一个漏洞 PoC 知识库。A knowledge base for vulnerability PoCs(Proof of Concept), with 1k+ vulnerabilities.

Local privilege escalation via PetitPotam (Abusing impersonate privileges).

⚡ Worlds fastest steghide cracker, chewing through millions of passwords per second ⚡

Git All the Payloads! A collection of web attack payloads.

Lock package.json with yarn

Here is some resources about macOS/iOS system security.

基于Pocsuite3、goby编写的漏洞poc&exp存档

[DEPRECATED] Assign Azure Active Directory Identities to Kubernetes applications.

A collection of awesome one-liner scripts especially for bug bounty tips.

Developer-friendly incident response with brilliant Slack integration

Decrypted content of eqgrp-auction-file.tar.xz

Kernel Driver Utility

PoC exploits for software vulnerabilities

Scans Software Bill of Materials (SBOMs) for security vulnerabilities

JQF + Zest: Coverage-guided semantic fuzzing for Java.

Intentionally vulnerable Node.js REST API for benchmarking SAST, SCA, and code quality tools. Contains 30 real, functional issues across Critical/High/Medium/Low severities covering SQL injection, command injection, path traversal, IDOR, hardcoded secrets, and more. Not for production use.

Demonstrate changes to `package-lock.json` by `npm install`

增强版WeblogicScan、检测结果更精确、插件化、添加CVE-2019-2618，CVE-2019-2729检测，Python3支持

Jar Analyzer - 一个JAR包分析工具，批量分析，SCA漏洞分析，方法调用关系搜索，字符串搜索，Spring组件分析，信息泄露检查，CFG程序分析，JVM栈帧分析，进阶表达式搜索，字节码指令级的动态调试分析，反编译JAR包一键导出，一键提取序列化数据恶意代码，一键分析BCEL字节码