My-CTF-Web-Challenges. Collection of CTF Web challenges I made
2.9kMy-Presentation-Slides. Collections of Orange Tsai's public presentation slides.
759tsh. Tiny SHell is an open-source UNIX backdoor.
710awesome-jenkins-rce-2019. There is no pre-auth RCE in Jenkins since May 2017, but this is the one!
610Tiny-URL-Fuzzer. A tiny and cute URL fuzzer
403bug-bounty-reference. Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature
59Some-PoC-oR-ExP. 各种漏洞poc、Exp的收集或编写
32blog.orange.tw. static sites for blog.orange.tw
22pysslShells. Finally, reverse/bind shells written in python, encrypted with ssl!
11JNDI-Injection-Bypass. Some payloads of JNDI Injection in JDK 1.8.0_191+
10Java-Deserialization-Cheat-Sheet. The cheat sheet about Java Deserialization vulnerabilities
9Vulnerable-Django. Python
8webshell. This is a webshell open source project
8how2heap. A repository for learning various heap exploitation techniques.
6J2EEScan. J2EEScan is a plugin for Burp Suite Proxy. The goal of this plugin is to improve the test coverage during web application penetration tests on J2EE applications.
6hitcon2013-wargame.github.com. wargame.hitcon.org
5wooyun_articles. wooyun_articles fork from
4ctf-writeup. Just another stupid logs
4xss.swf. a tiny tool for swf hacking, just browse it:)
3python-websocket-server. A simple fully working websocket-server in Python with no external dependencies
3scapy. Scapy: the Python-based interactive packet manipulation program & library. Supports Python 2 & Python 3.
3pentest_study.
3curl. Curl is a tool and libcurl is a library for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, GOPHER, TFTP, SCP, SFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3, RTSP and RTMP. libcurl offers a myriad of powerful features
3ActiveScan3Plus. Modified version of ActiveScan++ Burp Suite extension
3burp-exceptions. Simple trick to increase readability of exceptions raised by Burp extensions written in Python
3Windows-Exploit-Suggester. This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins.
2Micro8.
2articles. Post release curated articles (MarkDown & Corrections)
2Responder. Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
1S2-046-PoC. S2-046-PoC
1cookitor-site. A site to easily decode the content of Rails sessions stored in cookies.
1network-emulator. LD_PRELOAD POSIX network API emulator
1aniarc-skype-bot. Simple Python (Py4Skype) Bot, Pushing Github, BitBucket, Errbit, Capistrano HTTP Post to Skype Chat Channel
1de4dot. .NET deobfuscator and unpacker.
1ModSecurity. ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx that is developed by Trustwave's SpiderLabs. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. With over 10,000 deployments world-wide, ModSecurity is the most widely deployed WAF in existence.
1Gdbinit. Gdbinit for OS X, iOS and others - x86, x86_64 and ARM
1