Native Java-based deserialization exploit for WebLogic T3 (and T3S) listeners.
☆35Mar 2, 2020Updated 6 years ago
Alternatives and similar repositories for WLT3Serial
Users that are interested in WLT3Serial are comparing it to the libraries listed below
Sorting:
- Native Java serialization filter blacklist for common gadgets☆20Sep 12, 2019Updated 6 years ago
- A static analysis API for finding deserialization attack gadgets☆38Nov 7, 2022Updated 3 years ago
- Slides/Demos from the BSides Munich 2019 talk "Attacking Java RMI in 2019"☆101Sep 20, 2019Updated 6 years ago
- Writeups for various crackmes, CTFs, wargames, etc.☆15Apr 21, 2017Updated 8 years ago
- MySQL JDBC Deserialization Payload / MySQL客户端jdbc反序列化漏洞payload☆13Feb 8, 2020Updated 6 years ago
- ☆18Jul 30, 2018Updated 7 years ago
- Disposable Kali Linux containers for Mercury ISS / pentesting engagements.☆38Aug 21, 2019Updated 6 years ago
- ☆78Jan 12, 2021Updated 5 years ago
- My solution for GitHub Security Lab CTF 4: CodeQL and Chill - The Java Edition☆19Jun 10, 2020Updated 5 years ago
- solution to buggyLoader of 0CTF/TCTF 2021 Finals☆20Sep 27, 2021Updated 4 years ago
- Binary rewriting approach with fork server support to fuzz Java applications with afl-fuzz.☆91May 3, 2018Updated 7 years ago
- ☆57Apr 27, 2020Updated 5 years ago
- Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.☆613Mar 4, 2021Updated 5 years ago
- java 漏洞平台包含各种CVE☆23Jun 17, 2022Updated 3 years ago
- RCE Exploit PoC for Spring based RESTFul APIs using XStream as Unmarshaler☆20Dec 24, 2013Updated 12 years ago
- A command-line fuzzer for the Apache JServ Protocol (ajp13)☆96Nov 15, 2022Updated 3 years ago
- Python script to exploit java unserialize on t3 (Weblogic)☆61Aug 9, 2017Updated 8 years ago
- S&P2023 Paper☆39Aug 20, 2022Updated 3 years ago
- ☆41Mar 10, 2021Updated 4 years ago
- JMX enumeration and attacking tool.☆493Jun 26, 2025Updated 8 months ago
- Collection of bypass gadgets to extend and wrap ysoserial payloads☆387Apr 16, 2022Updated 3 years ago
- CVE-2018-8021 Proof-Of-Concept and Exploit☆106Dec 3, 2018Updated 7 years ago
- ☆214Jan 19, 2023Updated 3 years ago
- ☆131Jun 17, 2022Updated 3 years ago
- A simple way to evaluate the security of your Kubernetes deployment against sets of best practices defined by various community sources☆28Jan 31, 2020Updated 6 years ago
- ☆43Apr 2, 2020Updated 5 years ago
- One off Scripts repo☆24Jan 20, 2023Updated 3 years ago
- 演示dubbo rpc Apache commons collections 的Java序列化漏洞☆42Nov 13, 2015Updated 10 years ago
- A points-to and alias analysis benchmark suite☆41Sep 24, 2018Updated 7 years ago
- That repository contains my updates to the well know java deserialization exploitation tool ysoserial.☆185May 15, 2022Updated 3 years ago
- ☆11Aug 2, 2017Updated 8 years ago
- CVE-2020-2546,CVE-2020-2915 CVE-2020-2801 CVE-2020-2798 CVE-2020-2883 CVE-2020-2884 CVE-2020-2950 WebLogic T3 payload exploit poc pyth…☆133Mar 5, 2023Updated 3 years ago
- Redis Security Map - Anti-hacking for Redis☆31Mar 11, 2022Updated 3 years ago
- Java Message Exploitation Tool☆511Jul 6, 2022Updated 3 years ago
- Primitive tool for exploring/querying Java classes via the Tinkerpop Gremlin graph traversal language☆110May 12, 2016Updated 9 years ago
- RMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities☆446Sep 7, 2022Updated 3 years ago
- A Bash script which uses AWS CLI to create an image of an AWS EC2 volume☆29Jan 1, 2024Updated 2 years ago
- Apache Solr Injection Research☆579Jan 28, 2020Updated 6 years ago
- Java After-Deserialization Attack☆79Apr 26, 2021Updated 4 years ago