Repository navigation

ysoserial

Website
Wikipedia

qi4L / JYso

JNDIExploit or a ysoserial.

Java attack jndi-injection web-security mem-shell middleware-echo jndi ldap rmi gadget ysoserial

Java

1669

190

2 个月前

cckuailong / JNDI-Injection-Exploit-Plus

80+ Gadgets(30 More than ysoserial). JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and provide background services by starting RMI server,LDAP server and HTTP server.

Exploit injection Java jndi ysoserial

Java

823

106

1 年前

phith0n / zkar

ZKar is a Java serialization protocol analysis tool implement in Go.

serialization ysoserial

625

6 个月前

qtc-de / beanshooter

JMX enumeration and attacking tool.

jmx mbean Java deserialization sasl ysoserial

Java

457

2 个月前

Whoopsunix / PPPYSO

proof-of-concept for generating Java deserialization payload | Proxy MemShell

memshell ysoserial Java serialization

Java

200

1 年前

mandiant / heyserial

Programmatically create hunting rules for deserialization exploitation with multiple keywords, gadget chains, object types, encodings, and rule types

deserialization yara snort ysoserial

YARA

144

2 年前

H4cking2theGate / ysogate

Java反序列化/JNDI注入/恶意类生成工具，支持多种高版本bypass，支持回显/内存马等多种扩展利用。

bypass deserialization-vulnerability Java ldap payload-generator rmi ysoserial

Java

116

14 天前

tdy218 / ysoserial-cve-2018-2628

Some codes for bypassing Oracle WebLogic CVE-2018-2628 patch

weblogic ysoserial

Java

114

7 年前

STMCyber / RmiTaste

RmiTaste allows security professionals to detect, enumerate, interact and exploit RMI services by calling remote methods with gadgets from ysoserial.

ysoserial attack java-rmi

Java

109

5 年前

emo-crab / ysoserial-rs

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

Rust ysoserial

Rust

3 年前

emo-crab / ysoserial-rs

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

Rust ysoserial

Rust

3 年前

EdoardoVignati / java-deserialization-of-untrusted-data-poc

Some PoC (Proof-of-Concept) about vulnerability of java deserialization of untrusted data

Java vulnerability deserialization ysoserial jboss Jenkins 安全 poc proof-of-concept

FreeMarker

4 年前

EdoardoVignati / java-deserialization-of-untrusted-data-poc

Some PoC (Proof-of-Concept) about vulnerability of java deserialization of untrusted data

Java vulnerability deserialization ysoserial jboss Jenkins 安全 poc proof-of-concept

FreeMarker

4 年前

ilyaglow / dockerfiles

🌊 Dockerfiles for apps I use. Also take a look at https://github.com/security-dockerfiles

jq wfuzz Dockerfile ysoserial tor goproxy misp thehive cortex

Dockerfile

5 年前

ilyaglow / dockerfiles

🌊 Dockerfiles for apps I use. Also take a look at https://github.com/security-dockerfiles

jq wfuzz Dockerfile ysoserial tor goproxy misp thehive cortex

Dockerfile

5 年前

aStrowxyu / Pysoserial

Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.

Java deserialization Python ysoserial

Python

4 年前

aStrowxyu / Pysoserial

Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.

Java deserialization Python ysoserial

Python

4 年前

aleenzz / ResourcesPayload

ResourcesPayload

ysoserial Hackathon-Kit deserialize

1 年前

ThunderSon / ysoserial-wrapper

Python wrapper for ysoserial

Python ysoserial

Python

6 年前

hktalent / ysoserial

ysoserial A collection of works by various masters

deserialization Java ysoserial

Java

1 年前