chudyPB/XStream-Gadgets external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

chudyPB/XStream-Gadgets

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/chudyPB/XStream-Gadgets)

Close

chudyPB / XStream-GadgetsView on GitHubMore

• External links
• Readme badge

Several XStream gadgets ported from ysoserial

☆33Sep 26, 2021Updated 4 years ago

Alternatives and similar repositories for XStream-Gadgets

Users that are interested in XStream-Gadgets are comparing it to the libraries listed below

• GitHubSecurityLab / ruby-unsafe-deserialization

  View on GitHub
  Proof of Concepts for unsafe deserialization in Ruby
  ☆17Oct 17, 2024Updated last year
• YoungRichOG / Hosts_Boom

  View on GitHub
  通过hosts碰撞发现目标内部系统，扩大攻击面。
  ☆46Aug 11, 2021Updated 4 years ago
• Al1ex / CVE-2021-2109

  View on GitHub
  CVE-2021-2109 && Weblogic Server RCE via JNDI
  ☆31Jan 22, 2021Updated 5 years ago
• kyo-w / Spel-research

  View on GitHub
  Spel-research
  ☆26Jun 21, 2022Updated 3 years ago
• songxiaomo1997 / ScanStation

  View on GitHub
  一个可以自定规则的动扫描器,支持主动和被动扫描
  ☆25Oct 26, 2021Updated 4 years ago
• threedr3am / FindClassInJars

  View on GitHub
  个人用于在自动化挖掘gadget时，方便查找gadget chains中class所在jar包，以助于便捷审计测试gadget有效性的那么一个小工具。
  ☆60Mar 25, 2020Updated 5 years ago
• Lucifaer / Joker

  View on GitHub
  一个Java攻击框架
  ☆23Nov 27, 2020Updated 5 years ago
• lz2y / DubboPOC

  View on GitHub
  Apache Dubbo漏洞测试Demo及其POC
  ☆65Mar 27, 2023Updated 2 years ago
• kitezzzGrim / tongda-exp

  View on GitHub
  python编写的多个通达常见漏洞exp
  ☆38Aug 26, 2021Updated 4 years ago
• threedr3am / fastjson-blacklist

  View on GitHub
  打CTF实在厌倦了找利用链，就知道一个fastjson的版本，一堆依赖找啊找，头都疼。为了解决这个烦恼，用了卓卓师傅的fastjson黑名单工具和库，自己改造了一下。
  ☆32Jan 3, 2020Updated 6 years ago
• testanull / Project_CVE-2021-21985_PoC

  View on GitHub
  ☆31Jun 7, 2021Updated 4 years ago
• AdvDebug / HEVDExploits

  View on GitHub
  HEVD Exploits for fun and learning.
  ☆15Aug 30, 2025Updated 6 months ago
• XuCcc / VulEnv

  View on GitHub
  Debug CVEs!
  ☆37Aug 13, 2023Updated 2 years ago
• securingdev / custom-codeql-queries

  View on GitHub
  Custom / Experimental CodeQL queries
  ☆37Apr 21, 2022Updated 3 years ago
• stephenbradshaw / pentesting_stuff

  View on GitHub
  A place to store my various pentesting related code thats too small/niche to justify its own repository, and a simple website with notes …
  ☆40Jan 29, 2026Updated last month
• bigsizeme / zoomeye-client

  View on GitHub
  zoomeye客户端 钟馗之眼客户端
  ☆11Feb 15, 2022Updated 4 years ago
• shadowsock5 / ysoserial

  View on GitHub
  mvn clean package -DskipTests
  ☆46Apr 28, 2023Updated 2 years ago
• iiiusky / java_iast_example

  View on GitHub
  JAVA IAST Example
  ☆49Dec 13, 2021Updated 4 years ago
• federicodotta / ysoserial

  View on GitHub
  A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
  ☆43Apr 27, 2020Updated 5 years ago
• theronielanddaronpodcastshow / svja

  View on GitHub
  The Super Vulnerable Java Application (SVJA), as demonstrated in the Roniel and DaRon Podcast Show, is an Apache Struts application desig…
  ☆13Jan 1, 2026Updated 2 months ago
• feihong-cs / Attacking_Shiro_with_CVE_2020_2555

  View on GitHub
  ☆50Mar 30, 2021Updated 4 years ago
• tadahana / BypassAV

  View on GitHub
  免杀
  ☆12May 6, 2024Updated last year
• secfan / openrasp-compile-env

  View on GitHub
  OpenRASP Agent容器编译环境，助力二次开发。
  ☆12Apr 28, 2022Updated 3 years ago
• ngauerh / news_feed

  View on GitHub
  实时监控1000家中国企业的新闻动态
  ☆12Dec 8, 2022Updated 3 years ago
• hohn / codeql-cpp-ast

  View on GitHub
  Illustrations of codeql's AST
  ☆12Sep 10, 2021Updated 4 years ago
• d3ckx1 / checkurlopen

  View on GitHub
  用于网站（HTTP）自动化判断开放和网页快照拍摄
  ☆12Jan 25, 2021Updated 5 years ago
• securelayer7 / not-a-vuln-list

  View on GitHub
  Top 2025 Vulnerabilities You Shouldn’t Accept in a Pentest Report
  ☆14Feb 6, 2025Updated last year
• u9sky / cdn-cname-domain

  View on GitHub
  全国主流CDN厂商cname域名汇总合集
  ☆13Dec 11, 2024Updated last year
• minhangxiaohui / JAVA_memshells

  View on GitHub
  java 内存马系列 实现（Servlets 、组件、Agent）
  ☆10Mar 7, 2022Updated 3 years ago
• Roboterh / study_summary

  View on GitHub
  study_summary
  ☆10Aug 8, 2022Updated 3 years ago
• mostwantedduck / BurpLog4j2Scan

  View on GitHub
  Burpsuite被动扫描插件
  ☆12Dec 11, 2021Updated 4 years ago
• Apri1y / Red-Team-links

  View on GitHub
  ☆14Apr 16, 2020Updated 5 years ago
• Echox1 / ShiroExploit

  View on GitHub
  ☆38Nov 4, 2020Updated 5 years ago
• Marcono1234 / codeql-jdk-docker

  View on GitHub
  Unofficial Dockerfile and scripts for building CodeQL databases for the OpenJDK
  ☆49Jan 7, 2024Updated 2 years ago
• Dor-Tumarkin / CVE-2021-25641-Proof-of-Concept

  View on GitHub
  Apache/Alibaba Dubbo <= 2.7.3 PoC Code for CVE-2021-25641 RCE via Deserialization of Untrusted Data; Affects Versions <= 2.7.6 With Diffe…
  ☆53Jun 6, 2021Updated 4 years ago
• STMCyber / RmiTaste

  View on GitHub
  RmiTaste allows security professionals to detect, enumerate, interact and exploit RMI services by calling remote methods with gadgets fro…
  ☆109Oct 10, 2020Updated 5 years ago
• ossf / omega-triage-portal

  View on GitHub
  ☆13Oct 30, 2023Updated 2 years ago
• huimzjty / vulwiki

  View on GitHub
  热门框架/组件/服务漏洞的描述/利用/修复
  ☆12Apr 13, 2023Updated 2 years ago
• jsoverson / badjs.org

  View on GitHub
  ☆12Jan 9, 2023Updated 3 years ago