the fastest and most powerful android decompiler(native tool working without Java VM) for the APK, DEX, ODEX, OAT, JAR, AAR, and CLASS file. which supports malicious behavior detection, privacy lea…

Java 4,309 532 Updated May 8, 2024

threedr3am / learnjavabug

Java安全相关的漏洞和技术demo，原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security Manager绕过、Dubbo-Hessian2安全加固等等实践代码。

Java 2,621 496 Updated Mar 14, 2024

iSafeBlue / TrackRay

Java 2,044 374 Updated Dec 16, 2023

feihong-cs / ShiroExploit-Deprecated

Shiro550/Shiro721 一键化利用工具，支持多种回显方式

Java 1,915 298 Updated Jun 4, 2021

wagiro / BurpBounty

Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules thro…

Java 1,707 342 Updated Apr 26, 2024

bit4woo / knife

A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅

Java 1,663 200 Updated Dec 23, 2024

smxiazi / xia_sql

xia SQL (瞎注) burp 插件，在每个参数后面填加一个单引号，两个单引号，一个简单的判断注入小插件。

Java 1,009 76 Updated May 18, 2023

vulnersCom / burp-vulners-scanner

Vulnerability scanner based on vulners.com search API

Java 846 168 Updated Apr 15, 2024

rebeyond / memShell

a webshell resides in the memory of java web server

Java 666 152 Updated Jun 26, 2018

smxiazi / xia_Liao

xia Liao（瞎料）burp插件用于Windows在线进程/杀软识别与 web渗透注册时，快速生成需要的资料用来填写，资料包含：姓名、手机号、身份证、统一社会信用代码、组织机构代码、银行卡，以及各类web语言的hello world输出和生成弱口令字典等。

Java 621 43 Updated Jul 9, 2024

Y4er / WebLogic-Shiro-shell

WebLogic利用CVE-2020-2883打Shiro rememberMe反序列化漏洞，一键注册蚁剑filter内存shell

Java 531 62 Updated Aug 25, 2020

shack2 / javaserializetools

Java反序列化漏洞利用工具V1.0 Java反序列化相关漏洞的检查工具，采用JDK 1.8+NetBeans8.2开发，软件运行必须安装JDK 1.8或者以上版本。支持：weblogic xml反序列化漏洞 CVE-2017-10271/CNVD-C-2019-48814/CVE-2019-2725检查。

Java 465 115 Updated Oct 1, 2020

rsmudge / cortana-scripts

A collection of Cortana scripts that you may use with Armitage and Cobalt Strike 2.x. Cortana Scripts are not compatible with Cobalt Strike 3.x. Cobalt Strike 3.x uses a variant of Cortana called A…

Java 447 284 Updated Mar 2, 2021

Ramos-dev / OSSTunnel

基于亚马逊S3\阿里云OSS\腾讯COS通信隧道的远程管理工具

Java 320 52 Updated Oct 10, 2020

JoyChou93 / webshell

入侵分析时发现的Webshell后门

Java 272 81 Updated Jan 17, 2019

bit4woo / u2c

Unicode To Chinese -- U2C : A burpsuite Extender That Convert Unicode To Chinese 【Unicode编码转中文的burp插件】

Java 240 27 Updated Feb 20, 2022

MZCretin / LotteryHelper

一个用于给福彩自动对号的工具，给福彩拍照后自动识别上面的号码，自动从网络获取本期获奖号码，与识别后的号码进行匹配，对比出改彩票是否有中奖号码

Java 206 68 Updated Apr 7, 2020

yzddmr6 / JspForAntSword

中国蚁剑JSP一句话Payload

Java 119 12 Updated Oct 4, 2020

EmpireProject / EmpireMobile

Android and iOS source for the Empire mobile app

Java 89 40 Updated Feb 20, 2019

chinatso / -v1.0

冰蝎v1.0

Java 60 37 Updated Sep 26, 2018

5up3rc / Dayu

一款开源指纹识别工具。

Java 15 35 Updated May 19, 2017

yinyayun / prediction

彩票预测

Java 13 2 Updated Dec 18, 2017

sv3nbeast / Penetration_Testing_POC

Forked from Mr-xn/Penetration_Testing_POC

渗透测试有关的POC、EXP、脚本、提权、小工具等，欢迎补充、完善---About penetration-testing python-script poc html-poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce

Java 3 3 Updated Dec 11, 2019

PolarisLab / domain_hunter

Forked from bit4woo/domain_hunter

A Burp Suite Extender that search sub domain and similar domain from sitemap

Java 2 1 Updated Nov 9, 2017

S1nJa / Simple_Shiro_Exploit

A simple shiro attack tool

Java 1 Updated Mar 27, 2023

ilovecode2018

Highlights

Starred repositories

lottery