This archive contains a collection of WAR and EAR compatible stagers that use a variety of communication methods to communicate back to the attacker - even if the only open port is the HTTP/JNDI port, or even if no incoming ports are open but the victim can call back (which can be tricky as usually WARs and EARs are initialized on demand).
e0adf72b3398c73749efe6bac7d251e6948e7d500a2ba499bf1a5c34ac8e26fc
This archive contains a collection of pure Java payloads, from simple Shell and UpExec payloads (which need - to some degree - platform dependent parameters), to a JSh ("Java Shell") payload that supports an interactive shell to query system properties, run applications, open TCP connections, navigate the filesystem and read/write text files. Basic job control enables to run more than one command or TCP session via a single exploited session. These payloads are modular, consisting of three parts: loaders, stagers and stages. Loaders, stagers and stages can be combined arbitrarily, and the stages and stagers can also be used to integrate them into other exploit frameworks like Metasploit (if you are more Ruby-literate than me). There are also examples included how to call these payloads from standalone applications, signed Java applets, OpenOffice macros or via JDWP debug connections.
747a1606b26df9100754057d92a18c72898b1aac62e7ff7f66444ab2423ae003
File system investigator is a forensic tool that allows viewing of ReiserFS and EXT2/3. While primarily intended as a forensics tool, it is also useful for Linux users who dual boot with another OS; it allows them to view and extract files from their partitions. Written in Java.
148555dee50322a3e971221b0dbbc7586dd326ef3093e5fee993332a6624ddd3
File system investigator is a forensic tool that allows viewing of ReiserFS and EXT2/3. While primarily intended as a forensics tool, it is also useful for Linux users who dual boot with another OS; it allows them to view and extract files from their partitions. Written in Java.
ff77e35b4af3b2748931ca729dec505f63df89a427f7fc9ba9fccbf0f3aeada3
Network Packet Capture Facility for Java is a set of Java classes that provide an interface and system for network packet capture. A protocol library and tool for visualizing network traffic is included. It utilizes libpcap, a widely used system library for packet capture.
616e1a7278e241b405b39db8e0ff62f4f9ccbbda0582e4bdc109ed2e29eaa6fb
Hextodec.java is a simple hex ip to dec ip converter which can be useful for many things, among them is finding the ips of users on java chats similar to the one on www.ircnet.com.
b5b882ab25a1150a4d183e519a87dd5f9c1b71feb6698daacae9fed65245966b
Java simple tcp port scanner. Very portable.
c5af99140d07b64b6725cdcec21738daef34260b3729fb7a3d21204185e32e0c
Secura is an open source cross platform java crypto package. Jar available here.
acf7db722cae09a47aea5da574ec7b5987a73d183e902e4cc9da92e568481ee0
java.security.AccessController can cause Sun derived JVM to crash. Tested on v1.3.1. Article available here.
d54b65e6f002a4b975ed045bad4a8fcda3b0d5fb0f199835727b51f75d88aaa0
Proxy Toolkit is coded in Java and checks to see what information a web proxy forwards.
29df10b97dc837a93d9fbf6d310c5ccfc8236ae4560a8bdac470fa265c494422
MindTerm is a complete ssh-client in pure java which can be used either as a standalone java-application or as a java-applet. Includes a vt102/xterm-terminal with the ssh protocol and also "drop-in" socket replacements to use ssh tunnels transparently from a java application/applet.
f61d2b74017f34d562ef1f8005602a6819466baf7b6498a42f91e32a9baad685
The Marvin Obfuscater rewrites Java applications in a way that makes it almost impossible to decompile them and understand their inner workings.
36eefe20974a847ba0aea32ac4993e8c9a8a7b31f92d74c8263cb61ab2edde47
Sneaky Pete is a java program which lets you input an alphabetic passphrase into a computer without using a keyboard, thus foiling keylogging software/hardware. It also incorporates anti-TEMPEST fonts to make it harder for monitor-scanners to see what letters are on your display.
93beb1efc57a9397ed67dd64e1510987e1481359afba0055c83617c4bbb54338
MindTerm is a complete ssh-client in pure java which can be used either as a standalone java-application or as a java-applet. Includes a vt102/xterm-terminal with the ssh protocol and also "drop-in" socket replacements to use ssh tunnels transparently from a java application/applet.
bd773bec00af0e7d8bcc99ef91ef50f897b8e537c10e4aebd81edb326fa08f81
MindTerm is a complete ssh-client in pure java which can be used either as a standalone java-application or as a java-applet. Includes a vt102/xterm-terminal with the ssh protocol and also "drop-in" socket replacements to use ssh tunnels transparently from a java application/applet.
36b73f3dcb05c96281c1d2e354b7df64078559e80ebc22d9517b6d1729fe5f51
This Java script will cause Internet Explorer to consume 100% resources.
37fd1eabbdbe8272dd0ce763e7f8d8c888aeb4e557e21eba18d3ac7943018484
Shell In A Box provides shell access to a server from within any Java-enabled Web browser. Requests are tunneled over HTTP using the same proxy settings that the browser uses. On the server, it installs as a CGI program, and there is no client-side installation necessary. It sports full VT102 emulation with Unicode support, international font files, ANSI colors, a scrollback buffer, mouse position reporting, clipboard support, and user-configurable emulation modes. All user preferences are stored as cookies in the client's browser.
bab597954c3f02125d4b13bcb88954599602b33329b4ce52df6299fcffb5f9ea
MindTerm is a complete GPL'd ssh-client in pure java which can be used either as a standalone java-application or as a java-applet. Includes a vt102/xterm-terminal with the ssh protocol and also "drop-in" socket replacements to use ssh tunnels transparently from a java application/applet.
ec96c48385cd58025243e1c2925497216c44b890432e4900de31255d59b293e3
Secure FTP is a client package that allows for a secure connection to be made to an FTP daemon. In this release, we support connecting via the Secure Sockets Layer. This client is supported on Windows and any Unix platform where a Java 2 (or Swing) runtime environment is present. It was written in 100% Pure Java and can act as either an application or an applet.
b7e3b9759b71158776ea56defbffbe8684fda83e7caebdfc1f97d39ddc158e8b
Java ftp login scanner is a multithreaded tool which scans ftp sites for a certain user.
0ca0c45899e4dc186b34df4c304fb411ff3ea49bfc3e06ac23f5c68068c135a5
Cum Security Toolkit (cst v1.0) - Contains a scriptscanner and a portscanner Coded in Java. The http-script scanner features the ability to use a proxy server, a scripts-to-scan database, anti-IDS url encoding, fake "X-Forwarded-For:" header, and uses fake "Referer: " info. The port scanner is a full TCP connection scanner which can scan port ranges and grab banners.
4a48a8b8b4f3c855330733200affaf3d5fdca4f02a949b6e0d9a50938eab9560
Jport is a simple Java portscanner. Source and binary included. Works best under linux, uses 150 threads. The New version has more features than ever including Port Identifications and New Threading System Increases Speed.
e9b358fa969b04de8f60451731c2236d117a412656235d7b93a8a5e56aab9343
MindTerm is a complete ssh-client in pure java. It can be used either as a standalone java-application or as a java- applet. The source-code is freely available (GPL). Three packages of importance are provided, terminal, ssh, and security. The terminal package is a rather complete vt102/xterm-terminal. The ssh-package contains the ssh- protocol and also "drop-in" socket replacements to use ssh- tunnels transparently from a java application/applet. It also contains functionality to realize a ssh-server. Finally the security package contains RSA, DES, 3DES, RC4 and Blowfish ciphers.
7b2ac91d1bd9578c2eef264a4cdd776c1b5f84b36cb4f31b4ab466c58c3211a3
JFwadmin is a Java 2 high-level X11 tool for ipchains. The GUI displays easy-to-understand services. Features include boot scripts generation, firewall save and restore, automatic interface and IP address and routes detection, and current firewall configuration display.
a80573d3cd212e7e45aa2cb8102be9da230368247fd6e3df5d0a857857234495
Jport is a simple Java portscanner. Source and binary included. Works best under linux, uses 150 threads.
df9b35e71711661319d2f111f6300beacbe6068795407489e86ac27bfe0424d7