mbechler / marshalsec
☆3,393Updated last year
Related projects ⓘ
Alternatives and complementary repositories for marshalsec
- A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.☆7,769Updated 7 months ago
- JNDI注入测试工具(A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc)☆2,591Updated last year
- The cheat sheet about Java Deserialization vulnerabilities☆3,032Updated last year
- This tool generates gopher link for exploiting SSRF and gaining RCE in various servers☆2,869Updated last year
- A malicious LDAP server for JNDI injection attacks☆1,010Updated last year
- A byte code analyzer for finding deserialization gadget chains in Java applications☆994Updated 3 years ago
- The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.☆3,026Updated 4 years ago
- Apache Log4j 远程代码执行☆75Updated last year
- JexBoss: Jboss (and Java Deserialization Vulnerabilities) verify and EXploitation Tool☆2,419Updated 4 years ago
- Server-Side Template Injection and Code Injection Detection and Exploitation Tool☆3,785Updated 6 months ago
- A tool to dump Java serialization streams in a more human readable form.☆988Updated 4 months ago
- pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.☆3,650Updated 6 months ago
- Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.☆1,538Updated 4 years ago
- Log4j2 RCE Passive Scanner plugin for BurpSuite☆771Updated last year
- PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.☆3,235Updated last month
- HackBar plugin for Burpsuite☆1,535Updated 3 years ago
- Java web common vulnerabilities and security code which is base on springboot and spring security☆2,415Updated 2 weeks ago
- Linux、macOS、Windows Kernel privilege escalation vulnerability collection, with compilation environment, demo GIF map, vulnerability detai…☆2,929Updated last year
- Automatic SSRF fuzzer and exploitation tool☆2,987Updated 5 months ago
- An OOB interaction gathering server and client library☆3,432Updated this week
- Neo-reGeorg is a project that seeks to aggressively refactor reGeorg☆2,893Updated last month
- SSRF (Server Side Request Forgery) testing resources☆2,344Updated last month
- A toolkit for testing, tweaking and cracking JSON Web Tokens☆5,432Updated 3 months ago
- Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.☆1,492Updated last week
- Linux privilege escalation auditing tool☆5,637Updated 8 months ago
- All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities☆775Updated 3 years ago
- Deserialization payload generator for a variety of .NET formatters☆3,221Updated 4 months ago
- The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala proje…☆2,280Updated 2 months ago
- WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.☆5,280Updated last month