securitycn Goto Github PK
Type: User
Type: User
1000个PHP代码审计案例(2016.7以前乌云公开漏洞)
This repository will serve as the "master" repo containing all trainings and tutorials done in preperation for OSWE in conjunction with the AWAE course. This repo will likely contain custom code by me and various courses.
BurpSuite using the document and some extensions
BurpSuite收集:包括不限于 Burp 文章、破解版、插件(非BApp Store)、汉化等相关教程,欢迎添砖加瓦---burpsuite-pro burpsuite-extender burpsuite cracked-version hackbar hacktools fuzzing fuzz-testing burp-plugin burp-extensions bapp-store brute-force-attacks brute-force-passwords waf sqlmap jar
远控免杀系列文章及配套工具,搜集汇总了互联网上的几十种免杀工具和免杀方法,并对免杀效果进行了一一测试,为远控的免杀和杀软对抗免杀提供参考。
Tomcat-Ajp协议文件读取漏洞
:jack_o_lantern: 常用正则表达式 - 收集一些在平时项目开发中经常用到的正则表达式。
CVE-2020-0796 - Windows SMBv3 LPE exploit #SMBGhost
DNSLog 是一款监控 DNS 解析记录和 HTTP 访问记录的工具。
打CTF实在厌倦了找利用链,就知道一个fastjson的版本,一堆依赖找啊找,头都疼。为了解决这个烦恼,用了卓卓师傅的fastjson黑名单工具和库,自己改造了一下。
Java版的文件目录保护程序,设定备份目录以及被保护目录,就可以在目标目录内文件、目录被删除、修改的时候,自动恢复,实现了目录内容的保护。在CTF-AWD模式比赛中,可用于保护WEB目录不被删除、修改,out文件夹内含有已编译生成的jar可执行文件。
源代码漏洞の审计
Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
一个通过分析字节码进行污点分析的静态代码审计应用(添加了大量代码注释,适合大家进行源码学习)。加入了挖掘Fastjson反序列化gadget chains(曾使用它挖掘到了Fastjson、Jackson通用的gadget chain)和SQLInject(JdbcTemplate、MyBatis、JPA、Hibernate、原生jdbc等)静态检测功能。
HomePwn - Swiss Army Knife for Pentesting of IoT Devices
Java常见通用漏洞和修复的代码以及利用payload
Java安全相关的漏洞和技术demo,其中包括原生Java、Fastjson、Jackson、Hessian2以及XML反序列化漏洞利用和Dubbo(Hessian2反序列化)、Shiro(PaddingOracleCBC)等框架的exploits,并且还有Java Security Manager绕过、Dubbo-Hessian2安全加固、RMI利用等等实践代码。
各种安全相关思维导图整理收集
🔥Open source RASP solution
OWASP ModSecurity Core Rule Set (CRS) Project (Official Repository)
从零开始内网渗透学习
PHP代码审计分段讲解
blog: https://www.securityinfo.cn/ wechat: SecurityCN 感谢关注
A tool to dump Java serialization streams in a more human readable form.
Scanner for CVE-2020-0796 - SMBv3 RCE
Sreg可对使用者通过输入email、phone、username的返回用户注册的所有互联网护照信息。
tomcat使用了自带session同步功能时,不安全的配置(没有使用EncryptInterceptor)导致存在的反序列化漏洞,通过精心构造的数据包, 可以对使用了tomcat自带session同步功能的服务器进行攻击。PS:这个不是CVE-2020-9484,9484是session持久化的洞,这个是session集群同步的洞!
一键ThinkPHP漏洞检测
Pre-Built Vulnerable Environments Based on Docker-Compose
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.