Jawd——Jar文件编辑并重新打包导出神器。一款能够让你在AWD抢占先机，应急响应第一时间修复bug的神器

在线漏洞平台

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve…

收集整理漏洞EXP/POC,大部分漏洞来源网络，目前收集整理了1000多个poc/exp，长期更新。

[WIP] 整理过去我和K8s、容器、虚拟化相关的分享 🧐

IoT固件漏洞复现环境

快速搭建各种漏洞环境(Various vulnerability environment)

👻Stowaway -- Multi-hop Proxy Tool for pentesters

本项目制作的初衷是帮助师傅们快速搭建工作环境，工欲善其事，必先利其器。

A tiny project for generating SnakeYAML deserialization payloads

Curated list of project-based tutorials

漏洞批量验证框架

Some notes + exercises that I've done during my study for the Offensive Security Exploit Developer.

Containing my notes, practice binaries + solutions, blog posts, etc. for the Offensive Security Exploit Developer (OSED/EXP-301)

bespoke tooling for offensive security's Windows Usermode Exploit Dev course (OSED)

Proof of Concept exploit scripts and fuzzing templates. Companion blog posts located at https://epi052.gitlab.io/notes-to-self/blog/2020-05-13-osce-exam-practice-part-one/

该项目是利用docker技术创建的有漏洞的cms环境集合，可以进行练习

Bad char generator to instruct encoders such as shikata-ga-nai to transform those to other chars.

This project hosts security advisories and their accompanying proof-of-concepts related to research conducted at Google which impact non-Google owned code.

Impacket GUI 让Impacket部分横向模块可视化操作,减少复杂指令

Linux权限维持

收集的文章 https://mrwq.github.io/tools/paper/

一款红队专用免杀木马生成器，基于shellcode生成绕过所有杀软的木马。

📙 Markdown Templates for Offensive Security OSCP, OSWE, OSCE, OSEE, OSWP exam report

(持续更新)对网上出现的各种OA、中间件、CMS等漏洞进行整理，主要包括漏洞介绍、漏洞影响版本以及漏洞POC/EXP等，并且会持续更新。