KpLi0rn / ysoserialView external linksLinks
在原有yso基础上实现依赖分离,内存马注入等功能。A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
☆68Sep 14, 2021Updated 4 years ago
Alternatives and similar repositories for ysoserial
Users that are interested in ysoserial are comparing it to the libraries listed below
Sorting:
- ☆232Jan 3, 2022Updated 4 years ago
- 改造BeichenDream/InjectJDBC加入shiro获取key和修改key功能☆279Nov 28, 2023Updated 2 years ago
- ☆523Sep 16, 2022Updated 3 years ago
- JDBC Connection URL Attack☆438Sep 10, 2021Updated 4 years ago
- FilterBased/ServletBased in memory shell for Tomcat and some other middlewares☆382Nov 6, 2020Updated 5 years ago
- [fastjson 1.2.80] CVE-2022-25845 aspectj fileread & groovy remote classload☆91Sep 2, 2022Updated 3 years ago
- ysoserial修改版,着重修改ysoserial.payloads.util.Gadgets.createTemplatesImpl使其可以通过引入自定义class的形式来执行命令、内存马、反序列化回显。☆751Jan 11, 2024Updated 2 years ago
- ☆236Jun 4, 2025Updated 8 months ago
- A helpful Java Deserialization exploit framework.☆1,239Feb 17, 2025Updated 11 months ago
- JavaPassDump☆272Jan 7, 2022Updated 4 years ago
- (周瑜)Java - SpringBoot 持久化 WebShell(不仅仅是SpringBoot,适合任何符合JavaEE规范的服务)☆615Dec 29, 2021Updated 4 years ago
- 获取服务器或域控登录日志☆276Sep 8, 2023Updated 2 years ago
- 利用链、漏洞检测工具☆373Jul 31, 2024Updated last year
- 适用于weblogic和Tomcat的无文件的内存马(memshell)☆269Mar 4, 2022Updated 3 years ago
- A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.☆357Sep 20, 2022Updated 3 years ago
- Shiro内存马注入环境☆63May 3, 2021Updated 4 years ago
- 解决FastJson、Jackson、Log4j2、原生JNDI注入漏洞的高版本JDKBypass利用,探测本地可用反序列化gadget达到命令执行��、回显命令执行、内存马注入☆770Jan 26, 2022Updated 4 years ago
- Shiro-550 不依赖CC链利用工具☆451Jun 19, 2024Updated last year
- Java反序列化漏洞利用链补全计划,仅用于个人归纳总结。☆420Dec 3, 2021Updated 4 years ago
- 通过jsp脚本扫描java web Filter/Servlet型内存马☆986Mar 9, 2023Updated 2 years ago
- gxor程序根据输入的二进制文件进行异或运算输出☆22Sep 13, 2021Updated 4 years ago
- 一个Spring4Shell 被动式检测的Burp插件☆93Apr 8, 2022Updated 3 years ago
- Java RCE 回显测试代码☆1,015Oct 15, 2020Updated 5 years ago
- 记录学习codeql的过程☆394Jun 9, 2023Updated 2 years ago
- A rouge mysql server supports reading files from most mysql libraries of multiple programming languages.☆754Dec 2, 2022Updated 3 years ago
- 窃取当前用户的ssh,sudo密码☆69Apr 16, 2023Updated 2 years ago
- Fastjson扫描器,可识别版本、依赖库、autoType状态等。A tool to distinguish fastjson ,version and dependency☆1,049Oct 7, 2022Updated 3 years ago
- rmi打内存马工具,适用于目标用不了ldap的情况☆254Jul 12, 2023Updated 2 years ago
- ZKar is a Java serialization protocol analysis tool implement in Go.☆643Feb 15, 2025Updated last year
- Java web路由内存分析工具☆437May 22, 2025Updated 8 months ago
- ☆13Mar 22, 2021Updated 4 years ago
- Woodpecker framework Tomcat vulnerability library☆15May 23, 2021Updated 4 years ago
- JavaAgent内存马☆17Jun 15, 2021Updated 4 years ago
- ☆95Nov 26, 2022Updated 3 years ago
- A memory shell for ruoyi☆266Apr 28, 2023Updated 2 years ago
- Memshell☆292Dec 7, 2021Updated 4 years ago
- spring boot Fat Jar 任意写文件漏洞到稳定 RCE 利用技巧☆753Apr 14, 2021Updated 4 years ago
- CVE-2022-22947 注入Godzilla内存马☆210Apr 26, 2022Updated 3 years ago
- Weblogic环境搭建工具☆796Apr 23, 2020Updated 5 years ago