jndi

There are 79 repositories under jndi topic.

  • qi4L/JYso

    It can be either a JNDIExploit or a ysoserial.

    Language:Java1.5k6751178

  • wuba/Antenna

    Antenna是58同城安全团队打造的一款辅助安全从业人员验证网络中多种漏洞是否存在以及可利用性的工具。其基于带外应用安全测试(OAST)通过任务的形式,将不同漏洞场景检测能力通过插件的形式进行集合,通过与目标进行out-bind的数据通信方式进行辅助检测。

    Language:JavaScript722112973

  • cckuailong/JNDI-Injection-Exploit-Plus

    80+ Gadgets(30 More than ysoserial). JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and provide background services by starting RMI server,LDAP server and HTTP server.

    Language:Java68810593

  • Whoopsunix/JavaRce

    Common Exploitation Techniques for Java RCE Vulnerabilities in Real-World Scenarios | 实战场景较通用的 Java Rce 相关漏洞的利用方式

    Language:Java4536150

  • X1r0z/JNDIMap

    JNDI 注入利用工具, 支持 RMI, LDAP 和 LDAPS 协议, 包含多种高版本 JDK 绕过方式 | A JNDI injection exploit tool that supports RMI, LDAP and LDAPS protocols, including a variety of methods to bypass higher-version JDK

    Language:Java2965422

  • r00tSe7en/JNDIMonitor

    一个LDAP请求监听器,摆脱dnslog平台

    Language:Java2806460

  • 0x727/JNDIExploit

    一款用于JNDI注入利用的工具,大量参考/引用了Rogue JNDI项目的代码,支持直接植入内存shell,并集成了常见的bypass 高版本JDK的方式,适用于与自动化工具配合使用。

    Language:Java2683223

  • alexbakker/log4shell-tools

    Tool that runs a test to check whether one of your applications is affected by the recent vulnerabilities in log4j: CVE-2021-44228 and CVE-2021-45046

    Language:Go854215

  • zhzyker/logmap

    Log4j jndi injection fuzz tool

    Language:Python702117

  • future-client/CVE-2021-44228

    Abuse Log4J CVE-2021-44228 to patch CVE-2021-44228 in vulnerable Minecraft game sessions to prevent exploitation in the session :)

    Language:Java67113

  • For-ACGN/Log4Shell

    Check, exploit, generate class, obfuscate, TLS, ACME about log4j2 vulnerability in one Go program.

    Language:Go564019

  • cokeBeer/pyyso

    pyyso is a Python package that generate java serialized poc. Including CommonsCollections1-7, JDK7u21, JDK8u20, ldap for jndi, shiro-550, CommonsBeanutils1 no cc, JRMPClient, high version JDK Bypass, Fake MySQL for JDBC attack

    Language:Python49204

  • HackJava/JNDI

    《JNDI-深入理解Java万恶之源》

    382012

  • Al1ex/CVE-2021-2109

    CVE-2021-2109 && Weblogic Server RCE via JNDI

    Language:Java302110

  • juliojsb/jboss-cli-snippets-compilation

    A repository of Jboss CLI snippets

    25406

  • ChloePrime/fix4log4j

    Language:Java19211

  • ncredinburgh/secure-tomcat-datasourcefactory

    A drop in replacement for the standard Tomcat DataSourceFactory that allows the database connection password to be encrypted using a symmetric key for the purposes of security.

    Language:Java1410112

  • LoliKingdom/NukeJndiLookupFromLog4j

    Selection of ways to remove JndiLookup in now obsolete Minecraft versions, or versions that still have log4j < 2.10 and is unable to use `-Dlog4j2.formatMsgNoLookups=true`

    Language:Java12241

  • LeakIX/l9fuzz

    Help fuzz various protocols and waits for ping backs Integrates LDAP server and JNDI payload

    Language:Go11103

  • rakutentech/jndi-ldap-test-server

    A minimalistic LDAP server that is meant for test vulnerability to JNDI+LDAP injection attacks in Java, especially CVE-2021-44228.

    Language:Go11614

  • ZhangZiSheng001/dbcp-demo

    源码详解系列(四) ------ DBCP2的使用和分析(包括JNDI和JTA支持)

    Language:Java8202

  • nil-malh/JNDI-Exploit

    JNDI-Exploit is an exploit on Java Naming and Directory Interface (JNDI) from the deleted project fromthe user feihong on GitHub.

    Language:Java6108

  • rndinfosecguy/yal4ss

    yet another log4shell scanner

    Language:Python6100

  • ZhangZiSheng001/c3p0-demo

    源码详解系列(五) ------ C3P0的使用和分析(包括JNDI)

    Language:Java6302

  • mohyehia/spring-boot-multiple-jndi-datasources

    Spring boot application that connects to multiple databases using multiple JNDI dataSources configured on apache tomcat server.

    Language:Java5205

  • twelvesec/RogueLDAP

    A lightweight rogue LDAP server which is a modified version of the JNDIExploit-1

    Language:Java5204

  • Avento/Apache_Druid_JNDI_Vuln

    Apache Druid JNDI Vulnerable

    Language:Python4101

  • cokeBeer/logi

    Logi is a LDAP/MySQL server focusing on pingback deserialize recon and exploit.

    Language:Go4100

  • kwakutwumasi/Quakearts-Webtools

    My Utility, Servlet 3.0, JAX-RS, CDI, JTA, JSF Tag Libraries and JCA classes for web application development

    Language:Java3200

  • lenisha/spring-jndi-appservice

    Example using Azure MSI library from Spring/JNDI application https://github.com/lenisha/msi-mssql-jdbc article:

    Language:Java3215

  • Sudarshan-Gowda/Spring-Mvc-Quartz-Scheduler

    Sending free Email from Gmail based on Scheduler

    Language:Java3111

  • lsac/nifi-jms-jndi

    Language:Java2112

  • mzlogin/CVE-2021-44228-Demo

    Apache Log4j2 CVE-2021-44228 RCE Demo with RMI and LDAP

    Language:Java2303

  • topicusonderwijs/naming-kubernetes

    Java naming context (JNDI) for WildFly using Kubernetes as backend.

    Language:Java22601

  • Henryyy-Hung/HKU-COMP3358-JPoker24

    JPoker24 is a game that leverages RMI, JDBC, JNDI, and JMS to support multi-player, multi- room and network play.

    Language:Java1101

  • zrquan/jndi-deceiver

    Malicious servers for JNDI injection attacks

    Language:Kotlin1100