Firebasky / FastjsonLinks

Fastjson姿势技巧集合

☆13

Alternatives and similar repositories for Fastjson

Users that are interested in Fastjson are comparing it to the libraries listed below

Sorting:

dushixiang / evil-mysql-server
evil-mysql-server is a malicious database written to target jdbc deserialization vulnerabilities and requires ysoserial.
☆94Updated 2 years ago
YYHYlh / Dubbo-Scan
一款让你不只在dubbo-sample、vulhub或者其他测试环境里检测和利用成功的Apache Dubbo 漏洞检测工具。
☆169Updated 2 years ago
FFreestanding / JavaUnserializeChain
自己积累的一些Java反序列化利用链
☆89Updated 2 years ago
Lotus6 / FileMonitor
Java命令行文件监控小工具(代码审计)
☆103Updated 3 years ago
Whoopsunix / fastjson_study
Abandoned - fastjson 1.2.24-1.2.80 poc & vulns env & how to check vul
☆94Updated last year
Lonely-night / fastjsonVul
fastjson 80 远程代码执行漏洞复现
☆198Updated 2 years ago
xiaopan233 / GenerateNoHard
本工具的定位是快速生成Java安全相关的Payload，如内存马、反序列化链、JNDI url、Fastjson等，动态生成相关Payload，并附带相应的文档。
☆93Updated 6 months ago
Whoopsunix / utf-8-overlong-encoding
抽离出 utf-8-overlong-encoding 的序列化逻辑，实现 2 3 字节加密序列化数组
☆138Updated last year
ax1sX / RouteCheck-Alpha
A Java Route Collection Tool
☆101Updated last year
Boogipop / JavaSec
JavaSec
☆39Updated last year
achuna33 / MYJNDIExploit
自己的JNDI 利用工具，添加一些人性化功能
☆131Updated 2 years ago
unam4 / java_gadget_flow
一些总结出来的gadget的flow，后续合适和加入新的flow
☆25Updated 8 months ago
vpxuser / Central-Management-System-Exploitation-Cheat-Sheet
内网集权系统渗透测试笔记
☆13Updated 10 months ago
woodpecker-appstore / jexpr-encoder-utils
Java表达式语句生成器
☆193Updated last year
CrackerCat / YongyouNC-Unserialize-Tools
用友NC反序列化漏洞payload生成
☆74Updated 3 years ago
cwkiller / JDBC-PROXY-Bypass
利用代理驱动绕过JDBC Attack检测
☆126Updated 2 months ago
cri1wa / MemShell
支持常见中间件无文件落地冰蝎内存马注入&&文件上传agent冰蝎马注入
☆32Updated 2 years ago
threedr3am / dubbo-exp
dubbo快速利用exp，基本上老版本覆盖100%。
☆158Updated 2 months ago
p1n93r / SpringBootAdmin-thymeleaf-SSTI
SpringBootAdmin-thymeleaf-SSTI which can cause RCE
☆81Updated 2 years ago
pap1rman / postnacos
哥斯拉nacos后渗透插件 maketoken adduser
☆147Updated 2 years ago
depycode / fastjson-local-echo
基于dbcp的fastjson rce 回显
☆195Updated 4 years ago
darkarmorlab / video-api-check
check hikvision/ys7 api
☆72Updated 2 years ago
yulate / tabby-pipeline
用于快速启动tabby 分析漏洞或者gadget的环境
☆87Updated last month
bmth666 / Yongyou-Unserialize-plus
用友的一些反序列化链子以及1day，二开了狼组的YongYouNcTool，改了一下逻辑以及poc
☆110Updated 10 months ago
ffffffff0x / gendict
字典生成工具
☆88Updated last year
TonyD0g / JavaHacker
记录自己学习Java安全的过程,无技术含量。
☆30Updated 2 years ago
bkfish / yaml-payload-for-Win
用于windows反弹shell的yaml-payload
☆71Updated 4 years ago
pho3n1x-web / HTTPServerGO
这是一个用Go编写的红队内网环境中一个能快速开启HTTP文件浏览服务的小工具，能够执行shell命令,可以执行webshell
☆77Updated 2 years ago
ssssdl / fastjsonChecker
burp手工检测fastjson辅助
☆88Updated last year
Hackaspx / Hackaspx
《ASPX安全-只有ASPX安全才能拯救.NET》Only ASPX Security Can Save The NET.
☆36Updated 2 years ago