Skip to content

v1.0.0

Choose a tag to compare

View all tags
@Arenbai Arenbai released this 01 Jun 05:50
· 5 commits to main since this release
v1.0.0
4745d37
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

📝 更新日志

v1.0.0 (2026-06-01)

🆕 新增 2 个专项模块:

新增模块 文件 核心内容
竞争条件/并发 web-race-condition.md TOCTOU原理、Turbo Intruder并发脚本、点赞/收藏刷票、优惠券重复领取、余额竞争、秒杀超卖、文件上传竞态、多步流程绕过、验证码并发爆破、asyncio高并发模板
目录遍历 web-dir-traversal.md 目录列表泄露(Apache/Nginx/IIS)、路径穿越检测、编码绕过(URL/Unicode/UTF-8)、后缀限制绕过、CVE-2021-41773/42013、IIS分号截断、自动化检测脚本

🔧 增强 4 个已有模块:

增强模块 新增内容
CORS 子域名XSS链式利用、CORS+CSRF组合、WebSocket CORS绕过、预检请求绕过、自动化检测脚本
缓存投毒 Varnish/Cloudflare/Fastly CDN投毒、Fat GET投毒、缓存键归一化攻击、未键化Cookie投毒
Host 头注入 Django/Flask/Laravel框架投毒、多域名探测、Host头+SSRF内网扫描增强
CRLF 注入 CRLF→XSS→Cookie窃取完整链、Header反射链、CRLF+SSRF组合
Assets 2
Loading