ysoserial
Deserialization exploit tool
Generates payloads to exploit unsafe Java object deserialization vulnerabilities
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
8k stars
213 watching
2k forks
Language: Java
last commit: 8 months ago
Linked from 1 awesome list
deserializationexploitgadgetjavajavadeserjvmpocserializationvulnerability
vavkamil/awesome-bugbounty-toolsRelated projects:
| Repository | Description | Stars |
|---|---|---|
 pwntester/ysoserial.net | Generates payloads to exploit unsafe .NET object deserialization. | 3,237 |
 grrrdog/java-deserialization-cheat-sheet | A cheat sheet providing guidance on deserialization vulnerabilities in Java applications | 3,035 |
 bishopfox/gadgetprobe | Tools for analyzing and exploiting vulnerabilities in Java deserialization vulnerabilities | 585 |
| frohoff/owaspsd-deserialize-my-shorts | A presentation and discussion on the security risks of deserialization in Java object graphs. | 5 |
 artsploit/yaml-payload | A utility for generating deserialization payloads in SnakeYAML format to exploit certain security vulnerabilities | 564 |
 joaomatosf/javadeserh2hc | A lab project providing code samples and tools to understand deserialization vulnerabilities in Java applications. | 491 |
 jackofmosttrades/gadgetinspector | Analyzes Java applications for potential deserialization gadget chains to help identify vulnerabilities and prioritize remediation. | 996 |
 netspi/javaserialkiller | A Burp extension that enables Java Deserialization Attacks using a payload generator tool | 208 |
 kantega/notsoserial | An agent that prevents deserialization attacks by making certain classes unserializable | 185 |
 ioactive/burpjdser-ng | A tool to deserialize Java objects to XML and load classes/jars dynamically. | 15 |
 jhipster/generator-jhipster | A development platform to generate and deploy modern web applications using various frameworks and tools. | 21,578 |
 myblackmanba/cve-2021-29505 | Reproducing and analyzing the CVE-2021-29505 vulnerability in Java's XStream deserialization process | 5 |
 federicodotta/java-deserialization-scanner | A plugin for detecting and exploiting vulnerabilities in Java deserialization | 775 |
 mbechler/marshalsec | Analyzes and exploits vulnerabilities in Java marshalling libraries to demonstrate potential code execution | 3,403 |
 mogwailabs/rmi-deserialization | Demonstrating vulnerabilities in Java RMI services | 101 |