phith0n / zkar

ZKar is a Java serialization protocol analysis tool implement in Go.

☆605

Alternatives and similar repositories for zkar:

Users that are interested in zkar are comparing it to the libraries listed below

LandGrey / spring-boot-upload-file-lead-to-rce-tricks
spring boot Fat Jar 任意写文件漏洞到稳定 RCE 利用技巧
☆693Updated 3 years ago
woodpecker-framework / ysoserial-for-woodpecker
给woodpecker框架量身定制的ysoserial
☆547Updated 2 years ago
feihong-cs / Java-Rce-Echo
Java RCE 回显测试代码
☆1,004Updated 4 years ago
su18 / JDBC-Attack
JDBC Connection URL Attack
☆397Updated 3 years ago
rmb122 / rogue_mysql_server
A rouge mysql server supports reading files from most mysql libraries of multiple programming languages.
☆701Updated 2 years ago
5wimming / gadgetinspector
利用链、漏洞检测工具
☆367Updated 5 months ago
cckuailong / JNDI-Injection-Exploit-Plus
80+ Gadgets(30 More than ysoserial). JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and provide background serv…
☆760Updated 7 months ago
su18 / MemoryShell
JavaWeb MemoryShell Inject/Scan/Killer/Protect Research & Exploring
☆601Updated 3 years ago
4ra1n / code-inspector
JavaWeb漏洞审计工具，构建方法调用链并模拟栈帧进行分析
☆326Updated last year
exp1orer / JNDI-Inject-Exploit
解决FastJson、Jackson、Log4j2、原生JNDI注入漏洞的高版本JDKBypass利用，探测本地可用反序列化gadget达到命令执行、回显命令执行、内存马注入
☆693Updated 3 years ago
su18 / hack-fastjson-1.2.80
☆499Updated 2 years ago
c0ny1 / java-object-searcher
java内存对象搜索辅助工具
☆797Updated 2 years ago
feihong-cs / memShell
FilterBased/ServletBased in memory shell for Tomcat and some other middlewares
☆360Updated 4 years ago
zema1 / ysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
☆352Updated 2 years ago
Bl0omZ / JNDIEXP
JNDI在java高版本的利用工具,FUZZ利用链
☆545Updated 2 years ago
chennqqi / godnslog
An exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability
☆469Updated last year
Y4er / dotnet-deserialization
dotnet 反序列化学习笔记
☆447Updated last year
bit4woo / burp-api-drops
burp插件开发指南
☆611Updated 3 years ago
threedr3am / ZhouYu
（周瑜）Java - SpringBoot 持久化 WebShell 学习demo（不仅仅是SpringBoot，适合任何符合JavaEE规范的服务）
☆590Updated 3 years ago
Y4er / ysoserial
ysoserial修改版，着重修改ysoserial.payloads.util.Gadgets.createTemplatesImpl使其可以通过引入自定义class的形式来执行命令、内存马、反序列化回显。
☆653Updated last year
LandGrey / copagent
java memory web shell extracting tool
☆421Updated 3 years ago
rebeyond / JNDInjector
一个高度可定制化的JNDI和Java反序列化利用工具
☆460Updated 2 years ago
0x727 / JNDIExploit
一款用于JNDI注入利用的工具，大量参考/引用了Rogue JNDI项目的代码，支持直接植入内存shell，并集成了常见的bypass 高版本JDK的方式，适用于与自动化工具配合使用。
☆308Updated 2 years ago
pwntester / 0day
各种CMS、各种平台、各种系统、各种软件漏洞的EXP、POC 该项目将不断更新
☆265Updated 2 years ago
JDArmy / DCSec
域控安全one for all
☆730Updated 4 months ago
Y4er / WebLogic-Shiro-shell
WebLogic利用CVE-2020-2883打Shiro rememberMe反序列化漏洞，一键注册蚁剑filter内存shell
☆531Updated 4 years ago
threedr3am / gadgetinspector
一个利用ASM对字节码进行污点传播分析的静态代码审计应用（添加了大量代码注释，适合大家进行源码学习）。也加入了挖掘Fastjson反序列化gadget chains和SQLInject（JdbcTemplate、MyBatis、JPA、Hibernate、原生jdbc等）静…
☆446Updated 2 years ago
Dliv3 / redis-rogue-server
Redis 4.x/5.x RCE
☆535Updated 4 years ago
achuna33 / Memoryshell-JavaALL
收集内存马打入方式
☆496Updated 2 years ago
Ares-X / shiro-exploit
Shiro反序列化利用工具，支持新版本(AES-GCM)Shiro的key爆破，配合ysoserial，生成回显Payload
☆888Updated 3 years ago