JNDI-Exploit-Kit

JNDI-Exploitation-Kit(A modified version of the great JNDI-Injection-Exploit created by @welk1n. This tool can be used to start an HTTP Server, RMI Server and LDAP Server to exploit java web apps vulnerable to JNDI Injection) (by pimps)
Add to my DEV experience Suggest topics
Source Code
JNDI-Exploit-Kit Reviews
Suggest alternative
Edit details
The modern identity platform for B2B SaaS
The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
workos.com
Sponsored

JNDI-Exploit-Kit Alternatives

Similar projects and alternatives to JNDI-Exploit-Kit

  • ysoserial

    13 JNDI-Exploit-Kit VS ysoserial

    A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

  • JNDI-Injection-Exploit-Plus

    3 JNDI-Exploit-Kit VS JNDI-Injection-Exploit-Plus

    80+ Gadgets(30 More than ysoserial). JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and provide background services by starting RMI server,LDAP server and HTTP server.

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

    WorkOS logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a better JNDI-Exploit-Kit alternative or higher similarity.
Suggest an alternative to JNDI-Exploit-Kit

JNDI-Exploit-Kit reviews and mentions

Posts with mentions or reviews of JNDI-Exploit-Kit. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2022-12-23.
  • Java deserialization payloads in log4j (Unified starting point)
    3 projects | /r/hackthebox | 23 Dec 2022
    So I've finished the unified box in stage 2 of the starting point and have tons of questions about the box. In the box they use veracode-research/rogue-jndi to exploit the log4j vulnerability. But when I test it with deserialize payload generated by frohoff/ysoserial it's not running. I've try to look at the java log in the challenge container but can't find anything that java complain or error out. Is it because the ysoserial payload too complex that it running but fail at some point and don't throw error or maybe the author just hard code so that only the payload from rogue-jndi work? can it's because of the java version/framework/library/weirdness? Do I need to test both kind of payload if I want to exploit log4j in the future or just stick with pimps/JNDI-Expoit-Kit or cckuailong/JNDI-Injection_Exploit-Plus (my senior recommendation when exploiting log4j).
  • pimps/JNDI-Exploit-Kit: added support to LDAP Serialized Payloads and attack path works in *ANY* java version
    1 project | /r/netsec | 13 Dec 2021

Stats

Basic JNDI-Exploit-Kit repo stats
2
872
0.0
over 2 years ago

pimps/JNDI-Exploit-Kit is an open source project licensed under MIT License which is an OSI approved license.

The primary programming language of JNDI-Exploit-Kit is Java.

Popular Comparisons

  1. JNDI-Exploit-Kit VS JNDI-Injection-Exploit-Plus
  2. JNDI-Exploit-Kit VS ysoserial

Sponsored
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com