在原有yso基础上实现依赖分离,内存马注入等功能。A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
☆68Sep 14, 2021Updated 4 years ago
Alternatives and similar repositories for ysoserial
Users that are interested in ysoserial are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- ☆231Jan 3, 2022Updated 4 years ago
- 改造BeichenDream/InjectJDBC加入shiro获取key和修改key功能☆279Nov 28, 2023Updated 2 years ago
- ☆525Sep 16, 2022Updated 3 years ago
- JavaAgent内存马☆17Jun 15, 2021Updated 4 years ago
- A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.☆357Sep 20, 2022Updated 3 years ago
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- [fastjson 1.2.80] CVE-2022-25845 aspectj fileread & groovy remote classload☆91Sep 2, 2022Updated 3 years ago
- (周瑜)Java - SpringBoot 持久化 WebShell(不仅仅是SpringBoot,适合任何符合JavaEE规范的服务)☆614Dec 29, 2021Updated 4 years ago
- A helpful Java Deserialization exploit framework.☆1,242Feb 17, 2025Updated last year
- JDBC Connection URL Attack☆443Sep 10, 2021Updated 4 years ago
- ysoserial修改版,着重修改ysoserial.payloads.util.Gadgets.createTemplatesImpl使其可以通过引入自定义class的形式来执行命令、内存马、反序列化回显。☆755Jan 11, 2024Updated 2 years ago
- 利用链、漏洞检测工具☆374Jul 31, 2024Updated last year
- FilterBased/ServletBased in memory shell for Tomcat and some other middlewares☆387Nov 6, 2020Updated 5 years ago
- 适用于weblogic和Tomcat的无文件的内存马(memshell)☆270Mar 4, 2022Updated 4 years ago
- 记录学习codeql的过程☆395Jun 9, 2023Updated 2 years ago
- DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- JavaPassDump☆273Jan 7, 2022Updated 4 years ago
- 一个Spring4Shell 被动式检测的Burp插件☆93Apr 8, 2022Updated 3 years ago
- Shiro内存马注入环境☆63May 3, 2021Updated 4 years ago
- A rouge mysql server supports reading files from most mysql libraries of multiple programming languages.☆758Dec 2, 2022Updated 3 years ago
- 编译原理学习代码仓库☆23Jan 17, 2022Updated 4 years ago
- Java web路由内存分析工具☆438May 22, 2025Updated 10 months ago
- ☆243Feb 28, 2026Updated last month
- 获取服务器或域控登录日志☆276Sep 8, 2023Updated 2 years ago
- 解决FastJson、Jackson、Log4j2、原生JNDI注入漏洞的高版本JDKBypass利用,探测本地可用反序列化gadget达到命令执行、回显命令执行、内存马注入☆774Jan 26, 2022Updated 4 years ago
- Simple, predictable pricing with DigitalOcean hosting • AdAlways know what you'll pay with monthly caps and flat pricing. Enterprise-grade infrastructure trusted by 600k+ customers.
- Fastjson扫描器,可识别版本、依赖库、autoType状态等。A tool to distinguish fastjson ,version and dependency☆1,051Oct 7, 2022Updated 3 years ago
- Java RCE 回显测试代码☆1,016Oct 15, 2020Updated 5 years ago
- ZKar is a Java serialization protocol analysis tool implement in Go.☆650Feb 15, 2025Updated last year
- gxor程序根据输入的二进制文件进行异或运算输出☆22Sep 13, 2021Updated 4 years ago
- Shiro-550 不依赖CC链利用工具☆450Jun 19, 2024Updated last year
- rmi打内存马工具,适用于目标用不了ldap的情况☆253Jul 12, 2023Updated 2 years ago
- 通过jsp脚本扫描java web Filter/Servlet型内存马☆990Mar 9, 2023Updated 3 years ago
- 内存加载FRP☆10Sep 11, 2023Updated 2 years ago
- weblogic历史漏洞利用工具☆91Jul 25, 2022Updated 3 years ago
- Wordpress hosting with auto-scaling on Cloudways • AdFully Managed hosting built for WordPress-powered businesses that need reliable, auto-scalable hosting. Cloudways SafeUpdates now available.
- 给woodpecker框架量身�定制的ysoserial☆614Oct 26, 2022Updated 3 years ago
- java内存对象搜索辅助工具☆823Sep 23, 2022Updated 3 years ago
- Java反序列化漏洞利用链补全计划,仅用于个人归纳总结。☆420Dec 3, 2021Updated 4 years ago
- spring boot Fat Jar 任意写文件漏洞到稳定 RCE 利用技巧☆753Apr 14, 2021Updated 4 years ago
- cve-2022-34169 延伸出的Jdk Xalan的payload自动生成工具,可根据不同的Jdk生成出其所对应的xslt文件☆93Jan 17, 2023Updated 3 years ago
- Weblogic环境搭建工具☆796Apr 23, 2020Updated 5 years ago
- CVE-2022-22947 注入Godzilla内存马☆210Apr 26, 2022Updated 3 years ago