rmi-deserialization
RMI vulnerability demo
Demonstrating vulnerabilities in Java RMI services
Slides/Demos from the BSides Munich 2019 talk "Attacking Java RMI in 2019"
101 stars
4 watching
6 forks
Language: Java
last commit: about 5 years ago Related projects:
| Repository | Description | Stars |
|---|---|---|
 qtc-de/remote-method-guesser | A tool used to identify and exploit security vulnerabilities in Java RMI endpoints | 828 |
 joaomatosf/javadeserh2hc | A lab project providing code samples and tools to understand deserialization vulnerabilities in Java applications. | 491 |
 myblackmanba/cve-2021-29505 | Reproducing and analyzing the CVE-2021-29505 vulnerability in Java's XStream deserialization process | 5 |
 bishopfox/gadgetprobe | Tools for analyzing and exploiting vulnerabilities in Java deserialization vulnerabilities | 585 |
 federicodotta/java-deserialization-scanner | A plugin for detecting and exploiting vulnerabilities in Java deserialization | 775 |
 waderwu/attackrmi | A tool designed to exploit vulnerabilities in the Java RMI system using various techniques such as deserialization and socket-based attacks. | 250 |
 mpgn/cve-2019-0192 | A proof of concept project demonstrating a remote code execution vulnerability in Apache Solr via deserialization of untrusted data | 209 |
 netspi/javaserialkiller | A Burp extension that enables Java Deserialization Attacks using a payload generator tool | 208 |
 rmlio/rmlmapper-java | Executes RML rules to generate high-quality Linked Data from multiple data sources | 158 |
 nickstadb/barmie | An enumeration and attack tool for insecure RMI services | 715 |
 directdefense/superserial | A Burp Suite Extender to identify Java Deserialization vulnerabilities in client requests and server responses. | 9 |
 nccgroup/freddy | A tool to detect and exploit deserialization vulnerabilities in Java and .NET applications. | 573 |
| directdefense/superserial-active | An active Java deserialization vulnerability identifier and exploiter | 7 |
 mihir-shah99/vulndroid | An Android app designed to demonstrate common web application vulnerabilities and provide training in secure coding practices. | 10 |
 grrrdog/java-deserialization-cheat-sheet | A cheat sheet providing guidance on deserialization vulnerabilities in Java applications | 3,035 |