jndi · GitHub Topics

qi4L / JYso

JNDIExploit or a ysoserial.

Java attack jndi-injection web-security mem-shell middleware-echo jndi ldap rmi gadget ysoserial

Java 1.55 k

2 天前

feihong-cs / JNDIExploit

A malicious LDAP server for JNDI injection attacks

翻译 - 用于 JNDI 注入攻击的恶意 LDAP 服务器

jndi jndibypass jep290

Java 953

3 年前

cckuailong / JNDI-Injection-Exploit-Plus

80+ Gadgets(30 More than ysoserial). JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and provide background services by starting RMI server,LDAP server and HTTP server.

Exploit injection Java jndi ysoserial

Java 768

9 个月前

wuba / Antenna

Antenna是58同城安全团队打造的一款辅助安全从业人员验证网络中多种漏洞是否存在以及可利用性的工具。其基于带外应用安全测试(OAST)通过任务的形式，将不同漏洞场景检测能力通过插件的形式进行集合，通过与目标进行out-bind的数据通信方式进行辅助检测。

oast antenna ftp HTTP jsonp ldap MySQL rmi xss Django Python Cybersecurity dnslog vulnerability-scanners jndi

JavaScript 716

2 年前

Whoopsunix / JavaRce

Common Exploitation Techniques for Java RCE Vulnerabilities in Real-World Scenarios | 实战场景较通用的 Java Rce 相关漏洞的利用方式

command expression jdbc memshell serialization Java inject jndi rce rmi vul

Java 503

7 天前

X1r0z / JNDIMap

JNDI 注入利用工具, 支持 RMI, LDAP 和 LDAPS 协议, 包含多种高版本 JDK 绕过方式 | A JNDI injection exploit tool that supports RMI, LDAP and LDAPS protocols, including a variety of methods to bypass higher-version JDK

Java jndi ldap rmi bypass deserialize jdbc

Java 379

5 个月前

0x727 / JNDIExploit

一款用于JNDI注入利用的工具，大量参考/引用了Rogue JNDI项目的代码，支持直接植入内存shell，并集成了常见的bypass 高版本JDK的方式，适用于与自动化工具配合使用。

jndi exp Exploit jndiexploit

Java 317

3 年前

r00tSe7en / JNDIMonitor

一个LDAP请求监听器，摆脱dnslog平台

jndi ldap log4j2

Java 286

2 年前

alexbakker / log4shell-tools

Tool that runs a test to check whether one of your applications is affected by the recent vulnerabilities in log4j: CVE-2021-44228 and CVE-2021-45046

log4j log4shell cve-2021-44228 jndi ldap dns cve-2021-45046

Go 86

1 年前

zhzyker / logmap

Log4j jndi injection fuzz tool

Fuzzing/Fuzz testing log4j2 injection jndi cve-2021-44228 log4shell cve-2021-45046

Python 70

3 年前

future-client / CVE-2021-44228

Abuse Log4J CVE-2021-44228 to patch CVE-2021-44228 in vulnerable Minecraft game sessions to prevent exploitation in the session :)

cve-2021-44228 log4j 我的世界 Exploit rce ldap jndi

Java 67

3 年前

For-ACGN / Log4Shell

Check, exploit, generate class, obfuscate, TLS, ACME about log4j2 vulnerability in one Go program.

log4j2 Exploit poc log4shell cve-2021-44228 obfuscate acme jndi ldap Java

Go 57

3 年前

cokeBeer / pyyso

pyyso is a Python package that generate java serialized poc. Including CommonsCollections1-7, JDK7u21, JDK8u20, ldap for jndi, shiro-550, CommonsBeanutils1 no cc, JRMPClient, high version JDK Bypass, ...

Java jndi Python rmi serialization Exploit gadget poc shiro ldap jdbc MySQL

Python 50

2 年前

HackJava / JNDI

《JNDI-深入理解Java万恶之源》

hackjava 0e0w jndi

1 年前

Al1ex / CVE-2021-2109

CVE-2021-2109 && Weblogic Server RCE via JNDI

weblogic rce jndi

Java 30

4 年前

juliojsb / jboss-cli-snippets-compilation

A repository of Jboss CLI snippets

jboss 命令行界面 datasource jndi snippets wildfly Java redhat application-server

6 年前

ChloePrime / fix4log4j

log4j 0day fix Minecraft Mod jndi ldap

Java 19

3 年前

ncredinburgh / secure-tomcat-datasourcefactory

#安全#A drop in replacement for the standard Tomcat DataSourceFactory that allows the database connection password to be encrypted using a symmetric key for the purposes of security.

tomcat 安全 encryption jndi password datasource

Java 15

5 年前

LoliKingdom / NukeJndiLookupFromLog4j

Selection of ways to remove JndiLookup in now obsolete Minecraft versions, or versions that still have log4j < 2.10 and is unable to use `-Dlog4j2.formatMsgNoLookups=true`

jndi 我的世界 log4j2 log4j Exploit rce 安全 Java

Java 12

3 年前

rakutentech / jndi-ldap-test-server

A minimalistic LDAP server that is meant for test vulnerability to JNDI+LDAP injection attacks in Java, especially CVE-2021-44228.

jndi ldap vulnerability-detection log4j log4j2

Go 11

3 年前