It can be either a JNDIExploit or a ysoserial.
-
Updated
May 23, 2024 - Java
It can be either a JNDIExploit or a ysoserial.
一款用于JNDI注入利用的工具,大量参考/引用了Rogue JNDI项目的代码,支持直接植入内存shell,并集成了常见的bypass 高版本JDK的方式,适用于与自动化工具配合使用。
Log4j jndi injection fuzz tool
Tool that runs a test to check whether one of your applications is affected by the recent vulnerabilities in log4j: CVE-2021-44228 and CVE-2021-45046
A drop in replacement for the standard Tomcat DataSourceFactory that allows the database connection password to be encrypted using a symmetric key for the purposes of security.
CVE-2021-2109 && Weblogic Server RCE via JNDI
JNDI-Exploit is an exploit on Java Naming and Directory Interface (JNDI) from the deleted project fromthe user feihong on GitHub.
Example using Azure MSI library from Spring/JNDI application https://github.com/lenisha/msi-mssql-jdbc article:
A repository of Jboss CLI snippets
Spring boot application that connects to multiple databases using multiple JNDI dataSources configured on apache tomcat server.
A minimalistic LDAP server that is meant for test vulnerability to JNDI+LDAP injection attacks in Java, especially CVE-2021-44228.
pyyso is a Python package that generate java serialized poc. Including CommonsCollections1-7, JDK7u21, JDK8u20, ldap for jndi, shiro-550, CommonsBeanutils1 no cc, JRMPClient, high version JDK Bypass, Fake MySQL for JDBC attack
Add a description, image, and links to the jndi topic page so that developers can more easily learn about it.
To associate your repository with the jndi topic, visit your repo's landing page and select "manage topics."