在原有yso基础上实现依赖分离,内存马注入等功能。A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
☆69Sep 14, 2021Updated 4 years ago
Alternatives and similar repositories for ysoserial
Users that are interested in ysoserial are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- ☆232Jan 3, 2022Updated 4 years ago
- 改造BeichenDream/InjectJDBC加入shiro获取key和修改key功能☆280Nov 28, 2023Updated 2 years ago
- ☆526Sep 16, 2022Updated 3 years ago
- JavaAgent内存马☆17Jun 15, 2021Updated 4 years ago
- A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.☆357Sep 20, 2022Updated 3 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- [fastjson 1.2.80] CVE-2022-25845 aspectj fileread & groovy remote classload☆91Sep 2, 2022Updated 3 years ago
- (周瑜)Java - SpringBoot 持久化 WebShell(不仅仅是SpringBoot,适合任何符合JavaEE规范的服务)☆615Dec 29, 2021Updated 4 years ago
- A helpful Java Deserialization exploit framework.☆1,242Feb 17, 2025Updated last year
- JDBC Connection URL Attack☆444Sep 10, 2021Updated 4 years ago
- ysoserial修改版,着重修改ysoserial.payloads.util.Gadgets.createTemplatesImpl使其可以通过引入自定义class的形式来执行命令、内存马、反序列化回显。☆760Jan 11, 2024Updated 2 years ago
- 利用链、漏洞检测工具☆375Jul 31, 2024Updated last year
- FilterBased/ServletBased in memory shell for Tomcat and some other middlewares☆384Nov 6, 2020Updated 5 years ago
- 适用于weblogic和Tomcat的无文件的内存马(memshell)☆271Mar 4, 2022Updated 4 years ago
- JavaPassDump☆275Jan 7, 2022Updated 4 years ago
- Serverless GPU API endpoints on Runpod - Bonus Credits • AdSkip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
- 记录学习codeql的过程�☆396Jun 9, 2023Updated 2 years ago
- 一个Spring4Shell 被动式检测的Burp插件☆93Apr 8, 2022Updated 4 years ago
- Shiro内存马注入环境☆63May 3, 2021Updated 4 years ago
- A rouge mysql server supports reading files from most mysql libraries of multiple programming languages.☆761Dec 2, 2022Updated 3 years ago
- 编译原理学习代码仓库☆23Jan 17, 2022Updated 4 years ago
- Java web路由内存分析工具☆439May 22, 2025Updated 10 months ago
- ☆244Updated this week
- 获取服务器或域控登录日志☆277Sep 8, 2023Updated 2 years ago
- 解决FastJson、Jackson、Log4j2、原生JNDI注入漏洞的高版本JDKBypass利用,探�测本地可用反序列化gadget达到命令执行、回显命令执行、内存马注入☆775Jan 26, 2022Updated 4 years ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- Fastjson扫描器,可识别版本、依赖库、autoType状态等。A tool to distinguish fastjson ,version and dependency☆1,053Oct 7, 2022Updated 3 years ago
- Java RCE 回显测试代码☆1,017Oct 15, 2020Updated 5 years ago
- ZKar is a Java serialization protocol analysis tool implement in Go.☆651Feb 15, 2025Updated last year
- gxor程序根据输入的二进制文件进行异或运算输出☆22Sep 13, 2021Updated 4 years ago
- Shiro-550 不依赖CC链利用工具☆451Jun 19, 2024Updated last year
- rmi打内存马工具,适用于目标用不了ldap的情况☆254Jul 12, 2023Updated 2 years ago
- 通过jsp脚本扫描java web Filter/Servlet型内存马☆993Mar 9, 2023Updated 3 years ago
- 内存加载FRP☆10Sep 11, 2023Updated 2 years ago
- weblogic历史漏洞利用工具☆91Jul 25, 2022Updated 3 years ago
- Serverless GPU API endpoints on Runpod - Bonus Credits • AdSkip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
- 给woodpecker框�架量身定制的ysoserial☆615Oct 26, 2022Updated 3 years ago
- java内存对象搜索辅助工具☆823Sep 23, 2022Updated 3 years ago
- Java反序列化漏洞利用链补全计划,仅用于个人归纳总结。☆420Dec 3, 2021Updated 4 years ago
- spring boot Fat Jar 任意写文件漏洞到稳定 RCE 利用技巧☆754Apr 14, 2021Updated 5 years ago
- cve-2022-34169 延伸出的Jdk Xalan的payload自动生成工具,可根据不同的Jdk生成出其所对应的xslt文件☆93Jan 17, 2023Updated 3 years ago
- Weblogic环境搭建工具☆795Apr 23, 2020Updated 5 years ago
- CVE-2022-22947 �注入Godzilla内存马☆211Apr 26, 2022Updated 3 years ago