KpLi0rn/ysoserial

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/KpLi0rn/ysoserial)

KpLi0rn / ysoserial

在原有yso基础上实现依赖分离，内存马注入等功能。A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

☆69

Alternatives and similar repositories for ysoserial

Users that are interested in ysoserial are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

Sorting:

A-D-Team / attackRmi
View on GitHub
☆231Jan 3, 2022Updated 4 years ago
SummerSec / AgentInjectTool
View on GitHub
改造BeichenDream/InjectJDBC加入shiro获取key和修改key功能
☆281Nov 28, 2023Updated 2 years ago
su18 / hack-fastjson-1.2.80
View on GitHub
☆527Sep 16, 2022Updated 3 years ago
KpLi0rn / AgentMemShell
View on GitHub
JavaAgent内存马
☆17Jun 15, 2021Updated 5 years ago
zema1 / ysoserial
View on GitHub
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
☆358Sep 20, 2022Updated 3 years ago
Wordpress hosting with auto-scaling - Free Trial Offer • Ad
Fully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
hosch3n / FastjsonVulns
View on GitHub
[fastjson 1.2.80] CVE-2022-25845 aspectj fileread & groovy remote classload
☆91Sep 2, 2022Updated 3 years ago
threedr3am / ZhouYu
View on GitHub
（周瑜）Java - SpringBoot 持久化 WebShell（不仅仅是SpringBoot，适合任何符合JavaEE规范的服务）
☆615Dec 29, 2021Updated 4 years ago
wh1t3p1g / ysomap
View on GitHub
A helpful Java Deserialization exploit framework.
☆1,240Feb 17, 2025Updated last year
su18 / JDBC-Attack
View on GitHub
JDBC Connection URL Attack
☆451Sep 10, 2021Updated 4 years ago
5wimming / gadgetinspector
View on GitHub
利用链、漏洞检测工具
☆376Jul 31, 2024Updated last year
Y4er / ysoserial
View on GitHub
ysoserial修改版，着重修改ysoserial.payloads.util.Gadgets.createTemplatesImpl使其可以通过引入自定义class的形式来执行命令、内存马、反序列化回显。
☆773May 26, 2026Updated 3 weeks ago
feihong-cs / memShell
View on GitHub
FilterBased/ServletBased in memory shell for Tomcat and some other middlewares
☆388Nov 6, 2020Updated 5 years ago
keven1z / weblogic_memshell
View on GitHub
适用于weblogic和Tomcat的无文件的内存马(memshell)
☆272Mar 4, 2022Updated 4 years ago
corener / JavaPassDump
View on GitHub
JavaPassDump
☆275Jan 7, 2022Updated 4 years ago
GPUs on demand by Runpod - Special Offer Available • Ad
Run AI, ML, and HPC workloads on powerful cloud GPUs—without limits or wasted spend. Deploy GPUs in under a minute and pay by the second.
Firebasky / CodeqlLearn
View on GitHub
记录学习codeql的过程
☆398Jun 9, 2023Updated 3 years ago
coffeehb / Spring4Shell
View on GitHub
一个Spring4Shell 被动式检测的Burp插件
☆92Apr 8, 2022Updated 4 years ago
KpLi0rn / ShiroVulnEnv
View on GitHub
Shiro内存马注入环境
☆63May 3, 2021Updated 5 years ago
rmb122 / rogue_mysql_server
View on GitHub
A rouge mysql server supports reading files from most mysql libraries of multiple programming languages.
☆768Dec 2, 2022Updated 3 years ago
KpLi0rn / LearnCompiler
View on GitHub
编译原理学习代码仓库
☆23Jan 17, 2022Updated 4 years ago
kyo-w / router-router
View on GitHub
Java web路由内存分析工具
☆438May 22, 2025Updated last year
kezibei / fastjson_payload
View on GitHub
☆248Apr 15, 2026Updated 2 months ago
lele8 / SharpUserIP
View on GitHub
获取服务器或域控登录日志
☆280Sep 8, 2023Updated 2 years ago
exp1orer / JNDI-Inject-Exploit
View on GitHub
解决FastJson、Jackson、Log4j2、原生JNDI注入漏洞的高版本JDKBypass利用，探测本地可用反序列化gadget达到命令执行、回显命令执行、内存马注入
☆775Jan 26, 2022Updated 4 years ago
Managed hosting for WordPress and PHP on Cloudways • Ad
Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
a1phaboy / FastjsonScan
View on GitHub
Fastjson扫描器，可识别版本、依赖库、autoType状态等。A tool to distinguish fastjson ,version and dependency
☆1,057Oct 7, 2022Updated 3 years ago
feihong-cs / Java-Rce-Echo
View on GitHub
Java RCE 回显测试代码
☆1,014Oct 15, 2020Updated 5 years ago
phith0n / zkar
View on GitHub
ZKar is a Java serialization protocol analysis tool implement in Go.
☆652Apr 19, 2026Updated 2 months ago
Rvn0xsy / gxor
View on GitHub
gxor程序根据输入的二进制文件进行异或运算输出
☆21Sep 13, 2021Updated 4 years ago
dr0op / shiro-550-with-NoCC
View on GitHub
Shiro-550 不依赖CC链利用工具
☆449Jun 19, 2024Updated 2 years ago
novysodope / RMI_Inj_MemShell
View on GitHub
rmi打内存马工具，适用于目标用不了ldap的情况
☆254Jul 12, 2023Updated 2 years ago
c0ny1 / java-memshell-scanner
View on GitHub
通过jsp脚本扫描java web Filter/Servlet型内存马
☆1,004Mar 9, 2023Updated 3 years ago
T0ngF0ngnie / DInvokeFrp
View on GitHub
内存加载FRP
☆10Sep 11, 2023Updated 2 years ago
8ypass / weblogicExploit
View on GitHub
weblogic历史漏洞利用工具
☆89Jul 25, 2022Updated 3 years ago
Deploy open-source AI quickly and easily - Special Bonus Offer • Ad
Runpod Hub is built for open source. One-click deployment and autoscaling endpoints without provisioning your own infrastructure.
c0ny1 / java-object-searcher
View on GitHub
java内存对象搜索辅助工具
☆820Sep 23, 2022Updated 3 years ago
woodpecker-framework / ysoserial-for-woodpecker
View on GitHub
给woodpecker框架量身定制的ysoserial
☆624Oct 26, 2022Updated 3 years ago
fynch3r / Gadgets
View on GitHub
Java反序列化漏洞利用链补全计划，仅用于个人归纳总结。
☆420Dec 3, 2021Updated 4 years ago
LandGrey / spring-boot-upload-file-lead-to-rce-tricks
View on GitHub
spring boot Fat Jar 任意写文件漏洞到稳定 RCE 利用技巧
☆757Apr 14, 2021Updated 5 years ago
flowerwind / AutoGenerateXalanPayload
View on GitHub
cve-2022-34169 延伸出的Jdk Xalan的payload自动生成工具，可根据不同的Jdk生成出其所对应的xslt文件
☆94Jan 17, 2023Updated 3 years ago
QAX-A-Team / WeblogicEnvironment
View on GitHub
Weblogic环境搭建工具
☆799Apr 23, 2020Updated 6 years ago
whwlsfb / cve-2022-22947-godzilla-memshell
View on GitHub
CVE-2022-22947 注入Godzilla内存马
☆211Apr 26, 2022Updated 4 years ago