vulhub 专用 Java Payload 综合生成平台 | The web version of Java Payload generation and utilization tool provides Payload generation such as Java deserialization and Hessian 1/2 deserialization, as well as …

获取QQ空间发布的历史说说

Burp extension to evade TLS fingerprinting. Bypass WAF, spoof any browser.

Runtime code generation for the Java virtual machine.

FlatLaf - Swing Look and Feel (with Darcula/IntelliJ themes support)

ZKar is a Java serialization protocol analysis tool implement in Go.

一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具，可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如：Title、Domain、CDN、指纹信息、状态信息等。

Unofficial mirror of FernFlower Java decompiler (All pulls should be submitted upstream)

基于frp-0.58.1魔改二开，随机化socks5账户密码及端口、钉钉上线下线通知、配置文件oss加密读取、域前置防止溯源、源码替换/编译混淆等

The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.

JNDIExploit or a ysoserial.

Java RCE 回显测试代码

FastJson全版本Docker漏洞环境(涵盖1.2.47/1.2.68/1.2.80等版本)，主要包括JNDI注入及高版本绕过、waf绕过、文件读写、原生反序列化、利用链探测绕过、不出网利用等。从黑盒的角度覆盖FastJson深入利用

Attack Surface Management & Red Team Simulation Platform 互联网攻击面管理&红队模拟平台

Java bytecode engineering toolkit

强大的敏感信息搜索工具

🎉 create a single executable out of your node.js apps

A rouge mysql server supports reading files from most mysql libraries of multiple programming languages.

[漏洞复现] 全球首款利用PHP默认环境（XAMPP）的CVE-2024-4577 PHP-CGI RCE 漏洞 EXP。

BlackDex is an Android unpack(dexdump) tool, it supports Android 5.0~12 and need not rely to any environment. BlackDex can run on any Android mobile phone or emulator, you can unpack APK File in se…

🍺 Homebrew tap for PHP 5.6 to 8.5. PHP 8.5 is built nightly.

Cobalt Strike系列

一个漏洞POC知识库 目前数量 1000+

Struts2全漏洞扫描利用工具

Pingtunnel is a tool that send TCP/UDP traffic over ICMP

🔨 A modern multiple reverse shell sessions manager written in go

Supershell C2 远控平台，基于反向SSH隧道获取完全交互式Shell

Elasticsearch 可视化DashBoard, 支持Es监控、实时搜索，Index template快捷替换修改，索引列表信息查看， SQL converts to DSL等

Knock Subdomain Scan