934 Open source projects that are alternatives of or similar to Javadeserh2hc

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

Algorithms to re-compute a private key, to fake signatures and some other funny things with Bitcoin.

JexBoss: Jboss (and Java Deserialization Vulnerabilities) verify and EXploitation Tool

Vulnerability Notes, PoC Exploits and Write-Ups for security issues disclosed by tintinweb

D(HE)ater is a proof of concept implementation of the D(HE)at attack (CVE-2002-20001) through which denial-of-service can be performed by enforcing the Diffie-Hellman key exchange.

rsGen is a Reverse Shell Payload Generator for hacking.

Ary 是一个集成类工具，主要用于调用各种安全工具，从而形成便捷的一键式渗透。

vulscan 扫描系统：最新的poc&exp漏洞扫描，redis未授权、敏感文件、java反序列化、tomcat命令执行及各种未授权扫描等...

Reverse Shell as a Service

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本，最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340

CVE-2020-10199、CVE-2020-10204漏洞一键检测工具，图形化界面。CVE-2020-10199 and CVE-2020-10204 Vul Tool with GUI.

Thoron Framework is a Linux post-exploitation framework that exploits Linux TCP vulnerability to provide a shell-like connection. Thoron Framework has the ability to create simple payloads to provide Linux TCP attack.

Misc. Public Reports of Penetration Testing and Security Audits.

Proofs-of-concept

CVE-2020-11651: Proof of Concept

Poc Collected for study and develop

hacker, ready for more of our story ! 🚀

Juniper Junos Space (CVE-2020-1611) (PoC)

Security-related PHP7 OPcache abuse tools and demo

ProxyToken (CVE-2021-33766) : An Authentication Bypass in Microsoft Exchange Server POC exploit

NSE scripts to detect CVE-2020-1350 SIGRED and CVE-2020-0796 SMBGHOST, CVE-2021-21972, proxyshell, CVE-2021-34473

Local file inclusion exploitation tool

🏆 《Java多线程编程核心技术》📚(高洪严 著 机械工业出版社) 源码 https://loveincode.github.io/java-multi-thread-programming/

a personal and smart journal

OS kernel labs based on Rust/C Lang & RISC-V 64/X86-32

Komputation is a neural network framework for the Java Virtual Machine written in Kotlin and CUDA C.

iblessing is an iOS security exploiting toolkit, it mainly includes application information collection, static analysis and dynamic analysis. It can be used for reverse engineering, binary analysis and vulnerability mining.

a plenty of poc based on python

JVM written in Rust

Complex custom class converters for attrs.

🗝️ Dotenv is a module that loads environment variables from a .env file

JRuby is an implementation of the Ruby language using the JVM.

POC-T强化版本 POC-S , 用于红蓝对抗中快速验证Web应用漏洞， 对功能进行强化以及脚本进行分类添加，自带dnslog等, 平台补充来自vulhub靶机及其他开源项目的高可用POC

Simple DNS Rebinding Service

A toy JVM written in Go

A script that automates generation of OpenSSL reverse shells

A very vulnerable web site written in NodeJS with the purpose of have a project with identified vulnerabilities to test the quality of security analyzers tools tools

A sane API for IDA Pro's decompiler. Useful for malware RE and vulnerability research

Jikes RVM (Research Virtual Machine)

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

The Gosu programming language

JVM bytecode back end for Idris

Look-Ahead Java Deserialization Library

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

Arquillian provides a component model for integration tests, which includes dependency injection and container life cycle management. Instead of managing a runtime in your test, Arquillian brings your test to the runtime.

Talos Particle Engine

Maxine VM: A meta-circular research VM

CVE-2020-0796 Remote Code Execution POC

3389远程桌面代码执行漏洞CVE-2019-0708批量检测工具(Rdpscan Bluekeep Check)

Hexagon is a microservices toolkit written in Kotlin. Its purpose is to ease the building of services (Web applications, APIs or queue consumers) that run inside a cloud platform.

Wordpress XMLRPC System Multicall Brute Force Exploit (0day) by 1N3 @ CrowdShield

Ferrugo is a JVM implementation written in Rust

Jenkins RCE Proof-of-Concept: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative)

Vulners Python API wrapper

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT

Android Kernel Exploitation

PoC for triggering buffer overflow via CVE-2020-0796