The Latest Infosec News, Tools, and Exploits – Got Root?
remote-method-guesser (rmg) is a command line utility written in Java and can be used to identify security vulnerabilities on Java RMI endpoints. Currently, the following operations are supported: List available bound names and their corresponding […]
JSshell – a JavaScript reverse shell. This is used to execute JS code remotely, exploit blind XSS, … This tool works for both Unix and Windows operating systems, and it can run on both Python […]
jSQL Injection is a lightweight application used to find database information from a distant server. It’s free, open source and cross-platform for Windows, Linux and Mac OS X with Java from version 8 to 15. […]
PETEP (PEnetration TEsting Proxy) is open-source Java application for network communication proxying for the purpose of penetration testing. It allows penetration testers to setup proxies and interceptors to manage the traffic transmitted between client and […]
This Metasploit module exploits a Java deserialization vulnerability in Apache OFBiz’s unauthenticated XML-RPC endpoint /webtools/control/xmlrpc for versions prior to 17.12.04.