This is your work, valued
graudit. grep rough audit - source code auditing tool
1.7kdotdotpwn. DotDotPwn - The Directory Traversal Fuzzer
1.1khtshells. Self contained htaccess shells and attacks
1.1kdoona. Network based protocol fuzzer
75sploit-dev. Exploits and research stuffs
53lbmap. Advanced HTTP fingerprinting PoC
45php-omelette. Code fragmentation technique for scripting languages
18presentations. Slides and demo code for past presentations
12traversty. Directory traversal tool
10Web-application-security-lab. Collection of files from my article on building a web application security lab
7Jason. Tools for butchering password lists and passwords
6php_bugs. PHP代码审计分段讲解
4Wapiti-Parser. Perl module for parsing wapiti reports
4safelity. Secure programming library for PHP
3WWW-TamperData. Perl interface to replay tamperdata sessions exported to xml
3heap-exploitation. This book on heap exploitation is a guide to understanding the internals of glibc's heap and various attacks possible on the heap structure.
2pwnwiki.github.io. PwnWiki - Previously known as the Post Exploitation Wiki
2php-malware-finder. PHP
1coccinellery. C
1Unoriginal-Rice-Patty. "Unoriginal-Rice-Patty" is my personal title for the Replay-based attack on Honda and Acura vehicles
1coccinelle. Source code of the Coccinelle project (mirror of the main Coccinelle repository located at Inria)
1Infosec_Reference. An Information Security Reference That Doesn't Suck
1big-list-of-naughty-strings. The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.
1Book_Generation_Z_Developer. Book to hold the content files for the 'Generation Z Developer'
1DNA-Registry. DWF (Distributed Weakness Filing) Number Authority Project
1simplebot. SimpleBot is a very basic robot designed for learning about NodeBots.
1wifi_ducky. Upload, save and run keystroke injection payloads with an ESP8266 + ATMEGA32U4
1semgrep. Fast and syntax-aware semantic code pattern search for many languages: like grep but for code
1semgrep-rules. semgrep rules registry
1BugId. Python script and module to detect, analyze and id application bugs
1mimir. Mimir network flow analysis software. Backend for Visdom
1PadBuster. Automated script for performing Padding Oracle attacks
1DVCS-Pillage. Pillage web accessible GIT, HG and BZR repositories
1metasploit-framework. Metasploit Framework
1