简介 CVE-2025-24813 是一个影响 Apache Tomcat 的远程代码执行（RCE）漏洞，允许攻击者通过发送一个 PUT 请求上传恶意的序列化会话文件，并通过 GET 请求触发反序列化，从而在服务器上执行任意代码。该漏洞已在野外被利用，且其利用条件相对简单，只需 Tomcat 使用文件存储会话且支持部分 PUT 请求即可。 脚本功能 CVE-2025-24813-PoC 脚本主要用于检测 Apache Tomcat 是否存在此漏洞。它支持批量检测和单个检测两种模式。 批量检测：通过指定一个包含目标 URL 列表的文件（如 url.txt），脚本可以并发检测多个目标。使用方式为： bashpython poc.py -l url.txt...

Binwalk is a powerful tool designed for analyzing and extracting embedded files from firmware images. It is widely used by security researchers and penetration...

Xenon is a Windows agent designed for the Mythic framework, inspired by tools like Cobalt Strike. It is currently in an early stage of...

Famatech offers two powerful network management tools: Advanced IP Scanner and Advanced Port Scanner. Both tools are designed to enhance network security and management...

What is C2IntelFeeds? C2IntelFeeds is an open-source intelligence project that provides real-time Command and Control (C2) infrastructure data. Using data from Censys and custom detection...

goLAPS is a tool designed to interact with the Local Administrator Password Solution (LAPS) in a domain environment. It allows users to retrieve and...

The 200-OK-Modifier is a versatile Burp extension that allows users to modify server response codes in real-time, specifically changing them to "200 OK." This...

NullGate is a sophisticated project designed to leverage NTAPI functions using indirect syscalls, incorporating the FreshyCalls method with a novel approach to dynamic syscall...

Process ghosting is a sophisticated technique used to evade detection by security tools on Windows systems. It involves creating a temporary file, marking it...

The TruffleHog Burp Suite Extension is a powerful tool designed to scan HTTP traffic within Burp Suite for over 800 types of secrets, including...