There are no reviews yet. Be the first to send feedback to the community and the maintainers!
ysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.jdk8u-jdk
ciphr
CLI crypto swiss-army knife for performing and composing encoding, decoding, encryption, decryption, hashing, and other various cryptographic operations on streams of data from the command line; mostly intended for ad hoc, infosec-related uses.inspector-gadget
Primitive tool for exploring/querying Java classes via the Tinkerpop Gremlin graph traversal languagegrepcidr
from http://www.pc-tools.net/unix/grepcidr/jdk8u-dev-jdk
jdeserialize
From https://code.google.com/p/jdeserialize/rails_exploits
serialysis
from http://weblogs.java.net/blog/emcmanus/archive/2007/06/disassembling_s.htmlappseccali-java
pd-buddy-wye
From https://git.clarahobbs.com/pd-buddy/pd-buddy-wye.gitctfd-trektheme
Star Trek LCARS inspired pure CSS theme for CTFd (v2.1.1) used during the 2019 LayerOne CTF and ToorCon CTF.inyourface
From http://www.synacktiv.com/ressources/inyourface-0.2.tar.gzappseccali-marshalling-pickles
Slide deck from AppSecCali 2015 Talk "Marshalling Pickles: how deserializing objects will ruin your day"sleepyhead
imported from https://sourceforge.net/projects/sleepyhead/grepcidr2
from http://www.taugh.com/grepcidr-2/owaspsd-deserialize-my-shorts
Slide deck from OWASP SD Talk "Deserialize My Shorts: Or How I Learned to Start Worrying and Hate Java Object Deserialization"burp-plugin-requestutils
Plugin for manipulating requests in PortSwigger Burp Suite Pro v1.5+jimmix
From http://www.synacktiv.com/ressources/jimmix-0.3.tar.gzjdk7u
shellshock-pocs
jmitm2
From http://www.david-guembel.de/uploads/media/jmitm2-0.1.0-source.tar.gzjdk6
dotfiles
pwdagent
A barebones CLI utility to prompt for and cache a password in memory, then hand it out over HTTP or raw TCPburp-debug
ircbots
reserializer
privilegedaccessor
From https://code.google.com/p/privilegedaccessor/lambda-zip-test
docker run -v [homedir]/.aws/:/root/.aws/ -e AWS_DEFAULT_PROFILE=[profilename] [containerid]appseccali-rails-redis
java-suid-exec
Break glass in case of suid java executable.Love Open Source and this site? Check out how you can help us