A proof of concept that demonstrates asynchronous scanning for Java deserialization bugs
☆55Mar 27, 2017Updated 9 years ago
Alternatives and similar repositories for break-fast-serial
Users that are interested in break-fast-serial are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- S2-055的环境,基于rest-show-case改造☆37Dec 7, 2017Updated 8 years ago
- PoC of Remote Command Execution via Log injection on SAP NetWeaver AS JAVA CRM☆52Mar 14, 2018Updated 8 years ago
- Burp and ZAP plugin to analyse Content-Security-Policy headers or generate template CSP configuration from crawling a Website☆141Apr 29, 2020Updated 6 years ago
- ☆72Nov 20, 2017Updated 8 years ago
- Collection of bypass gadgets to extend and wrap ysoserial payloads☆387Apr 16, 2022Updated 4 years ago
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- ssrf、ssrfIntranetFuzz、dnsRebinding、recordEncode、dnsPoisoning、Support ipv4/ipv6☆217Aug 17, 2017Updated 8 years ago
- Wraps sudo; transparently steals user's credentials. For those annoying times when you get a shell/file write on a sudoers account and ne…☆37Nov 15, 2024Updated last year
- An example project that exploits the default typing issue in Jackson-databind via Spring application contexts and expressions☆124Jan 9, 2018Updated 8 years ago
- some java code i met or i used☆29May 7, 2019Updated 7 years ago
- A collection of curated Java Deserialization Exploits☆592May 16, 2021Updated 5 years ago
- --= Xt9 - Anti - Rootkit =-- beta v0.11 by xti9er☆15Dec 16, 2020Updated 5 years ago
- 2 web tasks from ZeroNights HackQuest 2016☆50Mar 24, 2017Updated 9 years ago
- Burp Suite plugin created for using Collaborator tool during manual testing in a comfortable way!☆104Jun 1, 2018Updated 7 years ago
- Post module for Metasploit to execute ELF in memory☆86Nov 23, 2018Updated 7 years ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- RCE Exploit PoC for XMLDecoder☆63Aug 1, 2013Updated 12 years ago
- Demonstrating why Dynamic Method Invocation with unrestricted method names (the old default of Struts) is dangerous.☆12Sep 30, 2018Updated 7 years ago
- ☆13Feb 17, 2016Updated 10 years ago
- A Java serializer in JavaScript☆81May 21, 2018Updated 7 years ago
- An Out-of-Band XXE server for retrieving file contents over FTP.☆185May 27, 2020Updated 5 years ago
- A static byte code analyzer for Java deserialization gadget research☆253Apr 17, 2017Updated 9 years ago
- RFD Checker - security CLI tool to test Reflected File Download issues☆64Feb 26, 2019Updated 7 years ago
- Struts2の脆弱性S2-045, S2-055 および Jackson の脆弱性 CVE-2017-7525, CVE-2017-15095 の調査報告☆107Dec 13, 2017Updated 8 years ago
- PoC for Scala and Groovy☆14Apr 4, 2016Updated 10 years ago
- GPU virtual machines on DigitalOcean Gradient AI • AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- ☆28Oct 16, 2017Updated 8 years ago
- Accompanying material needed for the workshop☆11Jun 14, 2023Updated 2 years ago
- certbook☆58Jul 28, 2017Updated 8 years ago
- spring mvc cve-2014-3625☆32Mar 11, 2016Updated 10 years ago
- Mogwai Java Management Extensions (JMX) Exploitation Toolkit☆175Jul 21, 2016Updated 9 years ago
- Java RMI enumeration and attack tool.☆747Sep 28, 2017Updated 8 years ago
- Merge results from NMAP and Masscan into one CSV file☆18Jun 19, 2018Updated 7 years ago
- A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.☆47Mar 22, 2017Updated 9 years ago
- Automatically identify deserialisation issues in Java and .NET applications by using active and passive scans☆584Sep 7, 2021Updated 4 years ago
- Deploy open-source AI quickly and easily - Special Bonus Offer • AdRunpod Hub is built for open source. One-click deployment and autoscaling endpoints without provisioning your own infrastructure.
- Dynamic Identification and Recognition Technology☆10Nov 1, 2016Updated 9 years ago
- A quick and dirty .NET "Deserialize_*" fuzzer based on James Forshaw's (@tiraniddo) DotNetToJScript.☆42Nov 10, 2018Updated 7 years ago
- 用于还原svn仓库,支持1.6,1.7☆26Jun 3, 2016Updated 9 years ago
- a passive scanner based on Mitmproxy and Arachni☆106Aug 17, 2017Updated 8 years ago
- Inventus is a spider designed to find subdomains of a specific domain by crawling it and any subdomains it discovers.☆82Aug 28, 2017Updated 8 years ago
- Malicious PDF document parsing tool☆16Nov 1, 2017Updated 8 years ago
- SSRF Proxy facilitates tunneling HTTP communications through servers vulnerable to Server-Side Request Forgery.☆483Jan 1, 2018Updated 8 years ago