ysoserial.net. Deserialization payload generator for a variety of .NET formatters
3.8kocto.nvim. Edit and review GitHub issues and pull requests from the comfort of your favorite editor
3.3kSerialKillerBypassGadgetCollection. Collection of bypass gadgets to extend and wrap ysoserial payloads
389cheatsheets. random brain dumps
3500day. 各种CMS、各种平台、各种系统、各种软件漏洞的EXP、POC 该项目将不断更新
265JRE8u20_RCE_Gadget. JRE8u20_RCE_Gadget
255DupeKeyInjector. DupeKeyInjector
134S2-046-PoC. S2-046-PoC
112codeql.nvim. CodeQL plugin for Neovim
111BlockingServer. Web Server that serves a single file and keeps the connection open until user releases it.
75codeql_grehack_workshop. GreHack 2021 CodeQL for Java workshop
73XMLDecoder. RCE Exploit PoC for XMLDecoder
63dotnet-deserialization-scanner. .NET Deserialization Passive Scanner
47SpringBreaker. Exploit PoC for Spring RCE issue (CVE-2011-2894)
44ysoserial. A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
42dotfiles. Lua
36ViewStatePayloadGenerator. ViewState Payload Generator
26nvim-lsp. Nvim LSP client configurations
24nautilus.nvim. A nice and cobaltish neovim theme
20XStreamServer. RCE Exploit PoC for Spring based RESTFul APIs using XStream as Unmarshaler
20JVMDeserialization. PoC for Scala and Groovy
14XStreamPOC. POC for XStream RCE
13RSA_RESTing. Demos for RSA talk: RESTing on your laurels will get you owned
12pwntester-blog. Pwntester Blog
7OWASP-GoatDroid-Dolphis. OWASP GoatDroid Exploit Apps
6OGNLInjection. OGNL Expression Injection Tescase
5cobalt2.vim. Color scheme for vim
4EpicTreasure. Python
3jdeserialize. Automatically exported from code.google.com/p/jdeserialize
3bug-bounty-reference. Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature
3codeql. CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security (code scanning), LGTM.com, and LGTM Enterprise
3how2heap. A repository for learning various heap exploitation techniques.
3StaticInitializerPayload. Java
3crane.nvim. Lua
3pwntester.github.io. pwntester Blog
2gh-cdr. gh-cdr
2cobange. Neovim color scheme
2test-project. Dockerfile
2angr-dev. Some helper scripts to set up an environment for angr development.
2pwntools. C
2XQueryInjection. XQuery Injection Testcases
2csaw2016_rock. Python
2RestletXMLDecoder. Restlet API consuming XML serialized Java Objects. Vulnerable to XXE and RCE (if third party libraries like GroovyShell are found in the classpath)
2cm-editor-syntax-highlight-obsidian. A plugin for [Obsidian](https://obsidian.md) which allows syntax highlighting for code blocks in the editor.
1nDPI. Open Source Deep Packet Inspection Software Toolkit
1gh-mrva.
1RawTherapee. A powerful cross-platform raw photo processing program
1ESPHomeGeniusStandingDesk. C++
1azure-cli. Azure Command-Line Interface
1ossec-hids. OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
1airbyte. Airbyte is an open-source EL(T) platform that helps you replicate your data in your warehouses, lakes and databases.
1obsidian-things-logbook. Sync your Things 3 Logbook with Obsidian
1simple-binary-encoding. Simple Binary Encoding (SBE) - High Performance Message Codec
1