fransr/hot-jar-swapping-urlclassloader

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/fransr/hot-jar-swapping-urlclassloader)

fransr / hot-jar-swapping-urlclassloader

Demo of the URLClassLoader JAR-swapping showing the ability to replace and exploit an already loaded JAR with inner classes

☆32

Alternatives and similar repositories for hot-jar-swapping-urlclassloader

Users that are interested in hot-jar-swapping-urlclassloader are comparing it to the libraries listed below

Sorting:

pingidentity / AuraIntruder
View on GitHub
☆20Sep 6, 2023Updated 2 years ago
TecR0c / DoubleTrouble
View on GitHub
This repository offers insights and a proof-of-concept tool to exploit two significant deserialization vulnerabilities in Inductive Autom…
☆46Dec 22, 2023Updated 2 years ago
dillonfranke / protoburp
View on GitHub
Encode and Fuzz Custom Protobuf Messages in Burp Suite
☆36Mar 4, 2025Updated last year
Raz0r / defihack
View on GitHub
☆17May 22, 2021Updated 4 years ago
0xsapra / dependency-confusion-expoit
View on GitHub
☆14Jul 1, 2021Updated 4 years ago
trufflesecurity / of-CORS
View on GitHub
☆154Aug 18, 2023Updated 2 years ago
trickest / mgwls
View on GitHub
Combine words from two wordlist files and concatenate them with an optional delimiter
☆38Sep 25, 2023Updated 2 years ago
LazaUK / DeepLearningAI-Giskard-RedTeaming
View on GitHub
Practical Jupyter notebooks from Andrew Ng and Giskard team's "Red Teaming LLM Applications" course on DeepLearning.AI.
☆23Apr 8, 2024Updated last year
Al1ex / Pentest-Command
View on GitHub
Pentest-Command
☆20Nov 10, 2021Updated 4 years ago
elttam / plormber
View on GitHub
☆26Jul 9, 2024Updated last year
silentsignal / burp-piper
View on GitHub
Piper Burp Suite Extender plugin
☆129Jan 14, 2026Updated last month
smiegles / extract-relative-url-heapsnapshot
View on GitHub
Extract relative urls from a heap snapshot
☆87May 30, 2021Updated 4 years ago
gagliardetto / codemill
View on GitHub
CodeQL model generation for Go.
☆17Jun 11, 2021Updated 4 years ago
AethliosIK / reset-tolkien
View on GitHub
Unsecure time-based secret exploitation and Sandwich attack implementation Resources
☆149Dec 9, 2024Updated last year
fransr / unpack-burp
View on GitHub
For unpacking base64:ed "Save items"-content from Burp (From search + proxy history)
☆54Feb 26, 2025Updated last year
GCMiner / GCMiner
View on GitHub
Artifact for ICSE 2023
☆50Sep 24, 2022Updated 3 years ago
ManasHarsh / Astra
View on GitHub
A tool for Subdomain takeovers detection
☆26Oct 21, 2022Updated 3 years ago
hahwul / fuzzstone
View on GitHub
My fuzz repo!
☆22Jul 28, 2023Updated 2 years ago
amalmurali47 / swagroutes
View on GitHub
swagroutes is a command-line tool that extracts and lists API routes from Swagger files in YAML or JSON format.
☆61Apr 23, 2023Updated 2 years ago
georlav / objectmap
View on GitHub
A Simple command line tool that helps checking web applications to identify insecure deserialization vulnerabilities.
☆24Jul 10, 2019Updated 6 years ago
honoki / bbrf-client
View on GitHub
The Bug Bounty Reconnaissance Framework (BBRF) can help you coordinate your reconnaissance workflows across multiple devices
☆641Jul 7, 2025Updated 8 months ago
jhaddix / awsScrape
View on GitHub
A tool to scrape the AWS ranges looking for a keyword in SSL certificate data.
☆239Jan 10, 2024Updated 2 years ago
Static-Flow / ParameterMiner
View on GitHub
Built on a lazy Sunday after seeing this tweet (https://twitter.com/intigriti/status/1272145863868104705?s=20) I present to you, Paramete…
☆51Jun 14, 2020Updated 5 years ago
0xacb / recollapse
View on GitHub
REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications
☆1,293Aug 7, 2025Updated 7 months ago
proditis / bugbounty-cicd
View on GitHub
A set of Gitlab pipelines and Github workflows to automate and ease on BugBounty and Penetration Testing engagements
☆28Dec 18, 2022Updated 3 years ago
cyal1 / PyBurp
View on GitHub
PyBurp is a Burp Suite extension that provides predefined Python functions for HTTP/WebSocket traffic modification, context menu registra…
☆38Dec 28, 2025Updated 2 months ago
kh4sh3i / ElasticSearch-Pentesting
View on GitHub
ElasticSearch exploit and Pentesting guide for penetration tester
☆30Nov 9, 2022Updated 3 years ago
Rhynorater / rebindMultiA
View on GitHub
☆63Mar 1, 2023Updated 3 years ago
nikitastupin / param-miner-doc
View on GitHub
Unofficial documentation for the great tool Param Miner
☆184Aug 21, 2022Updated 3 years ago
jzheaux / spel-injection
View on GitHub
An intentionally-vulnerable application for demonstrating the hazards of SpEL expression composition
☆28Apr 17, 2018Updated 7 years ago
ethiack / CVE-2023-29007
View on GitHub
PoC repository for CVE-2023-29007
☆36Apr 26, 2023Updated 2 years ago
michael1026 / trashcompactor
View on GitHub
☆66Nov 29, 2022Updated 3 years ago
visma-prodsec / confused
View on GitHub
Tool to check for dependency confusion vulnerabilities in multiple package management systems
☆778Aug 19, 2024Updated last year
shoebpate1 / Web-CTF-Challenges
View on GitHub
Collection of quirky behaviours of code and the CTF challenges that I made around them.
☆27Jan 27, 2021Updated 5 years ago
lc / jenkinz
View on GitHub
Retrieve the complete build history for every job ever created and executed on a given Jenkins instance.
☆67Apr 25, 2025Updated 10 months ago
kleiton0x00 / ppmap
View on GitHub
A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.
☆519Jun 22, 2022Updated 3 years ago
trickest / enumerepo
View on GitHub
List all public repositories for (valid) GitHub usernames
☆76Sep 25, 2023Updated 2 years ago
kiber-io / apkd
View on GitHub
APK downloader from few sources
☆135Aug 18, 2025Updated 6 months ago
KTH-LangSec / server-side-prototype-pollution
View on GitHub
A collection of Server-Side Prototype Pollution gadgets and exploits
☆227Feb 6, 2025Updated last year