pimps/JNDI-Exploit-Kit

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/pimps/JNDI-Exploit-Kit)

pimps / JNDI-Exploit-Kit

JNDI-Exploitation-Kit（A modified version of the great JNDI-Injection-Exploit created by @welk1n. This tool can be used to start an HTTP Server, RMI Server and LDAP Server to exploit java web apps vulnerable to JNDI Injection）

☆937

Alternatives and similar repositories for JNDI-Exploit-Kit

Users that are interested in JNDI-Exploit-Kit are comparing it to the libraries listed below

Sorting:

welk1n / JNDI-Injection-Exploit
View on GitHub
JNDI注入测试工具（A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc）
☆2,782Mar 22, 2023Updated 2 years ago
qtc-de / remote-method-guesser
View on GitHub
Java RMI Vulnerability Scanner
☆916Jul 3, 2024Updated last year
cube0x0 / noPac
View on GitHub
CVE-2021-42287/CVE-2021-42278 Scanner & Exploiter.
☆1,397Dec 16, 2021Updated 4 years ago
welk1n / JNDI-Injection-Bypass
View on GitHub
Some payloads of JNDI Injection in JDK 1.8.0_191+
☆484Dec 9, 2020Updated 5 years ago
Puliczek / CVE-2021-44228-PoC-log4j-bypass-words
View on GitHub
🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks
☆950Jan 15, 2022Updated 4 years ago
veracode-research / rogue-jndi
View on GitHub
A malicious LDAP server for JNDI injection attacks
☆1,076Sep 28, 2023Updated 2 years ago
pimps / ysoserial-modified
View on GitHub
That repository contains my updates to the well know java deserialization exploitation tool ysoserial.
☆185May 15, 2022Updated 3 years ago
BishopFox / GadgetProbe
View on GitHub
Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.
☆613Mar 4, 2021Updated 4 years ago
laluka / jolokia-exploitation-toolkit
View on GitHub
jolokia-exploitation-toolkit
☆310Dec 19, 2024Updated last year
topotam / PetitPotam
View on GitHub
PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.
☆2,179Aug 15, 2024Updated last year
feihong-cs / Java-Rce-Echo
View on GitHub
Java RCE 回显测试代码
☆1,016Oct 15, 2020Updated 5 years ago
mbechler / marshalsec
View on GitHub
☆3,658Jan 9, 2025Updated last year
cube0x0 / KrbRelay
View on GitHub
Framework for Kerberos relaying
☆937May 29, 2022Updated 3 years ago
cube0x0 / CVE-2021-1675
View on GitHub
C# and Impacket implementation of PrintNightmare CVE-2021-1675/CVE-2021-34527
☆1,966Jul 20, 2021Updated 4 years ago
whwlsfb / Log4j2Scan
View on GitHub
Log4j2 RCE Passive Scanner plugin for BurpSuite
☆830Aug 4, 2023Updated 2 years ago
antonioCoco / RemotePotato0
View on GitHub
Windows Privilege Escalation from User to Domain Admin.
☆1,439Dec 18, 2022Updated 3 years ago
woodpecker-appstore / log4j-payload-generator
View on GitHub
Log4j jndi injects the Payload generator
☆486Dec 13, 2021Updated 4 years ago
safebuffer / sam-the-admin
View on GitHub
Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user
☆1,041Jul 10, 2022Updated 3 years ago
GrrrDog / Java-Deserialization-Cheat-Sheet
View on GitHub
The cheat sheet about Java Deserialization vulnerabilities
☆3,164May 26, 2023Updated 2 years ago
optiv / ScareCrow
View on GitHub
ScareCrow - Payload creation framework designed around EDR bypass.
☆2,874Aug 18, 2023Updated 2 years ago
c3c / ADExplorerSnapshot
View on GitHub
ADExplorerSnapshot.py is an AD Explorer snapshot parser. It is made as an ingestor for BloodHound via BOFHound, and also supports full-ob…
☆1,053Jan 22, 2026Updated last month
pwntester / ysoserial.net
View on GitHub
Deserialization payload generator for a variety of .NET formatters
☆3,674Dec 23, 2024Updated last year
S3cur3Th1sSh1t / MultiPotato
View on GitHub
☆540Nov 20, 2021Updated 4 years ago
fortra / nanodump
View on GitHub
The swiss army knife of LSASS dumping
☆2,072Sep 17, 2024Updated last year
CCob / SweetPotato
View on GitHub
Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019
☆1,812Sep 4, 2024Updated last year
JamesCooteUK / SharpSphere
View on GitHub
.NET Project for Attacking vCenter
☆553Nov 11, 2021Updated 4 years ago
silentsignal / burp-log4shell
View on GitHub
Log4Shell scanner for Burp Suite
☆484Sep 24, 2023Updated 2 years ago
httpvoid / writeups
View on GitHub
☆1,200Sep 2, 2022Updated 3 years ago
BishopFox / rmiscout
View on GitHub
RMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities
☆446Sep 7, 2022Updated 3 years ago
wh1t3p1g / ysomap
View on GitHub
A helpful Java Deserialization exploit framework.
☆1,240Feb 17, 2025Updated last year
jas502n / Grafana-CVE-2021-43798
View on GitHub
Grafana Unauthorized arbitrary file reading vulnerability
☆367Feb 14, 2023Updated 3 years ago
phith0n / zkar
View on GitHub
ZKar is a Java serialization protocol analysis tool implement in Go.
☆647Feb 15, 2025Updated last year
fullhunt / log4j-scan
View on GitHub
A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228
☆3,436Nov 23, 2022Updated 3 years ago
CCob / lsarelayx
View on GitHub
NTLM relaying for Windows made easy
☆580Apr 25, 2023Updated 2 years ago
threedr3am / ZhouYu
View on GitHub
（周瑜）Java - SpringBoot 持久化 WebShell（不仅仅是SpringBoot，适合任何符合JavaEE规范的服务）
☆615Dec 29, 2021Updated 4 years ago
wyzxxz / jndi_tool
View on GitHub
JNDI服务利用工具 RMI/LDAP，支持部分场景回显、内存shell，高版本JDK场景下利用等，fastjson rce命令执行，log4j rce命令执行漏洞检测辅助工具
☆2,012May 21, 2024Updated last year
nettitude / SharpWSUS
View on GitHub
☆477Nov 20, 2022Updated 3 years ago
su18 / JDBC-Attack
View on GitHub
JDBC Connection URL Attack
☆440Sep 10, 2021Updated 4 years ago
mgeeky / cobalt-arsenal
View on GitHub
My collection of battle-tested Aggressor Scripts for Cobalt Strike 4.0+
☆1,097Apr 19, 2023Updated 2 years ago