158 Open source projects that are alternatives of or similar to Fastjsonexploit

🐈Medusa是一个红队武器库平台，目前包括扫描功能(200+个漏洞)、XSS平台、协同平台、CVE监控等功能，持续开发中 http://medusa.ascotbe.com

💀Proof-of-Concept for CVE-2018-7600 Drupal SA-CORE-2018-002

fastjson漏洞burp插件，检测fastjson<1.2.68基于dnslog，fastjson<=1.2.24和1.2.33<=fatjson<=1.2.47的不出网检测和TomcatEcho,SpringEcho回显方案。

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

Exploit Development - Weaponized Exploit and Proof of Concepts (PoC)

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

JAVA 漏洞靶场 (Vulnerability Environment For Java)

Exploit for Drupal v7.x + v8.x (Drupalgeddon 2 / CVE-2018-7600 / SA-CORE-2018-002)

POC-T强化版本 POC-S , 用于红蓝对抗中快速验证Web应用漏洞， 对功能进行强化以及脚本进行分类添加，自带dnslog等, 平台补充来自vulhub靶机及其他开源项目的高可用POC

Exploits for YARA 3.7.1 & 3.8.1

A personal collection of Windows CVE I have turned in to exploit source, as well as a collection of payloads I've written to be used in conjunction with these exploits.

A java web project based on Spring Boot using MySQL, Spring MVC, Hibernate, Spring Data JPA, Query DSL, Lombok, Logback, etc.

Ladon Pentest Scanner framework 全平台LadonGo开源内网渗透扫描器框架，使用它可轻松一键批量探测C段、B段、A段存活主机、高危漏洞检测MS17010、SmbGhost，远程执行SSH/Winrm，密码爆破SMB/SSH/FTP/Mysql/Mssql/Oracle/Winrm/HttpBasic/Redis，端口扫描服务识别PortScan指纹识别/HttpBanner/HttpTitle/TcpBanner/Weblogic/Oxid多网卡主机，端口扫描服务识别PortScan。

🦄🔒 Awesome list of secrets in environment variables 🖥️

vulscan 扫描系统：最新的poc&exp漏洞扫描，redis未授权、敏感文件、java反序列化、tomcat命令执行及各种未授权扫描等...

Auto add or remove json annotation plugin, such as gson SerializedName, fastjson JSONField, jackson JsonProperty. It also support java and kotlin file.

CVE-2020-0796 Remote Code Execution POC

No description or website provided.

A fast JSON parser/generator for Java.

Proof of concept of CVE-2022-21907 Double Free in http.sys driver, triggering a kernel crash on IIS servers

Getting started with java code auditing 代码审计入门的小项目

A POJO property filter for Resful JSON output bases on fastjson and springboot.

Jenkins RCE Proof-of-Concept: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative)

集漏洞验证和任务运行的一个框架

Android安卓http/https一句代码联网络框架net framework

Tentacle is a POC vulnerability verification and exploit framework. It supports free extension of exploits and uses POC scripts. It supports calls to zoomeye, fofa, shodan and other APIs to perform bulk vulnerability verification for multiple targets.

hacker, ready for more of our story ! 🚀

an RCE (remote command execution) approach of CVE-2018-7750

白阁文库是白泽Sec安全团队维护的一个漏洞POC和EXP公开项目

NSE scripts to detect CVE-2020-1350 SIGRED and CVE-2020-0796 SMBGHOST, CVE-2021-21972, proxyshell, CVE-2021-34473

poc or exp of android vulnerability

DeepfakeHTTP is a web server that uses HTTP dumps as a source for responses.

Meltdown Exploit / Proof-of-concept / checks whether system is affected by Variant 3: rogue data cache load (CVE-2017-5754), a.k.a MELTDOWN.

Misc. Public Reports of Penetration Testing and Security Audits.

Sample codes written for the Hackers to Hackers Conference magazine 2017 (H2HC).

ProxyToken (CVE-2021-33766) : An Authentication Bypass in Microsoft Exchange Server POC exploit

Proofs-of-concept

A complete Grabber, sending data to a TCP server that you have to host and stocking all in a database.

3389远程桌面代码执行漏洞CVE-2019-0708批量检测工具(Rdpscan Bluekeep Check)

Writing Spyware Made Easy - POC spyware Chrome Extension/Server

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

A proof of concept crypto virus to spread user awareness about attacks and implications of ransomwares. Phirautee is written purely using PowerShell and does not require any third-party libraries. This tool steals the information, holds an organisation’s data to hostage for payments or permanently encrypts/deletes the organisation data.

Wordpress XMLRPC System Multicall Brute Force Exploit (0day) by 1N3 @ CrowdShield

Umbraco CMS 7.12.4 - (Authenticated) Remote Code Execution

Smallest, fastest polymorphic JSON serializer

🔮🔬Front-End testing tool which can be used to create a side by side visual comparison between your live site and local site.

a plenty of poc based on python

Creates a Simulation of Fake Web Events

🔥Android MVP 快速开发框架，做国内 「示例最全面」「注释最详细」「使用最简单」「代码最严谨」的 Android 开源 UI 框架。 🔥An Android MVP Framework with many demos, detailed documents, simple usages and strict codes.

A number of scripts POC's and problems solved as pentests move along.

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

Contact Tracing BLE sniffer PoC

Blueborne CVE-2017-0785 Android information leak vulnerability

Juniper Junos Space (CVE-2020-1611) (PoC)

Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT

RouterOS Security Research Tooling and Proof of Concepts

CMS渗透测试框架-A CMS Exploit Framework

红队综合渗透框架

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.