 3 Remote Code Execution 🐱💻☆153Feb 25, 2019Updated 7 years ago
- fastjson remote code execute poc 直接用intellij IDEA打开即可 首先编译得到Test.class,然后运行Poc.java☆403Dec 16, 2022Updated 3 years ago
- 解密好的AWVS10.5 data/script/目录下的脚本☆267Nov 11, 2017Updated 8 years ago
- CVE-2019-2890 WebLogic 反序列化RCE漏洞☆44Dec 8, 2019Updated 6 years ago
- 用于辅助安全工程师漏洞挖掘、测试、复现,集合了mock、httplog、dns tools、xss,可用于测试各类无回显、无法直观判断或特定场景下的漏洞。☆866Jul 21, 2019Updated 6 years ago
- Apache Solr Injection Research☆579Jan 28, 2020Updated 6 years ago
- There is no pre-auth RCE in Jenkins since May 2017, but this is the one!☆607May 17, 2019Updated 6 years ago
- ☆131Jun 17, 2022Updated 3 years ago
- Fastjson vulnerability quickly exploits the framework(fastjson漏洞快速利用框架)☆1,389Dec 16, 2022Updated 3 years ago
- 针对域名/页面的接口爬取,递归模式入库☆22Sep 18, 2019Updated 6 years ago
- ☆16Jul 25, 2023Updated 2 years ago
- Reference:https://www.w2n1ck.com/article/44/☆155Mar 7, 2020Updated 5 years ago
- 用于记录分享一些有趣的案例☆866Jan 10, 2022Updated 4 years ago
- Redis 4.x/5.x RCE☆975Nov 30, 2021Updated 4 years ago
- Spring Boot Actuator (jolokia) XXE/RCE☆324Jun 16, 2020Updated 5 years ago
- Automatically identify deserialisation issues in Java and .NET applications by using active and passive scans☆584Sep 7, 2021Updated 4 years ago
- 在渗透测试中快速检测常见中间件、组件的高危漏洞。☆728Mar 21, 2022Updated 3 years ago
- 一个各种方式突破Disable_functions达到命令执行的shell☆1,198Oct 17, 2023Updated 2 years ago
- CVE-2020-1958 PoC☆22Apr 11, 2020Updated 5 years ago
- A vulnerable application exposing Spring Boot Actuators☆123Feb 25, 2019Updated 7 years ago
- flash 劫持轮子,CSRF,劫持,跳转,swf 有需求可以提issues ,src挖掘,劫持response☆86Nov 9, 2019Updated 6 years ago
- Apache Tomcat + MongoDB Remote Code Execution☆113Jan 15, 2021Updated 5 years ago
- Spring Data Commons RCE 远程命令执行漏洞☆58Apr 29, 2019Updated 6 years ago
- CVE-2019-2725 命令回显☆436May 8, 2023Updated 2 years ago
- JRE8u20_RCE_Gadget☆255Jul 1, 2016Updated 9 years ago
- ☆21May 1, 2019Updated 6 years ago
- CVE-2020-2546,CVE-2020-2915 CVE-2020-2801 CVE-2020-2798 CVE-2020-2883 CVE-2020-2884 CVE-2020-2950 WebLogic T3 payload exploit poc pyth…☆133Mar 5, 2023Updated 3 years ago
- PoC for Scala and Groovy☆14Apr 4, 2016Updated 9 years ago
- ☆119Apr 14, 2020Updated 5 years ago
- ☆835Jun 7, 2022Updated 3 years ago
- 泛微ecology OA系统接口存在数据库配置信息泄露漏洞☆50Jul 13, 2020Updated 5 years ago
- Python2编写的struts2漏洞全版本检测和利用工具☆1,419May 7, 2019Updated 6 years ago
- 基于burpsuite headless 的代理式被动扫描系统☆95Feb 10, 2020Updated 6 years ago
- Shiro RCE (Padding Oracle Attack)☆148Nov 15, 2019Updated 6 years ago
- CVE-2018-19276 - OpenMRS Insecure Object Deserialization RCE☆16Mar 11, 2019Updated 6 years ago
- 自动化收集linux信息☆203Apr 26, 2018Updated 7 years ago
- SpringBoot 相关漏洞学习资料,利用方法和技巧合集,黑盒安全评估 check list☆6,117Mar 10, 2021Updated 4 years ago
- weblogic t3 deserialization rce☆268Jul 13, 2017Updated 8 years ago