Java-Deserialization-Cheat-Sheet
Java deserialization guide
A cheat sheet providing guidance on deserialization vulnerabilities in Java applications
The cheat sheet about Java Deserialization vulnerabilities
3k stars
138 watching
599 forks
last commit: over 1 year ago
Linked from 2 awesome lists
java-deserializationjavadeserpentesting
coreb1t/awesome-pentest-cheat-sheets
bytesnipers/awesome-pentest-cheat-sheetsRelated projects:
| Repository | Description | Stars |
|---|---|---|
 bishopfox/gadgetprobe | Tools for analyzing and exploiting vulnerabilities in Java deserialization vulnerabilities | 585 |
 frohoff/ysoserial | Generates payloads to exploit unsafe Java object deserialization vulnerabilities | 7,789 |
 joaomatosf/javadeserh2hc | A lab project providing code samples and tools to understand deserialization vulnerabilities in Java applications. | 491 |
 myblackmanba/cve-2021-29505 | Reproducing and analyzing the CVE-2021-29505 vulnerability in Java's XStream deserialization process | 5 |
 federicodotta/java-deserialization-scanner | A plugin for detecting and exploiting vulnerabilities in Java deserialization | 775 |
 mbechler/marshalsec | Analyzes and exploits vulnerabilities in Java marshalling libraries to demonstrate potential code execution | 3,403 |
 mogwailabs/rmi-deserialization | Demonstrating vulnerabilities in Java RMI services | 101 |
 pwntester/ysoserial.net | Generates payloads to exploit unsafe .NET object deserialization. | 3,237 |
 netspi/javaserialkiller | A Burp extension that enables Java Deserialization Attacks using a payload generator tool | 208 |
 phishman3579/java-algorithms-implementation | A collection of implemented algorithms and data structures in Java | 4,454 |
 kbss-cvut/jb4jsonld | A Java library for serializing and deserializing objects to JSON-LD format using annotations. | 12 |
 nccgroup/freddy | A tool to detect and exploit deserialization vulnerabilities in Java and .NET applications. | 573 |
 jackofmosttrades/gadgetinspector | Analyzes Java applications for potential deserialization gadget chains to help identify vulnerabilities and prioritize remediation. | 996 |
 konloch/bytecode-viewer | A Java-based tool for analyzing and modifying Android APKs and other Java files | 14,699 |
 artsploit/yaml-payload | A utility for generating deserialization payloads in SnakeYAML format to exploit certain security vulnerabilities | 563 |