potats0 / shiroPoc
☆320Updated 3 years ago
Related projects: ⓘ
- ☆128Updated this week
- ☆178Updated this week
- 🧬 辅助生成 XRay YAML POC☆255Updated last year
- fastjson漏洞burp插件,检测fastjson<1.2.68基于dnslog,fastjson<=1.2.24和1.2.33<=fatjson<=1.2.47的不出网检测和TomcatEcho,SpringEcho回显方案。☆104Updated 3 years ago
- A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.☆350Updated last year
- Shiro反序列化回显利用、内存shell、检查 Burp插件☆215Updated 2 years ago
- ☆136Updated this week
- Shiro-721 RCE Via RememberMe Padding Oracle Attack☆254Updated 3 years ago
- SQL 注入利用工具,存在waf的情况下自定义编写tamper脚本 dump数据☆283Updated 4 years ago
- 扫描常见未授权访问(redis、mongodb、memcached、elasticsearch、zookeeper、ftp、CouchDB、docker、Hadoop)☆184Updated 4 years ago
- CVE-2020-14882_ALL综合利用工具,支持命令回显检测、批量命令回显、外置xml无回显命令执行等功能。☆143Updated 2 years ago
- ☆238Updated this week
- Shiro-550 不依赖CC链利用工具☆446Updated 3 months ago
- 自己收集整理自用的字典☆226Updated last year
- A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.优化了一些东西。☆212Updated 2 years ago
- 🐸Unauthorized Detection Framework未授权访问检测框架☆157Updated 9 months ago
- a burp extension to find where use fastjson☆163Updated 4 years ago
- Unicode To Chinese -- U2C : A burpsuite Extender That Convert Unicode To Chinese 【Unicode编码转中文的burp插件】☆234Updated 2 years ago
- burpsuite extension for check unauthorized vulnerability☆224Updated 3 years ago
- 零组小工具☆137Updated 2 years ago
- 1.33☆41Updated 2 years ago
- ☆110Updated 3 years ago
- Redis-Attack By Replication (通过主从复制攻击Redis)☆311Updated last year
- 一些Java编写的 小工具。☆303Updated 3 years ago
- ☆363Updated this week
- 规范渗透测试报告中的漏洞名称以及修复建议☆144Updated 5 years ago
- ☆479Updated this week
- JCE - JSP/JPSX CodeEncode - 用于 Webshell 逃避静态查杀的辅助脚本☆254Updated 2 years ago
- weblogic t3 deserialization rce☆263Updated 7 years ago
- 《HackLog4j-永恒之恶龙》致敬全宇宙最无敌的Java日志库!Tribute to the most invincible Java logging library in the universe!☆194Updated last year