Name: Panda
Type: User
Company: ByteDance
Bio: Focus on information security.
Twitter: panda_sec
Location: HangZhou
Blog: www.cnpanda.net
Research on code audit, penetration testing and other fields
Mail: [email protected]
Blog: https://www.cnpanda.net
allaboutbugbounty
All about bug bounty (bypasses, payloads, and etc)
cn-panda
About me
cve-2020-14645
Weblogic CVE-2020-14645 UniversalExtractor JNDI injection getDatabaseMetaData()
cve-2020-14882
CVE-2020-14882/14883/14750
cve-2021-2394
POC of CVE-2021-2394
discourse-full-width-banner
A theme component for Discourse to create a full-width banner
discourse-minimal-theme-component
discourse-minimal-theme-component for 90sec
discourse-sidebar-categories
Plugin for Toxu site sidebar.
dnslog-go
DNSLog-GO 是一款golang编写的监控 DNS 解析记录的工具,自带WEB界面
expdemo-javafx
图形化漏洞利用Demo-JavaFX版
exphub
Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本,最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340
hslcommunication
A very popular industrial Internet of Things communication plug-in. Using this dll can be very convenient, stable, and fast to obtain data from PLC equipment of multiple brands, and also supports redis, mqtt, websocket, etc., which can let your data on the network Free transmission, reducing enterprise development costs.
java-memshell-scanner
通过jsp脚本扫描java web Filter/Servlet型内存马
javacodeaudit
Getting started with java code auditing 代码审计入门的小项目
javavulnsummary
Java漏洞分析汇合
jd-gui
A standalone Java Decompiler GUI
jdumpspider
HeapDump敏感信息提取工具
jndi-injection-exploit
JNDI注入测试工具(A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc)
jspspy.jsp
Jsp木马远程控制脚本(大马)
logbackrcedemo
The project is a simple vulnerability Demo environment written by SpringBoot. Here, I deliberately wrote a vulnerability environment where there are arbitrary file uploads, and then use the `scan` attribute in the loghack configuration file to cooperate with the logback vulnerability to implement RCE.
markdown-xss-payloads
XSS payloads for exploiting Markdown syntax
marshalsec
mybatis-3
MyBatis SQL mapper framework for Java
myexploit
OAExploit一款基于产品的一键扫描工具。
mysql-monitor
MySQL服务器执行SQL记录实时监控(WEB版本)
notebook-public
网上笔记文件/图床
pe-linux
Linux Privilege Escalation Tool By WazeHell
poc_exploits
🕳️ Proof of Concept exploits and their descriptions for various products
resumesample
Resume template for Chinese programmers . 程序员简历模板系列。包括PHP程序员简历模板、iOS程序员简历模板、Android程序员简历模板、Web前端程序员简历模板、Java程序员简历模板、C/C++程序员简历模板、NodeJS程序员简历模板、架构师简历模板以及通用程序员简历模板
router-router
Java web路由内存分析工具
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.
