CVE-2024-40725 and CVE-2024-40898, affecting Apache HTTP Server versions 2.4.0 through 2.4.61. These flaws pose significant risks to web servers worldwide, potentially leading to source code disclo…

Tools and Techniques for Blue Team / Incident Response

一个有点好用的信息收集工具。A somewhat useful information gathering tool.

[VscanPlus内外网漏洞扫描工具]已更新HW热门漏洞检测POC。基于veo师傅的漏扫工具vscan二次开发的版本，端口扫描、指纹检测、目录fuzz、漏洞扫描功能工具，批量快速检测网站安全隐患。An open-source, cross-platform website vulnerability scanning tool that helps you quickly detect w…

Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 9…

保存微信历史版本

绕过瑞数waf的动态验证机制，实现请求包重放，理论支持不同网站环境使用，如网页、小程序、APP等。

D-Eyes为M-SEC社区一款检测与响应工具

Ghidra is a software reverse engineering (SRE) framework

LC（List Cloud）是一个多云攻击面资产梳理工具

JexBoss: Jboss (and Java Deserialization Vulnerabilities) verify and EXploitation Tool

瑞数 bypass all

dddd是一款使用简单的批量信息收集,供应链漏洞探测工具，旨在优化红队工作流，减少伤肝的机械性操作。支持从Hunter、Fofa批量拉取目标

An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws

A Rust port of shadowsocks

A vulnerability scanner for container images and filesystems

收集整理漏洞EXp/POC,大部分漏洞来源网络，目前收集整理了700多个poc/exp，长期更新。

lanproxy是一个将局域网个人电脑、服务器代理到公网的内网穿透工具，支持tcp流量转发，可支持任何tcp上层协议（访问内网网站、本地支付接口调试、ssh访问、远程桌面、http代理、https代理、socks5代理...）。技术交流QQ群 736294209

ODAT: Oracle Database Attacking Tool

Team IDE 集成MySql、Oracle、金仓、达梦、神通等数据库、SSH、FTP、Redis、Zookeeper、Kafka、Elasticsearch、Mongodb、小工具等管理工具

自研JavaFX图形化漏洞扫描工具，支持扫描的漏洞分别是： ThinkPHP-2.x-RCE， ThinkPHP-5.0.23-RCE， ThinkPHP5.0.x-5.0.23通杀RCE， ThinkPHP5-SQL注入&敏感信息泄露， ThinkPHP 3.x 日志泄露NO.1， ThinkPHP 3.x 日志泄露NO.2， ThinkPHP 5.x 数据库信息泄露的漏洞检测，以及批量检…

HTTP parameter discovery suite.

安卓应用层抓包通杀脚本

Extract URLs, paths, secrets, and other interesting bits from JavaScript

Linux Eelvation(持续更新)

🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.

Local Privilege Escalation from Admin to Kernel vulnerability on Windows 10 and Windows 11 operating systems with HVCI enabled.

Termux - a terminal emulator application for Android OS extendible by variety of packages.

CVE-2023-6634

A cheat sheet that contains advanced queries for SQL Injection of all types.