Native Java-based deserialization exploit for WebLogic T3 (and T3S) listeners.
☆35Mar 2, 2020Updated 6 years ago
Alternatives and similar repositories for WLT3Serial
Users that are interested in WLT3Serial are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Native Java serialization filter blacklist for common gadgets☆20Sep 12, 2019Updated 6 years ago
- Slides/Demos from the BSides Munich 2019 talk "Attacking Java RMI in 2019"☆101Sep 20, 2019Updated 6 years ago
- A static analysis API for finding deserialization attack gadgets☆38Nov 7, 2022Updated 3 years ago
- Python script to exploit java unserialize on t3 (Weblogic)☆61Aug 9, 2017Updated 8 years ago
- MySQL JDBC Deserialization Payload / MySQL客户端jdbc反序列化漏洞payload☆13Feb 8, 2020Updated 6 years ago
- RCE Exploit PoC for Spring based RESTFul APIs using XStream as Unmarshaler☆20Dec 24, 2013Updated 12 years ago
- ☆18Jul 30, 2018Updated 7 years ago
- ☆131Jun 17, 2022Updated 3 years ago
- Collection of bypass gadgets to extend and wrap ysoserial payloads☆387Apr 16, 2022Updated 3 years ago
- solution to buggyLoader of 0CTF/TCTF 2021 Finals☆20Sep 27, 2021Updated 4 years ago
- Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.☆612Mar 4, 2021Updated 5 years ago
- ☆41Mar 10, 2021Updated 5 years ago
- ☆78Jan 12, 2021Updated 5 years ago
- Binary rewriting approach with fork server support to fuzz Java applications with afl-fuzz.☆91May 3, 2018Updated 7 years ago
- java 漏洞平台包含各种CVE☆23Jun 17, 2022Updated 3 years ago
- ☆57Apr 27, 2020Updated 5 years ago
- JMX enumeration and attacking tool.☆499Jun 26, 2025Updated 8 months ago
- S&P2023 Paper☆39Aug 20, 2022Updated 3 years ago
- RMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities☆447Sep 7, 2022Updated 3 years ago
- My solution for GitHub Security Lab CTF 4: CodeQL and Chill - The Java Edition☆19Jun 10, 2020Updated 5 years ago
- CVE-2020-2546,CVE-2020-2915 CVE-2020-2801 CVE-2020-2798 CVE-2020-2883 CVE-2020-2884 CVE-2020-2950 WebLogic T3 payload exploit poc pyth…☆133Mar 5, 2023Updated 3 years ago
- A command-line fuzzer for the Apache JServ Protocol (ajp13)☆97Nov 15, 2022Updated 3 years ago
- Java Message Exploitation Tool☆510Jul 6, 2022Updated 3 years ago
- Java After-Deserialization Attack☆79Apr 26, 2021Updated 4 years ago
- Primitive tool for exploring/querying Java classes via the Tinkerpop Gremlin graph traversal language☆110May 12, 2016Updated 9 years ago
- CVE-2018-8021 Proof-Of-Concept and Exploit☆106Dec 3, 2018Updated 7 years ago
- X41 BeanStack - Stack Trace Fingerprinting BETA☆53Dec 3, 2025Updated 3 months ago
- https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet☆54Sep 11, 2021Updated 4 years ago
- ☆17Oct 25, 2018Updated 7 years ago
- 提取phpinfo()敏感信息☆11Nov 23, 2018Updated 7 years ago
- MOGWAI LABS JMX exploitation toolkit☆205Mar 13, 2023Updated 3 years ago
- Apache Solr Injection Research☆580Jan 28, 2020Updated 6 years ago
- weblogic t3 deserialization rce☆268Jul 13, 2017Updated 8 years ago
- A simple way to evaluate the security of your Kubernetes deployment against sets of best practices defined by various community sources☆28Jan 31, 2020Updated 6 years ago
- ☆214Jan 19, 2023Updated 3 years ago
- A points-to and alias analysis benchmark suite☆41Sep 24, 2018Updated 7 years ago
- Apache Tomcat + MongoDB Remote Code Execution☆114Jan 15, 2021Updated 5 years ago
- Shiro-721 RCE Via RememberMe Padding Oracle Attack☆269Oct 29, 2020Updated 5 years ago
- Weblogic环境搭建工具☆796Apr 23, 2020Updated 5 years ago