Bort-Millipede/WLT3Serial external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

Bort-Millipede/WLT3Serial

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/Bort-Millipede/WLT3Serial)

Close

Bort-Millipede / WLT3SerialView on GitHubMore

• External links
• Readme badge

Native Java-based deserialization exploit for WebLogic T3 (and T3S) listeners.

☆34Mar 2, 2020Updated 6 years ago

Alternatives and similar repositories for WLT3Serial

Users that are interested in WLT3Serial are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• mogwailabs / deserialization-filter-blacklists

  View on GitHub
  Native Java serialization filter blacklist for common gadgets
  ☆20Sep 12, 2019Updated 6 years ago
• mogwailabs / rmi-deserialization

  View on GitHub
  Slides/Demos from the BSides Munich 2019 talk "Attacking Java RMI in 2019"
  ☆101Sep 20, 2019Updated 6 years ago
• Contrast-Security-OSS / joogle

  View on GitHub
  A static analysis API for finding deserialization attack gadgets
  ☆38Nov 7, 2022Updated 3 years ago
• metalnas / loubia

  View on GitHub
  Python script to exploit java unserialize on t3 (Weblogic)
  ☆59Aug 9, 2017Updated 8 years ago
• codeplutos / MySQL-JDBC-Deserialization-Payload

  View on GitHub
  MySQL JDBC Deserialization Payload / MySQL客户端jdbc反序列化漏洞payload
  ☆13Feb 8, 2020Updated 6 years ago
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
• pwntester / XStreamServer

  View on GitHub
  RCE Exploit PoC for Spring based RESTFul APIs using XStream as Unmarshaler
  ☆20Dec 24, 2013Updated 12 years ago
• codeplutos / java-stack-trace

  View on GitHub
  ☆18Jul 30, 2018Updated 7 years ago
• Lonely-night / fastjson_gadgets_scanner

  View on GitHub
  ☆131Jun 17, 2022Updated 3 years ago
• pwntester / SerialKillerBypassGadgetCollection

  View on GitHub
  Collection of bypass gadgets to extend and wrap ysoserial payloads
  ☆387Apr 16, 2022Updated 3 years ago
• ceclin / 0ctf-2021-finals-soln-buggy-loader

  View on GitHub
  solution to buggyLoader of 0CTF/TCTF 2021 Finals
  ☆20Sep 27, 2021Updated 4 years ago
• BishopFox / GadgetProbe

  View on GitHub
  Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.
  ☆612Mar 4, 2021Updated 5 years ago
• Ant-FG-Lab / non_RCE

  View on GitHub
  ☆41Mar 10, 2021Updated 5 years ago
• voidfyoo / rwctf-2021-old-system

  View on GitHub
  ☆78Jan 12, 2021Updated 5 years ago
• Barro / java-afl

  View on GitHub
  Binary rewriting approach with fork server support to fuzz Java applications with afl-fuzz.
  ☆91May 3, 2018Updated 7 years ago
• Managed Kubernetes at scale on DigitalOcean • Ad
  DigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
• langligelang / maobugs

  View on GitHub
  java 漏洞平台包含各种CVE
  ☆23Jun 17, 2022Updated 3 years ago
• Ramos-dev / R9000

  View on GitHub
  ☆57Apr 27, 2020Updated 5 years ago
• qtc-de / beanshooter

  View on GitHub
  JMX enumeration and attacking tool.
  ☆500Jun 26, 2025Updated 9 months ago
• ODDFuzz / ODDFuzz

  View on GitHub
  S&P2023 Paper
  ☆39Aug 20, 2022Updated 3 years ago
• BishopFox / rmiscout

  View on GitHub
  RMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities
  ☆447Sep 7, 2022Updated 3 years ago
• atorralba / GHSL_CTF_4

  View on GitHub
  My solution for GitHub Security Lab CTF 4: CodeQL and Chill - The Java Edition
  ☆19Jun 10, 2020Updated 5 years ago
• hktalent / CVE_2020_2546

  View on GitHub
  CVE-2020-2546，CVE-2020-2915 CVE-2020-2801 CVE-2020-2798 CVE-2020-2883 CVE-2020-2884 CVE-2020-2950 WebLogic T3 payload exploit poc pyth…
  ☆133Mar 5, 2023Updated 3 years ago
• doyensec / ajpfuzzer

  View on GitHub
  A command-line fuzzer for the Apache JServ Protocol (ajp13)
  ☆97Nov 15, 2022Updated 3 years ago
• matthiaskaiser / jmet

  View on GitHub
  Java Message Exploitation Tool
  ☆511Jul 6, 2022Updated 3 years ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• Ruil1n / after-deserialization-attack

  View on GitHub
  Java After-Deserialization Attack
  ☆78Apr 26, 2021Updated 4 years ago
• frohoff / inspector-gadget

  View on GitHub
  Primitive tool for exploring/querying Java classes via the Tinkerpop Gremlin graph traversal language
  ☆110May 12, 2016Updated 9 years ago
• r3dxpl0it / Apache-Superset-Remote-Code-Execution-PoC-CVE-2018-8021

  View on GitHub
  CVE-2018-8021 Proof-Of-Concept and Exploit
  ☆106Dec 3, 2018Updated 7 years ago
• x41sec / BeanStack

  View on GitHub
  X41 BeanStack - Stack Trace Fingerprinting BETA
  ☆53Dec 3, 2025Updated 4 months ago
• mishmashclone / GrrrDog-Java-Deserialization-Cheat-Sheet

  View on GitHub
  https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet
  ☆54Sep 11, 2021Updated 4 years ago
• mackleadmire / CVE-2018-3191-Rce-Exploit

  View on GitHub
  ☆17Oct 25, 2018Updated 7 years ago
• any-how / Getinfo_phpinfo

  View on GitHub
  提取phpinfo()敏感信息
  ☆11Nov 23, 2018Updated 7 years ago
• mogwailabs / mjet

  View on GitHub
  MOGWAI LABS JMX exploitation toolkit
  ☆205Mar 13, 2023Updated 3 years ago
• veracode-research / solr-injection

  View on GitHub
  Apache Solr Injection Research
  ☆581Jan 28, 2020Updated 6 years ago
• Wordpress hosting with auto-scaling - Free Trial • Ad
  Fully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
• 5up3rc / weblogic_cmd

  View on GitHub
  weblogic t3 deserialization rce
  ☆268Jul 13, 2017Updated 8 years ago
• d2iq-archive / kubernetes-security-benchmark

  View on GitHub
  A simple way to evaluate the security of your Kubernetes deployment against sets of best practices defined by various community sources
  ☆28Jan 31, 2020Updated 6 years ago
• alt3kx / CVE-2021-21985_PoC

  View on GitHub
  ☆214Jan 19, 2023Updated 3 years ago
• secure-software-engineering / PointerBench

  View on GitHub
  A points-to and alias analysis benchmark suite
  ☆42Sep 24, 2018Updated 7 years ago
• inspiringz / Shiro-721

  View on GitHub
  Shiro-721 RCE Via RememberMe Padding Oracle Attack
  ☆268Oct 29, 2020Updated 5 years ago
• pyn3rd / Apache-Tomcat-MongoDB-Remote-Code-Execution

  View on GitHub
  Apache Tomcat + MongoDB Remote Code Execution
  ☆114Jan 15, 2021Updated 5 years ago
• QAX-A-Team / WeblogicEnvironment

  View on GitHub
  Weblogic环境搭建工具
  ☆795Apr 23, 2020Updated 5 years ago