Repository navigation

#

jndi

qi4L / JYso 

JNDIExploit or a ysoserial.

Javaattackjndi-injectionweb-securitymem-shellmiddleware-echojndildaprmigadgetysoserial
Java
1580
17 天前
feihong-cs / JNDIExploit 

A malicious LDAP server for JNDI injection attacks

jndijndibypassjep290
Java
953
3 年前
cckuailong / JNDI-Injection-Exploit-Plus 

80+ Gadgets(30 More than ysoserial). JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and provide background services by starting RMI server,LDAP server and HTTP server.

ExploitinjectionJavajndiysoserial
Java
782
10 个月前
wuba / Antenna 

Antenna是58同城安全团队打造的一款辅助安全从业人员验证网络中多种漏洞是否存在以及可利用性的工具。其基于带外应用安全测试(OAST)通过任务的形式,将不同漏洞场景检测能力通过插件的形式进行集合,通过与目标进行out-bind的数据通信方式进行辅助检测。

oastantennaftpHTTPjsonpldapMySQLrmixssDjangoPythonCybersecuritydnslogvulnerability-scannersjndi
JavaScript
717
2 年前
Whoopsunix / JavaRce 

Common Exploitation Techniques for Java RCE Vulnerabilities in Real-World Scenarios | 实战场景较通用的 Java Rce 相关漏洞的利用方式

commandexpressionjdbcmemshellserializationJavainjectjndircermivul
Java
509
1 个月前
X1r0z / JNDIMap 

JNDI 注入利用工具, 支持 RMI, LDAP 和 LDAPS 协议, 包含多种高版本 JDK 绕过方式 | A JNDI injection exploit tool that supports RMI, LDAP and LDAPS protocols, including a variety of methods to bypass higher-version JDK

Javajndildaprmibypassdeserializejdbc
Java
405
6 个月前
0x727 / JNDIExploit 

一款用于JNDI注入利用的工具,大量参考/引用了Rogue JNDI项目的代码,支持直接植入内存shell,并集成了常见的bypass 高版本JDK的方式,适用于与自动化工具配合使用。

jndiexpExploitjndiexploit
Java
324
3 年前
r00tSe7en / JNDIMonitor 

一个LDAP请求监听器,摆脱dnslog平台

jndildaplog4j2
Java
287
2 年前
alexbakker / log4shell-tools 

Tool that runs a test to check whether one of your applications is affected by the recent vulnerabilities in log4j: CVE-2021-44228 and CVE-2021-45046

log4jlog4shellcve-2021-44228jndildapdnscve-2021-45046
Go
86
1 年前
zhzyker / logmap 

Log4j jndi injection fuzz tool

Fuzzing/Fuzz testinglog4j2injectionjndicve-2021-44228log4shellcve-2021-45046
Python
70
3 年前
future-client / CVE-2021-44228 

Abuse Log4J CVE-2021-44228 to patch CVE-2021-44228 in vulnerable Minecraft game sessions to prevent exploitation in the session :)

cve-2021-44228log4j我的世界Exploitrceldapjndi
Java
67
3 年前
For-ACGN / Log4Shell 

Check, exploit, generate class, obfuscate, TLS, ACME about log4j2 vulnerability in one Go program.

log4j2Exploitpoclog4shellcve-2021-44228obfuscateacmejndildapJava
Go
57
3 年前
cokeBeer / pyyso 

pyyso is a Python package that generate java serialized poc. Including CommonsCollections1-7, JDK7u21, JDK8u20, ldap for jndi, shiro-550, CommonsBeanutils1 no cc, JRMPClient, high version JDK Bypass, Fake MySQL for JDBC attack

JavajndiPythonrmiserializationExploitgadgetpocshiroldapjdbcMySQL
Python
52
2 年前
HackJava / JNDI 

《JNDI-深入理解Java万恶之源》

hackjava0e0wjndi
37
1 年前
Al1ex / CVE-2021-2109 

CVE-2021-2109 && Weblogic Server RCE via JNDI

weblogicrcejndi
Java
30
4 年前
juliojsb / jboss-cli-snippets-compilation 

A repository of Jboss CLI snippets

jboss命令行界面datasourcejndisnippetswildflyJavaredhatapplication-server
26
6 年前
ChloePrime / fix4log4j 

log4j0dayfixMinecraft Modjndildap
Java
19
3 年前
ncredinburgh / secure-tomcat-datasourcefactory 

A drop in replacement for the standard Tomcat DataSourceFactory that allows the database connection password to be encrypted using a symmetric key for the purposes of security.

tomcat安全encryptionjndipassworddatasource
Java
15
5 年前
LeakIX / l9fuzz 

Help fuzz various protocols and waits for ping backs Integrates LDAP server and JNDI payload

log4jjndifuzzertcp
Go
12
3 年前
LoliKingdom / NukeJndiLookupFromLog4j 

Selection of ways to remove JndiLookup in now obsolete Minecraft versions, or versions that still have log4j < 2.10 and is unable to use `-Dlog4j2.formatMsgNoLookups=true`

jndi我的世界log4j2log4jExploitrce安全Java
Java
12
3 年前