Whoopsunix/fastjson_study external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

Whoopsunix/fastjson_study

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/Whoopsunix/fastjson_study)

Close

Whoopsunix / fastjson_studyView on GitHubMore

• External links
• Readme badge

Abandoned - fastjson 1.2.24-1.2.80 poc & vulns env & how to check vul

☆96Oct 30, 2023Updated 2 years ago

Alternatives and similar repositories for fastjson_study

Users that are interested in fastjson_study are comparing it to the libraries listed below

• ssssdl / fastjsonChecker

  View on GitHub
  burp手工检测fastjson辅助
  ☆88Mar 4, 2024Updated last year
• Whoopsunix / JavaRce

  View on GitHub
  Common Exploitation Techniques for Java RCE Vulnerabilities in Real-World Scenarios | 实战场景较通用的 Java Rce 相关漏洞的利用方式
  ☆545Mar 6, 2025Updated 11 months ago
• Whoopsunix / PPPVULNS

  View on GitHub
  Java CVE Vulnerability Environment
  ☆43Jun 11, 2024Updated last year
• bmth666 / Yongyou-Unserialize-plus

  View on GitHub
  用友的一些反序列化链子以及1day，二开了狼组的YongYouNcTool，改了一下逻辑以及poc
  ☆123Oct 12, 2024Updated last year
• pen4uin / java-echo-generator

  View on GitHub
  一款支持自定义的 Java 回显载荷生成工具｜A customizable Java echo payload generation tool.
  ☆461Jan 12, 2025Updated last year
• qi4L / Ysoserial-go

  View on GitHub
  A Go library for generating Java deserialization payloads.
  ☆155Sep 9, 2024Updated last year
• 1ucky7 / MySQL_Fake_Server_for_woodpecker_yso

  View on GitHub
  MySQL_Fake_Server-啄木鸟yso适配版
  ☆45Sep 20, 2024Updated last year
• Lotus6 / JavaGadgetGenerator

  View on GitHub
  JavaGadgetGenerator 工具，支持 ysoserial，Hessian，字节码，Expr/SSTI，Shiro，JDBC 等 Gadget 生成，封装，混淆，出网延迟探测，内存马注入等...
  ☆549Dec 7, 2025Updated 2 months ago
• novysodope / javaeasyscan

  View on GitHub
  javaeasyscanner - 富婆系列，代码审计辅助工具，致力于解放大脑，方便双手
  ☆276Jun 18, 2024Updated last year
• 1ucky7 / jmg-for-Godzilla

  View on GitHub
  Godzilla插件|内存马|Suo5内存代理｜jmg for Godzilla
  ☆243Jun 6, 2024Updated last year
• achuna33 / Memoryshell-JavaALL

  View on GitHub
  收集内存马打入方式
  ☆506May 20, 2022Updated 3 years ago
• kezibei / fastjson_payload

  View on GitHub
  ☆239Updated this week
• altEr1125 / ShiroAttack2

  View on GitHub
  一款针对Shiro550漏洞进行快速漏洞利用工具。 对 @SummerSec 大佬的项目https://github.com/SummerSec/ShiroAttack2 进行了一些改进。
  ☆250May 29, 2023Updated 2 years ago
• byname66 / SerializeJava

  View on GitHub
  用Go+Fyne开发的，展示JAVA序列化流以及集成一键插入脏数据,UTF过长编码绕WAF(Utf OverLoad Encoding),修改类SerializeVersionUID功能的图形化工具。
  ☆125Jan 14, 2025Updated last year
• K-7H7l / Jeecg_Tools

  View on GitHub
  本工具为jeecg框架漏洞利用工具非jeecg-boot！
  ☆184Aug 13, 2024Updated last year
• novysodope / RMI_Inj_MemShell

  View on GitHub
  rmi打内存马工具，适用于目标用不了ldap的情况
  ☆254Jul 12, 2023Updated 2 years ago
• Hypdncy / JNDIBypassExploit

  View on GitHub
  JndiBypass漏洞利用，可动态生成类，防止类注入冲突
  ☆29Aug 16, 2023Updated 2 years ago
• Hutt0n0 / ActiveMqRCE

  View on GitHub
  用java实现构造openwire协议，利用activeMQ < 5.18.3 RCE 回显利用 内存马注入
  ☆288Nov 20, 2023Updated 2 years ago
• LTianHang / ShiroUploadTools

  View on GitHub
  Shiro文件上传工具
  ☆100Jun 28, 2023Updated 2 years ago
• pykiller / API-T00L

  View on GitHub
  互联网厂商API利用工具。
  ☆555Sep 13, 2024Updated last year
• lemono0 / FastJsonParty

  View on GitHub
  FastJson全版本Docker漏洞环境(涵盖1.2.47/1.2.68/1.2.80等版本)，主要包括JNDI注入及高版本绕过、waf绕过、文件读写、原生反序列化、利用链探测绕过、不出网利用等。从黑盒的角度覆盖FastJson深入利用
  ☆1,182Jul 12, 2024Updated last year
• ImuSpirit / ActiveMQ_RCE_Pro_Max

  View on GitHub
  CVE-2023-46604
  ☆63Nov 3, 2023Updated 2 years ago
• Hel10-Web / Databasetools

  View on GitHub
  一款用Go语言编写的数据库自动化提权工具，支持Mysql、MSSQL、Postgresql、Oracle、Redis数据库提权、命令执行、爆破以及ssh连接
  ☆859Aug 30, 2023Updated 2 years ago
• Whoopsunix / PPPYSO

  View on GitHub
  proof-of-concept for generating Java deserialization payload | Proxy MemShell
  ☆221Jun 8, 2024Updated last year
• wafinfo / MeterSphere-plugin-Backdoor

  View on GitHub
  支持注入内存马和Bypass WAF
  ☆29Dec 12, 2023Updated 2 years ago
• Zh0um1 / CVE-2022-22947

  View on GitHub
  CVE-2022-22947注入哥斯拉内存马
  ☆28Jun 21, 2023Updated 2 years ago
• for-A1kaid / CodeAudit

  View on GitHub
  记录一些代码审计过的源码
  ☆182Feb 26, 2025Updated last year
• 7wkajk / Frchannel

  View on GitHub
  帆软bi反序列化漏洞利用工具
  ☆415Jan 25, 2025Updated last year
• TD0U / WeaverScan

  View on GitHub
  泛微oa漏洞利用工具
  ☆255Jan 4, 2023Updated 3 years ago
• Chave0v0 / YONYOU-TOOL

  View on GitHub
  用友漏洞综合利用工具
  ☆261Nov 9, 2024Updated last year
• S9MF / ShiroScan2

  View on GitHub
  基于BurpShiroPassiveScan修改增加了Xray回显链生成
  ☆56Sep 6, 2022Updated 3 years ago
• Mayter / mssql-command-tool

  View on GitHub
  xp_cmdshell与sp_oacreate执行命令回显和clr加载程序集执行相应操作，上传，job等相应操作。
  ☆195Nov 25, 2023Updated 2 years ago
• Bl0omZ / JNDIEXP

  View on GitHub
  JNDI在java高版本的利用工具,FUZZ利用链
  ☆597Oct 8, 2022Updated 3 years ago
• FFreestanding / JavaUnserializeChain

  View on GitHub
  自己积累的一些Java反序列化利用链
  ☆91Feb 27, 2023Updated 3 years ago
• su18 / hack-fastjson-1.2.80

  View on GitHub
  ☆524Sep 16, 2022Updated 3 years ago
• Ni4n / ShellGenerate

  View on GitHub
  哥斯拉jsp/jspx免杀webshell生成器
  ☆207Apr 28, 2023Updated 2 years ago
• cckuailong / JNDI-Injection-Exploit-Plus

  View on GitHub
  80+ Gadgets(30 More than ysoserial). JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and provide background serv…
  ☆866Jun 24, 2024Updated last year
• TonyNPham / GodzillaPlugin-Suo5-MemProxy

  View on GitHub
  一款高性能 HTTP 内存代理 | 哥斯拉插件 | readteam | 红队 | 内存马 | Suo5 | Godzilla | 正向代理
  ☆288Aug 8, 2023Updated 2 years ago
• Avienma / DumpHash

  View on GitHub
  一款dump hash工具配合后渗透的利用
  ☆275Apr 21, 2023Updated 2 years ago