JNDI-Exploit-Kit. JNDI-Exploitation-Kit(A modified version of the great JNDI-Injection-Exploit created by @welk1n. This tool can be used to start an HTTP Server, RMI Server and LDAP Server to exploit java web apps vulnerable to JNDI Injection)
941wsuxploit. This is a weaponized WSUS exploit
299ysoserial-modified. That repository contains my updates to the well know java deserialization exploitation tool ysoserial.
188CVE-2018-7600. Exploit for Drupal 7 <= 7.57 CVE-2018-7600
141CVE-2017-1000486. Primefaces <= 5.2.21, 5.3.8 or 6.0 - Remote Code Execution Exploit
95CVE-2017-5645. CVE-2017-5645 - Apache Log4j RCE due Insecure Deserialization
92CVE-2019-2725. WebLogic Insecure Deserialization - CVE-2019-2725 payload builder & exploit
52gopher-tomcat-deployer. Gopher Tomcat Deployer
48pdf-NTLMLeaker. This script implements the Proof of Concept attack from the Checkpoint research "NTLM Credentials Theft via PDF Files"
29docker-java-xxe. Docker image to test XXE attacks in java with tomcat.
5rizzoma-docker. This is a docker image to run rizzoma standalone for testing or quick deploys.
4PayloadsAllTheThings. A list of useful payloads and bypass for Web Application Security and Pentest/CTF
3CVE-2019-2726. CVE-2019-2725 命令回显
1CTF-Write-ups. My CTF Write-ups
1red_team_tool_countermeasures. YARA
1