在原有yso基础上实现依赖分离,内存马注入等功能。A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
☆69Sep 14, 2021Updated 4 years ago
Alternatives and similar repositories for ysoserial
Users that are interested in ysoserial are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- ☆231Jan 3, 2022Updated 4 years ago
- 改造BeichenDream/InjectJDBC加入shiro获取key和修改key功能☆281Nov 28, 2023Updated 2 years ago
- ☆528Sep 16, 2022Updated 3 years ago
- JavaAgent内存马☆17Jun 15, 2021Updated 4 years ago
- A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.☆357Sep 20, 2022Updated 3 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- [fastjson 1.2.80] CVE-2022-25845 aspectj fileread & groovy remote classload☆91Sep 2, 2022Updated 3 years ago
- (周瑜)Java - SpringBoot 持久化 WebShell(不仅仅是SpringBoot,适合任何符合JavaEE规范的服务)☆615Dec 29, 2021Updated 4 years ago
- A helpful Java Deserialization exploit framework.☆1,241Feb 17, 2025Updated last year
- JDBC Connection URL Attack☆451Sep 10, 2021Updated 4 years ago
- 利用链、漏洞检测工具☆375Jul 31, 2024Updated last year
- ysoserial修改版,着重修改ysoserial.payloads.util.Gadgets.createTemplatesImpl使其可以通过引入自定义class的形式来执行命令、内存马、反序列化回显。☆771Updated this week
- FilterBased/ServletBased in memory shell for Tomcat and some other middlewares☆387Nov 6, 2020Updated 5 years ago
- 适用于weblogic和Tomcat的无文件的内存马(memshell)☆271Mar 4, 2022Updated 4 years ago
- JavaPassDump☆275Jan 7, 2022Updated 4 years ago
- Deploy open-source AI quickly and easily - Special Bonus Offer • AdRunpod Hub is built for open source. One-click deployment and autoscaling endpoints without provisioning your own infrastructure.
- 记录学习codeql的过程☆397Jun 9, 2023Updated 2 years ago
- 一个Spring4Shell 被动式检测的Burp插件☆92Apr 8, 2022Updated 4 years ago
- Shiro内存马注入环境☆63May 3, 2021Updated 5 years ago
- A rouge mysql server supports reading files from most mysql libraries of multiple programming languages.☆768Dec 2, 2022Updated 3 years ago
- 编译原理学习代码仓库☆23Jan 17, 2022Updated 4 years ago
- Java web路由内存分析工具☆440May 22, 2025Updated last year
- ☆246Apr 15, 2026Updated last month
- 获取服务器或域控登录日志☆281Sep 8, 2023Updated 2 years ago
- 解决FastJson、Jackson、Log4j2、原生JNDI注入漏洞的高版本JDKBypass利用�,探测本地可用反序列化gadget达到命令执行、回显命令执行、内存马注入☆775Jan 26, 2022Updated 4 years ago
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- Fastjson扫描器,可识别版本、依赖库、autoType状态等。A tool to distinguish fastjson ,version and dependency�☆1,056Oct 7, 2022Updated 3 years ago
- Java RCE 回显测试代码☆1,014Oct 15, 2020Updated 5 years ago
- ZKar is a Java serialization protocol analysis tool implement in Go.☆650Apr 19, 2026Updated last month
- gxor程序根据输入的二进制文件进行异或运算输出☆21Sep 13, 2021Updated 4 years ago
- Shiro-550 不依赖CC链利用工具☆451Jun 19, 2024Updated last year
- rmi打内存马工具,适用于目标用不了ldap的情况☆254Jul 12, 2023Updated 2 years ago
- 通过jsp脚本扫描java web Filter/Servlet型内存马☆999Mar 9, 2023Updated 3 years ago
- 内存加载FRP☆10Sep 11, 2023Updated 2 years ago
- weblogic历史漏洞利用工具☆89Jul 25, 2022Updated 3 years ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- java内存对象搜索辅助工具☆821Sep 23, 2022Updated 3 years ago
- 给woodpecker框架量身定制的ysoserial☆620Oct 26, 2022Updated 3 years ago
- Java反序列化漏洞利用链补全计划,仅用于个人归纳总结。☆420Dec 3, 2021Updated 4 years ago
- spring boot Fat Jar 任意写文件漏洞到稳定 RCE 利用技巧☆757Apr 14, 2021Updated 5 years ago
- cve-2022-34169 延伸出的Jdk Xalan的payload自动生成工具,可根据不同的Jdk生成出其所对应的xslt文件☆94Jan 17, 2023Updated 3 years ago
- Weblogic环境搭建工具☆799Apr 23, 2020Updated 6 years ago
- CVE-2022-22947 注入Godzilla内存马☆211Apr 26, 2022Updated 4 years ago