matthiaskaiser/jmet

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/matthiaskaiser/jmet)

matthiaskaiser / jmet

Java Message Exploitation Tool

☆511

Alternatives and similar repositories for jmet

Users that are interested in jmet are comparing it to the libraries listed below

Sorting:

NickstaDB / BaRMIe
View on GitHub
Java RMI enumeration and attack tool.
☆743Sep 28, 2017Updated 8 years ago
GrrrDog / Java-Deserialization-Cheat-Sheet
View on GitHub
The cheat sheet about Java Deserialization vulnerabilities
☆3,167May 26, 2023Updated 2 years ago
pwntester / SerialKillerBypassGadgetCollection
View on GitHub
Collection of bypass gadgets to extend and wrap ysoserial payloads
☆387Apr 16, 2022Updated 3 years ago
Coalfire-Research / java-deserialization-exploits
View on GitHub
A collection of curated Java Deserialization Exploits
☆591May 16, 2021Updated 4 years ago
joaomatosf / jexboss
View on GitHub
JexBoss: Jboss (and Java Deserialization Vulnerabilities) verify and EXploitation Tool
☆2,514Jan 21, 2020Updated 6 years ago
pwntester / JRE8u20_RCE_Gadget
View on GitHub
JRE8u20_RCE_Gadget
☆255Jul 1, 2016Updated 9 years ago
mbechler / serianalyzer
View on GitHub
A static byte code analyzer for Java deserialization gadget research
☆252Apr 17, 2017Updated 8 years ago
JackOfMostTrades / gadgetinspector
View on GitHub
A byte code analyzer for finding deserialization gadget chains in Java applications
☆1,079Jun 15, 2021Updated 4 years ago
mbechler / marshalsec
View on GitHub
☆3,660Jan 9, 2025Updated last year
codewhitesec / ColdFusionPwn
View on GitHub
Exploitation Tool for CVE-2017-3066 targeting Adobe Coldfusion 11/12
☆96Oct 18, 2022Updated 3 years ago
federicodotta / Java-Deserialization-Scanner
View on GitHub
All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities
☆799Nov 7, 2021Updated 4 years ago
wh1t3p1g / ysomap
View on GitHub
A helpful Java Deserialization exploit framework.
☆1,240Feb 17, 2025Updated last year
mogwaisec / mjet
View on GitHub
Mogwai Java Management Extensions (JMX) Exploitation Toolkit
☆174Jul 21, 2016Updated 9 years ago
nccgroup / freddy
View on GitHub
Automatically identify deserialisation issues in Java and .NET applications by using active and passive scans
☆584Sep 7, 2021Updated 4 years ago
BishopFox / GadgetProbe
View on GitHub
Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.
☆613Mar 4, 2021Updated 5 years ago
NickstaDB / SerialBrute
View on GitHub
Java serialization brute force attack tool.
☆123Aug 18, 2017Updated 8 years ago
welk1n / JNDI-Injection-Bypass
View on GitHub
Some payloads of JNDI Injection in JDK 1.8.0_191+
☆484Dec 9, 2020Updated 5 years ago
frohoff / ysoserial
View on GitHub
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
☆8,765Dec 4, 2025Updated 3 months ago
BishopFox / rmiscout
View on GitHub
RMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities
☆446Sep 7, 2022Updated 3 years ago
veracode-research / solr-injection
View on GitHub
Apache Solr Injection Research
☆579Jan 28, 2020Updated 6 years ago
5up3rc / weblogic_cmd
View on GitHub
weblogic t3 deserialization rce
☆268Jul 13, 2017Updated 8 years ago
NickstaDB / SerializationDumper
View on GitHub
A tool to dump Java serialization streams in a more human readable form.
☆1,065Jun 21, 2024Updated last year
joaomatosf / JavaDeserH2HC
View on GitHub
Sample codes written for the Hackers to Hackers Conference magazine 2017 (H2HC).
☆521Mar 11, 2022Updated 3 years ago
c0ny1 / java-object-searcher
View on GitHub
java内存对象搜索辅助工具
☆823Sep 23, 2022Updated 3 years ago
shengqi158 / fastjson-remote-code-execute-poc
View on GitHub
fastjson remote code execute poc 直接用intellij IDEA打开即可首先编译得到Test.class，然后运行Poc.java
☆403Dec 16, 2022Updated 3 years ago
feihong-cs / Java-Rce-Echo
View on GitHub
Java RCE 回显测试代码
☆1,016Oct 15, 2020Updated 5 years ago
ilmila / J2EEScan
View on GitHub
J2EEScan is a plugin for Burp Suite Proxy. The goal of this plugin is to improve the test coverage during web application penetration tes…
☆678Oct 29, 2025Updated 4 months ago
pwntester / ysoserial.net
View on GitHub
Deserialization payload generator for a variety of .NET formatters
☆3,679Dec 23, 2024Updated last year
mogwailabs / mjet
View on GitHub
MOGWAI LABS JMX exploitation toolkit
☆206Mar 13, 2023Updated 2 years ago
lufeirider / CVE-2019-2725
View on GitHub
CVE-2019-2725 命令回显
☆436May 8, 2023Updated 2 years ago
LeadroyaL / fastjson-blacklist
View on GitHub
☆835Jun 7, 2022Updated 3 years ago
qtc-de / remote-method-guesser
View on GitHub
Java RMI Vulnerability Scanner
☆915Jul 3, 2024Updated last year
threedr3am / learnjavabug
View on GitHub
Java安全相关的漏洞和技术demo，原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security…
☆2,689Mar 14, 2024Updated last year
mpgn / CVE-2019-0192
View on GitHub
RCE on Apache Solr using deserialization of untrusted data via jmx.serviceUrl
☆210Mar 10, 2019Updated 6 years ago
TheTwitchy / xxer
View on GitHub
A blind XXE injection callback handler. Uses HTTP and FTP to extract information. Originally written in Ruby by ONsec-Lab.
☆518Jul 29, 2020Updated 5 years ago
5wimming / gadgetinspector
View on GitHub
利用链、漏洞检测工具
☆373Jul 31, 2024Updated last year
wyzxxz / jndi_tool
View on GitHub
JNDI服务利用工具 RMI/LDAP，支持部分场景回显、内存shell，高版本JDK场景下利用等，fastjson rce命令执行，log4j rce命令执行漏洞检测辅助工具
☆2,012May 21, 2024Updated last year
c0ny1 / FastjsonExploit
View on GitHub
Fastjson vulnerability quickly exploits the framework（fastjson漏洞快速利用框架）
☆1,389Dec 16, 2022Updated 3 years ago
Cryin / JavaID
View on GitHub
java source code static code analysis and danger function identify prog
☆534Feb 18, 2019Updated 7 years ago