Stars
网络空间资产测绘、ICP备案、天眼查股权结构图、IP138域名解析与IP反查、外部HTTP调用与小程序反编译。
一款支持 目录扫描(可配合熊猫头)+自动绕403+敏感匹配 等的小脚本工具,目前此脚本属于创始测试版,后续会继续升级!!!CowCow🐂🐂
JNDI注入测试工具(A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc)
JNDI注入测试工具
公开漏洞知识库整合:https://mrwq.github.io/vulnerability-wiki/#/
FastJson全版本Docker漏洞环境(涵盖1.2.47/1.2.68/1.2.80等版本),主要包括JNDI注入及高版本绕过、waf绕过、文件读写、原生反序列化、利用链探测绕过、不出网利用等。从黑盒的角度覆盖FastJson深入利用
爬网站JS文件,自动fuzz api接口,指定api接口(针对前后端分离项目,可指定后端接口地址),回显api响应
针对SpringBoot的开源渗透框架,以及Spring相关高危漏洞利用工具
Packer Fuzzer is a fast and efficient scanner for security detection of websites constructed by javascript module bundler such as Webpack.
Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the …
JNDI 注入利用工具, 支持 RMI, LDAP 和 LDAPS 协议, 包含多种高版本 JDK 绕过方式 | A JNDI injection exploit tool that supports RMI, LDAP and LDAPS protocols, including a variety of methods to bypass higher-version JDK
ysoSimple:简易的Java漏洞利用工具,集成Java反序列化,Hessian反序列化,XStream反序列化,SnakeYaml反序列化,Shiro550,JSF反序列化,SSTI模板注入,JdbcAttackPayload,JNDIAttack,字节码生成。
Loop Habit Tracker, a mobile app for creating and maintaining long-term positive habits
vulhub Vulnerability Reproduction Designated Platform