Hissec

Hissec

4 followers · 0 following

suo5 Public
Forked from zema1/suo5

一款高性能 HTTP 代理隧道工具 | A high-performance http proxy tunneling tool

Java MIT License Updated Apr 14, 2025
Mysql_CVE-2024-27766 Public
Forked from Ant1sec-ops/CVE-2024-27766

Database authenticated code execution

C Updated Sep 4, 2024
VlunPOC Public
Forked from greenberglinken/2023hvv_1

收集整理漏洞EXP/POC,大部分漏洞来源网络，目前收集整理了900多个poc/exp，长期更新。

Updated Aug 13, 2024
ysoserial Public
Forked from Y4er/ysoserial

ysoserial修改版，着重修改ysoserial.payloads.util.Gadgets.createTemplatesImpl使其可以通过引入自定义class的形式来执行命令、内存马、反序列化回显。

Java MIT License Updated Jan 11, 2024
java-memshell-generator-release Public
Forked from pen4uin/java-memshell-generator

一款支持高度自定义的 Java 内存马生成工具

Updated Nov 25, 2023
HisSword Public

内网渗透工具、支持sock等代理模式和端口转发模式

Go 6 2 Updated Dec 31, 2022
Hissec Public

封装一些库文件

Go Updated Dec 31, 2022
CVE-2022-30190-follina-Office-MSDT-Fixed Public
Forked from komomon/CVE-2022-30190-follina-Office-MSDT-Fixed

CVE-2022-30190-follina.py-修改版，可以自定义word模板，方便实战中钓鱼使用。

Python Updated Jun 6, 2022
remote-desktop-clients Public
Forked from iiordanov/remote-desktop-clients

VNC, RDP, SPICE, and oVirt/RHEV/Proxmox Clients for Android and Blackberry 10

Java GNU General Public License v3.0 Updated Jun 6, 2022
follina.py Public
Forked from chvancooten/follina.py

POC to replicate the full 'Follina' Office RCE vulnerability for testing purposes

Smarty Updated May 31, 2022
flask-session-cookie-manager Public
Forked from noraj/flask-session-cookie-manager

🍪 Flask Session Cookie Decoder/Encoder

Python MIT License Updated May 11, 2022
spring4shell_behinder Public
Forked from 4nth0ny1130/spring4shell_behinder

CVE-2022-22965写入冰蝎webshell脚本

Python Updated May 10, 2022
xia_sql Public
Forked from smxiazi/xia_sql

xia SQL (瞎注) burp 插件，在每个参数后面填加一个单引号，两个单引号，一个简单的判断注入小插件。

Java Updated Mar 31, 2022
natpass Public
Forked from lwch/natpass

新一代主机管理工具，支持web vnc和web shell，居家办公神器

Go MIT License Updated Mar 28, 2022
gadgetinspector Public
Forked from threedr3am/gadgetinspector

一个利用ASM对字节码进行污点传播分析的静态代码审计应用（添加了大量代码注释，适合大家进行源码学习）。也加入了挖掘Fastjson反序列化gadget chains和SQLInject（JdbcTemplate、MyBatis、JPA、Hibernate、原生jdbc等）静态检测功能。并且加入了很多功能以方便进行漏洞自动化挖掘。

Java MIT License Updated Mar 24, 2022
beanshooter Public
Forked from qtc-de/beanshooter

JMX enumeration and attacking tool.

Java GNU General Public License v3.0 Updated Mar 21, 2022
CVE-2022-0848 Public
Forked from r1is/CVE-2022-0847

CVE-2022-0847-DirtyPipe-Exploit CVE-2022-0847 是存在于 Linux内核 5.8 及之后版本中的本地提权漏洞。攻击者通过利用此漏洞，可覆盖重写任意可读文件中的数据，从而可将普通权限的用户提升到特权 root。 CVE-2022-0847 的漏洞原理类似于 CVE-2016-5195 脏牛漏洞（Dirty Cow），但它更容易被利用。漏洞作者将此漏洞…

Shell Updated Mar 9, 2022
CVE-2022-0847 Public
Forked from bbaranoff/CVE-2022-0847

CVE-2022-0847

C GNU General Public License v2.0 Updated Mar 7, 2022
InjectJDBC Public
Forked from BeichenDream/InjectJDBC

注入JVM进程动态获取目标进程连接的数据库

Java Updated Mar 6, 2022
MysqlT Public
Forked from BeichenDream/MysqlT

伪造Myslq服务端,并利用Mysql逻辑漏洞来获取客户端的任意文件反击攻击者

C# Apache License 2.0 Updated Feb 27, 2022
heapdump_tool Public
Forked from wyzxxz/heapdump_tool

heapdump敏感信息查询工具，例如查找 spring heapdump中的密码明文，AK,SK等

Updated Feb 15, 2022
CVE-2021-4034 Public
Forked from arthepsy/CVE-2021-4034

PoC for PwnKit: Local Privilege Escalation Vulnerability in polkit’s pkexec (CVE-2021-4034)

C Updated Jan 28, 2022
JNDI-Inject-Exploit Public
Forked from exp1orer/JNDI-Inject-Exploit

解决FastJson、Jackson、Log4j2、原生JNDI注入漏洞的高版本JDKBypass利用，探测本地可用反序列化gadget达到命令执行、回显命令执行、内存马注入

Java MIT License Updated Jan 26, 2022
JNDIExploit Public
Forked from Jeromeyoung/JNDIExploit-1

一款用于JNDI注入利用的工具，大量参考/引用了Rogue JNDI项目的代码，支持直接植入内存shell，并集成了常见的bypass 高版本JDK的方式，适用于与自动化工具配合使用。

Java Updated Dec 10, 2021
apache-log4j-poc Public
Forked from y35uishere/apache-log4j-poc

Apache Log4j 远程代码执行

Java Updated Dec 9, 2021
xray Public
Forked from chaitin/xray

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

Vue Other Updated Dec 4, 2021
go-vnc Public
Forked from mitchellh/go-vnc

VNC client and server library for Go.

Go MIT License Updated Nov 29, 2021
dll_inject_vs_binaries Public
Forked from mrd0x/dll_inject_vs_binaries

LOLBINs that inject a DLL into a given process ID.

Updated Nov 21, 2021
go-shellcode Public
Forked from Ne0nd0g/go-shellcode

A repository of Windows Shellcode runners and supporting utilities. The applications load and execute Shellcode using various API calls or techniques.

Go GNU General Public License v3.0 Updated Oct 29, 2021
CVE-2021-40449-Exploit Public
Forked from KaLendsi/CVE-2021-40449-Exploit

windows 10 14393 LPE

C++ Updated Oct 28, 2021

Hissec

suo5 Public

Uh oh!

Mysql_CVE-2024-27766 Public

Uh oh!

VlunPOC Public

Uh oh!

ysoserial Public

Uh oh!

java-memshell-generator-release Public

Uh oh!

HisSword Public

Uh oh!

Hissec Public

Uh oh!

CVE-2022-30190-follina-Office-MSDT-Fixed Public

Uh oh!

remote-desktop-clients Public

Uh oh!

follina.py Public

Uh oh!

flask-session-cookie-manager Public

Uh oh!

spring4shell_behinder Public

Uh oh!

xia_sql Public

Uh oh!

natpass Public

Uh oh!

gadgetinspector Public

Uh oh!

beanshooter Public

Uh oh!

CVE-2022-0848 Public

Uh oh!

CVE-2022-0847 Public

Uh oh!

InjectJDBC Public

Uh oh!

MysqlT Public

Uh oh!

heapdump_tool Public

Uh oh!

CVE-2021-4034 Public

Uh oh!

JNDI-Inject-Exploit Public

Uh oh!

JNDIExploit Public

Uh oh!

apache-log4j-poc Public

Uh oh!

xray Public

Uh oh!

go-vnc Public

Uh oh!

dll_inject_vs_binaries Public

Uh oh!

go-shellcode Public

Uh oh!

CVE-2021-40449-Exploit Public

Uh oh!