A static analysis API for finding deserialization attack gadgets
☆38Nov 7, 2022Updated 3 years ago
Alternatives and similar repositories for joogle
Users that are interested in joogle are comparing it to the libraries listed below
Sorting:
- Primitive tool for exploring/querying Java classes via the Tinkerpop Gremlin graph traversal language☆110May 12, 2016Updated 9 years ago
- Native Java-based deserialization exploit for WebLogic T3 (and T3S) listeners.☆35Mar 2, 2020Updated 5 years ago
- A static byte code analyzer for Java deserialization gadget research☆252Apr 17, 2017Updated 8 years ago
- Native Java serialization filter blacklist for common gadgets☆20Sep 12, 2019Updated 6 years ago
- A proof-of-concept tool for detection and exploitation Object Injection Vulnerabilities in .NET applications☆63Jan 29, 2021Updated 5 years ago
- Java Agent which mitigates deserialisation attacks by making certain classes unserializable☆191May 17, 2016Updated 9 years ago
- solution to buggyLoader of 0CTF/TCTF 2021 Finals☆20Sep 27, 2021Updated 4 years ago
- A byte code analyzer for finding deserialization gadget chains in Java applications☆1,079Jun 15, 2021Updated 4 years ago
- Adds a guard to disable ObjectInputStream.readObject☆11Dec 6, 2015Updated 10 years ago
- Repository to hold materials for DefCon_RESTing presentation by Dinis, Abe and Alvaro☆53Aug 5, 2013Updated 12 years ago
- 2 web tasks from ZeroNights HackQuest 2016☆50Mar 24, 2017Updated 8 years ago
- JRE8u20_RCE_Gadget☆255Jul 1, 2016Updated 9 years ago
- Java version of the deliberately vulnerable serverless application Serverless-Goat from https://github.com/OWASP/Serverless-Goat☆13Oct 12, 2021Updated 4 years ago
- A polyglot static analysis engine for detecting vulnerabilities in scripting languages native extensions based on joern.☆21Sep 1, 2025Updated 5 months ago
- CVE-2020-28243 Local Privledge Escalation Exploit in SaltStack Minion☆18Mar 3, 2021Updated 4 years ago
- ☆11Oct 10, 2018Updated 7 years ago
- attackRmi☆258Oct 14, 2020Updated 5 years ago
- ☆13Sep 15, 2019Updated 6 years ago
- GitHub Satellite 2020 workshops on finding security vulnerabilities with CodeQL for Java/JavaScript.☆211Sep 27, 2024Updated last year
- Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.☆613Mar 4, 2021Updated 4 years ago
- ☆131Jun 17, 2022Updated 3 years ago
- Efficient and Precise Pointer-Tracking Data-Flow Framework☆68Dec 10, 2024Updated last year
- When MVC magic turns black☆296Sep 4, 2020Updated 5 years ago
- Collection of bypass gadgets to extend and wrap ysoserial payloads☆387Apr 16, 2022Updated 3 years ago
- Java deserialization exploitation lab.☆237Mar 1, 2019Updated 6 years ago
- Interprocedural Distributive Environment algorithm implementation☆16Jul 16, 2015Updated 10 years ago
- PoC for Scala and Groovy☆14Apr 4, 2016Updated 9 years ago
- Some payloads of JNDI Injection in JDK 1.8.0_191+☆484Dec 9, 2020Updated 5 years ago
- MySQL JDBC Deserialization Payload / MySQL�客户端jdbc反序列化漏洞payload☆13Feb 8, 2020Updated 6 years ago
- A tool to dump Java serialization streams in a more human readable form.☆1,066Jun 21, 2024Updated last year
- cybersecurity conference materials☆15Sep 1, 2019Updated 6 years ago
- ☆21Sep 12, 2025Updated 5 months ago
- JDBC Connection URL Attack☆438Sep 10, 2021Updated 4 years ago
- A symbolic Java virtual machine for program analysis, verification and test generation☆120Updated this week
- oracle 10g sys权限通过java执行命令获得一个非交互shell的客户端,通常用于正向连接☆39Jan 4, 2017Updated 9 years ago
- Apache Tomcat + MongoDB Remote Code Execution☆113Jan 15, 2021Updated 5 years ago
- Deprecated: Please visit https://github.com/github/codeql instead.☆82Apr 8, 2022Updated 3 years ago
- ☆41Mar 10, 2021Updated 4 years ago
- A small PoC for the recent RCE found in the Goahead Webserver prior to version 5.1.5.☆22Oct 18, 2021Updated 4 years ago