Deprecated: Please visit https://github.com/github/codeql instead.
☆82Apr 8, 2022Updated 3 years ago
Alternatives and similar repositories for SecurityQueries
Users that are interested in SecurityQueries are comparing it to the libraries listed below
Sorting:
- This repo has been migrated to https://github.com/github/security-lab/tree/master/SecurityExploits☆252Nov 5, 2019Updated 6 years ago
- A Java serializer in JavaScript☆80May 21, 2018Updated 7 years ago
- Repository to hold materials for DefCon_RESTing presentation by Dinis, Abe and Alvaro☆53Aug 5, 2013Updated 12 years ago
- a kernel information leak on macOS<= 10.14.4☆10May 24, 2019Updated 6 years ago
- Demonstrating why Dynamic Method Invocation with unrestricted method names (the old default of Struts) is dangerous.☆12Sep 30, 2018Updated 7 years ago
- keynote I gave at GreHack 2019☆19Nov 17, 2019Updated 6 years ago
- Vulnerability research on the CA UIM Nimbus protocol☆15Sep 28, 2020Updated 5 years ago
- CVE-2020-28243 Local Privledge Escalation Exploit in SaltStack Minion☆18Mar 3, 2021Updated 4 years ago
- PoC Code for CVE-2018-16712 (exploit by MmMapIoSpace)☆25Dec 1, 2018Updated 7 years ago
- Encima De la Mosca HTTP proxy POC for infecting files on-the-fly and SSLstrip2☆41Sep 1, 2018Updated 7 years ago
- A static byte code analyzer for Java deserialization gadget research☆252Apr 17, 2017Updated 8 years ago
- [WIP] a simple UI for Vulhub☆16Jun 10, 2021Updated 4 years ago
- Webkit JavascriptCore Array unshift function had a race condition, it leads to RCE.☆44Dec 5, 2023Updated 2 years ago
- Java RMI enumeration and attack tool.☆745Sep 28, 2017Updated 8 years ago
- The Outlook HTML Leak Test Project☆131May 12, 2018Updated 7 years ago
- A byte code analyzer for finding deserialization gadget chains in Java applications☆1,079Jun 15, 2021Updated 4 years ago
- Mogwai Java Management Extensions (JMX) Exploitation Toolkit☆174Jul 21, 2016Updated 9 years ago
- XSS payloads for edge cases☆34Nov 13, 2018Updated 7 years ago
- CVE-2019-12949☆26Jun 28, 2019Updated 6 years ago
- CVE-2018-19537☆20Nov 26, 2018Updated 7 years ago
- ☆17Oct 25, 2018Updated 7 years ago
- 2 web tasks from ZeroNights HackQuest 2016☆50Mar 24, 2017Updated 8 years ago
- Collection of bypass gadgets to extend and wrap ysoserial payloads☆387Apr 16, 2022Updated 3 years ago
- ☆72Nov 20, 2017Updated 8 years ago
- Will try to put here slides from now on when I give a talk☆24Oct 11, 2021Updated 4 years ago
- PoC Exploit for AOSP UserDictionary Content Provider (CVE-2018-9375)☆21Mar 2, 2019Updated 6 years ago
- Automatically identify deserialisation issues in Java and .NET applications by using active and passive scans☆584Sep 7, 2021Updated 4 years ago
- ☆19Mar 24, 2017Updated 8 years ago
- Primitive tool for exploring/querying Java classes via the Tinkerpop Gremlin graph traversal language☆110May 12, 2016Updated 9 years ago
- vulhub下载器,可则需下载对应环境☆23Sep 19, 2018Updated 7 years ago
- A static analysis API for finding deserialization attack gadgets☆38Nov 7, 2022Updated 3 years ago
- python audit tool 审计 注入 inject☆34Feb 25, 2016Updated 10 years ago
- A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.☆34Sep 19, 2016Updated 9 years ago
- Resources related to GitHub Security Lab☆1,585Dec 2, 2025Updated 2 months ago
- Some stuffs for CODE BLUE 2016☆23Oct 26, 2016Updated 9 years ago
- Confluence Widget Connector path traversal (CVE-2019-3396)☆22Oct 4, 2019Updated 6 years ago
- My solution for GitHub Security Lab CTF 4: CodeQL and Chill - The Java Edition☆19Jun 10, 2020Updated 5 years ago
- Struts2の脆弱性S2-045, S2-055 および Jackson の脆弱性 CVE-2017-7525, CVE-2017-15095 の調査報告☆107Dec 13, 2017Updated 8 years ago
- ☆85Dec 6, 2019Updated 6 years ago