XStream-Gadgets
Exploitation gadgets
A collection of gadgets ported from ysoserial, transformed into the XStream serialization format to facilitate exploitation in Java applications.
Several XStream gadgets ported from ysoserial
32 stars
1 watching
5 forks
Language: Java
last commit: about 3 years ago Related projects:
| Repository | Description | Stars |
|---|---|---|
 pwntester/serialkillerbypassgadgetcollection | A collection of bypass gadgets to extend and wrap ysoserial payloads | 350 |
 irsl/jackson-rce-via-spel | A proof-of-concept project demonstrating exploitation of a vulnerability in Jackson-databind via Spring application contexts and expressions. | 121 |
 firebasky/csrouge | A tool that exploits vulnerabilities in web servers to execute arbitrary code | 9 |
 bluscreenofjeff/aggressorscripts | A collection of Cobalt Strike scripts designed to facilitate red teaming and exploitation | 787 |
 sslab-gatech/pwn2own2020 | An exploitation project demonstrating how to chain vulnerabilities in Safari to escalate privilege on macOS | 402 |
 entropic-security/xgadget | A tool for searching and exploiting vulnerabilities in binary code using Return-Oriented Programming and Jump-Oriented Programming techniques. | 84 |
 gmatuz/inthewilddb | A comprehensive database of vulnerability and exploitation reports | 245 |
 jbarone/xxelab | A proof-of-concept web application demonstrating an XML External Entity vulnerability | 225 |
 jackofmosttrades/gadgetinspector | Analyzes Java applications for potential deserialization gadget chains to help identify vulnerabilities and prioritize remediation. | 996 |
 pimps/jndi-exploit-kit | An exploit kit designed to start an HTTP Server, RMI Server and LDAP Server to exploit Java web apps vulnerable to JNDI Injection | 903 |
 jupyter-xeus/xwidgets | An implementation of Jupyter interactive widgets in C++ | 137 |
 demi6od/smashing_the_browser | An in-depth exploration of browser exploitation techniques and vulnerability discovery | 446 |
 arimogi/google-dorks | A collection of tools and techniques for exploiting vulnerabilities in Google services | 45 |
 hackthelegacy/hack400tool | A set of tools for gathering information and exploiting vulnerabilities in IBM Power Systems | 96 |
 kiwicom/xssable | A vulnerable blogging platform demonstrating various XSS vulnerabilities to showcase security weaknesses and demonstrate exploitation techniques. | 9 |