pyyso is a Python package that generate java serialized poc. Including CommonsCollections1-7, JDK7u21, JDK8u20, ldap for jndi, shiro-550, CommonsBeanutils1 no cc, JRMPClient, high version JDK Bypass, Fake MySQL for JDBC attack
☆55Nov 5, 2022Updated 3 years ago
Alternatives and similar repositories for pyyso
Users that are interested in pyyso are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- a dataflow analysis framework implemented in Go, like soot☆39Sep 22, 2022Updated 3 years ago
- ☆208Oct 27, 2025Updated 6 months ago
- 如果反序列化过程中使用resolveClass拉黑了TemplatesImpl如何绕过☆53Sep 10, 2023Updated 2 years ago
- ☆24Jan 7, 2025Updated last year
- WebSocket 内存马/Webshell,一种新型内存马/WebShell技术☆22Apr 10, 2023Updated 3 years ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- Go-sec-code is a project for learning Go vulnerability code.☆50Mar 11, 2023Updated 3 years ago
- Java bytecode line number restoration tool☆141Aug 31, 2025Updated 8 months ago
- Common Exploitation Techniques for Java RCE Vulnerabilities in Real-World Scenarios | 实战场景较通用的 Java Rce 相关漏洞的利用方式☆546Mar 6, 2025Updated last year
- Some ReadObject Sink With JDBC☆245May 8, 2024Updated last year
- Learning JAVA for Security☆34Jun 9, 2022Updated 3 years ago
- 一个基于golang的简单漏洞扫描器☆13Feb 2, 2024Updated 2 years ago
- 使用 agent 实现反序列化 utf8 overlong☆86Apr 24, 2024Updated 2 years ago
- spring boot Fat Jar 任意写文件漏洞到稳定 RCE 利用技巧☆754Apr 14, 2021Updated 5 years ago
- Spring-Cloud-Spel-RCE☆12Sep 16, 2022Updated 3 years ago
- Proton VPN Special Offer - Get 70% off • AdSpecial partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
- ☆123Jun 7, 2023Updated 2 years ago
- CVE-2022-25845(fastjson1.2.80) exploit in Spring Env!☆108Nov 7, 2024Updated last year
- 用于红蓝攻防演练中快速分拣资产☆12Jul 3, 2022Updated 3 years ago
- 钓鱼上线后渗透工具☆132Feb 19, 2023Updated 3 years ago
- 一款支持自定义的 Java 回显载荷生成工具|A customizable Java echo payload generation tool.☆462Jan 12, 2025Updated last year
- JNDI在java高版本的利用工具,FUZZ利用链☆602Oct 8, 2022Updated 3 years ago
- 通过端口复用直接进行正向socks5代理(非防火墙分流)☆115Dec 17, 2024Updated last year
- 收集内存马打入方式☆507May 20, 2022Updated 3 years ago
- 构造字节在ASCII范围内的jar☆140Feb 14, 2022Updated 4 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- API字典,API爆破字典☆24Mar 21, 2023Updated 3 years ago
- 🔥🔥🔥持续更新的特征库. 2023hw☆21Oct 8, 2023Updated 2 years ago
- Java RCE 回显测试代码☆1,015Oct 15, 2020Updated 5 years ago
- 利用代理驱动绕过JDBC Attack检测☆144Jun 15, 2025Updated 10 months ago
- fastjson不出网利用、c3p0☆257Jul 30, 2021Updated 4 years ago
- 一款针对Vcenter的综合利用工具,包含目前最主流的CVE-2021-21972、CVE-2021-21985以及CVE-2021-22005、One Access的CVE-2022-22954、CVE-2022-22972/31656以及log4j,提供一键上传webs…☆1,472Apr 25, 2024Updated 2 years ago
- 《深入JDBC安全:特殊URL构造与不出网反序列化利用技术揭秘》对应研究总结项目 "Deep Dive into JDBC Security: Special URL Construction and Non-Networked Deserialization Explo…☆578Feb 7, 2026Updated 2 months ago
- A CAT called tabby ( Code Analysis Tool )☆1,646Jan 17, 2026Updated 3 months ago
- Nacos JRaft Hessian 反序列化 RCE 加载字节码 注入内存马 不出网利用☆850Jul 7, 2023Updated 2 years ago
- End-to-end encrypted email - Proton Mail • AdSpecial offer: 40% Off Yearly / 80% Off First Month. All Proton services are open source and independently audited for security.
- 禅道研发项目管理系统`misc-captcha-user`认证绕过后台命令注入漏洞☆109Apr 24, 2023Updated 3 years ago
- 某软最新公开gadgegt,新加入不出网利用。☆88Sep 6, 2024Updated last year
- 发布一些我发现的漏洞以及利用脚本。☆15Jun 29, 2023Updated 2 years ago
- ☆344Mar 6, 2026Updated last month
- 前端参数加密渗透测试通用解决方案☆576Oct 17, 2022Updated 3 years ago
- 用Go+Fyne开发的,展示JAVA序列化流以及集成一键插入脏数据,UTF过长编码绕WAF(Utf OverLoad Encoding),修改类SerializeVersionUID功能的图形化工具。☆126Jan 14, 2025Updated last year
- 一个能快速开启和关闭匿名SMB共享的红队脚本☆175Apr 6, 2022Updated 4 years ago