Damn-Vulnerable-Bank
remote-method-guesser
Damn-Vulnerable-Bank | remote-method-guesser | |
---|---|---|
3 | 1 | |
606 | 775 | |
- | - | |
4.7 | 8.6 | |
5 months ago | 9 days ago | |
Java | Java | |
MIT License | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Damn-Vulnerable-Bank
remote-method-guesser
-
Pentesting Java RMI
have you ever used https://github.com/qtc-de/remote-method-guesser to at least enumerate Java RMI services? Have you ever used any other tool? Are they dangerous in prod context?
What are some alternatives?
UnSAFE_Bank - Vulnerable Banking Suite
RmiTaste - RmiTaste allows security professionals to detect, enumerate, interact and exploit RMI services by calling remote methods with gadgets from ysoserial.
wstg - The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
petep - PETEP (PEnetration TEsting Proxy) is an open-source Java application for traffic analysis & modification using TCP/UDP proxies. PETEP is a useful tool for performing penetration tests of applications with various application protocols. ⚡
AndroidLibrary - Android library to reveal or obfuscate strings and assets at runtime
CVE-2021-44228-PoC-log4j-bypass-words - 🐱💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks
Insular - A sandbox environment to clone selected apps and isolate them from accessing your personal data outside the sandbox (including call logs, contacts, photos and etc) even if related permissions are granted. Device-bound data (SMS, IMEI and etc) is still accessible.
junixsocket - Unix Domain Sockets in Java (AF_UNIX)
allsafe - Intentionally vulnerable Android application.
ssslasher - Multithreaded and easy to use SSH password dictionnary bruteforcer written in Python and Java.