SWAT
Deserialization Whitelist Agent
An agent-based tool to create and manage a whitelist of whitelisted classes for protection against malicious Java deserialization attacks
Serial Whitelist Application Trainer
29 stars
3 watching
5 forks
Language: Java
last commit: over 5 years ago Related projects:
| Repository | Description | Stars |
|---|---|---|
 kantega/notsoserial | An agent that prevents deserialization attacks by making certain classes unserializable | 185 |
 netspi/javaserialkiller | A Burp extension that enables Java Deserialization Attacks using a payload generator tool | 208 |
 nccgroup/freddy | A tool to detect and exploit deserialization vulnerabilities in Java and .NET applications. | 573 |
 federicodotta/java-deserialization-scanner | A plugin for detecting and exploiting vulnerabilities in Java deserialization | 775 |
 ikkisoft/serialkiller | A Java deserialization library designed to secure applications by inspecting and controlling class loading during object deserialization | 405 |
 directdefense/superserial | A Burp Suite Extender to identify Java Deserialization vulnerabilities in client requests and server responses. | 9 |
| directdefense/superserial-active | An active Java deserialization vulnerability identifier and exploiter | 7 |
 bishopfox/gadgetprobe | Tools for analyzing and exploiting vulnerabilities in Java deserialization vulnerabilities | 585 |
 mbechler/serianalyzer | Analyzes Java bytecode to identify potential deserialization vulnerabilities. | 241 |
 elastic/swat | A tool designed to simulate malicious behavior against Google Workspace environments for threat research and detection rule effectiveness testing | 161 |
 kbss-cvut/jb4jsonld | A Java library for serializing and deserializing objects to JSON-LD format using annotations. | 12 |
 chrisallenlane/novahot | A webshell framework for penetration testers to interact with remote systems and execute system commands. | 295 |
 ioactive/burpjdser-ng | A tool to deserialize Java objects to XML and load classes/jars dynamically. | 15 |
 frohoff/owaspsd-deserialize-my-shorts | A presentation and discussion on the security risks of deserialization in Java object graphs. | 5 |
 mathewsanders/mustard | A Swift library for tokenizing strings with customizable matching behavior | 689 |