KpLi0rn / ysoserial

在原有yso基础上实现依赖分离，内存马注入等功能。A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

☆68

Alternatives and similar repositories for ysoserial:

Users that are interested in ysoserial are comparing it to the libraries listed below

coffeehb / Spring4Shell
一个Spring4Shell 被动式检测的Burp插件
☆93Updated 3 years ago
passer-W / snakeyaml-memshell
springboot跨线程注入内存马
☆117Updated 3 years ago
Lotus6 / FileMonitor
Java命令行文件监控小工具(代码审计)
☆101Updated 3 years ago
cckuailong / YarnRpcRCE
☆81Updated 3 years ago
webraybtl / ysoserialbtl
基于ysoserial扩展命令执行结果回显，生成冰蝎内存马
☆87Updated last year
turn1tup / JspEncounter
☆117Updated last year
SummerSec / LookupInterface
CodeQL 寻找 JNDI利用 Lookup接口
☆163Updated 3 years ago
OneSourceCat / XxlJob-Hessian-RCE
XxlJob<=2.1.2配置不当情况下反序列化RCE
☆93Updated 4 years ago
hosch3n / FastjsonVulns
[fastjson 1.2.80] CVE-2022-25845 aspectj fileread & groovy remote classload
☆90Updated 2 years ago
YYHYlh / Dubbo-Scan
一款让你不只在dubbo-sample、vulhub或者其他测试环境里检测和利用成功的Apache Dubbo 漏洞检测工具。
☆167Updated last year
su18 / rasp-vuln
当死去的记忆突然开始攻击我，我终于想起了我还写过一款十分十分垃圾的 rasp 靶场。
☆77Updated 2 years ago
FFreestanding / JavaUnserializeChain
自己积累的一些Java反序列化利用链
☆87Updated 2 years ago
Hackaspx / Hackaspx
《ASPX安全-只有ASPX安全才能拯救.NET》Only ASPX Security Can Save The NET.
☆35Updated 2 years ago
r3change / jdwp-shellifier
☆36Updated 3 years ago
0linlin0 / Java
java
☆54Updated 2 years ago
woodpecker-framework / woodpecker-requests
woodpecker-framework框架http发包库,专门为漏洞检测与利用场景设计。
☆67Updated 2 years ago
wuppp / releaseBehinderShell
卸载冰蝎内存马
☆67Updated 4 years ago
1oid / remotejs
remote execute js when debugger.paused
☆42Updated last year
achuna33 / MYJNDIExploit
自己的JNDI 利用工具，添加一些人性化功能
☆130Updated 2 years ago
winezer0 / springboot_scan
支持自动化的切换请求方式、自动化的请求重试、以完整的扫描Springboot路径
☆3Updated 3 years ago
KpLi0rn / DeserializeAll
一个简单的批量反编译jar包的小脚本
☆35Updated 3 years ago
welk1n / FastjsonPocs
一些结合第三方组件的Fastjson POC，在1.2.48以后版本中陆续被添加至黑名单。
☆56Updated 5 years ago
woodpecker-appstore / java-memshell-generator
Java 内存马生成插件
☆50Updated last year
R17a-17 / JavaVulnSummary
Java漏洞分析汇合
☆142Updated 3 years ago
threedr3am / dubbo-exp
dubbo快速利用exp，基本上老版本覆盖100%。
☆105Updated last year
0xrumble / BytecodeScreen
☆50Updated 2 years ago
ce-automne / FastjsonPatrol
一款探测fastjson漏洞的BurpSuite插件
☆61Updated 3 years ago
longofo / Apache-Dubbo-Hessian2-CVE-2021-43297
Apache Dubbo Hessian2 CVE-2021-43297 demo
☆46Updated 3 years ago
Lonely-night / fastjsonVul
fastjson 80 远程代码执行漏洞复现
☆192Updated 2 years ago
r00tuser111 / SerializationDumper-Shiro
基于SerializationDumper的Shiro Cookie序列化数据解密小工具
☆52Updated 4 years ago