Additional materials for RootedCON 2015 Apache Struts talk
☆30Mar 6, 2015Updated 11 years ago
Alternatives and similar repositories for rooted2k15
Users that are interested in rooted2k15 are comparing it to the libraries listed below
Sorting:
- ☆22Nov 3, 2022Updated 3 years ago
- ☆34Sep 19, 2022Updated 3 years ago
- 在原版nps的基础上,增加了nps探测,以及对应的利用方式(如获取cookie,页面等),进行一些简单的二开。未经过大量测试,可能存在bug。☆21Aug 5, 2025Updated 7 months ago
- Fuzzing web services in style with nodejs☆10Aug 10, 2019Updated 6 years ago
- A Burp Extender plugin, that will take deserialized AMF objects and encode them in XML using the Xtream library☆27Apr 14, 2015Updated 10 years ago
- 大模型辅助SAST静态代码分析的Demo系统☆13Feb 19, 2025Updated last year
- ☆10May 17, 2023Updated 2 years ago
- PaddingZip is a tool that you can craft a zip file that contains the padding characters between the file content.☆81Aug 14, 2022Updated 3 years ago
- Invanti VPN Vulnerabilities for Jan - Feb 2024 - Links to Keep it all Organized☆16Feb 15, 2024Updated 2 years ago
- exploit dev. stuff☆20Aug 7, 2012Updated 13 years ago
- Show the application of fuzzy in penetration test~☆13Mar 11, 2022Updated 3 years ago
- Code audit (code review) with VIM.☆17Jan 3, 2025Updated last year
- 静态程序分析工具 主要生成方法的CFG和.java文件的AST☆133Jul 12, 2023Updated 2 years ago
- Scripts that can generate gopher payload.☆12Jun 26, 2020Updated 5 years ago
- ThinkPHP各版本反序列化利用代码☆32Aug 13, 2020Updated 5 years ago
- ☆15Dec 26, 2021Updated 4 years ago
- Android app to bypass SSL certificate validation (Certificate Pinning).☆16Feb 7, 2016Updated 10 years ago
- payloads☆15Mar 17, 2021Updated 4 years ago
- ☆17Sep 22, 2024Updated last year
- xosVer Get remote host os version info☆14Aug 20, 2015Updated 10 years ago
- A declarative static analysis tool for jvm bytecode based Datalog like CodeQL☆345Jan 6, 2024Updated 2 years ago
- Use java instrument API without JAR file☆47Jun 19, 2022Updated 3 years ago
- Fizzer is an assessment tool for fuzzing FIX messages.☆29Aug 18, 2021Updated 4 years ago
- springboot getRequestURI acl bypass☆37Oct 13, 2020Updated 5 years ago
- Utilities for creating Burp Suite Extensions.☆21Oct 31, 2024Updated last year
- A fuzzing library that allows creating malicious payloads based on Joi validator schemas.☆14Apr 20, 2015Updated 10 years ago
- Java After-Deserialization Attack☆79Apr 26, 2021Updated 4 years ago
- Burp Suite AMF Extension☆48Sep 24, 2018Updated 7 years ago
- 构造字节在ASCII范围内的jar☆139Feb 14, 2022Updated 4 years ago
- A list for Spring Security☆128Jan 16, 2024Updated 2 years ago
- An example project that exploits the default typing issue in Jackson-databind via Spring application contexts and expressions☆124Jan 9, 2018Updated 8 years ago
- Java agent without file 无文件的Java agent☆82Apr 7, 2022Updated 3 years ago
- BurpCSJ extension for Burp Pro - Crawljax Selenium JUnit integration☆34Dec 22, 2014Updated 11 years ago
- 补天自动化脚本提交☆19Jan 23, 2022Updated 4 years ago
- A Safer PoC for CVE-2022-22965 (Spring4Shell)☆44May 27, 2022Updated 3 years ago
- 病毒分析☆18Nov 14, 2019Updated 6 years ago
- CodeQL extractor for java, which don't need to compile java source☆348Nov 25, 2022Updated 3 years ago
- 通过分析类与成员间的关系来对抗Proguard混淆规则.Anti proguard through analysing classes and members' relationship☆96Jun 1, 2022Updated 3 years ago
- Study about HQL injection exploitation.☆51May 15, 2016Updated 9 years ago