United Kingdom

Nicky Bloor

Elite
@NickstaDB

Security researcher, exploit developer, pentester.

SerializationDumper. A tool to dump Java serialization streams in a more human readable form.

1.1k

BaRMIe. Java RMI enumeration and attack tool.

748

patch-apk. Wrapper to inject an Objection/Frida gadget into an APK, with support for app bundles/split APKs.

417

DeserLab. Java deserialization exploitation lab.

237

SerialBrute. Java serialization brute force attack tool.

125

PoC. Repo for proof of concept exploits and tools.

56

xamarin-decompress. Decompress Xamarin .NET compressed binaries so they can be decompiled.

48

ysoserial. A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

5

mobileappvm. VM build script for mobile app pentesting/reversing.

4

CachePlz. Burp Suite extension to fix caching of large static resources returned by badly configured servers/apps.

2

Middleware-Vulnerability-detection. CVE、CMS、中间件漏洞检测利用合集 Since 2019-9-15

2

top10webseclist. Top Ten Web Hacking Techniques List

2

aws-security-cert-service-notes. Security aspects of AWS products for the Security Specialist certification

2

lynis. Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

1

rmiscout. RMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities

1

objection. 📱 objection - runtime mobile exploration

1

freddy. Automatically identify deserialisation issues in Java and .NET applications by using active and passive scans

1

fuzzdb. Automatically exported from code.google.com/p/fuzzdb

1
18
Apply