GadgetProbe

Deserialization scanner

Tools for analyzing and exploiting vulnerabilities in Java deserialization vulnerabilities

Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.

GitHub

587 stars
17 watching
95 forks
Language: Java
last commit: almost 4 years ago
Linked from 1 awesome list

burp-extensionsjavajava-deserializationjavassistpentest-toolspentestingsecurity-tools

Backlinks from these awesome lists:

Related projects:

Repository Description Stars
jackofmosttrades/gadgetinspector Analyzes Java applications for potential deserialization gadget chains to help identify vulnerabilities and prioritize remediation. 1,005
federicodotta/java-deserialization-scanner A plugin for detecting and exploiting vulnerabilities in Java deserialization 775
directdefense/superserial A Burp Suite Extender to identify Java Deserialization vulnerabilities in client requests and server responses. 9
netspi/javaserialkiller A Burp extension that enables Java Deserialization Attacks using a payload generator tool 208
nccgroup/freddy A tool to detect and exploit deserialization vulnerabilities in Java and .NET applications. 574
portswigger/backslash-powered-scanner An extension for Burp Suite that scans for unknown classes of injection vulnerabilities using a novel approach 643
gauravnarwani97/trishul Automated vulnerability detection tool for web applications 235
vulnerscom/burp-vulners-scanner A tool that searches for vulnerabilities in web applications using an external API 836
joaomatosf/javadeserh2hc A lab project providing code samples and tools to understand deserialization vulnerabilities in Java applications. 497
mbechler/serianalyzer Analyzes Java bytecode to identify potential deserialization vulnerabilities. 240
bishopfox/zigdiggity A toolkit for testing and exploiting ZigBee networks to identify vulnerabilities in IoT devices 265
codewatchorg/burp-indicatorsofvulnerability A Burp extension that scans application traffic for signs of vulnerabilities and potential attack targets 41
gand3lf/semgrepper An extension to Burp Suite that integrates Semgrep for vulnerability scanning and analysis 88
peachtech/peachapisec-burp Integration between Burp and Peach API Security for automated security testing of web APIs. 2
portswigger/httpoxy-scanner Tools to help identify vulnerabilities in web applications using HTTPoxy scanning. 90