Coder Social home page Coder Social logo

securitycn's Projects

1000php icon 1000php

1000个PHP代码审计案例(2016.7以前乌云公开漏洞)

awae-prep icon awae-prep

This repository will serve as the "master" repo containing all trainings and tutorials done in preperation for OSWE in conjunction with the AWAE course. This repo will likely contain custom code by me and various courses.

burpsuite icon burpsuite

BurpSuite using the document and some extensions

burpsuite-collections icon burpsuite-collections

BurpSuite收集:包括不限于 Burp 文章、破解版、插件(非BApp Store)、汉化等相关教程,欢迎添砖加瓦---burpsuite-pro burpsuite-extender burpsuite cracked-version hackbar hacktools fuzzing fuzz-testing burp-plugin burp-extensions bapp-store brute-force-attacks brute-force-passwords waf sqlmap jar

bypassantivirus icon bypassantivirus

远控免杀系列文章及配套工具,搜集汇总了互联网上的几十种免杀工具和免杀方法,并对免杀效果进行了一一测试,为远控的免杀和杀软对抗免杀提供参考。

common-regex icon common-regex

:jack_o_lantern: 常用正则表达式 - 收集一些在平时项目开发中经常用到的正则表达式。

dnslog icon dnslog

DNSLog 是一款监控 DNS 解析记录和 HTTP 访问记录的工具。

fastjson-blacklist icon fastjson-blacklist

打CTF实在厌倦了找利用链,就知道一个fastjson的版本,一堆依赖找啊找,头都疼。为了解决这个烦恼,用了卓卓师傅的fastjson黑名单工具和库,自己改造了一下。

fileprotected icon fileprotected

Java版的文件目录保护程序,设定备份目录以及被保护目录,就可以在目标目录内文件、目录被删除、修改的时候,自动恢复,实现了目录内容的保护。在CTF-AWD模式比赛中,可用于保护WEB目录不被删除、修改,out文件夹内含有已编译生成的jar可执行文件。

fuzzdb icon fuzzdb

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

gadgetinspector icon gadgetinspector

一个通过分析字节码进行污点分析的静态代码审计应用(添加了大量代码注释,适合大家进行源码学习)。加入了挖掘Fastjson反序列化gadget chains(曾使用它挖掘到了Fastjson、Jackson通用的gadget chain)和SQLInject(JdbcTemplate、MyBatis、JPA、Hibernate、原生jdbc等)静态检测功能。

homepwn icon homepwn

HomePwn - Swiss Army Knife for Pentesting of IoT Devices

java-sec-code icon java-sec-code

Java常见通用漏洞和修复的代码以及利用payload

learnjavabug icon learnjavabug

Java安全相关的漏洞和技术demo,其中包括原生Java、Fastjson、Jackson、Hessian2以及XML反序列化漏洞利用和Dubbo(Hessian2反序列化)、Shiro(PaddingOracleCBC)等框架的exploits,并且还有Java Security Manager绕过、Dubbo-Hessian2安全加固、RMI利用等等实践代码。

mind-map icon mind-map

各种安全相关思维导图整理收集

sreg icon sreg

Sreg可对使用者通过输入email、phone、username的返回用户注册的所有互联网护照信息。

tomcat-cluster-session-sync-exp icon tomcat-cluster-session-sync-exp

tomcat使用了自带session同步功能时,不安全的配置(没有使用EncryptInterceptor)导致存在的反序列化漏洞,通过精心构造的数据包, 可以对使用了tomcat自带session同步功能的服务器进行攻击。PS:这个不是CVE-2020-9484,9484是session持久化的洞,这个是session集群同步的洞!

vulhub icon vulhub

Pre-Built Vulnerable Environments Based on Docker-Compose

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.