Automatically scan jar packages by using ast to find fastjson gadgets. In particular, this project is limited to mining Gadgets that may be exploited, and screening results need to be excluded by themselves. Looking forward to Fork and Star.
☆49Mar 8, 2022Updated 3 years ago
Alternatives and similar repositories for Fastjson-Gadgets-Automatic-Scanner
Users that are interested in Fastjson-Gadgets-Automatic-Scanner are comparing it to the libraries listed below
Sorting:
- CodeQL 寻找 JNDI利用 Lookup接口☆166Apr 10, 2022Updated 3 years ago
- CVE-2022-30525 Zyxel 防火墙命令注入漏洞 POC&EXPC☆12May 28, 2022Updated 3 years ago
- 用codeql分析grafana最新任意文件读取☆11Dec 10, 2021Updated 4 years ago
- codemillx is a tool for CodeQL, extract the comments in the code and generate codeql module. 强化Go开源项目安全检测(内含开源项目漏洞挖掘方法)☆205Mar 19, 2022Updated 3 years ago
- fastjson不出网利用、c3p0☆256Jul 30, 2021Updated 4 years ago
- ☆143Jan 21, 2021Updated 5 years ago
- 基于dbcp的fastjson rce 回显☆197Jun 28, 2021Updated 4 years ago
- 注入JVM进程 动态获取目标进程连接的数据库☆342Mar 6, 2022Updated 3 years ago
- JDBC Connection URL Attack☆440Sep 10, 2021Updated 4 years ago
- Magisk burpsuite 证书模块,在安卓10以上通过magisk模块快速安装burpsuite证书☆41Feb 2, 2023Updated 3 years ago
- An improvement over the original Mimikatz wrapper.☆19Aug 11, 2021Updated 4 years ago
- Java XMLDecoder payload generator☆16Jul 27, 2021Updated 4 years ago
- 一款用Go实现的批量加载漏洞检测插件进行多线程扫描的框架。☆11Jan 20, 2024Updated 2 years ago
- Finding Java gadget chains with CodeQL☆185Jan 14, 2025Updated last year
- 在原版nps的基础上,增加了nps探测,以及对应的利用方式(��如获取cookie,页面等),进行一些简单的二开。未经过大量测试,可能存在bug。☆21Aug 5, 2025Updated 6 months ago
- 适用于weblogic和Tomcat的无文件的内存马(memshell)☆269Mar 4, 2022Updated 4 years ago
- A neo4j procedure for tabby☆137May 17, 2025Updated 9 months ago
- Redis-Attack By Replication (通过主从复制攻击Redis)☆356Nov 25, 2022Updated 3 years ago
- Java应用的一些配置文件字典,来源于公开的字典与平时收集☆321Feb 1, 2024Updated 2 years ago
- springboot跨线程注入内存马☆123Apr 10, 2022Updated 3 years ago
- 记录学习codeql的过程☆394Jun 9, 2023Updated 2 years ago
- ☆835Jun 7, 2022Updated 3 years ago
- Java反序列化漏洞利用链补全计划,仅用于个人归纳总结。☆420Dec 3, 2021Updated 4 years ago
- Load CLR to get RWX 通过加载clr在自身内存中产生rwx空间☆22Sep 28, 2022Updated 3 years ago
- generate facts from bytecode (source is https://github.com/plast-lab/doop-mirror/tree/master/generators)☆23Nov 24, 2024Updated last year
- A Go library for generating Java deserialization payloads.☆155Sep 9, 2024Updated last year
- RMI 反序列化环境 一步步☆213Aug 31, 2020Updated 5 years ago
- Java agent without file 无文件的Java agent☆82Apr 7, 2022Updated 3 years ago
- 用Java agent实现内存马等功能☆197Jul 27, 2023Updated 2 years ago
- ☆61Sep 21, 2020Updated 5 years ago
- CSAgent 与 GoogleAuth 的缝合体,cobalt strike的破解+otp动态口令的agent☆132Aug 3, 2022Updated 3 years ago
- 动态链接库加载工具☆20Jan 26, 2022Updated 4 years ago
- CodeQL extractor for java, which don't need to compile java source☆348Nov 25, 2022Updated 3 years ago
- Java utility that allows to inject shell code and execute it☆73Feb 23, 2022Updated 4 years ago
- Yapi mock script RCE another version. Webshell way. 另一种 Webshell 方式的 Yapi 命令执行的方法 相比于其他的利用方式 更加微操和可控 影响更小☆66Jul 4, 2024Updated last year
- CVE-2022-22947☆222Mar 3, 2022Updated 4 years ago
- 域控安全one for all☆736Sep 9, 2024Updated last year
- Java Js Engine Payloads All in one☆289Aug 21, 2023Updated 2 years ago
- [ProxyLogon] CVE-2021-26855 & CVE-2021-27065 Fixed RawIdentity Bug Exploit. [ProxyOracle] CVE-2021-31195 & CVE-2021-31196 Exploit Chains.…☆177Oct 21, 2022Updated 3 years ago