"他山之石、可以攻玉"：复旦白泽智能发布面向国内开源和国外商用大模型的Demo数据集JADE-DB

一个基于 docsify 的综合漏洞知识库，目前漏洞数量 900+

A Burp Suite extension that integrates OpenAI's GPT to perform an additional passive scan for discovering highly bespoke vulnerabilities, and enables running traffic-based analysis of any type.

A plugin that allows you execute python and get return to BurpSuite.

Exploit for CVE-2022-20452, privilege escalation on Android from installed app to system app (or another app) via LazyValue using Parcel after recycle()

Samples and Unpacker of malicious backdoors and exploits developed and used by Pinduoduo

拼多多apk内嵌提权代码，及动态下发dex分析

HaE - Highlighter and Extractor, 赋能白帽 高效作战

Make system partition become read-write (it is also possible without Magisk)

暂停维护 | ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

Burp Suite loader version --> ∞

搜集平时学习工作中常用的frida脚本

渗透测试脚本, by Tr0e.

CorePatch / 核心破解

高危漏洞利用工具

An anti detection version frida-server for android.

启用 WebView 调试[旧](Enable WebView Debugging[old])

自定义Windows系统右键菜单工具

一行代码检测XP/调试/多开/模拟器/root

Web Fuzzing Box - Web 模糊测试字典与一些Payloads，主要包含：弱口令暴力破解、目录以及文件枚举、Web漏洞...字典运用于实战案例：https://gh0st.cn/archives/2019-11-11/1

一个漏洞扫描器粘合剂,添加目标后30款工具自动调用；支持 web扫描、系统扫描、子域名收集、目录扫描、主机扫描、主机发现、组件识别、URL爬虫、XRAY扫描、AWVS自动扫描、POC批量验证，SSH批量测试、vulmap。

面向开发人员梳理的代码安全指南

Spring4Shell - Spring Core RCE - CVE-2022-22965

Dockerized Spring4Shell (CVE-2022-22965) PoC application and exploit

Spring4Shell Proof Of Concept/Information CVE-2022-22965

This includes CVE-2022-22963, a Spring SpEL / Expression Resource Access Vulnerability, as well as CVE-2022-22965, the spring-webmvc/spring-webflux RCE termed "SpringShell".

Vulnerabilidad RCE en Spring Framework vía Data Binding on JDK 9+