miscellaneous security research stuff
☆37Jul 16, 2019Updated 6 years ago
Alternatives and similar repositories for research
Users that are interested in research are comparing it to the libraries listed below
Sorting:
- rlyCTF (relay CTF) challenge to emulate real-world SSRF attacks.☆10Apr 13, 2019Updated 6 years ago
- Python script to exploit java unserialize on t3 (Weblogic)☆61Aug 9, 2017Updated 8 years ago
- ☆13Oct 3, 2023Updated 2 years ago
- ajpclient is a small command line tool that aims to be to AJP what curl is to HTTP.☆12Jul 18, 2017Updated 8 years ago
- "HeaderScan" Burp Plugin☆16Apr 26, 2014Updated 11 years ago
- Security test tool for Blind XSS☆26Mar 5, 2020Updated 5 years ago
- 优质安全 list☆12Nov 22, 2017Updated 8 years ago
- Directory transversal to remote code execution☆70Oct 15, 2019Updated 6 years ago
- (Wordpress) Ninja Forms File Uploads Extension <= 3.0.22 – Unauthenticated Arbitrary File Upload☆17May 17, 2019Updated 6 years ago
- CVE-2019-11580 Atlassian Crowd and Crowd Data Center RCE☆106Jul 18, 2019Updated 6 years ago
- CVE-2018-16341 - Nuxeo Remote Code Execution without authentication using Server Side Template Injection☆24Jun 5, 2019Updated 6 years ago
- ☆25May 30, 2017Updated 8 years ago
- A Burp extension to show the Collaborator client in a tab☆36Dec 23, 2022Updated 3 years ago
- Simple burp extension for routing traffic over tor. It instruments tor to switch to a new circuit after every N requests.☆20Jun 20, 2022Updated 3 years ago
- exploit Apache Flink Web Dashboard unauth rce on right way by python2 scripts☆91Nov 13, 2019Updated 6 years ago
- A command-line fuzzer for the Apache JServ Protocol (ajp13)☆96Nov 15, 2022Updated 3 years ago
- There is no pre-auth RCE in Jenkins since May 2017, but this is the one!☆607May 17, 2019Updated 6 years ago
- Webshell for Razor Syntax (C#)☆19May 5, 2017Updated 8 years ago
- Webshell plugin that works on any Atlassian product employing their plugin framework☆27Nov 20, 2017Updated 8 years ago
- Decrypt Matrix42 Empirum /EIS Passwords☆14Mar 31, 2021Updated 4 years ago
- SECD machine and Lispkit Lisp compiler, in Python☆10Oct 25, 2017Updated 8 years ago
- CVE-2018-11311 | mySCADA myPRO 7 Hardcoded FTP Username and Password Vulnerability☆12Jul 2, 2018Updated 7 years ago
- Library Secruity dependency Checker☆12Sep 13, 2019Updated 6 years ago
- This is a basic bind shell script , containting both server and client classes, i will upgrade it with time adding new features and make …☆13Jun 11, 2025Updated 8 months ago
- just a python script for cve-2017-12615☆11Oct 1, 2017Updated 8 years ago
- Hacking Artifactory with server side template injection☆51Mar 12, 2020Updated 5 years ago
- Learn how to get a reverse shell from JIRA application server☆24Dec 2, 2018Updated 7 years ago
- Weblogic com.tangosol.util.extractor.ReflectionExtractor RCE☆176Dec 15, 2022Updated 3 years ago
- CVE-2017-9506 - SSRF☆190Feb 14, 2022Updated 4 years ago
- Weblogic coherence.jar RCE☆176May 10, 2020Updated 5 years ago
- super-Django-CC is a simle web interface for commoncrawl.org☆15Dec 8, 2022Updated 3 years ago
- Exploiting cameras with a very distinctive HTTP Server header of "JAWS/1.0".☆10Jan 11, 2023Updated 3 years ago
- Zoho ManageEngine Desktop Central CVEs☆15Oct 5, 2020Updated 5 years ago
- Repo of useful scripts☆104Jun 30, 2020Updated 5 years ago
- ☆108Feb 13, 2017Updated 9 years ago
- Jira Information Gatherer☆29Dec 3, 2017Updated 8 years ago
- Script to test for Cisco ASA path traversal vulnerability (CVE-2018-0296) and extract system information.☆206Feb 15, 2024Updated 2 years ago
- 用于辅助安全工程师漏洞挖掘、测试、复现,集合了mock、httplog、dns tools、xss,可用于测试各类无回显、无法直观判断或特定场景下的漏洞。☆23May 21, 2019Updated 6 years ago
- A PowerShell tool which provides an easy way to check for shared passwords between Windows Active Directory accounts☆32Feb 12, 2019Updated 7 years ago