Esonhugh/apisix-webshell-rce Esonhugh/apisix-webshell-rce

  • Stars
    star
    3
  • Rank 3,963,521 (Top 79 %)
  • Language
  • Created about 2 years ago
  • Updated about 2 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
Esonhugh/apisix-webshell-rce
github

Esonhugh

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

apisix Authed admin dashboard - RCE with web shell sample -

More Repositories

1

Attack_Code

文章 Attack Code 的详细全文。安全和开发总是具有伴生属性,尤其是云的安全方向,本篇文章是希望能帮助到读者的云安全入门材料。Full text of the article Attack Code. Security and development always have concomitant attributes, and this is especially true with the security direction of the cloud. This article is an introduction to cloud security that I hope will help readers.
Shell
528
star
2

sshd_backdoor

/root/.ssh/authorized_keys evil file watchdog with ebpf tracepoint hook.
C
316
star
3

k8spider

Powerful+Fast+Low Privilege Kubernetes service discovery tools via kubernetes DNS service. Currently supported service ip-port BruteForcing / AXFR Domain Transfer Dump / Coredns WildCard Dump / Pod Verified IP discovery
Go
122
star
4

Docker-Release-Agent-Escape

Docker 逃逸 Release Agent 利用始末
68
star
5

yapi-rce-webshell

Yapi mock script RCE another version. Webshell way. 另一种 Webshell 方式的 Yapi 命令执行的方法 相比于其他的利用方式 更加微操和可控 影响更小
Python
65
star
6

public-nuclei-template

Esonhugh self-maintained-nuclei-templates public version. Use this as ~/nuclei-templates/local/esonhugh-public-nuclei, nuclei will add automatically when scanning and never conflict to other nuclei template.
Shell
58
star
7

WeaponizedVSCode

A VSCode Workspace based hacking environment utils. Starting your Note-Driven Hacking experience. Checkout the following link to sample of HackThebox mist.htb
Python
39
star
8

SpringCloudHeapdump

anonymous to cluster-admin via Heapdump.
28
star
9

KubernetesCS

Kubernetes has its “ADCS” -- How To Backdoor a Kubernetes in silence and more persistent?
28
star
10

Gopherus3

Python3 Based gopherus, completely refactored and added more feature.
Python
15
star
11

KubernetesCRInjection

Here is a common vulnerability when Kubernetes Controller designed.
12
star
12

ebpf_cilium_starter

cilium ebpf common starter template for go.
Go
11
star
13

OpenAI-Platform-API

[DEPRECATED WARNING] Add SecretKey List it and Delete it API SDK
Go
9
star
14

WizEKSClusterGame

Wp
9
star
15

TicketMaster

Here is useful scripts collections. You can forge tickets locally with secret keys or certificates. It's useful when you want backdoor/persistence with opsec
Python
9
star
16

Self-Metasploit

Self collected Metasploit module (include self maintaining)
Ruby
8
star
17

flipper_kdf

Flipper zero NFC is mystery. KDF is the simple one in complicated
C
8
star
18

ChatGPT-Web-Setting-Funny-Abuse

Play with ChatGPT-Web and found the HTML rendering in description settings. [Add Custom js and html in the XSS payload to enhanced ChatGPT-Web]
HTML
7
star
19

CloudPolicy

An Cloud PolicyDocument go parsing library for AWS-like Cloud providers
Go
7
star
20

my_durdur

Cilium/ebpf Learning idea from boratanrikulu/durdur
Go
7
star
21

AliyunCTF-Email-Spoofing-DKIM-Creator

Aliyun CTF Teapot mail server POC for DKIM
Go
6
star
22

KFC_Crazy_Thursday_in_metasploit

肯德基疯狂星期四~~利用~~辅助模块
Ruby
6
star
23

AI-Enhanced-hacking

AI Enhanced hacking and Osint Article
5
star
24

SelfLinuxKernelDebugging

Based on arm64 linux kernel code using VSCode and qemu debug with gef. Self maintain.Works on KaliLinux in PD(m1 mac).
Shell
5
star
25

sculptor

Flexible and powerful Go library for transforming data from various formats (CSV, JSON, etc.) into desired Go struct types. (Insecure)
Go
5
star
26

GitBeHacked

Funny idea for Git dir leak hack tools hack back
Python
4
star
27

ebpf_cilium_doc

unofficial guide of cilium/ebpf library. 非官方 cilium ebpf 库踩坑指南
4
star
28

flipperzero_ufbt_application_howto

flipperzero ufbt vscode project how to with no canvas hack? Howto: raw project github.com:csBlueChip/FlipperZero_plugin_howto.git
C
4
star
29

go-cli-template-v1

Cobra Viper TableWriter ColorCobra survey all in one template
Go
4
star
30

OpenShift_IGN_ConfigFileExtractor

Red Team Script for Cloud pentest with private Cloud built with OpenShift. Fast Extrated the config information in bootstrap.ign file
Shell
4
star
31

go-cli-template-v2

A Golang cli template based on Cobra Viper Survey...
Go
4
star
32

gitlab_honeypot

CVE-2023-7028 killer
Python
4
star
33

dn42ConfigGenerator

Python based auto config tool
Python
3
star
34

Esonhugh

my description
3
star
35

Nuclei-Template-Backup

Official Nuclei Template and other templates
3
star
36

ShellScriptSnippet

abbr. as sss. This is a Utils designed for Terminal based user for manage, share, logging their Shell Script in one place.
Go
3
star
37

-WinAPI-Tricks-backup

from user: https://github.com/vxunderground/WinAPI-Tricks.git and https://github.com/vxunderground/VX-API
C++
3
star
38

goShellcodeLoader

go语言下的 shellcode 加载工具
Go
2
star
39

self-maintained-Nuclei-Template

个人使用与维护的 Nuclei POC 模版库
2
star
40

JD-Freefuckfucker

who fuck the fucker? and who watch the watcher
Python
2
star
41

insecure-rancher-cli

Insecure rancher CLI with default v3 api
Go
2
star
42

ReverseShellPayloads

JavaScript
2
star
43

Robotic_club

my archive of the program in my robotic club
C++
2
star
44

Devstream-ConfigFile-Command-Injection

Devstream Command injection via evil yaml file in plugin gitlab-ce-docker
2
star
45

Networker-Project

Networker Project: DN42 网络配置生成预览收集 Web 服务
Shell
2
star
46

My-CTF-Challenge

CTF Challenge I designed
2
star
47

svelte-smui-template

Svelte with Svelte Material UI (SMUI). Easy setup theme. Javascript.
JavaScript
2
star
48

nuclei-dsl-virtual-machine-modified

nuclei modified. Demo of DSL support Store and load function which makes the nuclei DSL extractor can do things with pipeline in one template
Go
2
star
49

wechat-template

微信公众号后端的快速开发框架
Go
1
star
50

Deprecated_Friendlink

[deprecated]
CSS
1
star
51

bbrf-server-helm-chart

This is the helm chart of team-base bug bounty framework (project https://github.com/honoki/bbrf-server). You can go with this chart in your team infrastructure.
Smarty
1
star
52

WeaponziedVSCode-Example-MIST.HTB

Weaponized VSCode Template Example (Release On Machine Expired)
1
star
53

tencent-coding-openapi

腾讯云 Coding CICD Devops 一体化平台 OpenApi 对接 SDK 以及个人或 OAuth Token 利用演示
Go
1
star
54

SimpleLogServer

Used Telegram bot and local document as a receive platform.
Python
1
star
55

DASCTF-CSTI

考点为 CSTI 获取 token (干掉 html 标签 < 头 和 XSS 可能的标签)
Go
1
star
56

CS_notesbook

CS means cheatsheets.this is a little notebook for you to make your work fast and high-quality.you can backup any command you easily forget in it
Shell
1
star
57

justhomework

HDU Help test homework
Python
1
star
58

update-alternative-java

MacOS - Java version switcher based on PATH environment hijack.(self used)
Go
1
star
59

EsonProfileShareAndBackup

This is profiles of esonhugh personal use.and i share with public
Shell
1
star
60

EvilSlnProject

Same as csproj powerlessshell but using sln to redirect to csproj file
C#
1
star
61

aliyun-system-managed

aliyun system managed policy crawler
Python
1
star