Pear1y's Projects
暂停维护 | ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
本项目集成了全网优秀的攻防工具项目,包含自动化利用,子域名、敏感目录、端口等扫描,各大中间件,cms漏洞利用工具以及应急响应等资料。
Checklist of the most important security countermeasures when designing, testing, and releasing your API
A golang ebook intro how to build a web with golang
A simple script just made for self use for bypassing 403
📦 Make security testing of K8s, Docker, and Containerd easier.
**程序员容易发音错误的单词
《深入理解CodeQL》Finding vulnerabilities with CodeQL.
Codeql学习笔记
开发内功修炼
🌀 跨域demo。CORS、JSONP、postMessage、websocket、document.domain、window.name、iframe等示例
Atlassian Jira Seraph Authentication Bypass RCE(CVE-2022-0540)
Atlassian Bitbucket Data Center RCE(CVE-2022-26133) verification.
Interactive roadmaps, guides and other educational content to help developers grow in their careers.
Ultimate DevSecOps library
DNSLog-GO 是一款golang编写的监控 DNS 解析记录的工具,自带WEB界面
图形化漏洞利用Demo-JavaFX版
CodeQL extractor for java, which don't need to compile java source
40x bypass
Fastjson姿势技巧集合
基于 dbcp 的 Fastjson RCE 回显
Fastjson vulnerability quickly exploits the framework(fastjson漏洞快速利用框架)
IoT固件漏洞挖掘工具
A byte code analyzer for finding deserialization gadget chains in Java applications
This tool generates gopher link for exploiting SSRF and gaining RCE in various servers
GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems
HTTP Request Smuggling Detection Tool
150本信息安全方面的书籍书籍(持续更新)
IoT Sec Tutorial
The cheat sheet about Java Deserialization vulnerabilities