H3rmesk1t / Fastjson-Gadgets-Automatic-ScannerLinks
Automatically scan jar packages by using ast to find fastjson gadgets. In particular, this project is limited to mining Gadgets that may be exploited, and screening results need to be excluded by themselves. Looking forward to Fork and Star.
☆50Updated 3 years ago
Alternatives and similar repositories for Fastjson-Gadgets-Automatic-Scanner
Users that are interested in Fastjson-Gadgets-Automatic-Scanner are comparing it to the libraries listed below
Sorting:
- e-mesaage <=4.15 后台jar包上传exp☆47Updated 6 years ago
- NoPacScan is a CVE-2021-42287/CVE-2021-42278 Scanner,it scan for more domain controllers than other script☆88Updated 3 years ago
- ☆50Updated 2 years ago
- java☆54Updated 2 years ago
- [fastjson 1.2.80] CVE-2022-25845 aspectj fileread & groovy remote classload☆91Updated 2 years ago
- 卸载冰蝎内存马☆67Updated 4 years ago
- 该项目是通过go语言实现防止rmi利用被反置的问题。☆44Updated 3 years ago
- ☆42Updated 5 years ago
- woodpecker-framework框架http发包库,专门为漏洞检测与利用场景设计。☆67Updated 2 years ago
- jre8u20 gadget☆33Updated 4 years ago
- CVE-2015-4852、CVE-2016-0638、CVE-2016-3510、CVE-2019-2890漏洞POC☆17Updated 4 years ago
- (批量化改造)sharpwmi是一个基于rpc的横向移动工具,具有上传文件和执行命令功能。☆107Updated 4 years ago
- 利用shiro反序列化注入冰蝎内存马☆35Updated 3 years ago
- payloads☆15Updated 4 years ago
- CodeQL 寻找 JNDI利用 Lookup接口☆163Updated 3 years ago
- 编译原理学习代码仓库☆23Updated 3 years ago
- ☆4Updated 4 years ago
- 一些结合第三方组件的Fastjson POC,在1.2.48以后版本中陆续被添加至黑名单。☆56Updated 5 years ago
- Spring Cloud Netflix Hystrix Dashboard template resolution vulnerability CVE-2021-22053☆37Updated 2 years ago
- 打CTF实在厌倦了找利用链,就知道一个fastjson的版本,一堆依赖找啊找,头都疼。为了解决这个烦恼,用了卓卓师傅的fastjson黑名单工具和库,自己改造了一下。☆32Updated 5 years ago
- Yapi RCE漏洞批量验证与伪交互SHELL☆42Updated 3 years ago
- CVE-2021-4034, For Webshell Version.☆34Updated 3 years ago
- cve-2022-34169 延伸出的Jdk Xalan的payload自动生成工具,可根据不同的Jdk生成出其所对应的xslt文件☆91Updated 2 years ago
- ☆54Updated 3 years ago
- 2020年~2021年 网站CMS、中间件、框架系统漏洞集合☆36Updated 4 years ago
- Spring Cloud Function Spel命令执行漏洞☆38Updated 3 years ago
- Learning JAVA for Security☆31Updated 2 years ago
- Yapi mock script RCE another version. Webshell way. 另一种 Webshell 方式的 Yapi 命令执行的方法 相比于其他的利用方式 更加微操 和可控 影响更小☆65Updated 10 months ago
- 魔改的冰蝎,仅供测试连接内存webshell使用☆38Updated 4 years ago
- OXID_Find by Csharp(多线程) 通过OXID解析器获取Windows远程主机上网卡地址 From @RcoIl☆54Updated 4 years ago