rabbitmask/SB-Actuator

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/rabbitmask/SB-Actuator)

rabbitmask / SB-Actuator

Spring Boot Actuator未授权访问【XXE、RCE】单/多目标检测

☆521

Alternatives and similar repositories for SB-Actuator

Users that are interested in SB-Actuator are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

Sorting:

wyzxxz / heapdump_tool
View on GitHub
heapdump敏感信息查询工具，例如查找 spring heapdump中的密码明文，AK,SK等
☆1,440May 21, 2024Updated last year
wyzxxz / jndi_tool
View on GitHub
JNDI服务利用工具 RMI/LDAP，支持部分场景回显、内存shell，高版本JDK场景下利用等，fastjson rce命令执行，log4j rce命令执行漏洞检测辅助工具
☆2,015May 21, 2024Updated last year
fofapro / Hosts_scan
View on GitHub
这是一个用于IP和域名碰撞匹配访问的小工具，旨意用来匹配出渗透过程中需要绑定hosts才能访问的弱主机或内部系统。
☆1,192Apr 30, 2019Updated 6 years ago
jayus0821 / swagger-hack
View on GitHub
自动化爬取并自动测试所有swagger接口
☆1,171Dec 1, 2025Updated 3 months ago
c0ny1 / FastjsonExploit
View on GitHub
Fastjson vulnerability quickly exploits the framework（fastjson漏洞快速利用框架）
☆1,392Dec 16, 2022Updated 3 years ago
Proton VPN Special Offer - Get 70% off • Ad
Special partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
lijiejie / swagger-exp
View on GitHub
A Swagger API Exploit
☆1,370Jun 7, 2024Updated last year
c0ny1 / chunked-coding-converter
View on GitHub
Burp suite 分块传输辅助插件
☆2,029Feb 23, 2022Updated 4 years ago
feihong-cs / ShiroExploit-Deprecated
View on GitHub
Shiro550/Shiro721 一键化利用工具，支持多种回显方式
☆1,953Jun 4, 2021Updated 4 years ago
mrknow001 / aliyun-accesskey-Tools
View on GitHub
阿里云accesskey利用工具
☆1,225Apr 8, 2022Updated 3 years ago
sv3nbeast / ShiroScan
View on GitHub
Shiro<=1.2.4反序列化，一键检测工具
☆987Mar 4, 2021Updated 5 years ago
LandGrey / domainNamePredictor
View on GitHub
一个简单的现代化公司域名使用规律预测及生成工具
☆388Feb 24, 2022Updated 4 years ago
threedr3am / JSP-WebShells
View on GitHub
Collect JSP webshell of various implementation methods. 梳理和发现的JSP Webshell各种姿势
☆1,405Jan 18, 2022Updated 4 years ago
c0ny1 / passive-scan-client
View on GitHub
Burp被动扫描流量转发插件
☆1,459Jun 17, 2024Updated last year
0xn0ne / weblogicScanner
View on GitHub
weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力：CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-201…
☆2,071Nov 24, 2023Updated 2 years ago
DigitalOcean Gradient AI Platform • Ad
Build production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
rabbitmask / WeblogicScan
View on GitHub
Weblogic一键漏洞检测工具，V1.5，更新时间：20200730
☆2,267May 22, 2023Updated 2 years ago
uknowsec / SharpSQLTools
View on GitHub
SharpSQLTools 和@Rcoil一起写的小工具，可上传下载文件，xp_cmdshell与sp_oacreate执行命令回显和clr加载程序集执行相应操作。
☆964Aug 5, 2021Updated 4 years ago
zilong3033 / fastjsonScan
View on GitHub
fastjson漏洞burp插件，检测fastjson<1.2.68基于dnslog，fastjson<=1.2.24和1.2.33<=fatjson<=1.2.47的不出网检测和TomcatEcho,SpringEcho回显方案。
☆125May 14, 2021Updated 4 years ago
Ares-X / shiro-exploit
View on GitHub
Shiro反序列化利用工具，支持新版本(AES-GCM)Shiro的key爆破，配合ysoserial，生成回显Payload
☆896May 28, 2021Updated 4 years ago
LandGrey / SpringBootVulExploit
View on GitHub
SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 check list
☆6,127Mar 10, 2021Updated 5 years ago
pmiaowu / BurpShiroPassiveScan
View on GitHub
一款基于BurpSuite的被动式shiro检测插件
☆1,798Dec 14, 2022Updated 3 years ago
p1g3 / JSINFO-SCAN
View on GitHub
递归式寻找域名和api。
☆722Aug 3, 2023Updated 2 years ago
timwhitez / crawlergo_x_XRAY
View on GitHub
360/0Kee-Team/crawlergo动态爬虫结合长亭XRAY扫描器的被动扫描功能
☆1,183Nov 10, 2021Updated 4 years ago
r35tart / RedisWriteFile
View on GitHub
通过 Redis 主从写出无损文件
☆718May 25, 2020Updated 5 years ago
Open source password manager - Proton Pass • Ad
Securely store, share, and autofill your credentials with Proton Pass, the end-to-end encrypted password manager trusted by millions.
bit4woo / domain_hunter_pro
View on GitHub
domain_hunter的高级版本，SRC挖洞、HW打点之必备！自动化资产收集；快速Title获取；外部工具联动；等等
☆2,119Mar 3, 2026Updated 3 weeks ago
rtcatc / Packer-Fuzzer
View on GitHub
Packer Fuzzer is a fast and efficient scanner for security detection of websites constructed by javascript module bundler such as Webpack…
☆3,218May 24, 2024Updated last year
Lucifer1993 / TPscan
View on GitHub
一键ThinkPHP漏洞检测
☆1,164Nov 1, 2023Updated 2 years ago
wyzxxz / shiro_rce_tool
View on GitHub
shiro 反序列命令执行辅助检测工具
☆1,570May 21, 2024Updated last year
feihong-cs / Java-Rce-Echo
View on GitHub
Java RCE 回显测试代码
☆1,016Oct 15, 2020Updated 5 years ago
a1phaboy / FastjsonScan
View on GitHub
Fastjson扫描器，可识别版本、依赖库、autoType状态等。A tool to distinguish fastjson ,version and dependency
☆1,051Oct 7, 2022Updated 3 years ago
pmiaowu / BurpFastJsonScan
View on GitHub
一款基于BurpSuite的被动式FastJson检测插件
☆1,238Oct 1, 2022Updated 3 years ago
SafeGroceryStore / MDUT
View on GitHub
MDUT - Multiple Database Utilization Tools
☆2,204Sep 22, 2023Updated 2 years ago
r0eXpeR / redteam_vul
View on GitHub
红队作战中比较常遇到的一些重点系统漏洞整理。
☆2,519Jul 17, 2021Updated 4 years ago
Open source password manager - Proton Pass • Ad
Securely store, share, and autofill your credentials with Proton Pass, the end-to-end encrypted password manager trusted by millions.
NS-Sp4ce / TongDaOA-Fake-User
View on GitHub
通达OA 任意用户登录漏洞
☆359Aug 27, 2020Updated 5 years ago
c0ny1 / jsEncrypter
View on GitHub
一个用于前端加密Fuzz的Burp Suite插件
☆1,063Mar 6, 2020Updated 6 years ago
LFYSec / ActuatorExploit
View on GitHub
SpringBoot Actuator未授权自动化利用，支持信息泄漏/RCE
☆230Dec 5, 2020Updated 5 years ago
Maskhe / FastjsonScan
View on GitHub
一个简单的Fastjson反序列化检测burp插件
☆970Jun 18, 2021Updated 4 years ago
whwlsfb / JDumpSpider
View on GitHub
HeapDump敏感信息提取工具
☆1,641Dec 15, 2025Updated 3 months ago
FunnyWolf / pystinger
View on GitHub
Bypass firewall for traffic forwarding using webshell
☆1,431Sep 29, 2021Updated 4 years ago
Y4er / WebLogic-Shiro-shell
View on GitHub
WebLogic利用CVE-2020-2883打Shiro rememberMe反序列化漏洞，一键注册蚁剑filter内存shell
☆536Aug 25, 2020Updated 5 years ago