Contrast-Security-OSS / contrast-rO0View external linksLinks
A tiny Java agent that blocks attacks against unsafe deserialization
☆86Oct 9, 2017Updated 8 years ago
Alternatives and similar repositories for contrast-rO0
Users that are interested in contrast-rO0 are comparing it to the libraries listed below
Sorting:
- Java Agent which mitigates deserialisation attacks by making certain classes unserializable☆191May 17, 2016Updated 9 years ago
- Look-Ahead Java Deserialization Library☆422Jan 7, 2020Updated 6 years ago
- Primitive tool for exploring/querying Java classes via the Tinkerpop Gremlin graph traversal language☆110May 12, 2016Updated 9 years ago
- ☆15Oct 8, 2025Updated 4 months ago
- A static byte code analyzer for Java deserialization gadget research☆252Apr 17, 2017Updated 8 years ago
- Collection of bypass gadgets to extend and wrap ysoserial payloads☆386Apr 16, 2022Updated 3 years ago
- A vulnerable application exposing Spring Boot Actuators☆123Feb 25, 2019Updated 6 years ago
- Native Java serialization filter blacklist for common gadgets☆20Sep 12, 2019Updated 6 years ago
- ☆22Nov 3, 2022Updated 3 years ago
- A static analysis API for finding deserialization attack gadgets☆38Nov 7, 2022Updated 3 years ago
- Native Java-based deserialization exploit for WebLogic T3 (and T3S) listeners.☆35Mar 2, 2020Updated 5 years ago
- The repository for Building visualisation platforms for OSINT data using open source solutions☆29Aug 21, 2018Updated 7 years ago
- ☆41Mar 10, 2021Updated 4 years ago
- Java-Web-Security - Sichere Webanwendungen mit Java entwickeln☆220Updated this week
- Java client for Hawkular☆11Mar 16, 2017Updated 8 years ago
- Manufacturing specifications☆25Jun 6, 2022Updated 3 years ago
- Slides/Demos from the BSides Munich 2019 talk "Attacking Java RMI in 2019"☆101Sep 20, 2019Updated 6 years ago
- ☆20Mar 12, 2017Updated 8 years ago
- Java Exp FrameWork☆104Apr 23, 2021Updated 4 years ago
- A byte code analyzer for finding deserialization gadget chains in Java applications☆1,080Jun 15, 2021Updated 4 years ago
- Debug JSSE Provider☆14Dec 4, 2024Updated last year
- This web based application enables developers to quickly unit test individual API calls for both Incapsula and SecureSphere, as well as p…☆19Sep 12, 2023Updated 2 years ago
- ☆46May 15, 2016Updated 9 years ago
- Useful Powershell modules.☆11Mar 10, 2017Updated 8 years ago
- Self-contained jar to lookup timezone by lat+lon☆25Dec 21, 2018Updated 7 years ago
- Custom Fortify SCA rules to detect common JSSE certification validation flaws☆11Nov 18, 2015Updated 10 years ago
- Java Deserialization☆27Oct 21, 2016Updated 9 years ago
- Java Message Exploitation Tool☆512Jul 6, 2022Updated 3 years ago
- JRE8u20_RCE_Gadget☆255Jul 1, 2016Updated 9 years ago
- An example project that exploits the default typing issue in Jackson-databind via Spring application contexts and expressions☆124Jan 9, 2018Updated 8 years ago
- A curated list of audit rules which extract from Source Code Auditing tools.☆15Feb 19, 2020Updated 5 years ago
- 一些Java RASP demo☆11Sep 26, 2019Updated 6 years ago
- X41 BeanStack - Stack Trace Fingerprinting BETA☆52Dec 3, 2025Updated 2 months ago
- intentionally vulnerable API☆30Sep 10, 2024Updated last year
- Cracker for Apache.lang.commons RandomStringUtils(). Code for "The Java Soothsayer" talk at EkoParty 2017 by Alejo Popovici.☆33Mar 13, 2018Updated 7 years ago
- Java taint propagation for java. Define tainted sources, sanitizer methods and sinks via aspects.☆28Oct 11, 2018Updated 7 years ago
- Companion labs to "An Exploration of JSON Interoperability Vulnerabilities"☆212Mar 9, 2023Updated 2 years ago
- Burp extension to perform Java Deserialization Attacks☆216Feb 2, 2024Updated 2 years ago
- A brute force program to test weak accounts configured to access a JMX Registry☆35Feb 1, 2017Updated 9 years ago