pimps/JNDI-Exploit-Kit

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/pimps/JNDI-Exploit-Kit)

pimps / JNDI-Exploit-Kit

JNDI-Exploitation-Kit（A modified version of the great JNDI-Injection-Exploit created by @welk1n. This tool can be used to start an HTTP Server, RMI Server and LDAP Server to exploit java web apps vulnerable to JNDI Injection）

☆937

Alternatives and similar repositories for JNDI-Exploit-Kit

Users that are interested in JNDI-Exploit-Kit are comparing it to the libraries listed below

Sorting:

welk1n / JNDI-Injection-Exploit
View on GitHub
JNDI注入测试工具（A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc）
☆2,792Mar 22, 2023Updated 2 years ago
qtc-de / remote-method-guesser
View on GitHub
Java RMI Vulnerability Scanner
☆915Jul 3, 2024Updated last year
welk1n / JNDI-Injection-Bypass
View on GitHub
Some payloads of JNDI Injection in JDK 1.8.0_191+
☆484Dec 9, 2020Updated 5 years ago
pimps / ysoserial-modified
View on GitHub
That repository contains my updates to the well know java deserialization exploitation tool ysoserial.
☆185May 15, 2022Updated 3 years ago
cube0x0 / noPac
View on GitHub
CVE-2021-42287/CVE-2021-42278 Scanner & Exploiter.
☆1,397Dec 16, 2021Updated 4 years ago
Puliczek / CVE-2021-44228-PoC-log4j-bypass-words
View on GitHub
🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks
☆950Jan 15, 2022Updated 4 years ago
veracode-research / rogue-jndi
View on GitHub
A malicious LDAP server for JNDI injection attacks
☆1,076Sep 28, 2023Updated 2 years ago
laluka / jolokia-exploitation-toolkit
View on GitHub
jolokia-exploitation-toolkit
☆311Dec 19, 2024Updated last year
feihong-cs / Java-Rce-Echo
View on GitHub
Java RCE 回显测试代码
☆1,015Oct 15, 2020Updated 5 years ago
BishopFox / GadgetProbe
View on GitHub
Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.
☆612Mar 4, 2021Updated 5 years ago
woodpecker-appstore / log4j-payload-generator
View on GitHub
Log4j jndi injects the Payload generator
☆486Dec 13, 2021Updated 4 years ago
mbechler / marshalsec
View on GitHub
☆3,661Jan 9, 2025Updated last year
topotam / PetitPotam
View on GitHub
PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.
☆2,196Aug 15, 2024Updated last year
S3cur3Th1sSh1t / MultiPotato
View on GitHub
☆538Nov 20, 2021Updated 4 years ago
GrrrDog / Java-Deserialization-Cheat-Sheet
View on GitHub
The cheat sheet about Java Deserialization vulnerabilities
☆3,172May 26, 2023Updated 2 years ago
cube0x0 / KrbRelay
View on GitHub
Framework for Kerberos relaying
☆938May 29, 2022Updated 3 years ago
whwlsfb / Log4j2Scan
View on GitHub
Log4j2 RCE Passive Scanner plugin for BurpSuite
☆829Aug 4, 2023Updated 2 years ago
antonioCoco / RemotePotato0
View on GitHub
Windows Privilege Escalation from User to Domain Admin.
☆1,451Dec 18, 2022Updated 3 years ago
c3c / ADExplorerSnapshot
View on GitHub
ADExplorerSnapshot.py is an AD Explorer snapshot parser. It is made as an ingestor for BloodHound via BOFHound, and also supports full-ob…
☆1,063Jan 22, 2026Updated last month
safebuffer / sam-the-admin
View on GitHub
Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user
☆1,043Jul 10, 2022Updated 3 years ago
silentsignal / burp-log4shell
View on GitHub
Log4Shell scanner for Burp Suite
☆484Sep 24, 2023Updated 2 years ago
cube0x0 / CVE-2021-1675
View on GitHub
C# and Impacket implementation of PrintNightmare CVE-2021-1675/CVE-2021-34527
☆1,970Jul 20, 2021Updated 4 years ago
pwntester / ysoserial.net
View on GitHub
Deserialization payload generator for a variety of .NET formatters
☆3,691Dec 23, 2024Updated last year
phith0n / zkar
View on GitHub
ZKar is a Java serialization protocol analysis tool implement in Go.
☆649Feb 15, 2025Updated last year
JamesCooteUK / SharpSphere
View on GitHub
.NET Project for Attacking vCenter
☆553Nov 11, 2021Updated 4 years ago
CCob / SweetPotato
View on GitHub
Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019
☆1,812Sep 4, 2024Updated last year
optiv / ScareCrow
View on GitHub
ScareCrow - Payload creation framework designed around EDR bypass.
☆2,880Aug 18, 2023Updated 2 years ago
threedr3am / ZhouYu
View on GitHub
（周瑜）Java - SpringBoot 持久化 WebShell（不仅仅是SpringBoot，适合任何符合JavaEE规范的服务）
☆614Dec 29, 2021Updated 4 years ago
BishopFox / rmiscout
View on GitHub
RMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities
☆447Sep 7, 2022Updated 3 years ago
fullhunt / log4j-scan
View on GitHub
A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228
☆3,434Nov 23, 2022Updated 3 years ago
dirkjanm / PKINITtools
View on GitHub
Tools for Kerberos PKINIT and relaying to AD CS
☆887Jan 3, 2025Updated last year
wyzxxz / jndi_tool
View on GitHub
JNDI服务利用工具 RMI/LDAP，支持部分场景回显、内存shell，高版本JDK场景下利用等，fastjson rce命令执行，log4j rce命令执行漏洞检测辅助工具
☆2,014May 21, 2024Updated last year
jas502n / Grafana-CVE-2021-43798
View on GitHub
Grafana Unauthorized arbitrary file reading vulnerability
☆368Feb 14, 2023Updated 3 years ago
nettitude / SharpWSUS
View on GitHub
☆479Nov 20, 2022Updated 3 years ago
fortra / nanodump
View on GitHub
The swiss army knife of LSASS dumping
☆2,081Sep 17, 2024Updated last year
wh1t3p1g / ysomap
View on GitHub
A helpful Java Deserialization exploit framework.
☆1,242Feb 17, 2025Updated last year
christophetd / log4shell-vulnerable-app
View on GitHub
Spring Boot web application vulnerable to Log4Shell (CVE-2021-44228).
☆1,139Apr 26, 2024Updated last year
httpvoid / writeups
View on GitHub
☆1,202Sep 2, 2022Updated 3 years ago
su18 / JDBC-Attack
View on GitHub
JDBC Connection URL Attack
☆441Sep 10, 2021Updated 4 years ago