Spring Boot Actuator未授权访问【XXE、RCE】单/多目标检测
☆521May 21, 2020Updated 5 years ago
Alternatives and similar repositories for SB-Actuator
Users that are interested in SB-Actuator are comparing it to the libraries listed below
Sorting:
- heapdump敏感信息查询工具,例如查找 spring heapdump中的密码明文,AK,SK等☆1,433May 21, 2024Updated last year
- JNDI服务利用工具 RMI/LDAP,支持部分场景回显、内存shell,高版本JDK场景下利用等,fastjson rce命令执行,log4j rce命令执行 漏洞检测辅助工具☆2,011May 21, 2024Updated last year
- 自动化爬取并自动测试所有swagger接口☆1,164Dec 1, 2025Updated 3 months ago
- 这是一个用于IP和域名碰撞匹配访问的小工具,旨意用来匹配出渗透过程中需要绑定hosts才能访问的弱主机或内部系统。☆1,189Apr 30, 2019Updated 6 years ago
- Burp suite 分块传输辅助插件☆2,023Feb 23, 2022Updated 4 years ago
- Fastjson vulnerability quickly exploits the framework(fastjson漏洞快速利用框架)☆1,389Dec 16, 2022Updated 3 years ago
- A Swagger API Exploit☆1,369Jun 7, 2024Updated last year
- Shiro550/Shiro721 一键化利用工具,支持多种回显方式☆1,952Jun 4, 2021Updated 4 years ago
- 阿里云accesskey利用工具☆1,224Apr 8, 2022Updated 3 years ago
- Collect JSP webshell of various implementation methods. 梳理和发现的JSP Webshell各种姿势☆1,404Jan 18, 2022Updated 4 years ago
- Shiro<=1.2.4反序列化,一键检测工具☆987Mar 4, 2021Updated 5 years ago
- Burp被动扫描流量转发插件☆1,460Jun 17, 2024Updated last year
- SharpSQLTools 和@Rcoil一起写的小工具,可上传下载文件,xp_cmdshell与sp_oacreate执行命令回显和clr加载程序集执行相应操作。☆964Aug 5, 2021Updated 4 years ago
- 一个简单的现代化公司域名使用规律预测及生成工具☆388Feb 24, 2022Updated 4 years ago
- 递归式寻找域名和api。☆723Aug 3, 2023Updated 2 years ago
- Shiro反序列化利用工具,支持新版本(AES-GCM)Shiro的key爆破,配合ysoserial,生成回显Payload☆896May 28, 2021Updated 4 years ago
- weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力:CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-201…☆2,070Nov 24, 2023Updated 2 years ago
- Weblogic一键漏洞检测工具,V1.5,更新时间:20200730☆2,266May 22, 2023Updated 2 years ago
- fastjson漏洞burp插件,检测fastjson<1.2.68基于dnslog,fastjson<=1.2.24和1.2.33<=fatjson<=1.2.47的不出网检测和TomcatEcho,SpringEcho回显方案。☆124May 14, 2021Updated 4 years ago
- 通过 Redis 主从写出无损文件☆718May 25, 2020Updated 5 years ago
- 一款基于BurpSuite的被动式shiro检测插件☆1,796Dec 14, 2022Updated 3 years ago
- 360/0Kee-Team/crawlergo动态爬虫结合长亭XRAY扫描器的被动扫描功能☆1,183Nov 10, 2021Updated 4 years ago
- shiro 反序列 命令执行辅助检测工具☆1,564May 21, 2024Updated last year
- Packer Fuzzer is a fast and efficient scanner for security detection of websites constructed by javascript module bundler such as Webpack…☆3,210May 24, 2024Updated last year
- domain_hunter的高级版本,SRC挖洞、HW打点之必备!自动化资产收集;快速Title获取;外部工具联动;等等☆2,118Updated this week
- Java RCE 回显测试代码☆1,015Oct 15, 2020Updated 5 years ago
- 一键ThinkPHP漏洞检测☆1,163Nov 1, 2023Updated 2 years ago
- SpringBoot 相关漏洞学习资料,利用方法和技巧合集,黑盒安全评估 check list☆6,120Mar 10, 2021Updated 4 years ago
- 通达OA 任意用户登录漏洞☆359Aug 27, 2020Updated 5 years ago
- 一款基于BurpSuite的被动式FastJson检测插件☆1,237Oct 1, 2022Updated 3 years ago
- MDUT - Multiple Database Utilization Tools☆2,191Sep 22, 2023Updated 2 years ago
- 红队作战中比较常遇到的一些重点系统漏洞整理。☆2,521Jul 17, 2021Updated 4 years ago
- Bypass firewall for traffic forwarding using webshell☆1,430Sep 29, 2021Updated 4 years ago
- WebLogic利用CVE-2020-2883打Shiro rememberMe反序列化漏洞,一键注册蚁剑filter内存shell☆535Aug 25, 2020Updated 5 years ago
- 一个用于前端加密Fuzz的Burp Suite插件☆1,061Mar 6, 2020Updated 6 years ago
- 一个利用OneForAll进行子域收集、Shodan API端口扫描、Xray漏洞Fuzz、Server酱的自动化漏洞扫描、即时通知提醒的漏洞挖掘辅助工具☆739Dec 8, 2022Updated 3 years ago
- 内网渗透中常用的c#程序整合成cs脚本,直接内存加载。持续更新~☆498Feb 13, 2020Updated 6 years ago
- 增强版WeblogicScan、检测结果更精确、插件化、添加CVE-2019-2618,CVE-2019-2729检测,Python3支持☆967Jun 16, 2024Updated last year
- 对目标域名进行快速的存活扫描、简单的指纹识别、目录扫描☆914Dec 8, 2022Updated 3 years ago