C# POC for CVE-2021-26855 aka ProxyLogon, supports the classically semi-interactive web shell as well as shellcode injection

CVE-2020-0796 Remote Code Execution POC

java 漏洞平台包含各种CVE

红/蓝队环境自动化部署工具 | Red/Blue team environment automation deployment tool

一款信息泄漏利用工具，适用于.git/.svn/.DS_Store泄漏和目录列出

瞎写的一点小脚本小工具什么的

自动化爬取并自动测试所有swagger接口

防火墙出网探测工具,内网穿透型socks5代理

Java web common vulnerabilities and security code which is base on springboot and spring security

Collections of Orange Tsai's public presentation slides.

fastjson一键命令执行

安卓应用层抓包通杀脚本

PoC exploits for software vulnerabilities

SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 check list

绕过专业工具检测的Webshell研究文章和免杀的Webshell

LSpider 一个为被动扫描器定制的前端爬虫

Druid 密文解密工具，作为一个白帽子，真心希望阿里爸爸重视一下

红队综合渗透框架

Zero-Trust C2: Ephemeral TOFU + PFS + Auto-Proxy Mesh + Memory-Only Ops + Bring2CC + Native BOF

Remote Desktop Protocol .NET Console Application for Authenticated Command Execution

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞验证功能

Adversary simulation and Red teaming platform with AI

SharPyShell - tiny and obfuscated ASP.NET webshell for C# web applications

Fake Windows logon screen to steal passwords

Winexe 1.1 Installation - Ubuntu 14.04-16.04-18.04

阿里云ECS、策略组辅助小工具

A high performance FortiGate SSL-VPN vulnerability scanning and exploitation tool.

MySQL fake server for read files of connected clients