Bort-Millipede/WLT3Serial external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

Bort-Millipede/WLT3Serial

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/Bort-Millipede/WLT3Serial)

Close

Bort-Millipede / WLT3SerialView on GitHubMore

• External links
• Readme badge

Native Java-based deserialization exploit for WebLogic T3 (and T3S) listeners.

☆34Mar 2, 2020Updated 6 years ago

Alternatives and similar repositories for WLT3Serial

Users that are interested in WLT3Serial are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• mogwailabs / deserialization-filter-blacklists

  View on GitHub
  Native Java serialization filter blacklist for common gadgets
  ☆20Sep 12, 2019Updated 6 years ago
• mogwailabs / rmi-deserialization

  View on GitHub
  Slides/Demos from the BSides Munich 2019 talk "Attacking Java RMI in 2019"
  ☆101Sep 20, 2019Updated 6 years ago
• Contrast-Security-OSS / joogle

  View on GitHub
  A static analysis API for finding deserialization attack gadgets
  ☆39Nov 7, 2022Updated 3 years ago
• metalnas / loubia

  View on GitHub
  Python script to exploit java unserialize on t3 (Weblogic)
  ☆59Aug 9, 2017Updated 8 years ago
• codeplutos / MySQL-JDBC-Deserialization-Payload

  View on GitHub
  MySQL JDBC Deserialization Payload / MySQL客户端jdbc反序列化漏洞payload
  ☆13Feb 8, 2020Updated 6 years ago
• AI Agents on DigitalOcean Gradient AI Platform • Ad
  Build production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
• pwntester / XStreamServer

  View on GitHub
  RCE Exploit PoC for Spring based RESTFul APIs using XStream as Unmarshaler
  ☆20Dec 24, 2013Updated 12 years ago
• codeplutos / java-stack-trace

  View on GitHub
  ☆18Jul 30, 2018Updated 7 years ago
• Lonely-night / fastjson_gadgets_scanner

  View on GitHub
  ☆131Jun 17, 2022Updated 3 years ago
• pwntester / SerialKillerBypassGadgetCollection

  View on GitHub
  Collection of bypass gadgets to extend and wrap ysoserial payloads
  ☆387Apr 16, 2022Updated 4 years ago
• ceclin / 0ctf-2021-finals-soln-buggy-loader

  View on GitHub
  solution to buggyLoader of 0CTF/TCTF 2021 Finals
  ☆20Sep 27, 2021Updated 4 years ago
• BishopFox / GadgetProbe

  View on GitHub
  Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.
  ☆614Mar 4, 2021Updated 5 years ago
• Ant-FG-Lab / non_RCE

  View on GitHub
  ☆41Mar 10, 2021Updated 5 years ago
• voidfyoo / rwctf-2021-old-system

  View on GitHub
  ☆78Jan 12, 2021Updated 5 years ago
• Barro / java-afl

  View on GitHub
  Binary rewriting approach with fork server support to fuzz Java applications with afl-fuzz.
  ☆91May 3, 2018Updated 8 years ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• langligelang / maobugs

  View on GitHub
  java 漏洞平台包含各种CVE
  ☆23Jun 17, 2022Updated 3 years ago
• Ramos-dev / R9000

  View on GitHub
  ☆56Apr 27, 2020Updated 6 years ago
• qtc-de / beanshooter

  View on GitHub
  JMX enumeration and attacking tool.
  ☆503Jun 26, 2025Updated 10 months ago
• ODDFuzz / ODDFuzz

  View on GitHub
  S&P2023 Paper
  ☆39Aug 20, 2022Updated 3 years ago
• BishopFox / rmiscout

  View on GitHub
  RMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities
  ☆448Sep 7, 2022Updated 3 years ago
• atorralba / GHSL_CTF_4

  View on GitHub
  My solution for GitHub Security Lab CTF 4: CodeQL and Chill - The Java Edition
  ☆19Jun 10, 2020Updated 5 years ago
• hktalent / CVE_2020_2546

  View on GitHub
  CVE-2020-2546，CVE-2020-2915 CVE-2020-2801 CVE-2020-2798 CVE-2020-2883 CVE-2020-2884 CVE-2020-2950 WebLogic T3 payload exploit poc pyth…
  ☆133Mar 5, 2023Updated 3 years ago
• doyensec / ajpfuzzer

  View on GitHub
  A command-line fuzzer for the Apache JServ Protocol (ajp13)
  ☆96Nov 15, 2022Updated 3 years ago
• matthiaskaiser / jmet

  View on GitHub
  Java Message Exploitation Tool
  ☆511Jul 6, 2022Updated 3 years ago
• Serverless GPU API endpoints on Runpod - Get Bonus Credits • Ad
  Skip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
• Ruil1n / after-deserialization-attack

  View on GitHub
  Java After-Deserialization Attack
  ☆78Apr 26, 2021Updated 5 years ago
• frohoff / inspector-gadget

  View on GitHub
  Primitive tool for exploring/querying Java classes via the Tinkerpop Gremlin graph traversal language
  ☆108May 12, 2016Updated 9 years ago
• r3dxpl0it / Apache-Superset-Remote-Code-Execution-PoC-CVE-2018-8021

  View on GitHub
  CVE-2018-8021 Proof-Of-Concept and Exploit
  ☆105Dec 3, 2018Updated 7 years ago
• x41sec / BeanStack

  View on GitHub
  X41 BeanStack - Stack Trace Fingerprinting BETA
  ☆54Dec 3, 2025Updated 5 months ago
• mishmashclone / GrrrDog-Java-Deserialization-Cheat-Sheet

  View on GitHub
  https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet
  ☆54Sep 11, 2021Updated 4 years ago
• mackleadmire / CVE-2018-3191-Rce-Exploit

  View on GitHub
  ☆17Oct 25, 2018Updated 7 years ago
• any-how / Getinfo_phpinfo

  View on GitHub
  提取phpinfo()敏感信息
  ☆11Nov 23, 2018Updated 7 years ago
• mogwailabs / mjet

  View on GitHub
  MOGWAI LABS JMX exploitation toolkit
  ☆206Mar 13, 2023Updated 3 years ago
• veracode-research / solr-injection

  View on GitHub
  Apache Solr Injection Research
  ☆581Jan 28, 2020Updated 6 years ago
• Deploy to Railway using AI coding agents - Free Credits Offer • Ad
  Use Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
• 5up3rc / weblogic_cmd

  View on GitHub
  weblogic t3 deserialization rce
  ☆268Jul 13, 2017Updated 8 years ago
• d2iq-archive / kubernetes-security-benchmark

  View on GitHub
  A simple way to evaluate the security of your Kubernetes deployment against sets of best practices defined by various community sources
  ☆28Jan 31, 2020Updated 6 years ago
• alt3kx / CVE-2021-21985_PoC

  View on GitHub
  ☆214Jan 19, 2023Updated 3 years ago
• secure-software-engineering / PointerBench

  View on GitHub
  A points-to and alias analysis benchmark suite
  ☆42Sep 24, 2018Updated 7 years ago
• inspiringz / Shiro-721

  View on GitHub
  Shiro-721 RCE Via RememberMe Padding Oracle Attack
  ☆268Oct 29, 2020Updated 5 years ago
• pyn3rd / Apache-Tomcat-MongoDB-Remote-Code-Execution

  View on GitHub
  Apache Tomcat + MongoDB Remote Code Execution
  ☆114Jan 15, 2021Updated 5 years ago
• irsl / jackson-rce-via-spel

  View on GitHub
  An example project that exploits the default typing issue in Jackson-databind via Spring application contexts and expressions
  ☆124Jan 9, 2018Updated 8 years ago