记录各语言、框架中危险的sink,个人代码审计、漏洞研究使用。
☆119Dec 30, 2021Updated 4 years ago
Alternatives and similar repositories for sec-note
Users that are interested in sec-note are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- 一个全新的敏感文件发现工具☆271Jan 5, 2021Updated 5 years ago
- fastjson不出网利用、c3p0☆257Jul 30, 2021Updated 4 years ago
- 利用链、漏洞检测工具☆375Jul 31, 2024Updated last year
- 卸载冰蝎内存马☆69Apr 13, 2021Updated 4 years ago
- Java反序列化漏洞利用链补全��计划,仅用于个人归纳总结。☆420Dec 3, 2021Updated 4 years ago
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- 通过正则搜索、批量反编译特定Jar包中的class名称☆321Dec 9, 2021Updated 4 years ago
- codemillx is a tool for CodeQL, extract the comments in the code and generate codeql module. 强化Go开源项目安全检测(内含开源项目漏洞挖掘方法)☆206Mar 19, 2022Updated 4 years ago
- Shiro-550 不依赖CC链利用工具☆451Jun 19, 2024Updated last year
- Bypass AV 用户添加☆169Dec 30, 2021Updated 4 years ago
- 通过JavaAgent与Javassist技术对JVM加载的类对象进行动态插桩,可以做一些破解、加密验证的绕过等操作☆118Jun 18, 2024Updated last year
- fastjson 被动扫描、不出网payload生成☆368Nov 19, 2021Updated 4 years ago
- 域渗透脑图中文翻译版☆281Sep 18, 2021Updated 4 years ago
- ☆232Jan 3, 2022Updated 4 years ago
- Java安全路上的学习笔记☆85Feb 24, 2023Updated 3 years ago
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- CodeQL Java 全网最全的中文学习资料☆799Mar 18, 2022Updated 4 years ago
- spring boot Fat Jar 任意写文件漏洞到稳定 RCE 利用技巧☆754Apr 14, 2021Updated 4 years ago
- 该项目是通过go语言实现防止rmi利用被反置的问题。☆45Dec 30, 2021Updated 4 years ago
- 鹏 RocB - Java代码审计IDEA插件 SAST☆151Sep 16, 2021Updated 4 years ago
- 适用于weblogic和Tomcat的无文件的内存马(memshell)☆271Mar 4, 2022Updated 4 years ago
- dotnet 反序列化学习笔记☆516Oct 19, 2023Updated 2 years ago
- The function of the tool is to inject JNDI through LDAP☆28Dec 21, 2021Updated 4 years ago
- Java应用的一些配置文件字典,来源于公开的字典与平时收集☆320Feb 1, 2024Updated 2 years ago
- 代码审计总结☆86Sep 1, 2021Updated 4 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
- 各种工具指纹收集分享☆529Nov 3, 2021Updated 4 years ago
- 检测域环境内,域机器的本地管理组成员是否存在弱口令和通用口令,对域用户的权限分配以及域内委派查询☆356Aug 10, 2021Updated 4 years ago
- fastjson 1.2.68 版本 autotype bypass☆142Jun 17, 2022Updated 3 years ago
- SharpGetTitle - 基于 C# 的多线程 Web Title 扫描器☆15Nov 26, 2020Updated 5 years ago
- 常用安全工具 docker镜像 自动更新仓库☆66Mar 21, 2022Updated 4 years ago
- 针对 403 页面的 fuzz 脚本☆123Feb 14, 2022Updated 4 years ago
- 一些结合第三方组件的Fastjson POC,在1.2.48以后版本中陆续被添加至黑名单。☆56Oct 29, 2019Updated 6 years ago
- Codeql学习笔记☆903Apr 25, 2022Updated 3 years ago
- 注入JVM进程 动态获取目标进程连接的数据库☆343Mar 6, 2022Updated 4 years ago
- End-to-end encrypted cloud storage - Proton Drive • AdSpecial offer: 40% Off Yearly / 80% Off First Month. Protect your most important files, photos, and documents from prying eyes.
- Java命令行文件监控小工具(代码审计)☆105Nov 29, 2021Updated 4 years ago
- 静态分析及代码审计自动化相关资料收集☆298Jul 29, 2022Updated 3 years ago
- ☆836Jun 7, 2022Updated 3 years ago
- java内存对象搜索辅助工具☆823Sep 23, 2022Updated 3 years ago
- AntSword(蚁剑)全参数流量XOR和Base64加伪装WebShell☆163Sep 28, 2021Updated 4 years ago
- Redis-Attack By Replication (通过主从复制攻击Redis)☆359Nov 25, 2022Updated 3 years ago
- 资产扫描工具☆45Sep 1, 2020Updated 5 years ago