Exploits for CNEXT (CVE-2024-2961), a buffer overflow in the glibc's iconv()
☆504Sep 30, 2024Updated last year
Alternatives and similar repositories for cnext-exploits
Users that are interested in cnext-exploits are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Generates a `php://filter` chain that adds a prefix and a suffix to the contents of a file.☆237Oct 8, 2024Updated last year
- A CLI to exploit parameters vulnerable to PHP filter chain error based oracle.☆325Jun 2, 2024Updated last year
- lightyear is a tool to dump files in tedious (blind) conditions using PHP filters☆112Jun 23, 2025Updated 9 months ago
- MySQL Fake Server use to help MySQL Client File Reading and JDBC Client Java Deserialize☆1,362Nov 18, 2021Updated 4 years ago
- Some ReadObject Sink With JDBC☆243May 8, 2024Updated last year
- ☆1,005Jan 23, 2023Updated 3 years ago
- Java Vulnerability Exploitation Platform☆2,010Updated this week
- 一款支持自定义的 Java 内存马生成工具|A customizable Java in-memory webshell generation tool.☆2,166Aug 21, 2025Updated 7 months ago
- ☆95Sep 2, 2024Updated last year
- A (small) web exploit framework☆97Dec 26, 2025Updated 2 months ago
- 80+ Gadgets(30 More than ysoserial). JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and provide background serv…☆871Jun 24, 2024Updated last year
- 专为CTF设计的Jinja2 SSTI全自动绕WAF脚本 | A Jinja2 SSTI cracker for bypassing WAF, designed for CTF☆1,250Updated this week
- A rouge mysql server supports reading files from most mysql libraries of multiple programming languages.☆758Dec 2, 2022Updated 3 years ago
- ☆349Jan 24, 2023Updated 3 years ago
- ZKar is a Java serialization protocol analysis tool implement in Go.☆650Feb 15, 2025Updated last year
- This repository contains PoC for CVE-2024-7965. This is the vulnerability in the V8 that occurs only within ARM64.☆49Sep 16, 2024Updated last year
- 高性能 HTTP 正向代理工具 | A high-performance http tunneling tool☆2,683Feb 2, 2026Updated last month
- some fun php exploits☆82Nov 12, 2024Updated last year
- dotnet 反序列化学习笔记☆513Oct 19, 2023Updated 2 years ago
- CVE-2023-34992: Fortinet FortiSIEM Command Injection Proof of Concept Exploit☆27May 21, 2024Updated last year
- cve-2022-34169 延伸出的Jdk Xalan的payload自动生成工具,可根据不同的Jdk生成出其所对应的xslt文件☆93Jan 17, 2023Updated 3 years ago
- A CAT called tabby ( Code Analysis Tool )☆1,641Jan 17, 2026Updated 2 months ago
- a rep for documenting my study, may be from 0 to 0.1☆2,254Nov 10, 2025Updated 4 months ago
- ☆158Jul 10, 2024Updated last year
- 纯 Java 实现的 MySQL Fake Server | 支持 GUI 版和命令行版 | 支持反序列化和文件读取的利用方式 | 支持常见的 GADGET 和自定义 GADGET 数据 | 根据目标环境自动生成匹配的 PAYLOAD | 支持 PGSQL 和 DERBY …☆827Sep 18, 2023Updated 2 years ago
- Exploit for the vulnerability CVE-2024-43044 in Jenkins☆184Oct 2, 2024Updated last year
- A powerful JNDI injection exploitation framework that supports RMI, LDAP and LDAPS protocols, including various bypass methods for high-v…☆573Feb 4, 2026Updated last month
- WebSocket 内存马/Webshell,一种新型内存马/WebShell技术☆1,493Apr 10, 2023Updated 2 years ago
- Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, in…☆2,439Apr 17, 2024Updated last year
- CTF-Java-Gadget专注于收集CTF中Java赛题的反序列化片段☆282Dec 13, 2024Updated last year
- 一款专注于 Java 主流 Web 中间件的内存马快速生成工具,致力于简化安全研究人员和红队成员的工作流程,提升攻防效率☆1,355Mar 4, 2026Updated 2 weeks ago
- 抽离出 utf-8-overlong-encoding 的序列化逻辑,实现 2 3 字节加密序列化数组☆140Mar 11, 2024Updated 2 years ago
- Fastjson姿势技巧集合☆1,833Oct 20, 2023Updated 2 years ago
- A neo4j procedure for tabby☆137May 17, 2025Updated 10 months ago
- PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.☆3,768Sep 29, 2025Updated 5 months ago
- 哥斯拉webshell管理工具二次开发规避流量检测设备☆1,052Dec 2, 2025Updated 3 months ago
- 通过端口复用直接进行正向socks5代理(非防火墙分流)☆114Dec 17, 2024Updated last year
- PoC for CVE-2023-4911☆389Oct 4, 2023Updated 2 years ago
- A helpful Java Deserialization exploit framework.☆1,242Feb 17, 2025Updated last year