This is your work, valued
building things, breaking things, building things that break things. ysoserial night janitor. journeyman ctf plumber. he/him
ysoserial. A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
9kjdk8u-jdk. Java
210ciphr. CLI crypto swiss-army knife for performing and composing encoding, decoding, encryption, decryption, hashing, and other various cryptographic operations on streams of data from the command line; mostly intended for ad hoc, infosec-related uses.
119inspector-gadget. Primitive tool for exploring/querying Java classes via the Tinkerpop Gremlin graph traversal language
109grepcidr. from http://www.pc-tools.net/unix/grepcidr/
89marshalsec. Java
76jdk8u-dev-jdk. Java
67jdeserialize. From https://code.google.com/p/jdeserialize/
36rails_exploits. Ruby
22serialysis. from http://weblogs.java.net/blog/emcmanus/archive/2007/06/disassembling_s.html
11pd-buddy-wye. From https://git.clarahobbs.com/pd-buddy/pd-buddy-wye.git
11extract-ssl-secrets. Decrypt HTTPS/SSL/TLS connections on the fly with Wireshark
9appseccali-java. Java
9ctfd-trektheme. Star Trek LCARS inspired pure CSS theme for CTFd (v2.1.1) used during the 2019 LayerOne CTF and ToorCon CTF.
8bocker. Docker implemented in around 100 lines of bash
7inyourface. From http://www.synacktiv.com/ressources/inyourface-0.2.tar.gz
7appseccali-marshalling-pickles. Slide deck from AppSecCali 2015 Talk "Marshalling Pickles: how deserializing objects will ruin your day"
7sleepyhead. imported from https://sourceforge.net/projects/sleepyhead/
7owaspsd-deserialize-my-shorts. Slide deck from OWASP SD Talk "Deserialize My Shorts: Or How I Learned to Start Worrying and Hate Java Object Deserialization"
6grepcidr2. from http://www.taugh.com/grepcidr-2/
5Java-Deserialization-Cheat-Sheet. The cheat sheet about Java Deserialization vulnerabilities
5revsh. A remote access tool for pentesters designed for advanced pivoting.
4jimmix. From http://www.synacktiv.com/ressources/jimmix-0.3.tar.gz
4burp-plugin-requestutils. Plugin for manipulating requests in PortSwigger Burp Suite Pro v1.5+
4jdk7u. Java
3security_monkey. Security Monkey
3CTFd. CTFs as you need them
3shellshock-pocs. Perl
2d3-profile-viewer. Java
2rest-client. Simple HTTP and REST client for Ruby, inspired by microframework syntax for specifying actions.
2jsdetox. A Javascript malware analysis tool
2self-compile-Android. Autonomous smartphone app. Capable of self-compilation, mutation, and viral spreading. World-first proof-of-principle to bypass Internet kill switches.
2reverse-proxy-auth-plugin. Java
2pacemaker. Heartbleed (CVE-2014-0160) client exploit
2gitlabhq. Project management and code hosting application. Follow us on twitter @gitlabhq
2Empire. Empire is a PowerShell and Python post-exploitation agent.
2pupy. Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python
2jdk6. Java
2jmitm2. From http://www.david-guembel.de/uploads/media/jmitm2-0.1.0-source.tar.gz
2multiplexd. run ssh, https, and openvpn on the same port
2Top10. Official OWASP Top 10 Document Repository
2Hurl. Choose the browser on the click of a link
1frohoff.github.io. Github Pages Site
1JavaPayload. JavaPayload is a collection of pure Java payloads to be used for post-exploitation from pure Java exploits or from common misconfigurations (like not password protected Tomcat manager or debugger port).
1libbf. Library for binary file manipulation
1lambda-zip-test. docker run -v [homedir]/.aws/:/root/.aws/ -e AWS_DEFAULT_PROFILE=[profilename] [containerid]
1sparring. Network simulation for malware analysis.
1javascript-playlist-parser. Parse m3u, pls, and asx in JavaScript
1pwnableweb-scoreboard. Scoreboard for CTF Competitions
1ghidra. Ghidra is a software reverse engineering (SRE) framework
1pwdagent. A barebones CLI utility to prompt for and cache a password in memory, then hand it out over HTTP or raw TCP
1cloudwatch-logs-subscription-consumer. A specialized Amazon Kinesis stream reader (based on the Amazon Kinesis Connector Library) that can help you deliver data from Amazon CloudWatch Logs to any other system in near real-time using a CloudWatch Logs Subscription Filter.
1git. Git Source Code Mirror - This is a publish-only repository and all pull requests are ignored. Please follow Documentation/SubmittingPatches procedure for any of your improvements.
1dotfiles. Shell
1ircbots. Scala
1appseccali-rails-redis. Ruby
1JMD. Java bytecode analysis/deobfuscation tool
1burp-debug. Java
1