java实现反序列化建立socket连接
☆60Dec 27, 2024Updated last year
Alternatives and similar repositories for javasocket
Users that are interested in javasocket are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- ☆20Feb 27, 2022Updated 4 years ago
- 一个普通的BOF用来BypassUAC☆22Apr 6, 2024Updated last year
- sf is an efficient subdomain brute-forcing tool☆16Oct 13, 2023Updated 2 years ago
- "chanzi" is a simple and user-friendly JAVA SAST tool that utilizes taint analysis technology, includes built-in common vulnerability ru…☆484Feb 1, 2026Updated last month
- 如果反序列化过程中使用resolveClass拉黑了TemplatesImpl如何绕过☆53Sep 10, 2023Updated 2 years ago
- 一款支持自定义的 Java 回显载荷生成工具|A customizable Java echo payload generation tool.☆462Jan 12, 2025Updated last year
- Java漏洞调试分析集合☆91Mar 11, 2024Updated 2 years ago
- 递归寻找JS泄露的路径�。Recursively search for the paths of JS Files.For pentest☆11Sep 30, 2024Updated last year
- ☆26Dec 13, 2024Updated last year
- 使用 agent 实现反序列化 utf8 overlong☆84Apr 24, 2024Updated last year
- 用java实现构造openwire协议,利用activeMQ < 5.18.3 RCE 回显利用 内存马注入☆288Nov 20, 2023Updated 2 years ago
- CVE-2024-36401 图形化利用工具,支持各个JDK版本利用以及回显、内存马实现☆39Jul 16, 2025Updated 8 months ago
- xxl-job漏洞综合利用工具☆143Jun 3, 2025Updated 9 months ago
- 一键报文解码,HVV,蓝队防守利器☆24Sep 27, 2024Updated last year
- 某软最新公开gadgegt,新加入不出网利用。☆89Sep 6, 2024Updated last year
- riverPass 是一个用Go编写的瑞数WAF绕过工具。它利用了WebSocket协议,将请求发送的自身浏览器中,从而绕过了瑞数WAF的检测。☆234Oct 18, 2024Updated last year
- 一款专注于 Java 主流 Web 中间件的内存马快速生成工具,致力于简化安全研究人员和红队成员的工作流程,提升攻防效率☆1,355Mar 4, 2026Updated 2 weeks ago
- 记录一些代码审计过的源码☆182Feb 26, 2025Updated last year
- java-agent内存马一键注入服务器维权工具,支持自定义路径、校验和内存马内容。☆126Nov 4, 2025Updated 4 months ago
- Confluence CVE 2021,2022,2023 利用工具,支持命令执行,哥斯拉,冰蝎 内存马注入☆555Feb 1, 2024Updated 2 years ago
- 无需文件落地Agent内存马生成器☆249May 30, 2024Updated last year
- 一个轮子,用于渗透测试优化的 DNS/HTTP 日志工具,简洁、轻便、更易于使用。☆16Sep 29, 2024Updated last year
- ☆30Dec 6, 2024Updated last year
- JavaGadgetGenerator 工具,支持 ysoserial,Hessian,字节码,Expr/SSTI,Shiro,JDBC 等 Gadget 生成,封装,混淆,出网延迟探测,内存马注入等...☆552Dec 7, 2025Updated 3 months ago
- 命令执行写任意文件,主要用于命令执行但不出网情况☆31Sep 9, 2023Updated 2 years ago
- CVE-2023-22527 内存马注入工具☆76Feb 21, 2024Updated 2 years ago
- ☆15Jul 21, 2025Updated 8 months ago
- 用友的一些反序列化链子以及1day,二开了狼组的YongYouNcTool,改了一下逻辑以及poc☆124Oct 12, 2024Updated last year
- GeoServer(CVE-2024-36401/CVE-2024-36404)漏洞利用工具☆121Jan 17, 2025Updated last year
- ysoSimple:简易的Java漏洞利用工具,集成Java反序列化,Hessian反序列化,XStream反序列化,SnakeYaml反序列化,Shiro550,JSF反序列化,SSTI模板注入,JdbcAttackPayload,JNDIAttack,字节码生成。☆108Jan 20, 2026Updated 2 months ago
- 主要用于隐藏进程真实路径,进程带windows真签名☆119Oct 15, 2024Updated last year
- 《深入JDBC安全:特殊URL构造与不出网反序列化利用技术揭秘》对应研究总结项目 "Deep Dive into JDBC Security: Special URL Construction and Non-Networked Deserialization Explo…☆572Feb 7, 2026Updated last month
- 一款用Go语言编写的数据库自动化提权工具,支持Mysql、MSSQL、Postgresql、Oracle、Redis数据库提权、命令执行、爆破以及ssh连接☆860Aug 30, 2023Updated 2 years ago
- proof-of-concept for generating Java deserialization payload | Proxy MemShell☆223Jun 8, 2024Updated last year
- 检测域内常见一把梭漏洞,包括:NoPac、ZeroLogon、CVE-2022-26923、PrintNightMare☆79Oct 23, 2023Updated 2 years ago
- 多功能 java agent 内存马☆514Oct 8, 2023Updated 2 years ago
- MDUT-Extend(扩展版本)☆798Dec 19, 2024Updated last year
- xxl-job内存马☆227Jan 26, 2025Updated last year
- Binary Hollowing☆95Sep 10, 2024Updated last year