Research on code audit, penetration testing and other fields
Mail: [email protected]
Blog: https://www.cnpanda.net
Name: Panda
Type: User
Company: ByteDance
Bio: Focus on information security.
Twitter: panda_sec
Location: HangZhou
Blog: www.cnpanda.net
Research on code audit, penetration testing and other fields
Mail: [email protected]
Blog: https://www.cnpanda.net
All about bug bounty (bypasses, payloads, and etc)
About me
Weblogic CVE-2020-14645 UniversalExtractor JNDI injection getDatabaseMetaData()
CVE-2020-14882/14883/14750
POC of CVE-2021-2394
A theme component for Discourse to create a full-width banner
discourse-minimal-theme-component for 90sec
Plugin for Toxu site sidebar.
DNSLog-GO 是一款golang编写的监控 DNS 解析记录的工具,自带WEB界面
图形化漏洞利用Demo-JavaFX版
Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本,最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340
A very popular industrial Internet of Things communication plug-in. Using this dll can be very convenient, stable, and fast to obtain data from PLC equipment of multiple brands, and also supports redis, mqtt, websocket, etc., which can let your data on the network Free transmission, reducing enterprise development costs.
通过jsp脚本扫描java web Filter/Servlet型内存马
Getting started with java code auditing 代码审计入门的小项目
Java漏洞分析汇合
A standalone Java Decompiler GUI
HeapDump敏感信息提取工具
JNDI注入测试工具(A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc)
Jsp木马远程控制脚本(大马)
The project is a simple vulnerability Demo environment written by SpringBoot. Here, I deliberately wrote a vulnerability environment where there are arbitrary file uploads, and then use the `scan` attribute in the loghack configuration file to cooperate with the logback vulnerability to implement RCE.
XSS payloads for exploiting Markdown syntax
MyBatis SQL mapper framework for Java
OAExploit一款基于产品的一键扫描工具。
MySQL服务器执行SQL记录实时监控(WEB版本)
网上笔记文件/图床
Linux Privilege Escalation Tool By WazeHell
🕳️ Proof of Concept exploits and their descriptions for various products
Resume template for Chinese programmers . 程序员简历模板系列。包括PHP程序员简历模板、iOS程序员简历模板、Android程序员简历模板、Web前端程序员简历模板、Java程序员简历模板、C/C++程序员简历模板、NodeJS程序员简历模板、架构师简历模板以及通用程序员简历模板
Java web路由内存分析工具
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.