BishopFox/rmiscout

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/BishopFox/rmiscout)

BishopFox / rmiscout

RMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities

☆446

Alternatives and similar repositories for rmiscout

Users that are interested in rmiscout are comparing it to the libraries listed below

Sorting:

BishopFox / GadgetProbe
View on GitHub
Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.
☆613Mar 4, 2021Updated 4 years ago
NickstaDB / BaRMIe
View on GitHub
Java RMI enumeration and attack tool.
☆743Sep 28, 2017Updated 8 years ago
qtc-de / remote-method-guesser
View on GitHub
Java RMI Vulnerability Scanner
☆916Jul 3, 2024Updated last year
STMCyber / RmiTaste
View on GitHub
RmiTaste allows security professionals to detect, enumerate, interact and exploit RMI services by calling remote methods with gadgets fro…
☆109Oct 10, 2020Updated 5 years ago
qtc-de / beanshooter
View on GitHub
JMX enumeration and attacking tool.
☆495Jun 26, 2025Updated 8 months ago
GoSecure / dtd-finder
View on GitHub
List DTDs and generate XXE payloads using those local DTDs.
☆648Feb 21, 2024Updated 2 years ago
0xacb / viewgen
View on GitHub
Viewgen is a ViewState tool capable of generating both signed and encrypted payloads with leaked validation keys
☆659Feb 1, 2025Updated last year
blackarrowsec / mssqlproxy
View on GitHub
mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socke…
☆768Feb 16, 2021Updated 5 years ago
waderwu / attackRmi
View on GitHub
attackRmi
☆258Oct 14, 2020Updated 5 years ago
GrrrDog / Java-Deserialization-Cheat-Sheet
View on GitHub
The cheat sheet about Java Deserialization vulnerabilities
☆3,167May 26, 2023Updated 2 years ago
veracode-research / solr-injection
View on GitHub
Apache Solr Injection Research
☆579Jan 28, 2020Updated 6 years ago
JackOfMostTrades / gadgetinspector
View on GitHub
A byte code analyzer for finding deserialization gadget chains in Java applications
☆1,079Jun 15, 2021Updated 4 years ago
gquere / pwn_jenkins
View on GitHub
Notes about attacking Jenkins servers
☆2,091Jul 10, 2024Updated last year
mogwailabs / mjet
View on GitHub
MOGWAI LABS JMX exploitation toolkit
☆206Mar 13, 2023Updated 2 years ago
NickstaDB / SerializationDumper
View on GitHub
A tool to dump Java serialization streams in a more human readable form.
☆1,066Jun 21, 2024Updated last year
ReversecLabs / physmem2profit
View on GitHub
Physmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely
☆425Jul 27, 2022Updated 3 years ago
matthiaskaiser / jmet
View on GitHub
Java Message Exploitation Tool
☆511Jul 6, 2022Updated 3 years ago
chompie1337 / SMBGhost_RCE_PoC
View on GitHub
☆1,380Jul 2, 2020Updated 5 years ago
nccgroup / SocksOverRDP
View on GitHub
Socks5/4/4a Proxy support for Remote Desktop Protocol / Terminal Services / Citrix / XenApp / XenDesktop
☆1,237Nov 2, 2022Updated 3 years ago
wh1t3p1g / ysomap
View on GitHub
A helpful Java Deserialization exploit framework.
☆1,240Feb 17, 2025Updated last year
federicodotta / Java-Deserialization-Scanner
View on GitHub
All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities
☆799Nov 7, 2021Updated 4 years ago
nccgroup / freddy
View on GitHub
Automatically identify deserialisation issues in Java and .NET applications by using active and passive scans
☆584Sep 7, 2021Updated 4 years ago
airman604 / jdbc-backdoor
View on GitHub
A fake JDBC driver that allows OS command execution.
☆125Oct 2, 2022Updated 3 years ago
nettitude / SharpSocks
View on GitHub
Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell
☆497Mar 15, 2023Updated 2 years ago
JamesCooteUK / SharpSphere
View on GitHub
.NET Project for Attacking vCenter
☆553Nov 11, 2021Updated 4 years ago
NetSPI / goddi
View on GitHub
goddi (go dump domain info) dumps Active Directory domain information
☆429May 31, 2022Updated 3 years ago
tothi / rbcd-attack
View on GitHub
Kerberos Resource-Based Constrained Delegation Attack from Outside using Impacket
☆614Aug 15, 2025Updated 6 months ago
sensepost / ruler
View on GitHub
A tool to abuse Exchange services
☆2,300Jun 10, 2024Updated last year
quentinhardy / odat
View on GitHub
ODAT: Oracle Database Attacking Tool
☆1,743Jul 27, 2024Updated last year
antonioCoco / RemotePotato0
View on GitHub
Windows Privilege Escalation from User to Domain Admin.
☆1,442Dec 18, 2022Updated 3 years ago
veracode-research / rogue-jndi
View on GitHub
A malicious LDAP server for JNDI injection attacks
☆1,076Sep 28, 2023Updated 2 years ago
pwntester / SerialKillerBypassGadgetCollection
View on GitHub
Collection of bypass gadgets to extend and wrap ysoserial payloads
☆387Apr 16, 2022Updated 3 years ago
artsploit / rogue-jndi
View on GitHub
A malicious LDAP server for JNDI injection attacks
☆76Nov 15, 2024Updated last year
login-securite / lsassy
View on GitHub
Extract credentials from lsass remotely
☆2,180Dec 24, 2025Updated 2 months ago
guardicore / vmware_vcenter_cve_2020_3952
View on GitHub
Exploit for CVE-2020-3952 in vCenter 6.7
☆277Apr 16, 2020Updated 5 years ago
welk1n / JNDI-Injection-Bypass
View on GitHub
Some payloads of JNDI Injection in JDK 1.8.0_191+
☆484Dec 9, 2020Updated 5 years ago
0x09AL / IIS-Raid
View on GitHub
A native backdoor module for Microsoft IIS (Internet Information Services)
☆556Jul 3, 2020Updated 5 years ago
Accenture / jenkins-attack-framework
View on GitHub
☆576Jul 12, 2025Updated 7 months ago
pwntester / ysoserial.net
View on GitHub
Deserialization payload generator for a variety of .NET formatters
☆3,679Dec 23, 2024Updated last year