2854 Open source projects that are alternatives of or similar to Medusa

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

No description or website provided.

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

Apache HTTP Server 2.4.49, 2.4.50 - Path Traversal & RCE

Jenkins RCE Proof-of-Concept: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative)

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

📝 Migrated to(迁移至) https://github.com/Kuangcp/Note 当前仓库已经废弃, 对应的博客网站:

CSDN博客专家程序员欣宸的github，这里有四百多篇原创文章的详细分类和汇总，以及对应的源码，内容涉及Java、Docker、Kubernetes、DevOPS等方面

Extraction of iMessage Data via XSS

Spring Cloud Microservices Development.《Spring Cloud 微服务架构开发实战》

A micro-service infrastructure generator based on Yeoman/Chatbot, Kubernetes/Docker Swarm, Traefik, Ansible, Jenkins, Spark, Hadoop, Kafka, etc.

A personal collection of Windows CVE I have turned in to exploit source, as well as a collection of payloads I've written to be used in conjunction with these exploits.

✍️ A curated list of CVE PoCs.

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

rabbitmq、redis、scheduled、socket、mongodb、Swagger2、spring data jpa、Thymeleaf、freemarker etc. (muti module spring boot project) (with spring boot framework，different bussiness scence with different technology。)

Git All the Payloads! A collection of web attack payloads.

A Redmine plugin which makes building your Jenkins projects easy ;)

Ruby on Rails deployment using Ansible - with Lets Encrypt, Sidekiq, PostgreSQL, nginx & puma

Some personal exploits/pocs

A social experiment

Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT

Getting started with java code auditing 代码审计入门的小项目

Access log profiler based on response time

Easy to use, professional error pages to replace the plaintext error pages that come with any server software like Nginx or Apache

Armbian configuration utility

📚JAVA、Spring、SpringMVC、SpringBoot、Mybatis、Vue、MySQL、MongoDB、Radis、Docker、Nginx、......笔记

2018年本科毕设项目，已更新所有开发和部署文档。基于Dubbo、SSM、Shiro、ELK、ActiveMQ、Redis等实现的一套高可用、高性能、高可扩展的分布式系统架构，实现可支持业务的基础公共服务,API使用Restful风格对外暴露。已经实现的包括：发送邮件服务、FastDFS文件存储服务、ELK实时日志查询服务、Redis缓存服务、Mybatis数据库、阿里短信推送、Goeasy消息推送、Druid监控、ActiveMQ消息队列、shiro权限认证、cas单点登录、权限配置web系统、移动端后台系统。持续更新中......

鹿不在侧，鲸不予游🐋

Exploits by 1N3 @CrowdShield @xer0dayz @XeroSecurity

Hacking tools

Awesome CSIRT is an curated list of links and resources in security and CSIRT daily activities.

基于SSM layui 开发的多人博客系统,目标在于让每个人都能精准阅读和专注写作。

Ary 是一个集成类工具，主要用于调用各种安全工具，从而形成便捷的一键式渗透。

A Full Stack RSS Reader web application built with Spring MVC and JSP. It uses libraries like Spring, JPA, Bootstrap, Apache Tiles, JSP etc. There is also a static code analysis tool called Checkstyle.

CVE、CMS、中间件漏洞检测利用合集 Since 2019-9-15

Ansible playbook for lobste.rs

全栈工程师学习笔记；Spring登录、shiro登录、CAS单点登录和Spring boot oauth2单点登录；Spring data cache 缓存，支持Redis和EHcahce; web安全，常见web安全漏洞以及解决思路；常规组件，比如redis、mq等；quartz定时任务，支持持久化数据库，动态维护启动暂停关闭；docker基本用法，常用image镜像使用，Docker-MySQL、docker-Postgres、Docker-nginx、Docker-nexus、Docker-Redis、Docker-RabbitMQ、Docker-zookeeper、Docker-es、Docker-zipkin、Docker-ELK等；mybatis实践、spring实践、spring boot实践等常用集成；基于redis的分布式锁；基于shared-jdbc的分库分表，支持原生jdbc和Spring Boot Mybatis

A tiny JSON storage service. Create, Read, Update, Delete and Search JSON data.

🍏Spring+SpringMVC+Mybatis+adminLTE3实现前后端分离(nginx负载均衡+tomcat集群)

聚合Github上已有的Poc或者Exp，CVE信息来自CVE官网。Auto Collect Poc Or Exp from Github by CVE ID.

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx that is developed by Trustwave's SpiderLabs. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analys…

HTTP web server index for Apache httpd, lighttpd and nginx.

🔪Browser logic vulnerabilities ☠️

A template configuration without separation on the frontend and backend parts on different domains.

A few SQL and XSS attack tools

Engintron for cPanel/WHM is the easiest way to integrate Nginx on your cPanel/WHM server. Engintron will improve the performance & web serving capacity of your server, while reducing CPU/RAM load at the same time, by installing & configuring the popular Nginx webserver to act as a reverse caching proxy in front of Apache.

Awesome XSS stuff

A modern Docker LAMP stack and MEAN stack for local development

lamp-cloud 基于Jdk11 + SpringCloud + SpringBoot的微服务快速开发平台，其中的可配置的SaaS功能尤其闪耀， 具备RBAC功能、网关统一鉴权、Xss防跨站攻击、自动代码生成、多种存储系统、分布式事务、分布式定时任务等多个模块，支持多业务系统并行开发， 支持多服务并行开发，可以作为后端服务的开发脚手架。代码简洁，注释齐全，架构清晰，非常适合学习和企业作为基础框架使用。

This repository contains writeups for various CTFs I've participated in (Including Hack The Box).

The bash shell script stack for installation of Nginx OpenResty Tengine lua_nginx_module nginx_concat_module nginx_upload_module ngx_substitutions_filter_module　Apache-2.2 Apache-2.4　MySQL-5.1 MySQL-5.5 MySQL-5.6 MySQL-5.7 PHP-5.2 PHP-5.3 PHP-5.4 PHP-5.5 PHP-5.6 ZendOptimizer ZendGuardLoader Xcache Eaccelerator Imagemagick IonCube Memcache Memcached Redis Mongo Xdebug Mssql Memcached PureFtpd PhpMyAdmin Redis Mongodb PhpRedisAdmin MemAdmin RockMongo Jdk7 Jdk8 Tomcat7 Tomcat8

Developing Desktop Applications Like Developing Websites => phpdesktop

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

Ansible playbook collection that have been written for Ubuntu. Some of the playbooks are Elasticsearch, Mesos, AWS, MySql, Sensu, Nginx etc..

Poc Collected for study and develop

Exploit Discord's cache system to remote upload payloads on Discord users machines

Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities

Vulnerability scanner using Nmap for scanning and correlating found CPEs with CVEs.

Docker containers running Alpine Linux and s6 for process management. Solid, reliable containers.

Fastjson vulnerability quickly exploits the framework（fastjson漏洞快速利用框架）