A static analysis API for finding deserialization attack gadgets
☆38Nov 7, 2022Updated 3 years ago
Alternatives and similar repositories for joogle
Users that are interested in joogle are comparing it to the libraries listed below
Sorting:
- Primitive tool for exploring/querying Java classes via the Tinkerpop Gremlin graph traversal language☆110May 12, 2016Updated 9 years ago
- Adds a guard to disable ObjectInputStream.readObject☆11Dec 6, 2015Updated 10 years ago
- Native Java-based deserialization exploit for WebLogic T3 (and T3S) listeners.☆35Mar 2, 2020Updated 6 years ago
- A static byte code analyzer for Java deserialization gadget research☆251Apr 17, 2017Updated 8 years ago
- Java version of the deliberately vulnerable serverless application Serverless-Goat from https://github.com/OWASP/Serverless-Goat☆13Oct 12, 2021Updated 4 years ago
- Native Java serialization filter blacklist for common gadgets☆20Sep 12, 2019Updated 6 years ago
- A byte code analyzer for finding deserialization gadget chains in Java applications☆1,080Jun 15, 2021Updated 4 years ago
- A proof-of-concept tool for detection and exploitation Object Injection Vulnerabilities in .NET applications☆63Jan 29, 2021Updated 5 years ago
- Java Deserialization☆27Oct 21, 2016Updated 9 years ago
- Java Agent which mitigates deserialisation attacks by making certain classes unserializable☆191May 17, 2016Updated 9 years ago
- solution to buggyLoader of 0CTF/TCTF 2021 Finals☆20Sep 27, 2021Updated 4 years ago
- Collection of bypass gadgets to extend and wrap ysoserial payloads☆387Apr 16, 2022Updated 3 years ago
- Payload generator for Java Binary Deserialization attack with Commons FileUpload (CVE-2013-2186)☆38Apr 14, 2016Updated 9 years ago
- Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.☆612Mar 4, 2021Updated 5 years ago
- ☆17Oct 8, 2025Updated 5 months ago
- A tool to dump Java serialization streams in a more human readable form.☆1,065Jun 21, 2024Updated last year
- 2 web tasks from ZeroNights HackQuest 2016☆50Mar 24, 2017Updated 8 years ago
- LOLA: Large and Open Source Multilingual Language Model☆11Jan 22, 2026Updated last month
- JRE8u20_RCE_Gadget☆255Jul 1, 2016Updated 9 years ago
- A tiny Java agent that blocks attacks against unsafe deserialization☆87Oct 9, 2017Updated 8 years ago
- Mogwai Java Management Extensions (JMX) Exploitation Toolkit☆174Jul 21, 2016Updated 9 years ago
- attackRmi☆258Oct 14, 2020Updated 5 years ago
- Lockheed Martin developed utility to compare two CycloneDX SBOMs☆19Oct 21, 2021Updated 4 years ago
- ☆15Jun 5, 2020Updated 5 years ago
- ☆11Oct 10, 2018Updated 7 years ago
- ☆131Jun 17, 2022Updated 3 years ago
- Repository to hold materials for DefCon_RESTing presentation by Dinis, Abe and Alvaro☆53Aug 5, 2013Updated 12 years ago
- Translates LaTex Files with DeepL☆13Sep 23, 2024Updated last year
- Java deserialization exploitation lab.☆237Mar 1, 2019Updated 7 years ago
- Some payloads of JNDI Injection in JDK 1.8.0_191+☆484Dec 9, 2020Updated 5 years ago
- Interprocedural Distributive Environment algorithm implementation☆16Jul 16, 2015Updated 10 years ago
- Apache Tomcat + MongoDB Remote Code Execution☆114Jan 15, 2021Updated 5 years ago
- Contrast Scan GitHub action☆20Oct 8, 2025Updated 5 months ago
- ☆21Sep 12, 2025Updated 6 months ago
- When MVC magic turns black☆296Sep 4, 2020Updated 5 years ago
- A Simple command line tool that helps checking web applications to identify insecure deserialization vulnerabilities.☆24Jul 10, 2019Updated 6 years ago
- Simplified version of flashrom for installing new system firmware☆23Mar 10, 2023Updated 3 years ago
- PoC for Scala and Groovy☆14Apr 4, 2016Updated 9 years ago
- GitHub Satellite 2020 workshops on finding security vulnerabilities with CodeQL for Java/JavaScript.☆210Sep 27, 2024Updated last year