SerialWriter is an incomplete implementation of Java serialization for study of Java deserialization vulnerabilities.
☆104Feb 28, 2018Updated 8 years ago
Alternatives and similar repositories for SerialWriter
Users that are interested in SerialWriter are comparing it to the libraries listed below
Sorting:
- a pass-the-hash tool☆104Mar 1, 2018Updated 8 years ago
- JRE8u20_RCE_Gadget☆255Jul 1, 2016Updated 9 years ago
- A fake JDBC driver that allows OS command execution.☆125Oct 2, 2022Updated 3 years ago
- Collection of bypass gadgets to extend and wrap ysoserial payloads☆387Apr 16, 2022Updated 3 years ago
- A byte code analyzer for finding deserialization gadget chains in Java applications☆1,079Jun 15, 2021Updated 4 years ago
- fastjson remote code execute poc 直接用intellij IDEA打开即可 首先编译得到Test.class,然后运行Poc.java☆403Dec 16, 2022Updated 3 years ago
- 一个利用ASM对字节码进行污点传播分析的静态代码审计应用(添加了大量代码注释,适合大家进行源码学习)。也加入了挖掘Fastjson反序列化gadget chains和SQLInject(JdbcTemplate、MyBatis、JPA、Hibernate、原生jdbc等)静…☆458Mar 24, 2022Updated 3 years ago
- Mogwai Java Management Extensions (JMX) Exploitation Toolkit☆174Jul 21, 2016Updated 9 years ago
- A Java serializer in JavaScript☆80May 21, 2018Updated 7 years ago
- java内存对象搜索辅助工具☆823Sep 23, 2022Updated 3 years ago
- 总结了20+.Net反序列化文章,持续更新☆748Apr 3, 2024Updated last year
- XSS hunter 收集Webview 页面上存在的反射,储存型XSS ,方便应急APP 和前端页面在发布时遇到XSS 安全问题..☆42Oct 9, 2016Updated 9 years ago
- fastjson 1.2.68 版本 autotype bypass☆142Jun 17, 2022Updated 3 years ago
- ☆153Jun 24, 2019Updated 6 years ago
- 整理收集Struts2漏洞环境☆270Jan 9, 2018Updated 8 years ago
- ☆131Jun 17, 2022Updated 3 years ago
- Learn how to get a reverse shell from JIRA application server☆24Dec 2, 2018Updated 7 years ago
- 参考《利用分块传输吊打所有WAF》修改的requests的Adapter☆98Jan 31, 2019Updated 7 years ago
- a webshell resides in the memory of java web server☆699Jun 26, 2018Updated 7 years ago
- Proof of concept exploit, showing how to do bytecode injection through untrusted deserialization with Spring Framework 4.2.4☆116May 17, 2019Updated 6 years ago
- flash 劫持轮子,CSRF,劫持,跳转,swf 有需求可以提issues ,src挖掘,劫持response☆86Nov 9, 2019Updated 6 years ago
- ☆33Dec 6, 2022Updated 3 years ago
- Proof of concept showing how to exploit the CVE-2018-11759☆40Dec 11, 2018Updated 7 years ago
- CVE-2019-2725 命令回显☆436May 8, 2023Updated 2 years ago
- Exploitation Tool for CVE-2017-3066 targeting Adobe Coldfusion 11/12☆96Oct 18, 2022Updated 3 years ago
- S2-055的环境,基于rest-show-case改造☆37Dec 7, 2017Updated 8 years ago
- RCE on Apache Solr using deserialization of untrusted data via jmx.serviceUrl☆210Mar 10, 2019Updated 6 years ago
- Java RMI enumeration and attack tool.☆745Sep 28, 2017Updated 8 years ago
- ssrf、ssrfIntranetFuzz、dnsRebinding、recordEncode、dnsPoisoning、Support ipv4/ipv6☆217Aug 17, 2017Updated 8 years ago
- Weblogic环境搭建工具☆796Apr 23, 2020Updated 5 years ago
- Jenkins RCE PoC. From unauthenticated user to remote code execution, it's a hacker's dream!☆297Jun 10, 2019Updated 6 years ago
- A PoC Java Stager which can download, compile, and execute a Java file in memory.☆108Aug 6, 2018Updated 7 years ago
- java source code static code analysis and danger function identify prog☆534Feb 18, 2019Updated 7 years ago
- Kerberos accounts enumeration taking advantage of AS-REQ☆43Apr 25, 2018Updated 7 years ago
- ☆835Jun 7, 2022Updated 3 years ago
- Reverse Shell as a Service☆66Nov 9, 2020Updated 5 years ago
- tomcat使用了自带session同步功能时,不安全的配置(没有使用EncryptInterceptor)导致存在的反序列化漏洞,通过精心构造的数据包, 可以对使用了tomcat自带session同步功能的 服务器进行攻击。PS:这个不是CVE-2020-9484,9484…☆212May 19, 2020Updated 5 years ago
- 梧桐百科投稿通道☆22May 21, 2018Updated 7 years ago
- Weblogic Upload Vuln(Need username password)-CVE-2019-2618☆173Apr 17, 2019Updated 6 years ago