pyyso is a Python package that generate java serialized poc. Including CommonsCollections1-7, JDK7u21, JDK8u20, ldap for jndi, shiro-550, CommonsBeanutils1 no cc, JRMPClient, high version JDK Bypass, Fake MySQL for JDBC attack
☆55Nov 5, 2022Updated 3 years ago
Alternatives and similar repositories for pyyso
Users that are interested in pyyso are comparing it to the libraries listed below
Sorting:
- a dataflow analysis framework implemented in Go, like soot☆39Sep 22, 2022Updated 3 years ago
- Go-sec-code is a project for learning Go vulnerability code.☆50Mar 11, 2023Updated 2 years ago
- ☆206Oct 27, 2025Updated 4 months ago
- 如果反序列化过程中使用resolveClass拉黑了TemplatesImpl如何绕过☆53Sep 10, 2023Updated 2 years ago
- WebSocket 内存马/Webshell,一种新型内存马/WebShell技术☆22Apr 10, 2023Updated 2 years ago
- Some ReadObject Sink With JDBC☆243May 8, 2024Updated last year
- JNDI在java高版本的利用工具,FUZZ利用链☆597Oct 8, 2022Updated 3 years ago
- spring boot Fat Jar 任意写文件漏洞到稳定 RCE 利用技巧☆754Apr 14, 2021Updated 4 years ago
- Java bytecode line number restoration tool☆134Aug 31, 2025Updated 6 months ago
- API字典,API爆破字典☆24Mar 21, 2023Updated 2 years ago
- ☆24Jan 7, 2025Updated last year
- Common Exploitation Techniques for Java RCE Vulnerabilities in Real-World Scenarios | 实战场景较通用的 Java Rce 相关漏洞的利用方式☆545Mar 6, 2025Updated last year
- Something To Do Android Application Security Research☆10May 14, 2021Updated 4 years ago
- CVE-2022-25845(fastjson1.2.80) exploit in Spring Env!☆105Nov 7, 2024Updated last year
- 钓鱼上线后渗透工具☆132Feb 19, 2023Updated 3 years ago
- Learning JAVA for Security☆34Jun 9, 2022Updated 3 years ago
- Spring-Cloud-Spel-RCE☆12Sep 16, 2022Updated 3 years ago
- 一个基于golang的简单漏洞扫描器☆12Feb 2, 2024Updated 2 years ago
- 用于红蓝攻防演练中快速分拣资产☆12Jul 3, 2022Updated 3 years ago
- 收集内存马打入方式☆506May 20, 2022Updated 3 years ago
- 通过端口复用直接进行正向socks5代理(非防火墙分流)☆113Dec 17, 2024Updated last year
- 一款支持自定义的 Java 回显载荷生成工具|A customizable Java echo payload generation tool.☆461Jan 12, 2025Updated last year
- 用Go+Fyne开发的,展示JAVA序列化流以及集成一键插入脏数据,UTF过长编码绕WAF(Utf OverLoad Encoding),修改类SerializeVersionUID功能的图形化工具。☆125Jan 14, 2025Updated last year
- 《深入JDBC安全:特殊URL构造与不出网反序列化利用技术揭秘》对应研究总结项目 "Deep Dive into JDBC Security: Special URL Construction and Non-Networked Deserialization Explo…☆571Feb 7, 2026Updated 3 weeks ago
- 使用 agent 实现反序列化 utf8 overlong☆83Apr 24, 2024Updated last year
- Automatic monitor github cve using Github Actions☆10Dec 16, 2024Updated last year
- 某软最新公开gadgegt,新加入不出网利用。☆89Sep 6, 2024Updated last year
- Nacos JRaft Hessian 反序列化 RCE 加载字节码 注入内存马 不出网利用☆848Jul 7, 2023Updated 2 years ago
- fastjson不出网利用、c3p0☆256Jul 30, 2021Updated 4 years ago
- 一款针对Vcenter的综合利用工具,包含目前最主流的CVE-2021-21972、CVE-2021-21985以及CVE-2021-22005、One Access的CVE-2022-22954、CVE-2022-22972/31656以及log4j,提供一键上传webs…☆1,467Apr 25, 2024Updated last year
- A powerful JNDI injection exploitation framework that supports RMI, LDAP and LDAPS protocols, including various bypass methods for high-v…☆570Feb 4, 2026Updated last month
- Java RCE 回显测试代码☆1,016Oct 15, 2020Updated 5 years ago
- ☆122Jun 7, 2023Updated 2 years ago
- BCrypt解密爆破工具 BCrypt爆破解密工具☆33Oct 9, 2023Updated 2 years ago
- ☆342Oct 11, 2025Updated 4 months ago
- 构造字节在ASCII范围内的jar☆139Feb 14, 2022Updated 4 years ago
- PoC of Spring AMQP Deserialization Vulnerability (CVE-2023-34050)☆13Jan 29, 2024Updated 2 years ago
- Write Up Code of HITB Sec-Sin 2021 Make JDBC Attacks Brilliant Again☆14Jun 24, 2023Updated 2 years ago
- 自动fuzz spring的加密密码,自动解密spring的加密密码☆16Feb 4, 2023Updated 3 years ago