huahuatzt Goto Github PK

2022-hw-poc

2022 护网行动 POC 整理

agartha

a burp extension for dynamic payload generation to detect injection flaws (LFI, RCE, SQLi), creates access matrix based user sessions to spot authentication/authorization issues, and converts Http requests to Javascript for further XSS exploitations.

amass

In-depth Attack Surface Mapping and Asset Discovery

apache-dubbo-cve-2023-23638-exp

Apache Dubbo (CVE-2023-23638)漏洞利用的工程化实践

awesome-hacking-tools

黑客工具收集仓库，包含主流和非主流漏洞利用工具，subdomain、备案查询工具、CVE仓库、Hacking Tools、Exploits、免杀工具、weblogic漏洞利用工具、Red Team、Cobalt Strike、C免杀、bypassAV、内网渗透工具、漏洞利用、工具插件、burpsuite插件；

basecrack

Decode All Bases - Base Scheme Decoder

burpcrypto

BurpCrypto is a collection of burpsuite encryption plug-ins, support AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite). 支持多种加密算法或直接执行JS代码的用于爆破前端加密的BurpSuite插件

ctf-note

CTF笔记：该项目主要记录CTF知识、刷题记录、工具等。

cve-2017-11882

CVE-2017-11882 Exploit accepts over 17k bytes long command/code in maximum.钓鱼

cve-2019-5736-poc

PoC for CVE-2019-5736

cve-2021-40346

CVE-2021-40346 PoC (HAProxy HTTP Smuggling)

cve-2022-27925

cve-2023-38646

POC for CVE-2023-38646

follina.py

POC to replicate the full 'Follina' Office RCE vulnerability for testing purposes

ghauri

An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws

goby_poc

goby poc or exp,分享goby最新网络安全漏洞检测或利用代码

gobyvuls

Vulnerabilities of Goby supported with exploitation.

gui_tools

一个由各种图形化渗透工具组成的工具集

hackbrowserdata

Decrypt passwords/cookies/history/bookmarks from the browser. 一款可全平台运行的浏览器数据导出解密工具。

hackerone-reports

Top disclosed reports from HackerOne

how-does-navicat-encrypt-password

Transferred from https://github.com/DoubleLabyrinth/how-does-navicat-encrypt-password

how-does-securecrt-encrypt-password

Transferred from https://github.com/DoubleLabyrinth/how-does-SecureCRT-encrypt-password

online_tools

该工具是一个集成了非常多渗透测试工具，类似软件商城的工具可以进行工具下载，工具的更新，工具编写了自动化的安装脚本，不用担心工具跑不起来。

oss-browser

OSS Browser 提供类似windows资源管理器功能。用户可以很方便的浏览文件，上传下载文件，支持断点续传等。

packer-fuzzer

Packer Fuzzer is a fast and efficient scanner for security detection of websites constructed by javascript module bundler such as Webpack.

peiqi-wiki-poc

鹿不在侧，鲸不予游🐋

penetration-suite-toolkit

本项目制作的初衷是帮助渗透新手快速搭建工作环境，工欲善其事，必先利其器。

penetration_testing_poc

渗透测试有关的POC、EXP、脚本、提权、小工具等，欢迎补充、完善---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

pochouse

POC&EXP仓库、hvv弹药库、Nday、1day

potatotool

这款工具是一款功能强大的网络安全综合工具，旨在为安全从业者、红蓝对抗人员和网络安全爱好者提供全面的网络安全解决方案。它集成了多种实用功能，包括解密、分析、扫描、溯源等，为用户提供了便捷的操作界面和丰富的功能选择。This tool offers robust network security solutions for professionals and enthusiasts. With features like decryption, analysis, scanning, and traceability, it provides a user-friendly interface and diverse functionality.