freddy
Deserialization tester
A tool to detect and exploit deserialization vulnerabilities in Java and .NET applications.
Automatically identify deserialisation issues in Java and .NET applications by using active and passive scans
573 stars
30 watching
105 forks
Language: Java
last commit: about 3 years ago Related projects:
| Repository | Description | Stars |
|---|---|---|
 federicodotta/java-deserialization-scanner | A plugin for detecting and exploiting vulnerabilities in Java deserialization | 775 |
 bishopfox/gadgetprobe | Tools for analyzing and exploiting vulnerabilities in Java deserialization vulnerabilities | 585 |
 netspi/javaserialkiller | A Burp extension that enables Java Deserialization Attacks using a payload generator tool | 208 |
 directdefense/superserial | A Burp Suite Extender to identify Java Deserialization vulnerabilities in client requests and server responses. | 9 |
 cschneider4711/swat | An agent-based tool to create and manage a whitelist of whitelisted classes for protection against malicious Java deserialization attacks | 29 |
 joaomatosf/javadeserh2hc | A lab project providing code samples and tools to understand deserialization vulnerabilities in Java applications. | 491 |
 myblackmanba/cve-2021-29505 | Reproducing and analyzing the CVE-2021-29505 vulnerability in Java's XStream deserialization process | 5 |
 kantega/notsoserial | An agent that prevents deserialization attacks by making certain classes unserializable | 185 |
 ikkisoft/serialkiller | A Java deserialization library designed to secure applications by inspecting and controlling class loading during object deserialization | 405 |
 mbechler/serianalyzer | Analyzes Java bytecode to identify potential deserialization vulnerabilities. | 241 |
 jackofmosttrades/gadgetinspector | Analyzes Java applications for potential deserialization gadget chains to help identify vulnerabilities and prioritize remediation. | 996 |
| directdefense/superserial-active | An active Java deserialization vulnerability identifier and exploiter | 7 |
 consensusfuzz/loki | A framework for detecting vulnerabilities in blockchain consensus protocols by generating targeted input to test their robustness | 11 |
 comparethemarket/fettle | An experimental tool for testing C# code by intentionally changing it to see if tests can detect the changes | 66 |
 fkie-cad/cwe_checker | Automated binary analysis tool to detect common software vulnerabilities | 1,134 |