用于WebLogic poc及exp测试的基础脚本,后续将集成各版本poc库
☆94Nov 4, 2020Updated 5 years ago
Alternatives and similar repositories for WebLogic_Basic_Poc
Users that are interested in WebLogic_Basic_Poc are comparing it to the libraries listed below
Sorting:
- 适用于weblogic和Tomcat的无文件的内存马(memshell)☆269Mar 4, 2022Updated 3 years ago
- 该项目是通过go语言实现防止rmi利用被反置的问题。☆44Dec 30, 2021Updated 4 years ago
- WebLogic利用CVE-2020-2883打Shiro rememberMe反序列化漏洞,一键注册蚁剑filter内存shell☆535Aug 25, 2020Updated 5 years ago
- TaiO 的定位是一款用于攻击方对靶标资产梳理,快速定位脆弱资产的网络空间测绘工具☆75Mar 9, 2022Updated 3 years ago
- SpringBoot Actuator未授权自动化利用,支持信息泄漏/RCE☆230Dec 5, 2020Updated 5 years ago
- some struts tag , attributes which out of the range will call SetDynamicAttribute() function, it will cause ONGL expression execute☆70Dec 14, 2020Updated 5 years ago
- CVE-2020-10199 回显版本☆31Jun 24, 2024Updated last year
- Shiro-550 不依赖CC链利用工具☆451Jun 19, 2024Updated last year
- AntSword(蚁剑)全参数流量XOR和Base64加伪装WebShell☆163Sep 28, 2021Updated 4 years ago
- exchange-ssrf-rce☆78Mar 14, 2021Updated 4 years ago
- Some payloads of JNDI Injection in JDK 1.8.0_191+☆484Dec 9, 2020Updated 5 years ago
- 影子用户 克隆☆233Dec 30, 2021Updated 4 years ago
- JDBC Connection URL Attack☆440Sep 10, 2021Updated 4 years ago
- Log4j_dos_CVE-2021-45105☆13Dec 19, 2021Updated 4 years ago
- ☆69Aug 11, 2020Updated 5 years ago
- tomcat使用了自带session同步功能时,不安全的配置(没有使用EncryptInterceptor)导致存在的反序列化漏洞,通过精心构造的数据包, 可以对使用了tomcat自带session同步功能的服务器进行攻击。PS:这个不是CVE-2020-9484,9484…☆212May 19, 2020Updated 5 years ago
- RCE for old gitlab version <= 11.4.7 & 12.4.0-12.8.1 and LFI for old gitlab versions 10.4 - 12.8.1☆155Dec 16, 2020Updated 5 years ago
- SQL 注入利用工具,存在waf的情况下自定义编写tamper脚本 dump数据☆288Aug 13, 2020Updated 5 years ago
- 用cel-go重现了长亭xray的poc检测功能的轮子☆297Jun 24, 2022Updated 3 years ago
- spring boot Fat Jar 任意写文件漏洞到稳定 RCE 利用技巧☆754Apr 14, 2021Updated 4 years ago
- A JSP backdoor that enables under Tomcat hiding arbitrary JSP files, in addition to their access logs.☆216Mar 31, 2019Updated 6 years ago
- 内网域渗透小工具☆734Apr 20, 2021Updated 4 years ago
- CVE-2022-22947☆222Mar 3, 2022Updated 3 years ago
- 用CSharp写的一款信息搜集工具,目前支持Navicat、TeamView、Xshell、SecureCRT产品的密码解密☆251Aug 26, 2020Updated 5 years ago
- 基于向日葵RCE的本地权限提升,无需指定端口☆210Feb 24, 2022Updated 4 years ago
- CVE-2021-4034, For Webshell Version.☆35Jan 27, 2022Updated 4 years ago
- 帮助java环境下任意文件下载情况自动化读取源码的小工具☆167Apr 5, 2019Updated 6 years ago
- Sample Spring application to Demonstrate the Gateway Actuator☆48Mar 3, 2022Updated 3 years ago
- 搜集了市面上绝大部分weblogic解密方式,整理了7种解密weblogic的方法及响应工具。☆833Nov 7, 2023Updated 2 years ago
- Struts2漏洞扫描利用工具 - Golang版. Struts2 Scanner Written in Golang☆572Jan 10, 2022Updated 4 years ago
- A exploit tool for Grafana Unauthorized arbitrary file reading vulnerability (CVE-2021-43798), it can burst plugins / extract secret_key …☆268Oct 17, 2025Updated 4 months ago
- Collect JSP webshell of various implementation methods. 梳理和发现的JSP Webshell各种姿势☆1,404Jan 18, 2022Updated 4 years ago
- 利用任意文件下载漏洞循环下载反编译 Class 文件获得网站 Java 源代码☆711May 10, 2021Updated 4 years ago
- 卸载冰蝎内存马☆68Apr 13, 2021Updated 4 years ago
- backway是一款跨平台远程控制工具,在启动之后,会新建一个http服务,可通过该服务进行远程控制。☆16Feb 10, 2022Updated 4 years ago
- 记录weblogic的一些漏洞原理☆16Nov 4, 2021Updated 4 years ago
- Shiro反序列化回显利用、内存shell、检查 Burp插件☆217Sep 1, 2022Updated 3 years ago
- woodpecker框架weblogic信息探测插件☆185Mar 23, 2022Updated 3 years ago
- fastjson 1.2.68 版本 autotype bypass☆142Jun 17, 2022Updated 3 years ago