ysoserial. ysoserial修改版,着重修改ysoserial.payloads.util.Gadgets.createTemplatesImpl使其可以通过引入自定义class的形式来执行命令、内存马、反序列化回显。
774WebLogic-Shiro-shell. WebLogic利用CVE-2020-2883打Shiro rememberMe反序列化漏洞,一键注册蚁剑filter内存shell
532dotnet-deserialization. dotnet 反序列化学习笔记
522CVE-2020-2551. Weblogic IIOP CVE-2020-2551
337fastjson-bypass-autotype-1.2.68. fastjson bypass autotype 1.2.68 with Throwable and AutoCloseable.
229CVE-2020-2555. Weblogic com.tangosol.util.extractor.ReflectionExtractor RCE
178CVE-2020-2883. Weblogic coherence.jar RCE
176yaml-payload. Spring Cloud SnakeYAML 反序列化一键注入cmdshell和reGeorg
136openam-CVE-2021-35464. openam-CVE-2021-35464 tomcat 执行命令回显
88CVE-2020-14645. Weblogic CVE-2020-14645 UniversalExtractor JNDI injection getDatabaseMetaData()
80CVE-2020-14756. WebLogic T3/IIOP RCE ExternalizableHelper.class of coherence.jar
79javaagent-tomcat-memshell. 使用java agent反序列化注入内存shell
69CVE-2021-35215. SolarWinds Orion Platform ActionPluginBaseView 反序列化RCE
47SpringAll. 循序渐进,学习Spring Boot、Spring Boot & Shiro、Spring Cloud、Spring Security & Spring Security OAuth2,博客Spring系列源码
4learnjavabug. Java安全相关的漏洞和技术demo,原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security Manager绕过、Dubbo-Hessian2安全加固等等实践代码。
4javaweb-sec. Java
3web-chains. Web 版 Java Payload 生成与利用工具,提供 Java 反序列化、Hessian 1/2 反序列化等Payload生成,以及 JNDI、Fake Mysql、JRMPListener 等利用|The web version of Java Payload generation and utilization tool provides Payload generation such as Java deserialization and Hessian 1/2 deserialization, as well as JNDI, Fake Mysql, JRMPListener, etc
2FUCK-GFW. 记录各个包管理器使用代理的方法, 因为GFW已经浪费了已经数不清的时间, FUCK GFW
2CodeqlNote. Codeql学习笔记
2naabu. A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests
1metacubexd. Mihomo Dashboard, The Official One, XD
1clash-verge-rev. A modern GUI client based on Tauri, designed to run in Windows, macOS and Linux for tailored proxy experience
1dnlib. Reads and writes .NET assemblies and modules
1Active-Directory-Pentest-Notes. 个人域渗透学习笔记
1Y4er. README
1learn-regex. Learn regex the easy way
1SpringBoot-Labs. Spring Boot 2.X 专栏更新中,未来更新 Spring Cloud Alibaba 。欢迎胖友 Star 一波
1remote-method-guesser. Java RMI Vulnerability Scanner
1SpringBootVulExploit. SpringBoot 相关漏洞学习资料,利用方法和技巧合集,黑盒安全评估 checklist
1CMWTAT_Digital_Edition. CloudMoe Windows 10 Activation Toolkit get digital license, the best open source Win 10 activator in GitHub. GitHub 上最棒的开源 Win10 数字权利(数字许可证)激活工具!
1