RCE Exploit PoC for Spring based RESTFul APIs using XStream as Unmarshaler
☆20Dec 24, 2013Updated 12 years ago
Alternatives and similar repositories for XStreamServer
Users that are interested in XStreamServer are comparing it to the libraries listed below
Sorting:
- This application is developed to test the race condition vulnerability in the web application. We have discussed about this vulnerability…☆14Oct 1, 2016Updated 9 years ago
- Viewstate Hidden Control Enumerator☆17Sep 12, 2013Updated 12 years ago
- Conference Papers and Appendicies (USENIX Security, BlackHat, HITBSecConf, and BeVX)☆27Aug 6, 2023Updated 2 years ago
- Run DependencyCheck Against Your Orgs GitHub Repos.☆14Jan 5, 2018Updated 8 years ago
- Demo server for testing Java deserialization payloads☆15Sep 18, 2016Updated 9 years ago
- All the content from my Troopers 19 talk☆12Mar 20, 2019Updated 7 years ago
- Native Java-based deserialization exploit for WebLogic T3 (and T3S) listeners.☆35Mar 2, 2020Updated 6 years ago
- spring mvc cve-2014-3625☆32Mar 11, 2016Updated 10 years ago
- X41 BeanStack - Stack Trace Fingerprinting BETA☆53Dec 3, 2025Updated 3 months ago
- Journey to conquer the OSCP!☆13Apr 18, 2019Updated 6 years ago
- S2-055的环境,基于rest-show-case改造☆37Dec 7, 2017Updated 8 years ago
- Burp Suite plugin created for using Collaborator tool during manual testing in a comfortable way!☆104Jun 1, 2018Updated 7 years ago
- Updated version of ApiTracer Pin tool☆23Apr 22, 2018Updated 7 years ago
- A proof of concept for Metasploit's CVE-2019-5624 vulnerability (Rubyzip insecure ZIP handling RCE)☆13May 2, 2019Updated 6 years ago
- Scripts and auxiliary files for fuzzing PHP's unserialize function☆46Aug 13, 2017Updated 8 years ago
- Improved decoder for Burp Suite☆138Aug 30, 2021Updated 4 years ago
- intentionally vulnerable API☆30Sep 10, 2024Updated last year
- Ansible module for OWASP ZAP using Python API to scan web targets for security issues☆15Dec 3, 2017Updated 8 years ago
- A Java serializer in JavaScript☆80May 21, 2018Updated 7 years ago
- An offensive bash script which tries to find GENERIC privesc vulnerabilities and issues.☆13Oct 17, 2017Updated 8 years ago
- DoS PoC's for SAP products☆51Jan 23, 2018Updated 8 years ago
- A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.☆34Sep 19, 2016Updated 9 years ago
- 用于还原svn仓库,支持1.6,1.7☆26Jun 3, 2016Updated 9 years ago
- fastjson-1.2.47☆67Aug 5, 2019Updated 6 years ago
- CVE PoCs☆21Jul 16, 2020Updated 5 years ago
- A PoC that shows that Web Vulnerabilities can indeed be interesting☆20Mar 27, 2018Updated 7 years ago
- ☆16Jun 30, 2025Updated 8 months ago
- Python script to exploit java unserialize on t3 (Weblogic)☆61Aug 9, 2017Updated 8 years ago
- Simple python script to check against hypothetical JWT vulnerability.☆51Nov 29, 2020Updated 5 years ago
- Exploit for Jenkins serialization vulnerability - CVE-2016-0792☆49Aug 2, 2017Updated 8 years ago
- Application Security Vulnerability Periodic Table☆14Aug 25, 2014Updated 11 years ago
- ☆28Oct 16, 2017Updated 8 years ago
- Plattform to develop and experiment with existing java web attacks.☆31Jan 8, 2018Updated 8 years ago
- A static byte code analyzer for Java deserialization gadget research☆251Apr 17, 2017Updated 8 years ago
- Updated version of SWFIntruder☆27Aug 16, 2016Updated 9 years ago
- Proof of concept showing how java byte code can be injected through InitialContext.lookup() calls☆42Jan 22, 2016Updated 10 years ago
- Framework for Automated Security Testing that is Scaleable and Asynchronous built on Microservices☆18Oct 13, 2016Updated 9 years ago
- Vulnerable webapp testbed☆24May 11, 2016Updated 9 years ago
- cve-2014-0130 rails directory traversal vuln☆19May 15, 2017Updated 8 years ago