shawnmckinney / remote-code-execution-sample
Demonstrate how usage of the Java Security Manager can prevent Remote Code Execution (RCE) exploits.
☆25Updated 9 months ago
Related projects: ⓘ
- Spring-Boot app for demonstrating security vulnaribilities☆13Updated 5 years ago
- ☆14Updated 5 years ago
- Java bytecode analyzer customizable via JSON rules☆74Updated 6 years ago
- A practical tool for bytecode manipulation and creating Managed Code Rootkits (MCRs) in the Java Runtime Environment☆56Updated 4 years ago
- Automatically exported from code.google.com/p/javasnoop☆27Updated 9 years ago
- Identify vulnerable libraries in Maven dependencies☆45Updated last year
- BURP extension to record every HTTP request send via BURP and create an audit trail log of an assessment.☆61Updated last month
- Serial Whitelist Application Trainer☆29Updated 5 years ago
- A static analysis API for finding deserialization attack gadgets☆37Updated last year
- Non-interactive Java debugger with Groovy☆79Updated 5 months ago
- Cloud security projects with Spring Cloud Config Server and Vault☆27Updated 2 weeks ago
- Primitive tool for exploring/querying Java classes via the Tinkerpop Gremlin graph traversal language☆103Updated 8 years ago
- A simple script to decrypt stored passwords from Oracle WebLogic Server configuration files☆30Updated 8 years ago
- Sample exploits of common vulnerabilities in Java librarires☆22Updated 9 months ago
- Vulnerability consolidation and management tool, enhances scan results by merging different findings of the same weakness across multiple…☆23Updated last year
- A PoC that shows that Web Vulnerabilities can indeed be interesting☆19Updated 6 years ago
- Java ClassLoader for Nashorn with Maven support. Allows to define any Java dependencies directly in scripts.☆12Updated 4 years ago
- Java Deserialization☆26Updated 7 years ago
- JSONPath extension for BurpSuite☆29Updated 4 months ago
- PoC for Scala and Groovy☆14Updated 8 years ago
- Apache Thrift Decoder☆31Updated 6 years ago
- Java tracing agent and live trace client☆73Updated last year
- ☆70Updated 7 years ago
- A framework for automating penetration testing using a plugin based architecture☆34Updated 2 years ago
- ☆10Updated this week
- An example project that exploits the default typing issue in Jackson-databind via Spring application contexts and expressions☆121Updated 6 years ago
- Cracker for Apache.lang.commons RandomStringUtils(). Code for "The Java Soothsayer" talk at EkoParty 2017 by Alejo Popovici.☆32Updated 6 years ago
- PoC materials to exploit CVE-2019-15846☆30Updated 4 years ago
- CVE-2019-3799 - Spring Cloud Config Server: Directory Traversal < 2.1.2, 2.0.4, 1.4.6☆31Updated 5 years ago
- A BurpSuite plugin to detect Same Origin Method Execution vulnerabilities☆60Updated 7 years ago