It can be either a JNDIExploit or a ysoserial.
-
Updated
May 13, 2024 - Java
It can be either a JNDIExploit or a ysoserial.
ZKar is a Java serialization protocol analysis tool implement in Go.
JMX enumeration and attacking tool.
Programmatically create hunting rules for deserialization exploitation with multiple keywords, gadget chains, object types, encodings, and rule types
Some codes for bypassing Oracle WebLogic CVE-2018-2628 patch
RmiTaste allows security professionals to detect, enumerate, interact and exploit RMI services by calling remote methods with gadgets from ysoserial.
proof-of-concept for generating Java deserialization payload | Proxy MemShell 反序列化概念验证 | 动态代理实现内存马
Some PoC (Proof-of-Concept) about vulnerability of java deserialization of untrusted data
🌊 Dockerfiles for apps I use. Also take a look at https://github.com/security-dockerfiles
Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.
ysoserial A collection of works by various masters
Automates generating Java serialized payload wordlist with Ysoserial and associated compression/encoding
Add a description, image, and links to the ysoserial topic page so that developers can more easily learn about it.
To associate your repository with the ysoserial topic, visit your repo's landing page and select "manage topics."