☆57Apr 27, 2020Updated 5 years ago
Alternatives and similar repositories for R9000
Users that are interested in R9000 are comparing it to the libraries listed below
Sorting:
- Native Java serialization filter blacklist for common gadgets☆20Sep 12, 2019Updated 6 years ago
- Shiro_721 exp 纯手工实现Padding Oracle整个过程☆67Nov 20, 2019Updated 6 years ago
- bypass JEP290 RaspHook code☆63Sep 21, 2020Updated 5 years ago
- attackRmi☆258Oct 14, 2020Updated 5 years ago
- Redis RCE 的几种方法☆90Jun 5, 2024Updated last year
- Java After-Deserialization Attack☆79Apr 26, 2021Updated 4 years ago
- Behinder3.0 Beta4 源码(Decompile and Fixed)☆207Sep 1, 2020Updated 5 years ago
- MySQL JDBC Deserialization Payload / MySQL客户端jdbc反序列化漏洞payload☆13Feb 8, 2020Updated 6 years ago
- 便捷地使用PostgreSQL自定义函数来执行系统命令,适用于数据库管理员知道postgres密码却不知道ssh或RDP密码的时候在服务器执行系统命令。☆55Mar 10, 2020Updated 6 years ago
- ☆131Jun 17, 2022Updated 3 years ago
- �☆73Jun 21, 2022Updated 3 years ago
- vRealize RCE + Privesc (CVE-2021-21975, CVE-2021-21983, CVE-0DAY-?????)☆39Apr 7, 2021Updated 4 years ago
- Apache Tomcat + MongoDB Remote Code Execution☆114Jan 15, 2021Updated 5 years ago
- ☆78Jan 12, 2021Updated 5 years ago
- JRE8u20_RCE_Gadget☆255Jul 1, 2016Updated 9 years ago
- WebLogic wls9-async反序列化远程命令执行漏洞☆240May 26, 2019Updated 6 years ago
- 参考《利用分块传输吊打所有WAF》修改的requests的Adapter☆98Jan 31, 2019Updated 7 years ago
- A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.☆103Mar 10, 2020Updated 6 years ago
- Fastjson Poc for 1.2.33~1.2.36 with bcel☆11Oct 27, 2020Updated 5 years ago
- tomcat使用了自带session同步功能时,不安全的配置(没有使用EncryptInterceptor)导致存在的反序列化漏洞,通过精心构造的数据包, 可以对使用了tomcat自带session同步功能的服务器进行攻击。PS:这个不是CVE-2020-9484,9484…☆212May 19, 2020Updated 5 years ago
- ☆28Oct 5, 2020Updated 5 years ago
- (周瑜)Java - SpringBoot 持久化 WebShell(不仅仅是SpringBoot,适合任何符合JavaEE规范的服务)☆614Dec 29, 2021Updated 4 years ago
- A Java runtime information-gathering tool which uses the Java Attach API for information acquisition☆204Apr 26, 2021Updated 4 years ago
- CVE-2019-2725 命令回显☆436May 8, 2023Updated 2 years ago
- 一款基于webshell命令执行功能实现的GUI webshell管理工具,支持流量加密☆219Jun 4, 2021Updated 4 years ago
- java内存对象搜索辅助工具☆823Sep 23, 2022Updated 3 years ago
- 利用agent hock指定的class,在jar运行周期内,用于跟踪被执行的方法,辅助做一些事情,比如挖洞啊☆125Jul 17, 2020Updated 5 years ago
- 超硬核!使用图数据技术发现软件漏洞☆185Sep 1, 2021Updated 4 years ago
- A fake JDBC driver that allows OS command execution.☆125Oct 2, 2022Updated 3 years ago
- C# POC for CVE-2021-26855 aka ProxyLogon, supports the classically semi-interactive web shell as well as shellcode injection☆250Mar 31, 2021Updated 4 years ago
- Java表达式语句生成器☆194Oct 9, 2023Updated 2 years ago
- Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.☆612Mar 4, 2021Updated 5 years ago
- Fastjson vulnerability quickly exploits the framework(fastjson漏洞快速利用框架)☆1,389Dec 16, 2022Updated 3 years ago
- CVE-2018-8021 Proof-Of-Concept and Exploit☆106Dec 3, 2018Updated 7 years ago
- weblogic t3 deserialization rce☆268Jul 13, 2017Updated 8 years ago
- Bypass cobaltstrike beacon config scan☆84May 24, 2021Updated 4 years ago
- Some payloads of JNDI Injection in JDK 1.8.0_191+☆484Dec 9, 2020Updated 5 years ago
- 内网渗透中快速获取数据库所有库名,表名,列名。具体判断后再去翻数据,节省时间。适用于mysql,mssql。☆198Nov 11, 2019Updated 6 years ago
- A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.优化了一些东西。☆214Jan 17, 2022Updated 4 years ago