dummykitty Goto Github PK

followers: 64.0 following: 184.0 repos: 125.0 gists: 0.0

Name: DummyKitty

Type: User

Bio: Code Audit@xxx / Penetration Tester@xxx / CTFer

Location: SALVADOR-BA

About😁

About me 🤝

💻 Web Security
🏥 Medicine lover (taught by girlfriend)
👨‍🎓 Trying to further improve education.
📚 love reading. Through books ,I can visit places I have never been, can experience life I have never experienced.
🛌 sleep problems

Env

Blog

https://DummyKitty.github.io/

DummyKitty's Projects

0wned

Code execution via Python package installation.

arl

ARL官方仓库备份项目：ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

attackwebframeworktools-5.0

本软件首先集成危害性较大框架和部分主流cms的rce(无需登录,或者登录绕过执行rce)和反序列化(利用链简单)。傻瓜式导入url即可实现批量getshell。批量自动化测试。例如:Thinkphp,Struts2,weblogic。出现的最新漏洞进行实时跟踪并且更新例如:log4jRCE,向日葵RCE 等等.

awesome-chatgpt-prompts

This repo includes ChatGPT prompt curation to use ChatGPT better.

callstackspoofingpoc

C++ self-Injecting dropper based on various EDR evasion techniques.

cf

Cloud Exploitation Framework 云环境利用框架，方便安全人员在获得 AK 的后续工作

Cobalt Strike is a powerful threat emulation tool that provides a post-exploitation agent and covert channels ideal for Adversary Simulations and Red Team exercises. With Cobalt Strike, companies can emulate the tactics and techniques of a quiet long-term embedded threat actor in an IT network. Malleable C2 lets you change your network indicators to look like different malware each time. These tools complement Cobalt Strike's solid social engineering process, its robust collaboration capability, and unique reports designed to aid blue team training.

cobaltstrikesource

Cobaltstrike4.1 Source

codeql

CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security (code scanning), LGTM.com, and LGTM Enterprise

codeqlpy

CodeQLpy是一款基于CodeQL实现的半自动化代码审计工具，目前仅支持java语言。实现从源码反编译，数据库生成，脆弱性发现的全过程，可以辅助代码审计人员快速定位源码可能存在的漏洞。

ctf-docker-template

Deployment template for docker target machine in ctf for CTFd and other platforms that support dynamic flags

cve-2021-22005

cve-2021-31805

S2-062 (CVE-2021-31805) / S2-061 / S2-059 RCE

cve-2021-43297-poc

CVE-2021-43297 POC，Apache Dubbo<= 2.7.13时可以实现RCE

cve-2022-21907

Windows HTTP协议栈远程代码执行漏洞 CVE-2022-21907

cve-2022-40684

PoC for CVE-2022-40684 - Authentication bypass lead to Full device takeover (Read-only)

cve-2022-40684-rce-poc

fortinet auth bypass analyze and exploit

cve-2023-21707

CVE-2023-21707 EXP

cve-2023-7028

This repository presents a proof-of-concept of CVE-2023-7028

cve-2024-21887

A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.

cve-2024-3400

This script is designed to demonstrate the exploitation of vulnerabilities in PAN-OS firewalls. It sends a specially crafted payload to the firewall's API endpoint to execute arbitrary commands.