Proof of concept showing how java byte code can be injected through InitialContext.lookup() calls
☆42Jan 22, 2016Updated 10 years ago
Alternatives and similar repositories for jndipoc
Users that are interested in jndipoc are comparing it to the libraries listed below
Sorting:
- Proof of concept exploit, showing how to do bytecode injection through untrusted deserialization with Spring Framework 4.2.4☆116May 17, 2019Updated 6 years ago
- Payload generator for Java Binary Deserialization attack with Commons FileUpload (CVE-2013-2186)☆38Apr 14, 2016Updated 9 years ago
- Simple socket-based gateway to the Burp Collaborator☆34Nov 23, 2016Updated 9 years ago
- A static byte code analyzer for Java deserialization gadget research☆252Apr 17, 2017Updated 8 years ago
- 一款存储HTTP请求入库的burpsuite插件☆29Apr 8, 2018Updated 7 years ago
- An evolving hacking framework written in python☆11Jan 11, 2015Updated 11 years ago
- Scan SSL based TCP services, ips, ports and network ranges to obtain certificate expiry data. Get automated alerts about certificates exp…☆29Feb 20, 2016Updated 10 years ago
- java unserialize vulnerability payload☆21Apr 20, 2019Updated 6 years ago
- ☆10Aug 8, 2015Updated 10 years ago
- Burp extension for decoding WCF-gzipped requests.☆12Jan 25, 2016Updated 10 years ago
- Mogwai Java Management Extensions (JMX) Exploitation Toolkit☆174Jul 21, 2016Updated 9 years ago
- laravel 5.8 rce pop chain☆26Oct 27, 2019Updated 6 years ago
- Scan networks for HTTP servers, do stuff when you find them.☆13Sep 11, 2017Updated 8 years ago
- Build a search engine from nmap XML files☆20Aug 19, 2014Updated 11 years ago
- SSH Ranking system! :D (re-write of ssh-fail-watcher)☆26Dec 20, 2014Updated 11 years ago
- POC for XStream RCE☆13Dec 23, 2013Updated 12 years ago
- Exploit kit analyzer☆22Mar 3, 2015Updated 11 years ago
- Example code for following along with my "Broken, Abandoned, and Forgotten Code" blog series☆25Aug 19, 2018Updated 7 years ago
- 个人用于在自动化挖掘gadget时,方便查找gadget chains中class所在jar包,以助于便捷审计测试gadget有效性的那么一个小工具。☆60Mar 25, 2020Updated 5 years ago
- Collection of bypass gadgets to extend and wrap ysoserial payloads☆387Apr 16, 2022Updated 3 years ago
- JRE8u20_RCE_Gadget☆255Jul 1, 2016Updated 9 years ago
- PoC to tunnel the Meterpreter reverse HTTP shell over RDP Virtual Channels☆67Feb 23, 2015Updated 11 years ago
- PoC for Scala and Groovy☆14Apr 4, 2016Updated 9 years ago
- PySC - Download shellcode from a remote DNS server (using TXT records) or through Internet Explorer (using SSPI to utilize system-wide p…☆36Dec 27, 2013Updated 12 years ago
- Collection of IDA Pro plugins I wrote over the years☆24May 8, 2010Updated 15 years ago
- ☆85Dec 6, 2019Updated 6 years ago
- JavaPayload is a collection of pure Java payloads to be used for post-exploitation from pure Java exploits or from common misconfiguratio…☆125Jan 20, 2025Updated last year
- The official exploit for Cacti v1.2.8 Remote Code Execution CVE-2020-8813☆68Feb 22, 2020Updated 6 years ago
- A fake JDBC driver that allows OS command execution.☆125Oct 2, 2022Updated 3 years ago
- CVE-2019-8449 Exploit for Jira v2.1 - v8.3.4☆68Feb 3, 2020Updated 6 years ago
- This project has been done with Chen as part of system security course at SBU CS.☆12Dec 14, 2014Updated 11 years ago
- A semi fast tool to bruteforce values of LDAP injections over HTTP.☆14Dec 4, 2013Updated 12 years ago
- 2 web tasks from ZeroNights HackQuest 2016☆50Mar 24, 2017Updated 8 years ago
- some java code i met or i used☆29May 7, 2019Updated 6 years ago
- A collection of curated Java Deserialization Exploits☆591May 16, 2021Updated 4 years ago
- An API for consuming all the memory of Java apps using deserialization☆28Jan 10, 2016Updated 10 years ago
- A simple example of dropping a PHP backdoor on a pfSense firewall over xmlrpc.php☆20Apr 16, 2015Updated 10 years ago
- use the Apple CoreText exploit (CVE-2012-3716) and launch an AP to affect all devices within wifi range☆21Jan 12, 2015Updated 11 years ago
- Test for leaking DNS queries (i.e. if you're on a VPN)☆21May 19, 2014Updated 11 years ago