ASP.NET View State Decoder
☆121May 1, 2025Updated 10 months ago
Alternatives and similar repositories for viewstate
Users that are interested in viewstate are comparing it to the libraries listed below
Sorting:
- Small tool to decode ASP.NET __VIEWSTATE variable when doing webpentests☆15Feb 27, 2021Updated 5 years ago
- Viewgen is a ViewState tool capable of generating both signed and encrypted payloads with leaked validation keys☆659Feb 1, 2025Updated last year
- Parse unencrypted .NET ViewState objects with JavaScript☆21Dec 3, 2021Updated 4 years ago
- Viewstate Hidden Control Enumerator☆17Sep 12, 2013Updated 12 years ago
- A C# web handler that is vulnerable to XXE with PoC. This is to serve as an example of what vulnerable C# code looks like.☆26Aug 10, 2013Updated 12 years ago
- Burp Suite AMF Extension☆48Sep 24, 2018Updated 7 years ago
- PHP 8 Sandbox Escape☆68Feb 28, 2026Updated 3 weeks ago
- Deserialization payload generator for a variety of .NET formatters☆3,691Dec 23, 2024Updated last year
- Repository to hold materials for DefCon_RESTing presentation by Dinis, Abe and Alvaro☆53Aug 5, 2013Updated 12 years ago
- Native Java serialization filter blacklist for common gadgets☆20Sep 12, 2019Updated 6 years ago
- A fastjson payload generator☆59Oct 13, 2020Updated 5 years ago
- Slides/Demos from the BSides Munich 2019 talk "Attacking Java RMI in 2019"☆101Sep 20, 2019Updated 6 years ago
- 2 web tasks from ZeroNights HackQuest 2016☆50Mar 24, 2017Updated 8 years ago
- Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.☆612Mar 4, 2021Updated 5 years ago
- Collection of bypass gadgets to extend and wrap ysoserial payloads☆387Apr 16, 2022Updated 3 years ago
- ☆23Feb 9, 2018Updated 8 years ago
- Journey to learning frida android.☆11Apr 23, 2019Updated 6 years ago
- Proof of concept written in Python to show that in some situations a SSRF vulnerability can be used to steal NTLMv1/v2 hashes.☆57Dec 18, 2017Updated 8 years ago
- 🐱💻 Poc of CVE-2019-7238 - Nexus Repository Manager 3 Remote Code Execution 🐱💻☆153Feb 25, 2019Updated 7 years ago
- Sysmon Config Pusher - Modernized☆34Jan 7, 2026Updated 2 months ago
- ☆101Nov 10, 2021Updated 4 years ago
- RMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities☆447Sep 7, 2022Updated 3 years ago
- Short handy snippets from the @mwrlabs team☆20Jan 30, 2018Updated 8 years ago
- bSidesLisbon 2016 event contents☆10Dec 14, 2016Updated 9 years ago
- attackRmi☆258Oct 14, 2020Updated 5 years ago
- Burp and ZAP plugin to analyse Content-Security-Policy headers or generate template CSP configuration from crawling a Website☆141Apr 29, 2020Updated 5 years ago
- JRE8u20_RCE_Gadget☆255Jul 1, 2016Updated 9 years ago
- A Python based tool to convert custom queries from Legacy BloodHound to BloodHound CE format, with the option to directly upload them to …☆37Oct 1, 2025Updated 5 months ago
- Remote Desktop Protocol in Twisted Python☆26Apr 13, 2018Updated 7 years ago
- Burp Suite Collaborator HTTP API☆45May 27, 2018Updated 7 years ago
- Bypassing disabled exec functions in PHP (c) CRLF☆405Oct 2, 2020Updated 5 years ago
- project-blacklist3r☆635Oct 3, 2025Updated 5 months ago
- Automatically identify deserialisation issues in Java and .NET applications by using active and passive scans☆583Sep 7, 2021Updated 4 years ago
- ☆11Aug 26, 2014Updated 11 years ago
- Extract Juniper firewall usernames and hashes and put into a John the Ripper format for cracking☆13Jul 4, 2014Updated 11 years ago
- Proof of concept showing how java byte code can be injected through InitialContext.lookup() calls☆42Jan 22, 2016Updated 10 years ago
- Java RMI enumeration and attack tool.☆745Sep 28, 2017Updated 8 years ago
- Web Server that serves a single file and keeps the connection open until user releases it.☆74Nov 27, 2013Updated 12 years ago
- POC for XStream RCE☆13Dec 23, 2013Updated 12 years ago