Tools to work with android .dex and java .class files

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

JNDI注入测试工具（A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc）

jSQL Injection is a Java application for automatic SQL database injection.

Fastjson vulnerability quickly exploits the framework（fastjson漏洞快速利用框架）

A helpful Java Deserialization exploit framework.

A tool to dump Java serialization streams in a more human readable form.

用于host碰撞而生的小工具,专门检测渗透中需要绑定hosts才能访问的主机或内部系统

A powerful JNDI injection exploitation framework that supports RMI, LDAP and LDAPS protocols, including various bypass methods for high-version JDK restrictions

Sample codes written for the Hackers to Hackers Conference magazine 2017 (H2HC).

A collection of Cortana scripts that you may use with Armitage and Cobalt Strike 2.x. Cortana Scripts are not compatible with Cobalt Strike 3.x. Cobalt Strike 3.x uses a variant of Cortana called A…

fastjson remote code execute poc 直接用intellij IDEA打开即可 首先编译得到Test.class，然后运行Poc.java

Fastjson <= 1.2.47 远程命令执行漏洞利用工具及方法

😈 Jenkins RCE PoC. From unauthenticated user to remote code execution, it's a hacker's dream!

解密weblogic AES或DES加密方法

Java-Web-Security - Sichere Webanwendungen mit Java entwickeln

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.优化了一些东西。

Mogwai Java Management Extensions (JMX) Exploitation Toolkit

Some codes for bypassing Oracle WebLogic CVE-2018-2628 patch

Spring messaging STOMP protocol RCE