jndi
There are 83 repositories under jndi topic.
qi4L/JYso
JNDIExploit or a ysoserial.
cckuailong/JNDI-Injection-Exploit-Plus
80+ Gadgets(30 More than ysoserial). JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and provide background services by starting RMI server,LDAP server and HTTP server.
wuba/Antenna
Antenna是58同城安全团队打造的一款辅助安全从业人员验证网络中多种漏洞是否存在以及可利用性的工具。其基于带外应用安全测试(OAST)通过任务的形式,将不同漏洞场景检测能力通过插件的形式进行集合,通过与目标进行out-bind的数据通信方式进行辅助检测。
Whoopsunix/JavaRce
Common Exploitation Techniques for Java RCE Vulnerabilities in Real-World Scenarios | 实战场景较通用的 Java Rce 相关漏洞的利用方式
X1r0z/JNDIMap
JNDI 注入利用工具, 支持 RMI, LDAP 和 LDAPS 协议, 包含多种高版本 JDK 绕过方式 | A JNDI injection exploit tool that supports RMI, LDAP and LDAPS protocols, including a variety of methods to bypass higher-version JDK
0x727/JNDIExploit
一款用于JNDI注入利用的工具,大量参考/引用了Rogue JNDI项目的代码,支持直接植入内存shell,并集成了常见的bypass 高版本JDK的方式,适用于与自动化工具配合使用。
r00tSe7en/JNDIMonitor
一个LDAP请求监听器,摆脱dnslog平台
alexbakker/log4shell-tools
Tool that runs a test to check whether one of your applications is affected by the recent vulnerabilities in log4j: CVE-2021-44228 and CVE-2021-45046
zhzyker/logmap
Log4j jndi injection fuzz tool
future-client/CVE-2021-44228
Abuse Log4J CVE-2021-44228 to patch CVE-2021-44228 in vulnerable Minecraft game sessions to prevent exploitation in the session :)
For-ACGN/Log4Shell
Check, exploit, generate class, obfuscate, TLS, ACME about log4j2 vulnerability in one Go program.
cokeBeer/pyyso
pyyso is a Python package that generate java serialized poc. Including CommonsCollections1-7, JDK7u21, JDK8u20, ldap for jndi, shiro-550, CommonsBeanutils1 no cc, JRMPClient, high version JDK Bypass, Fake MySQL for JDBC attack
HackJava/JNDI
《JNDI-深入理解Java万恶之源》
Al1ex/CVE-2021-2109
CVE-2021-2109 && Weblogic Server RCE via JNDI
juliojsb/jboss-cli-snippets-compilation
A repository of Jboss CLI snippets
ncredinburgh/secure-tomcat-datasourcefactory
A drop in replacement for the standard Tomcat DataSourceFactory that allows the database connection password to be encrypted using a symmetric key for the purposes of security.
LoliKingdom/NukeJndiLookupFromLog4j
Selection of ways to remove JndiLookup in now obsolete Minecraft versions, or versions that still have log4j < 2.10 and is unable to use `-Dlog4j2.formatMsgNoLookups=true`
LeakIX/l9fuzz
Help fuzz various protocols and waits for ping backs Integrates LDAP server and JNDI payload
rakutentech/jndi-ldap-test-server
A minimalistic LDAP server that is meant for test vulnerability to JNDI+LDAP injection attacks in Java, especially CVE-2021-44228.
gayanukabulegoda/AAD-Lesson-Code-Space
Explore the Advanced API Development (AAD) Code Space, featuring in-depth lessons on Jakarta EE, JSON, AJAX, Spring, and security topics. Each lesson is organized into distinct branches, providing practical code examples and real-world scenarios. Dive into comprehensive resources to enhance your API development skills.
ZhangZiSheng001/dbcp-demo
源码详解系列(四) ------ DBCP2的使用和分析(包括JNDI和JTA支持)
nil-malh/JNDI-Exploit
JNDI-Exploit is an exploit on Java Naming and Directory Interface (JNDI) from the deleted project fromthe user feihong on GitHub.
rndinfosecguy/yal4ss
yet another log4shell scanner
ZhangZiSheng001/c3p0-demo
源码详解系列(五) ------ C3P0的使用和分析(包括JNDI)
mohyehia/spring-boot-multiple-jndi-datasources
Spring boot application that connects to multiple databases using multiple JNDI dataSources configured on apache tomcat server.
twelvesec/RogueLDAP
A lightweight rogue LDAP server which is a modified version of the JNDIExploit-1
Avento/Apache_Druid_JNDI_Vuln
Apache Druid JNDI Vulnerable
cokeBeer/logi
Logi is a LDAP/MySQL server focusing on pingback deserialize recon and exploit.
kwakutwumasi/Quakearts-Webtools
My Utility, Servlet 3.0, JAX-RS, CDI, JTA, JSF Tag Libraries and JCA classes for web application development
lenisha/spring-jndi-appservice
Example using Azure MSI library from Spring/JNDI application https://github.com/lenisha/msi-mssql-jdbc article:
Sudarshan-Gowda/Spring-Mvc-Quartz-Scheduler
Sending free Email from Gmail based on Scheduler
mzlogin/CVE-2021-44228-Demo
Apache Log4j2 CVE-2021-44228 RCE Demo with RMI and LDAP
topicusonderwijs/naming-kubernetes
Java naming context (JNDI) for WildFly using Kubernetes as backend.
XiaomingX/JNDI-Injection-Exploit-plus
JNDI-Injection-Exploit 是一个用于生成可用 JNDI 链接并提供后台服务的工具,支持启动 RMI 服务器、LDAP 服务器和 HTTP 服务器。其 RMI 和 LDAP 服务基于 marshalsec,并进行修改以与 HTTP 服务联动。