- 👋 Hi, I’m @ba0zi
- 👀 I’m interested in ...
- 🌱 I’m currently learning ...
- 💞️ I’m looking to collaborate on ...
- 📫 How to reach me ...
ba0zi Goto Github PK
Name: ba0z1
Type: User
Bio: 酸菜鱼
Name: ba0z1
Type: User
Bio: 酸菜鱼
fastjson_rce工具,不用搭建HTTP服务,不受JDK版本限制
Quick POC to replicate the 'Follina' Office RCE vulnerability for local testing purposes
A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
便捷地使用PostgreSQL自定义函数来执行系统命令,适用于数据库管理员知道postgres密码却不知道ssh或RDP密码的时候在服务器执行系统命令。
Web Pentesting Fuzz 字典,一个就够了。
Windows杀软在线对比辅助
GitLab 11.4.7 SSRF配合redis远程执行代码
Proxy is a high performance HTTP(S) proxies, SOCKS5 proxies,WEBSOCKET, TCP, UDP proxy server implemented by golang. Now, it supports chain-style proxies,nat forwarding in different lan,TCP/UDP port forwarding, SSH forwarding.Proxy是golang实现的高性能http,https,websocket,tcp,socks5代理服务器,支持内网穿透,链式代理,通讯加密,智能HTTP,SOCKS5代理,黑白名单,限速,限流量,限连接数,跨平台,KCP支持,认证API。
H是一款强大的资产收集管理平台
backdoor
An example project that exploits the default typing issue in Jackson-databind via Spring application contexts and expressions
关于学习java安全的一些知识,正在学习中ing,欢迎fork and star
自己学习java安全的一些总结,主要是安全审计相关
解决FastJson、Jackson、Log4j2、原生JNDI注入漏洞的高版本JDKBypass利用,探测本地可用反序列化gadget达到命令执行、回显命令执行、内存马注入
JSFinder is a tool for quickly extracting URLs and subdomains from JS files on a website.
K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)
SRC子域名资产监控
读取登录过本机的登录失败或登录成功的所有计算机信息,快速定位运维管理人员。 Reference: https://github.com/ysrc/yulong-hids
HTTPDecrypt
一款端口扫描器。整合了masscan和nmap两款扫描器,masscan扫描端口,nmap扫描端口对应服务,二者结合起来实现了又快又好地扫描。并且加入了防火墙的功能
Metasploit Framework
A little tool to play with Windows security
各种安全相关思维导图整理收集
mysql注入,bypass的一些心得
Neo-reGeorg is a project that seeks to aggressively refactor reGeorg
Nginx日志安全分析脚本
一款轻量级、高性能、功能强大的内网穿透代理服务器。支持tcp、udp、socks5、http等几乎所有流量转发,可用来访问内网网站、本地支付接口调试、ssh访问、远程桌面,内网dns解析、内网socks5代理等等……,并带有功能强大的web管理端。a lightweight, high-performance, powerful intranet penetration proxy server, with a powerful web management terminal.
2011-2019年Top100弱口令密码字典 Top1000密码字典 服务器SSH/VPS密码字典 后台管理密码字典 数据库密码字典
一个关于PHP的代码审计项目
pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.