Java serialization brute force attack tool.
☆123Aug 18, 2017Updated 8 years ago
Alternatives and similar repositories for SerialBrute
Users that are interested in SerialBrute are comparing it to the libraries listed below
Sorting:
- Java deserialization exploitation lab.☆237Mar 1, 2019Updated 7 years ago
- A tool to dump Java serialization streams in a more human readable form.☆1,066Jun 21, 2024Updated last year
- Java RMI enumeration and attack tool.☆745Sep 28, 2017Updated 8 years ago
- 2 web tasks from ZeroNights HackQuest 2016☆50Mar 24, 2017Updated 8 years ago
- JRE8u20_RCE_Gadget☆255Jul 1, 2016Updated 9 years ago
- ssrf、ssrfIntranetFuzz、dnsRebinding、recordEncode、dnsPoisoning、Support ipv4/ipv6☆217Aug 17, 2017Updated 8 years ago
- Java Message Exploitation Tool☆511Jul 6, 2022Updated 3 years ago
- Collection of bypass gadgets to extend and wrap ysoserial payloads☆387Apr 16, 2022Updated 3 years ago
- ☆17Oct 25, 2018Updated 7 years ago
- Java-Web-Security - Sichere Webanwendungen mit Java entwickeln☆220Feb 19, 2026Updated last week
- 🐱💻 Poc of CVE-2019-7238 - Nexus Repository Manager 3 Remote Code Execution 🐱💻☆153Feb 25, 2019Updated 7 years ago
- A collection of curated Java Deserialization Exploits☆591May 16, 2021Updated 4 years ago
- All about CVE-2018-14667; From what it is to how to successfully exploit it.☆50Nov 30, 2018Updated 7 years ago
- Apache Solr Injection Research��☆579Jan 28, 2020Updated 6 years ago
- The cheat sheet about Java Deserialization vulnerabilities☆3,164May 26, 2023Updated 2 years ago
- Burp plugin to do random fuzzing of HTTP requests☆33Jan 31, 2017Updated 9 years ago
- A static byte code analyzer for Java deserialization gadget research☆252Apr 17, 2017Updated 8 years ago
- Automatically identify deserialisation issues in Java and .NET applications by using active and passive scans☆584Sep 7, 2021Updated 4 years ago
- Web Security Technology & Vulnerability Analysis Whitepapers☆549Jan 1, 2019Updated 7 years ago
- Run remote system commands from Oracle connection - oracle exec command perl☆12Jun 6, 2015Updated 10 years ago
- Mogwai Java Management Extensions (JMX) Exploitation Toolkit☆174Jul 21, 2016Updated 9 years ago
- fastjson remote code execute poc 直接用intellij IDEA打开即可 首先编译得到Test.class,然后运行Poc.java☆403Dec 16, 2022Updated 3 years ago
- CVE-2018-8581 | Microsoft Exchange Server Elevation of Privilege Vulnerability☆332Dec 30, 2018Updated 7 years ago
- A python3 program to filter Burp Suite log file.☆77May 26, 2016Updated 9 years ago
- ☆77Feb 17, 2017Updated 9 years ago
- A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques☆736May 4, 2019Updated 6 years ago
- 更快速的进行Web应用指纹识别☆170May 9, 2019Updated 6 years ago
- Sample codes written for the Hackers to Hackers Conference magazine 2017 (H2HC).☆520Mar 11, 2022Updated 3 years ago
- Web App Monitor☆228Sep 20, 2018Updated 7 years ago
- PoC for Scala and Groovy☆14Apr 4, 2016Updated 9 years ago
- 一个用于识别目标网站是否采用Struts2框架开发的工具demo☆163Jan 23, 2018Updated 8 years ago
- Demonstrating why Dynamic Method Invocation with unrestricted method names (the old default of Struts) is dangerous.☆12Sep 30, 2018Updated 7 years ago
- CVE-2018-8021 Proof-Of-Concept and Exploit☆106Dec 3, 2018Updated 7 years ago
- Burp Suite Collaborator HTTP API☆45May 27, 2018Updated 7 years ago
- python audit tool 审计 注入 inject☆182Feb 25, 2016Updated 10 years ago
- A Java serializer in JavaScript☆80May 21, 2018Updated 7 years ago
- Jenkins RCE Proof-of-Concept: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (…☆316Apr 1, 2019Updated 6 years ago
- Burp extension☆58Jun 18, 2018Updated 7 years ago
- A fake JDBC driver that allows OS command execution.☆125Oct 2, 2022Updated 3 years ago