JavaPayload is a collection of pure Java payloads to be used for post-exploitation from pure Java exploits or from common misconfigurations (like not password protected Tomcat manager or debugger port).
☆125Jan 20, 2025Updated last year
Alternatives and similar repositories for JavaPayload
Users that are interested in JavaPayload are comparing it to the libraries listed below
Sorting:
- JRE8u20_RCE_Gadget☆255Jul 1, 2016Updated 9 years ago
- Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.☆613Mar 4, 2021Updated 4 years ago
- Java RMI enumeration and attack tool.☆745Sep 28, 2017Updated 8 years ago
- Proof of concept exploit, showing how to do bytecode injection through untrusted deserialization with Spring Framework 4.2.4☆116May 17, 2019Updated 6 years ago
- Strstr with user-supplied needle and filename as a BOF.☆32Sep 27, 2021Updated 4 years ago
- Java Untrusted Deserialization Exploits Tools☆67Dec 13, 2015Updated 10 years ago
- DOOM是在thorn上实现的分布式任务分发的ip端口漏洞扫描器☆136Dec 1, 2015Updated 10 years ago
- A domain/ip fuzzing tool for vulnerability mining☆99Mar 13, 2015Updated 10 years ago
- Proof of concept showing how java byte code can be injected through InitialContext.lookup() calls☆42Jan 22, 2016Updated 10 years ago
- Collection of bypass gadgets to extend and wrap ysoserial payloads☆386Apr 16, 2022Updated 3 years ago
- ☆78Oct 28, 2015Updated 10 years ago
- ☆131Jun 17, 2022Updated 3 years ago
- IDS Bypass tricks☆122Jan 11, 2019Updated 7 years ago
- fastjson remote code execute poc 直接用intellij IDEA打开即可 首先编译得到Test.class,然后运行Poc.java☆403Dec 16, 2022Updated 3 years ago
- RCE Exploit PoC for XMLDecoder☆63Aug 1, 2013Updated 12 years ago
- Web Security Technology & Vulnerability Analysis Whitepapers☆549Jan 1, 2019Updated 7 years ago
- based on search engine and get the valid infomation to test the vulnerability☆16Jun 16, 2016Updated 9 years ago
- Spring messaging STOMP protocol RCE☆113Apr 12, 2018Updated 7 years ago
- An example project that exploits the default typing issue in Jackson-databind via Spring application contexts and expressions☆124Jan 9, 2018Updated 8 years ago
- Jenkins RCE PoC. From unauthenticated user to remote code execution, it's a hacker's dream!☆297Jun 10, 2019Updated 6 years ago
- A static byte code analyzer for Java deserialization gadget research☆252Apr 17, 2017Updated 8 years ago
- Java-Web-Security - Sichere Webanwendungen mit Java entwickeln☆220Feb 19, 2026Updated last week
- ssrf、ssrfIntranetFuzz、dnsRebinding、recordEncode、dnsPoisoning、Support ipv4/ipv6☆217Aug 17, 2017Updated 8 years ago
- a plenty of poc based on python☆290Jun 10, 2017Updated 8 years ago
- Exploit PoC for Spring RCE issue (CVE-2011-2894)☆44Dec 17, 2023Updated 2 years ago
- A lightweight batch scanning framework based on gevent.☆48Jun 22, 2018Updated 7 years ago
- http://x0day.me/archives/bannerscan-py.html☆53Sep 4, 2014Updated 11 years ago
- python audit tool 审计 注入 inject☆182Feb 25, 2016Updated 10 years ago
- A Java runtime information-gathering tool which uses the Java Attach API for information acquisition☆204Apr 26, 2021Updated 4 years ago
- some java code i met or i used☆29May 7, 2019Updated 6 years ago
- A collection of curated Java Deserialization Exploits☆591May 16, 2021Updated 4 years ago
- ☆133Nov 6, 2015Updated 10 years ago
- Reverse TCP Port to UDP Forwarding Tools☆160Nov 11, 2016Updated 9 years ago
- fofa website☆360Oct 1, 2020Updated 5 years ago
- Feigong,针对各种情况自由变化的mysql注入脚本,In view of the different things freely change the mysql injection script☆107Jan 24, 2017Updated 9 years ago
- Tests for different parsers from Ruby, Python, .NET, PHP, Perl, Java☆55Jul 21, 2016Updated 9 years ago
- attackRmi☆258Oct 14, 2020Updated 5 years ago
- 用于扫描git,svn泄露☆78Jul 29, 2015Updated 10 years ago
- A tool to dump Java serialization streams in a more human readable form.☆1,066Jun 21, 2024Updated last year