Ape1ron/SpringAopInDeserializationDemo1

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/Ape1ron/SpringAopInDeserializationDemo1)

Ape1ron / SpringAopInDeserializationDemo1

在spring-aop中新发现的反序列化gadget-chain

☆52

Alternatives and similar repositories for SpringAopInDeserializationDemo1

Users that are interested in SpringAopInDeserializationDemo1 are comparing it to the libraries listed below

Sorting:

Ape1ron / FastjsonInDeserializationDemo1
View on GitHub
高版本Fastjson在Java原生反序列化中的利用演示
☆26Jan 12, 2025Updated last year
KingBridgeSS / jdifferer
View on GitHub
☆65Sep 27, 2023Updated 2 years ago
flowerwind / AutoGenerateXalanPayload
View on GitHub
cve-2022-34169 延伸出的Jdk Xalan的payload自动生成工具，可根据不同的Jdk生成出其所对应的xslt文件
☆93Jan 17, 2023Updated 3 years ago
Y4Sec-Team / no-templates
View on GitHub
如果反序列化过程中使用resolveClass拉黑了TemplatesImpl如何绕过
☆53Sep 10, 2023Updated 2 years ago
woodpecker-appstore / jexpr-encoder-utils
View on GitHub
Java表达式语句生成器
☆194Oct 9, 2023Updated 2 years ago
fdu-sec / JDD
View on GitHub
☆206Oct 27, 2025Updated 4 months ago
luelueking / Deserial_Sink_With_JDBC
View on GitHub
Some ReadObject Sink With JDBC
☆243May 8, 2024Updated last year
datouo / CTF-Java-Gadget
View on GitHub
CTF-Java-Gadget专注于收集CTF中Java赛题的反序列化片段
☆282Dec 13, 2024Updated last year
luelueking / CVE-2022-25845-In-Spring
View on GitHub
CVE-2022-25845(fastjson1.2.80) exploit in Spring Env!
☆108Nov 7, 2024Updated last year
EkiXu / marshalexp
View on GitHub
☆23Jan 2, 2023Updated 3 years ago
silentEAG / RedTeamOps
View on GitHub
Use Rust to implement some Red Team techniques :)
☆13Nov 11, 2024Updated last year
nex121 / RuoyiGui
View on GitHub
☆26Dec 13, 2024Updated last year
LostZX / vcenter_tool
View on GitHub
☆32Apr 23, 2023Updated 2 years ago
kyo-w / router-router
View on GitHub
Java web路由内存分析工具
☆438May 22, 2025Updated 10 months ago
YYHYlh / Dubbo-Scan
View on GitHub
一款让你不只在dubbo-sample、vulhub或者其他测试环境里检测和利用成功的Apache Dubbo 漏洞检测工具。
☆171Aug 9, 2023Updated 2 years ago
Java-Chains / chains-plugin-demo
View on GitHub
Java Chains 插件编写 demo
☆15Mar 5, 2025Updated last year
luelueking / Fake_Kafka_Server
View on GitHub
☆79Nov 22, 2024Updated last year
Y4tacker / HackingFernFlower
View on GitHub
2023白帽补天大会部分代码
☆129Dec 26, 2023Updated 2 years ago
synacktiv / QLinspector
View on GitHub
Finding Java gadget chains with CodeQL
☆185Jan 14, 2025Updated last year
4ra1n / code-encryptor
View on GitHub
使用JNI加密字节码，通过JVMTI解密字节码以保护代码，支持自定义包名和密钥，使用魔法禁止黑客dump字节码
☆181Dec 4, 2024Updated last year
wangsz05 / LearnDemo
View on GitHub
☆16Oct 30, 2022Updated 3 years ago
whocansee / FilelessAgentMemShell
View on GitHub
无需文件落地Agent内存马生成器
☆249May 30, 2024Updated last year
Whoopsunix / utf-8-overlong-encoding
View on GitHub
抽离出 utf-8-overlong-encoding 的序列化逻辑，实现 2 3 字节加密序列化数组
☆140Mar 11, 2024Updated 2 years ago
B0T1eR / ysoSimple
View on GitHub
ysoSimple：简易的Java漏洞利用工具，集成Java反序列化，Hessian反序列化，XStream反序列化，SnakeYaml反序列化，Shiro550，JSF反序列化，SSTI模板注入，JdbcAttackPayload，JNDIAttack，字节码生成。
☆108Jan 20, 2026Updated 2 months ago
1ucky7 / MySQL_Fake_Server_for_woodpecker_yso
View on GitHub
MySQL_Fake_Server-啄木鸟yso适配版
☆45Sep 20, 2024Updated last year
l3yx / Java-RASP-Research-Env
View on GitHub
之前方便自己研究RASP原理和绕过时顺手写的，用于快速启动和重置RASP环境
☆71Oct 13, 2024Updated last year
Fushuling / fastjson_mysql
View on GitHub
Fastjson + MySQL 条件下不出网利用测试环境
☆49Dec 6, 2025Updated 3 months ago
threedr3am / jar-compatibility-detector
View on GitHub
安全升级jar包时，辅助检测Java Archive (JAR) 包之间兼容性，各类符号引用的存在检测，包括方法、方法签名、字段定义和引用、类引用等等
☆14Jul 7, 2024Updated last year
zilong3033 / ShiroScan
View on GitHub
burp插件 ShiroScan 主要用于框架、无dnslog key检测，在大佬的基础上加入shiro>1.2.42(AES GCM)
☆17May 6, 2021Updated 4 years ago
luelueking / jvm-sandbox-rasp
View on GitHub
一个基于jvm-sandbox高度定制化rasp
☆58Sep 28, 2023Updated 2 years ago
c0ny1 / java-object-searcher
View on GitHub
java内存对象搜索辅助工具
☆823Sep 23, 2022Updated 3 years ago
aaaademo / Confluence-EvilJar
View on GitHub
配合 CVE-2023-22515 后台上传jar包实现RCE
☆23Nov 9, 2023Updated 2 years ago
pen4uin / java-echo-generator
View on GitHub
一款支持自定义的 Java 回显载荷生成工具｜A customizable Java echo payload generation tool.
☆462Jan 12, 2025Updated last year
yezere / codeql_n1ght
View on GitHub
方便自己搭建codeql环境和数据库的工具。
☆64Aug 16, 2025Updated 7 months ago
suizhibo / MemShellKiller
View on GitHub
基于Agent技术实现的Java内存马查杀、防护工具。
☆94Jul 25, 2024Updated last year
freeFV / ShortPayload
View on GitHub
如何将Java反序列化Payload极致缩小
☆70Jan 18, 2022Updated 4 years ago
Sndav / coffee
View on GitHub
Coffee is a loader for ELF (Executable and Linkable Format) object files written in Rust. Coffee是一个用Rust语言编写的ELF object文件的加载器
☆63Apr 29, 2024Updated last year
yzddmr6 / Java-Js-Engine-Payloads
View on GitHub
Java Js Engine Payloads All in one
☆291Aug 21, 2023Updated 2 years ago
H4cking2theGate / ysogate
View on GitHub
Java反序列化/JNDI注入/恶意类生成工具，支持多种高版本bypass，支持回显/内存马等多种扩展利用。
☆148Mar 11, 2026Updated last week