aur0ra-m Goto Github PK
Name: Aur0ra
Type: User
Company: @Aliyun
Bio: Security Researcher&Developer&Penetration Tester
Location: Hangzhou
Blog: https://aur0ra.cn
Name: Aur0ra
Type: User
Company: @Aliyun
Bio: Security Researcher&Developer&Penetration Tester
Location: Hangzhou
Blog: https://aur0ra.cn
2022 护网行动 POC 整理
API Security DAST & Oprations
profile
Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests
awesome cloud security 收集一些国内外不错的云安全资源,该项目主要面向国内的安全人员
A collected list of awesome security talks
可用于安全测试的非标准HTTP协议解析库
无回显漏洞测试辅助平台,平台使用Java编写,提供DNSLOG,HTTPLOG等功能,辅助渗透测试过程中无回显漏洞及SSRF等漏洞的验证和利用。
Pyhton script for HTTP 40X responses bypassing. Features: Verb tampering, headers, #bugbountytips, User-Agents, extensions, default credentials and fuzzing.
Cloud Exploitation Framework 云环境利用框架,方便安全人员在获得 AK 的后续工作
计算机自学指南
dingding rssbot
基于chrome、firefox插件的被动式信息泄漏检测工具
JNDI注入测试工具(A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc)
基于污点分析的JSP Webshell检测工具,模拟JVM的栈帧操作进行数据流分析,可以检测出各种变形的JSP Webshell
:atom: [WIP] 整理过去的分享,从零开始的Kubernetes攻防 ...
南京大学《软件分析》课程课后作业(非Bamboo) NJU's software analysis homework; ... Not official, just a reference
Community curated list of templates for the nuclei engine to find security vulnerabilities.
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
程序语言与编译技术相关资料(持续更新中)
收集一些比较优秀的开源安全项目,以帮助甲方安全从业人员构建企业安全能力。
面向开发人员梳理的代码安全指南
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
本项目集成了全网优秀的攻防武器工具项目,包含自动化利用,子域名、目录扫描、端口扫描等信息收集工具,各大中间件、cms漏洞利用工具,爆破工具、内网横向及免杀、社工钓鱼以及应急响应等资料。
短信轰炸/短信测压/ | 一个健壮免费的python短信轰炸程序,专门炸坏蛋蛋,百万接口,多线程全自动添加有效接口,支持异步协程百万并发,全免费的短信轰炸工具!!hongkonger开发全网首发!!
静态分析笔记 Static-Analysis-Notes 程序分析笔记 资源分享
Tai-e assignments for static program analysis
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.