There are 0 repository under jndi topic.
80+ Gadgets(30 More than ysoserial). JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and provide background services by starting RMI server,LDAP server and HTTP server.
Common Exploitation Techniques for Java RCE Vulnerabilities in Real-World Scenarios | 实战场景较通用的 Java Rce 相关漏洞的利用方式
一款用于JNDI注入利用的工具,大量参考/引用了Rogue JNDI项目的代码,支持直接植入内存shell,并集成了常见的bypass 高版本JDK的方式,适用于与自动化工具配合使用。
Tool that runs a test to check whether one of your applications is affected by the recent vulnerabilities in log4j: CVE-2021-44228 and CVE-2021-45046
Abuse Log4J CVE-2021-44228 to patch CVE-2021-44228 in vulnerable Minecraft game sessions to prevent exploitation in the session :)
A repository of Jboss CLI snippets
A drop in replacement for the standard Tomcat DataSourceFactory that allows the database connection password to be encrypted using a symmetric key for the purposes of security.
Selection of ways to remove JndiLookup in now obsolete Minecraft versions, or versions that still have log4j < 2.10 and is unable to use `-Dlog4j2.formatMsgNoLookups=true`
A minimalistic LDAP server that is meant for test vulnerability to JNDI+LDAP injection attacks in Java, especially CVE-2021-44228.
JNDI-Exploit is an exploit on Java Naming and Directory Interface (JNDI) from the deleted project fromthe user feihong on GitHub.
yet another log4shell scanner
Spring boot application that connects to multiple databases using multiple JNDI dataSources configured on apache tomcat server.
My Utility, Servlet 3.0, JAX-RS, CDI, JTA, JSF Tag Libraries and JCA classes for web application development
Example using Azure MSI library from Spring/JNDI application https://github.com/lenisha/msi-mssql-jdbc article:
Sending free Email from Gmail based on Scheduler
Apache Log4j2 CVE-2021-44228 RCE Demo with RMI and LDAP
Java naming context (JNDI) for WildFly using Kubernetes as backend.
JPoker24 is a game that leverages RMI, JDBC, JNDI, and JMS to support multi-player, multi- room and network play.