Alvaro Muñoz (@pwntester)
github

pwntester

Twitter logo Share LinkedIn logo Share Facebook logo Share

Top repositories

1

ysoserial.net

Deserialization payload generator for a variety of .NET formatters
C#
3,162
star
2

octo.nvim

Edit and review GitHub issues and pull requests from the comfort of your favorite editor
Lua
1,946
star
3

cheatsheets

random brain dumps
345
star
4

SerialKillerBypassGadgetCollection

Collection of bypass gadgets to extend and wrap ysoserial payloads
Java
339
star
5

JRE8u20_RCE_Gadget

JRE8u20_RCE_Gadget
Java
250
star
6

DupeKeyInjector

DupeKeyInjector
Java
131
star
7

S2-046-PoC

S2-046-PoC
Java
114
star
8

codeql.nvim

CodeQL plugin for Neovim
Lua
84
star
9

codeql_grehack_workshop

GreHack 2021 CodeQL for Java workshop
CodeQL
75
star
10

BlockingServer

Web Server that serves a single file and keeps the connection open until user releases it.
Java
69
star
11

XMLDecoder

RCE Exploit PoC for XMLDecoder
Java
62
star
12

dotnet-deserialization-scanner

.NET Deserialization Passive Scanner
Java
43
star
13

SpringBreaker

Exploit PoC for Spring RCE issue (CVE-2011-2894)
Java
42
star
14

dotfiles

Shell
34
star
15

ViewStatePayloadGenerator

ViewState Payload Generator
C#
24
star
16

XStreamServer

RCE Exploit PoC for Spring based RESTFul APIs using XStream as Unmarshaler
Java
20
star
17

nautilus.nvim

A nice and cobaltish neovim theme
Lua
18
star
18

JVMDeserialization

PoC for Scala and Groovy
XSLT
14
star
19

RSA_RESTing

Demos for RSA talk: RESTing on your laurels will get you owned
Java
12
star
20

XStreamPOC

POC for XStream RCE
Java
12
star
21

logging-log4j2

Java
7
star
22

pwntester-blog

Pwntester Blog
HTML
7
star
23

OWASP-GoatDroid-Dolphis

OWASP GoatDroid Exploit Apps
Java
5
star
24

cobalt2.vim

Color scheme for vim
Vim Script
5
star
25

OGNLInjection

OGNL Expression Injection Tescase
Java
5
star
26

hc0n_log4j

Java
5
star
27

jdeserialize

Automatically exported from code.google.com/p/jdeserialize
Java
3
star
28

StaticInitializerPayload

Java
3
star
29

RestletXMLDecoder

Restlet API consuming XML serialized Java Objects. Vulnerable to XXE and RCE (if third party libraries like GroovyShell are found in the classpath)
Java
3
star
30

cobange

Neovim color scheme
Vim Script
2
star
31

XQueryInjection

XQuery Injection Testcases
JavaScript
2
star
32

csaw2016_rock

Python
2
star
33

pwntester.github.io

pwntester Blog
HTML
2
star
34

test-project

Dockerfile
2
star
35

gh-cdr

gh-cdr
Go
2
star
36

crane.nvim

Lua
2
star
37

docs

1
star
38

gh-mrva

1
star
39

codeql-cs-template

Dockerfile
1
star
40

FortifyHighlighter

Sublime Text Editor Themes for Fortify rulepacks and NSTs
1
star