Category: Web Exploitation

XSS exploitation

toxssin: POST-XSS exploitation tool

toxssin toxssin is an open-source penetration testing tool that automates the process of exploiting Cross-Site Scripting (XSS) vulnerabilities. It consists of an https server that works as an interpreter for the traffic generated by...

Rogue RMI Registry

ermir: Evil Java RMI Registry

Ermir Ermir is an Evil/Rogue RMI Registry, it exploits unsecure deserialization on any Java code calling standard RMI methods on it (list()/lookup()/bind()/rebind()/unbind()). How does it work? java.rmi.registry.Registry offers 5 methods: list(), lookup(), bind(), rebind(), unbind(): public Remote lookup(String name): lookup()...