渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 check list

Top disclosed reports from HackerOne

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞验证功能

This tool generates gopher link for exploiting SSRF and gaining RCE in various servers

Java web common vulnerabilities and security code which is base on springboot and spring security

利用大量高威胁poc/exp快速获取目标权限，用于渗透和红队快速打点

Notes about attacking Jenkins servers

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

🇺🇦 Windows driver with usermode interface which can hide processes, file-system and registry objects, protect processes and etc

Awesome list of step by step techniques to achieve Remote Code Execution on various apps!

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

Miscellaneous exploit code

Check your WAF before an attacker does

Automatic SSTI detection tool with interactive interface

Redis(<=5.0.5) RCE

Penelope Shell Handler

Getting started with java code auditing 代码审计入门的小项目

CVE-2021-40444 - Fully Weaponized Microsoft Office Word RCE Exploit