junixsocket
remote-method-guesser
junixsocket | remote-method-guesser | |
---|---|---|
1 | 1 | |
418 | 773 | |
0.7% | - | |
9.7 | 8.6 | |
14 days ago | 14 days ago | |
Java | Java | |
Apache License 2.0 | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
junixsocket
-
Ask HN: How to get started on IBM z/OS in 2023?
I've recently looked again into the strange world of IBM operating systems (z/OS, IBM i, AIX), primarily because they all run Java, and my open source library junixsocket (https://github.com/kohlschutter/junixsocket) needed a corresponding JNI (C code) implementation on these platforms for the native part of supporting UNIX domain sockets in Java. Of these IBM OSes, I found that z/Os was the weirdest one.
Since you're an enterprise consultant already, you probably already know that there's always an opportunity to cut down expenses/technical debt, while providing justification for past decisions made by the company (after all, they've probably invested quite a lot in that infrastructure, so these decisions couldn't have been wrong...)
Depending on how deep down the rabbit hole you dare to go, there may be a pot of gold waiting for you or a black hole that sucks the livelihood out of your body. After all, it's mostly a legacy system. Don't expect entirely new systems being written for those niche operating systems. But maybe you find your very own niche in there.
I know a company that I worked with in the past has their main business powered by IBM mainframes, and they may well keep that system going for the foreseeable future. A lot of code may already be running on zSystems Linux or be converted to run on it. At that point, you largely only have a different processor architecture to deal with, and some minor, yet annoying incompatibilities and restrictions that you will encounter soon enough.
A good starting point to learn about IBM z may be "IBM Z Xplore" (https://ibmzxplore.influitive.com/), which gives, apart from an online tutorial with challenges, some free access to IBM z systems. Also check out IBM ZD&T for Learners Edition (https://ibm.github.io/zdt-learners-edition-about/).
Don't expect that IBM responds to any of your inquiries unless you already are a paying customer.
remote-method-guesser
-
Pentesting Java RMI
have you ever used https://github.com/qtc-de/remote-method-guesser to at least enumerate Java RMI services? Have you ever used any other tool? Are they dangerous in prod context?
What are some alternatives?
ali-dbhub - 已迁移新仓库,此版本将不再维护
RmiTaste - RmiTaste allows security professionals to detect, enumerate, interact and exploit RMI services by calling remote methods with gadgets from ysoserial.
Flyway - Flyway by Redgate • Database Migrations Made Easy.
petep - PETEP (PEnetration TEsting Proxy) is an open-source Java application for traffic analysis & modification using TCP/UDP proxies. PETEP is a useful tool for performing penetration tests of applications with various application protocols. ⚡
JSqlParser - JSqlParser parses an SQL statement and translate it into a hierarchy of Java classes. The generated hierarchy can be navigated using the Visitor Pattern
CVE-2021-44228-PoC-log4j-bypass-words - 🐱💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks
dbeaver - Free universal database tool and SQL client
Damn-Vulnerable-Bank - Damn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to assess your android application security hacking skills.
narcissus - A library for bypassing all of Java's security mechanisms, visibility checks, and encapsulation measures via the JNI API
ssslasher - Multithreaded and easy to use SSH password dictionnary bruteforcer written in Python and Java.