hktalent / spring-spel-0day-pocLinks
spring-cloud / spring-cloud-function,spring.cloud.function.routing-expression,RCE,0day,0-day,POC,EXP,CVE-2022-22963
☆357Updated 2 years ago
Alternatives and similar repositories for spring-spel-0day-poc
Users that are interested in spring-spel-0day-poc are comparing it to the libraries listed below
Sorting:
- Remote Code Injection In Log4j☆467Updated 3 years ago
- 80+ Gadgets(30 More than ysoserial). JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and provide background serv…☆797Updated 11 months ago
- Shiro反序列化利用工具,支持新版本(AES-GCM)Shiro的key爆破,配合ysoserial,生成回显Payload☆893Updated 4 years ago
- ZKar is a Java serialization protocol analysis tool implement in Go.☆616Updated 3 months ago
- Java RCE 回显测试代码☆1,012Updated 4 years ago
- RevSuit is a flexible and powerful reverse connection platform designed for receiving connection from target host in penetration.☆539Updated 2 years ago
- A malicious LDAP server for JNDI injection attacks☆322Updated 3 years ago
- BurpBounty 魔改版本☆417Updated 3 years ago
- 一个简单的Fastjson反序列化检测burp插件☆923Updated 3 years ago
- Msmap is a Memory WebShell Generator.☆583Updated 2 years ago
- TerraformGoat is HXSecurity research lab's "Vulnerable by Design" multi cloud deployment tool.☆591Updated 2 years ago
- OpenSource Poc && Vulnerable-Target Storage Box.☆682Updated 2 years ago
- 各种CMS、各种平台、各种系统、各种软件漏洞的EXP、POC 该项目将不断更新☆269Updated 3 years ago
- SpringScan 漏洞检测 Burp插件☆598Updated last year
- CVE-2021-21972 Exploit☆492Updated last year
- 一款用于JNDI注入利用的工具,大量参考/引用了Rogue JNDI项目的代码,支持直接植入内存shell,并集成了常见的bypass 高版本JDK的方式,适用于与自动化工具配合使用。☆334Updated 2 years ago
- 域控安全one for all☆734Updated 8 months ago
- Fastjson扫描器,可识别版本、依赖库、autoType状态等。A tool to distinguish fastjson ,version and dependency☆1,027Updated 2 years ago
- Windows Elevation(持续更新)☆654Updated 3 years ago
- A rouge mysql server supports reading files from most mysql libraries of multiple programming languages.☆722Updated 2 years ago
- Bypass firewall for traffic forwarding using webshell☆1,406Updated 3 years ago
- MySQL Fake Server use to help MySQL Client File Reading and JDBC Client Java Deserialize☆1,305Updated 3 years ago
- 一键调用subfinder+ksubdomain+httpx 强强联合 从域名发现-->域名验证-->获取域名标题、状态码以及响应大小 最后保存结果,简化重复操作命令☆334Updated 3 years ago
- A helpful Java Deserialization exploit framework.☆1,217Updated 3 months ago
- 冰蝎Java WebShell自动化免杀生成☆778Updated 3 years ago
- Gosint is a distributed asset information collection and vulnerability scanning platform☆424Updated 2 years ago
- An exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability☆471Updated last year
- A Burp Extender for checking for struts 2 RCE vulnerabilities.☆285Updated last year
- Vulnerabilities of Goby supported with exploitation.☆728Updated last month
- 事件驱动的渗透测试扫描器 Event-driven pentest scanner☆683Updated 11 months ago