uknowsec/BurpSuite-Extender-fastjson external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

uknowsec/BurpSuite-Extender-fastjson

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/uknowsec/BurpSuite-Extender-fastjson)

Close

uknowsec / BurpSuite-Extender-fastjsonView on GitHubMore

• External links
• Readme badge

Reference：https://www.w2n1ck.com/article/44/

☆155Mar 7, 2020Updated 6 years ago

Alternatives and similar repositories for BurpSuite-Extender-fastjson

Users that are interested in BurpSuite-Extender-fastjson are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• jas502n / Shiro_Xray

  View on GitHub
  CommonsBeanutils1,CommonsCollectionsK1
  ☆58Nov 16, 2020Updated 5 years ago
• uknowsec / SharpToolsAggressor

  View on GitHub
  内网渗透中常用的c#程序整合成cs脚本，直接内存加载。持续更新~
  ☆500Feb 13, 2020Updated 6 years ago
• potats0 / shiroPoc

  View on GitHub
  ☆319Jun 4, 2021Updated 4 years ago
• c0ny1 / FastjsonExploit

  View on GitHub
  Fastjson vulnerability quickly exploits the framework（fastjson漏洞快速利用框架）
  ☆1,394Dec 16, 2022Updated 3 years ago
• 1120362990 / vulnerability-list

  View on GitHub
  在渗透测试中快速检测常见中间件、组件的高危漏洞。
  ☆728Mar 21, 2022Updated 4 years ago
• Wordpress hosting with auto-scaling - Free Trial • Ad
  Fully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
• uknowsec / loginlog_windows

  View on GitHub
  读取登录过本机的登录失败或登录成功的所有计算机信息，在内网渗透中快速定位运维管理人员。
  ☆222Sep 30, 2019Updated 6 years ago
• broken5 / WebAliveScan

  View on GitHub
  对目标域名进行快速的存活扫描、简单的指纹识别、目录扫描
  ☆914Dec 8, 2022Updated 3 years ago
• dr0op / WeblogicScan

  View on GitHub
  增强版WeblogicScan、检测结果更精确、插件化、添加CVE-2019-2618，CVE-2019-2729检测，Python3支持
  ☆967Jun 16, 2024Updated last year
• wyzxxz / jndi_tool

  View on GitHub
  JNDI服务利用工具 RMI/LDAP，支持部分场景回显、内存shell，高版本JDK场景下利用等，fastjson rce命令执行，log4j rce命令执行 漏洞检测辅助工具
  ☆2,016May 21, 2024Updated last year
• boy-hack / wooyun-payload

  View on GitHub
  从wooyun中提取的payload，以及burp插件
  ☆841Jun 17, 2022Updated 3 years ago
• phink-team / Cobaltstrike-MS17-010

  View on GitHub
  cobaltstrike ms17-010 module and some other
  ☆418Jun 13, 2019Updated 6 years ago
• Y4er / fastjson-bypass-autotype-1.2.68

  View on GitHub
  fastjson bypass autotype 1.2.68 with Throwable and AutoCloseable.
  ☆229Oct 12, 2022Updated 3 years ago
• zilong3033 / fastjsonScan

  View on GitHub
  fastjson漏洞burp插件，检测fastjson<1.2.68基于dnslog，fastjson<=1.2.24和1.2.33<=fatjson<=1.2.47的不出网检测和TomcatEcho,SpringEcho回显方案。
  ☆126May 14, 2021Updated 4 years ago
• sv3nbeast / ShiroScan

  View on GitHub
  Shiro<=1.2.4反序列化，一键检测工具
  ☆987Mar 4, 2021Updated 5 years ago
• AI Agents on DigitalOcean Gradient AI Platform • Ad
  Build production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
• uknowsec / frpModify

  View on GitHub
  修改frp支持域前置与配置文件自删除
  ☆398Dec 31, 2020Updated 5 years ago
• feihong-cs / ShiroExploit-Deprecated

  View on GitHub
  Shiro550/Shiro721 一键化利用工具，支持多种回显方式
  ☆1,957Jun 4, 2021Updated 4 years ago
• LandGrey / ClassHound

  View on GitHub
  利用任意文件下载漏洞循环下载反编译 Class 文件获得网站 Java 源代码
  ☆713May 10, 2021Updated 4 years ago
• LangziFun / LangSrcCurise

  View on GitHub
  SRC子域名资产监控
  ☆1,298Jan 14, 2021Updated 5 years ago
• theLSA / CS-checklist

  View on GitHub
  PC客户端（C-S架构）渗透测试checklist / Client side(C-S) penetration checklist
  ☆668Feb 24, 2021Updated 5 years ago
• wyzxxz / shiro_rce_tool

  View on GitHub
  shiro 反序列 命令执行辅助检测工具
  ☆1,572May 21, 2024Updated last year
• firstC99 / fastjson-1.2.47-RCE

  View on GitHub
  Fastjson <= 1.2.47 远程命令执行漏洞利用工具及方法
  ☆401Jan 24, 2025Updated last year
• Y4er / CVE-2020-2551

  View on GitHub
  Weblogic IIOP CVE-2020-2551
  ☆338Apr 7, 2020Updated 6 years ago
• 7dog7 / bottleneckOsmosis

  View on GitHub
  瓶颈渗透,web渗透,red红队,fuzz param,注释,js字典,ctf
  ☆720Jul 20, 2022Updated 3 years ago
• Serverless GPU API endpoints on Runpod - Bonus Credits • Ad
  Skip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
• ShiHuang-ESec / EHole

  View on GitHub
  EHole(棱洞)-红队重点攻击系统指纹探测工具
  ☆471Jan 27, 2021Updated 5 years ago
• rabbitmask / SB-Actuator

  View on GitHub
  Spring Boot Actuator未授权访问【XXE、RCE】单/多目标检测
  ☆521May 21, 2020Updated 5 years ago
• dr0op / shiro-550-with-NoCC

  View on GitHub
  Shiro-550 不依赖CC链利用工具
  ☆451Jun 19, 2024Updated last year
• TheKingOfDuck / burpJsEncrypter

  View on GitHub
  More Easier Burp Extension To Solve Javascript Front End Encryption,一款更易使用的解决前端加密问题的Burp插件。
  ☆46Apr 15, 2020Updated 6 years ago
• TEag1e / BurpCollector

  View on GitHub
  通过BurpSuite来构建自己的爆破字典，可以通过字典爆破来发现隐藏资产。
  ☆502Jan 30, 2024Updated 2 years ago
• jiangsir404 / POC-S

  View on GitHub
  POC-T强化版本 POC-S , 用于红蓝对抗中快速验证Web应用漏洞， 对功能进行强化以及脚本进行分类添加，自带dnslog等, 平台补充来自vulhub靶机及其他开源项目的高可用POC
  ☆358Mar 12, 2020Updated 6 years ago
• dpu / coremail-address-book

  View on GitHub
  📧Coremail邮件系统组织通讯录导出脚本
  ☆158Sep 28, 2021Updated 4 years ago
• Ares-X / shiro-exploit

  View on GitHub
  Shiro反序列化利用工具，支持新版本(AES-GCM)Shiro的key爆破，配合ysoserial，生成回显Payload
  ☆897May 28, 2021Updated 4 years ago
• lilifengcode / Burpsuite-Plugins-Usage

  View on GitHub
  Burpsuite-Plugins-Usage
  ☆518Mar 28, 2026Updated 2 weeks ago
• Managed Database hosting by DigitalOcean • Ad
  PostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
• Echocipher / AUTO-EARN

  View on GitHub
  一个利用OneForAll进行子域收集、Shodan API端口扫描、Xray漏洞Fuzz、Server酱的自动化漏洞扫描、即时通知提醒的漏洞挖掘辅助工具
  ☆739Dec 8, 2022Updated 3 years ago
• threedr3am / tomcat-cluster-session-sync-exp

  View on GitHub
  tomcat使用了自带session同步功能时，不安全的配置（没有使用EncryptInterceptor）导致存在的反序列化漏洞，通过精心构造的数据包， 可以对使用了tomcat自带session同步功能的服务器进行攻击。PS:这个不是CVE-2020-9484，9484…
  ☆213May 19, 2020Updated 5 years ago
• c0ny1 / chunked-coding-converter

  View on GitHub
  Burp suite 分块传输辅助插件
  ☆2,031Feb 23, 2022Updated 4 years ago
• feihong-cs / JspMaster-Deprecated

  View on GitHub
  一款基于webshell命令执行功能实现的GUI webshell管理工具，支持流量加密
  ☆220Jun 4, 2021Updated 4 years ago
• CTF-MissFeng / bayonet

  View on GitHub
  bayonet是一款src资产管理系统，从子域名、端口服务、漏洞、爬虫等一体化的资产管理系统
  ☆1,514Nov 22, 2022Updated 3 years ago
• grayddq / EBurst

  View on GitHub
  这个脚本主要提供对Exchange邮件服务器的账户爆破功能，集成了现有主流接口的爆破方式。
  ☆340May 22, 2023Updated 2 years ago
• CTF-MissFeng / Watchdog

  View on GitHub
  Watchdog是bayonet修改版，重新优化了数据库及web及扫描程序,加入多节点
  ☆626Dec 8, 2022Updated 3 years ago