xmsec / redis-ssrf
redis ssrf gopher generater & redis ssrf to rce by master-slave-sync
☆82Updated 4 years ago
Related projects ⓘ
Alternatives and complementary repositories for redis-ssrf
- RMI 反序列化环境 一步步☆211Updated 4 years ago
- attackRmi☆250Updated 4 years ago
- ☆145Updated 3 years ago
- fastjson bypass autotype 1.2.68 with Throwable and AutoCloseable.☆223Updated 2 years ago
- A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.☆101Updated 4 years ago
- This tool generates gopher link for exploiting SSRF and gaining RCE in redis with password.用于生成附带密码认证的gopher内容,用于SSRF等利用。☆110Updated 5 years ago
- ☆95Updated last year
- Flask 内存马☆308Updated 3 years ago
- Redis RCE 的几种方法☆90Updated 5 months ago
- 用于WebLogic poc及exp测试的基础脚本,后续将集成各版本poc库☆94Updated 4 years ago
- Security tool to encode/decode Golang web-frameworks' client-side session cookie which use `gorilla/securecookie` or `gorilla/sessions`, …☆36Updated 5 years ago
- 解密weblogic AES或DES加密方法☆225Updated 3 years ago
- tomcat使用了自带session同步功能时,不安全的配置(没有使用EncryptInterceptor)导致存在的反序列化漏洞,通过精心构造的数据包, 可以对使用了tomcat自带session同步功能的服务器进行攻击。PS:这个不是CVE-2020-9484,9484…☆213Updated 4 years ago
- SpringBoot Actuator未授权自动化利用,支持信息泄漏/RCE☆232Updated 3 years ago
- weblogic t3 deserialization rce☆264Updated 7 years ago
- A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.☆179Updated 3 years ago
- 一款高效的参数fuzz工具|A faster param fuzzing test tool☆99Updated 4 years ago
- 一个针对防御 log4j2 CVE-2021-44228 漏洞的 RASP 工具。 A Runtime Application Self-Protection module specifically designed for log4j2 RCE (CVE-2021-442…☆122Updated 2 years ago
- shiro-cve-2020-17523 漏洞的两种绕过姿势分析 以及配套的漏洞环境☆114Updated 3 years ago
- Web端POC-EXP 整理☆99Updated 3 years ago
- 帮助java环境下任意文件下载情况自动化读取源码的小工具☆166Updated 5 years ago
- 一个子域名接管检测工具☆137Updated 3 years ago
- WIP: Demo for Attacking Apereo CAS☆85Updated 4 years ago
- struts2 漏洞环境源代码☆75Updated 2 years ago
- MySQL JDBC Deserialization Payload / MySQL客户端jdbc反序列化漏洞payload☆13Updated 4 years ago