Burp extension to automatically drop requests that match a certain regex.

Gather and update all available and newest CVEs with their PoC.

A Burp Suite extension and standalone application for creating and editing JSON Web Tokens. This tool supports signing and verification of JWS, encryption and decryption of JWE and automation of se…

Burp Suite Extension useful to verify OAUTHv2 and OpenID security

Apache Solr Injection Research

Because just a dark theme wasn't enough!

Prototype Pollution and useful Script Gadgets

When MVC magic turns black

Issues with WebSocket reverse proxying allowing to smuggle HTTP requests

SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 check list

Nginx configuration static analyzer

🔗 OAuth 2.0 implementation for various providers in one place.

Externalize Java application access to protected resources as log messages.

Potentially dangerous files

Reverse proxies cheatsheet

🐱‍💻 Poc of CVE-2019-7238 - Nexus Repository Manager 3 Remote Code Execution 🐱‍💻

Full exploit chain (CVE-2019-11708 & CVE-2019-9810) against Firefox on Windows 64-bit.

Java web common vulnerabilities and security code which is base on springboot and spring security

Apache Solr RCE via Velocity template

A malicious LDAP server for JNDI injection attacks

Java RMI enumeration and attack tool.

A quick methodology on testing / hacking SAP Applications for n00bz and bug bounty hunters

Java Message Exploitation Tool

DupeKeyInjector

Deserialization payload generator for a variety of .NET formatters

The cheat sheet about Java Deserialization vulnerabilities

Demo code for post <Restrictions of JNDI Manipulation RCE & Bypass>