A portable, padding oracle exploit API
☆332Dec 1, 2022Updated 3 years ago
Alternatives and similar repositories for python-paddingoracle
Users that are interested in python-paddingoracle are comparing it to the libraries listed below
Sorting:
- Automated script for performing Padding Oracle attacks☆803Jul 13, 2024Updated last year
- ☆92Jan 17, 2019Updated 7 years ago
- JRE8u20_RCE_Gadget☆255Jul 1, 2016Updated 9 years ago
- ☆23Nov 18, 2015Updated 10 years ago
- Java RMI enumeration and attack tool.☆745Sep 28, 2017Updated 8 years ago
- Collection of bypass gadgets to extend and wrap ysoserial payloads☆387Apr 16, 2022Updated 3 years ago
- The cheat sheet about Java Deserialization vulnerabilities☆3,164May 26, 2023Updated 2 years ago
- All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities☆799Nov 7, 2021Updated 4 years ago
- Python Implementation of a .NET Padding Oracle Assessment Tool☆31Dec 17, 2015Updated 10 years ago
- Mogwai Java Management Extensions (JMX) Exploitation Toolkit☆174Jul 21, 2016Updated 9 years ago
- Server-Side Template Injection and Code Injection Detection and Exploitation Tool☆4,120Apr 21, 2024Updated last year
- PowerShell Scripts I find useful☆776May 18, 2016Updated 9 years ago
- Shiro RCE (Padding Oracle Attack)☆148Nov 15, 2019Updated 6 years ago
- SSRF Proxy facilitates tunneling HTTP communications through servers vulnerable to Server-Side Request Forgery.☆479Jan 1, 2018Updated 8 years ago
- A proof of concept that demonstrates asynchronous scanning for Java deserialization bugs☆55Mar 27, 2017Updated 8 years ago
- ☆13Aug 18, 2016Updated 9 years ago
- A python reverse shell that uses DNS as the c2 channel☆507Oct 10, 2015Updated 10 years ago
- SHELLING - a comprehensive OS command injection payload generator☆446Mar 16, 2020Updated 5 years ago
- TCP/UDP Non-HTTP Proxy Extension (NoPE) for Burp Suite.☆1,655May 25, 2024Updated last year
- Script to test if a server is vulnerable to the JetLeak vulnerability☆144Jul 1, 2016Updated 9 years ago
- Automatically identify deserialisation issues in Java and .NET applications by using active and passive scans☆584Sep 7, 2021Updated 4 years ago
- Java-Web-Security - Sichere Webanwendungen mit Java entwickeln☆220Feb 19, 2026Updated last week
- ☆10Jan 4, 2015Updated 11 years ago
- Here comes the paintrain!☆11Aug 8, 2016Updated 9 years ago
- Frontend to import Nmap Scan in ES, and frontend to make search☆10Nov 16, 2014Updated 11 years ago
- Proof of concept showing how java byte code can be injected through InitialContext.lookup() calls☆42Jan 22, 2016Updated 10 years ago
- A tool to extract database data from a blind SQL injection vulnerability.☆32Jan 4, 2016Updated 10 years ago
- discuz-plugin-scan☆21Sep 23, 2015Updated 10 years ago
- Local enumeration and exploitation framework.☆18Aug 16, 2017Updated 8 years ago
- `wash` is a framework for creating and interfacing with trojans that can establish a "web shell" on a compromised web server. It is desig…☆31Nov 7, 2016Updated 9 years ago
- An automated script that download potential exploit for linux kernel from exploitdb, and compile them automatically☆496Sep 21, 2021Updated 4 years ago
- J2EEScan is a plugin for Burp Suite Proxy. The goal of this plugin is to improve the test coverage during web application penetration tes…☆677Oct 29, 2025Updated 4 months ago
- There is no pre-auth RCE in Jenkins since May 2017, but this is the one!☆607May 17, 2019Updated 6 years ago
- ☆501Mar 10, 2016Updated 9 years ago
- A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.☆8,765Dec 4, 2025Updated 2 months ago
- CVE-2019-2725 命令回显☆436May 8, 2023Updated 2 years ago
- Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.☆1,710Dec 1, 2024Updated last year
- A tool for embedding XXE/XML exploits into different filetypes☆1,130Dec 16, 2024Updated last year
- An automated, modular cryptanalysis tool; i.e., a Weapon of Math Destruction☆1,118Dec 2, 2021Updated 4 years ago