mogwailabs / deserialization-filter-blacklistsView external linksLinks
Native Java serialization filter blacklist for common gadgets
☆20Sep 12, 2019Updated 6 years ago
Alternatives and similar repositories for deserialization-filter-blacklists
Users that are interested in deserialization-filter-blacklists are comparing it to the libraries listed below
Sorting:
- Slides/Demos from the BSides Munich 2019 talk "Attacking Java RMI in 2019"☆101Sep 20, 2019Updated 6 years ago
- Native Java-based deserialization exploit for WebLogic T3 (and T3S) listeners.☆35Mar 2, 2020Updated 5 years ago
- https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet☆54Sep 11, 2021Updated 4 years ago
- 总结了一下2019年在JVM环境中使用XXE攻击的知识☆58Oct 31, 2019Updated 6 years ago
- MySQL JDBC Deserialization Payload / MySQL客户端jdbc反序列化漏洞payload☆13Feb 8, 2020Updated 6 years ago
- ☆131Jun 17, 2022Updated 3 years ago
- Java After-Deserialization Attack☆79Apr 26, 2021Updated 4 years ago
- Godzilla v1.0 source code☆38Aug 26, 2020Updated 5 years ago
- 个人用于在自动化挖掘gadget时,方便查找gadget chains中class所在jar包,以助于便捷审计测试gadget有效性的那么一个小工具。☆60Mar 25, 2020Updated 5 years ago
- ☆57Apr 27, 2020Updated 5 years ago
- java 漏洞平台包含各种CVE☆23Jun 17, 2022Updated 3 years ago
- Struts2 vuln env☆43Dec 6, 2022Updated 3 years ago
- A vulnerable application exposing Spring Boot Actuators☆123Feb 25, 2019Updated 6 years ago
- ☆10Jan 22, 2016Updated 10 years ago
- A simple way to evaluate the security of your Kubernetes deployment against sets of best practices defined by various community sources☆28Jan 31, 2020Updated 6 years ago
- 演示dubbo rpc Apache commons collections 的Java序列化漏洞☆42Nov 13, 2015Updated 10 years ago
- CTF stuff☆40Dec 5, 2022Updated 3 years ago
- This is an implementation of the Language Server Protocol for Jimple. It enables your IDE to provide code exploring features while workin…☆12Dec 15, 2023Updated 2 years ago
- 🚀Faster Github Monitor🚀☆104Jan 7, 2023Updated 3 years ago
- An example project that exploits the default typing issue in Jackson-databind via Spring application contexts and expressions☆124Jan 9, 2018Updated 8 years ago
- 一些Java RASP demo☆11Sep 26, 2019Updated 6 years ago
- ☆11Oct 10, 2018Updated 7 years ago
- attackRmi☆258Oct 14, 2020Updated 5 years ago
- A fake JDBC driver that allows OS command execution.☆125Oct 2, 2022Updated 3 years ago
- ☆78Jan 12, 2021Updated 5 years ago
- A Java runtime information-gathering tool which uses the Java Attach API for information acquisition☆204Apr 26, 2021Updated 4 years ago
- ☆28Jul 18, 2020Updated 5 years ago
- Binary rewriting approach with fork server support to fuzz Java applications with afl-fuzz.☆91May 3, 2018Updated 7 years ago
- 提取phpinfo()敏感信息☆11Nov 23, 2018Updated 7 years ago
- 从入门到放弃的产物,学习过程中用python实现的一个单点c2基本功能☆11Mar 11, 2020Updated 5 years ago
- 网络流量可配置嗅探,流量包解析,漏洞规则扫描☆84Apr 23, 2022Updated 3 years ago
- A command-line fuzzer for the Apache JServ Protocol (ajp13)☆95Nov 15, 2022Updated 3 years ago
- ☆14Apr 23, 2019Updated 6 years ago
- ☆16Jan 5, 2021Updated 5 years ago
- Adds extensibility to Burp by using a list of payloads to pattern match on HTTP responses highlighting interesting and potentially vulner…☆15Aug 4, 2023Updated 2 years ago
- My CTF Challenges. No one plays.☆13Dec 4, 2022Updated 3 years ago
- jre8u20 gadget☆34May 23, 2021Updated 4 years ago
- Java Agent which mitigates deserialisation attacks by making certain classes unserializable��☆191May 17, 2016Updated 9 years ago
- CVE-2018-8021 Proof-Of-Concept and Exploit☆106Dec 3, 2018Updated 7 years ago