This is your work, valued

Y4er

Elite
@Y4er

Happy :)

ysoserial. ysoserial修改版,着重修改ysoserial.payloads.util.Gadgets.createTemplatesImpl使其可以通过引入自定义class的形式来执行命令、内存马、反序列化回显。

774

WebLogic-Shiro-shell. WebLogic利用CVE-2020-2883打Shiro rememberMe反序列化漏洞,一键注册蚁剑filter内存shell

532

dotnet-deserialization. dotnet 反序列化学习笔记

522

CVE-2020-2551. Weblogic IIOP CVE-2020-2551

337

fastjson-bypass-autotype-1.2.68. fastjson bypass autotype 1.2.68 with Throwable and AutoCloseable.

229

CVE-2020-2555. Weblogic com.tangosol.util.extractor.ReflectionExtractor RCE

178

CVE-2020-2883. Weblogic coherence.jar RCE

176

yaml-payload. Spring Cloud SnakeYAML 反序列化一键注入cmdshell和reGeorg

136

openam-CVE-2021-35464. openam-CVE-2021-35464 tomcat 执行命令回显

88

CVE-2020-14645. Weblogic CVE-2020-14645 UniversalExtractor JNDI injection getDatabaseMetaData()

80

CVE-2020-14756. WebLogic T3/IIOP RCE ExternalizableHelper.class of coherence.jar

79

javaagent-tomcat-memshell. 使用java agent反序列化注入内存shell

69

CVE-2021-35215. SolarWinds Orion Platform ActionPluginBaseView 反序列化RCE

47

SpringAll. 循序渐进,学习Spring Boot、Spring Boot & Shiro、Spring Cloud、Spring Security & Spring Security OAuth2,博客Spring系列源码

4

learnjavabug. Java安全相关的漏洞和技术demo,原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security Manager绕过、Dubbo-Hessian2安全加固等等实践代码。

4

javaweb-sec. Java

3

web-chains. Web 版 Java Payload 生成与利用工具,提供 Java 反序列化、Hessian 1/2 反序列化等Payload生成,以及 JNDI、Fake Mysql、JRMPListener 等利用|The web version of Java Payload generation and utilization tool provides Payload generation such as Java deserialization and Hessian 1/2 deserialization, as well as JNDI, Fake Mysql, JRMPListener, etc

2

FUCK-GFW. 记录各个包管理器使用代理的方法, 因为GFW已经浪费了已经数不清的时间, FUCK GFW

2

CodeqlNote. Codeql学习笔记

2

naabu. A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests

1

metacubexd. Mihomo Dashboard, The Official One, XD

1

clash-verge-rev. A modern GUI client based on Tauri, designed to run in Windows, macOS and Linux for tailored proxy experience

1

dnlib. Reads and writes .NET assemblies and modules

1

Active-Directory-Pentest-Notes. 个人域渗透学习笔记

1

Y4er. README

1

learn-regex. Learn regex the easy way

1

SpringBoot-Labs. Spring Boot 2.X 专栏更新中,未来更新 Spring Cloud Alibaba 。欢迎胖友 Star 一波

1

remote-method-guesser. Java RMI Vulnerability Scanner

1

SpringBootVulExploit. SpringBoot 相关漏洞学习资料,利用方法和技巧合集,黑盒安全评估 checklist

1

CMWTAT_Digital_Edition. CloudMoe Windows 10 Activation Toolkit get digital license, the best open source Win 10 activator in GitHub. GitHub 上最棒的开源 Win10 数字权利(数字许可证)激活工具!

1