frohoff/marshalsec external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

frohoff/marshalsec

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/frohoff/marshalsec)

Close

frohoff / marshalsecView on GitHubMore

• External links
• Readme badge

☆76May 22, 2017Updated 9 years ago

Alternatives and similar repositories for marshalsec

Users that are interested in marshalsec are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• GrrrDog / Java-Deserialization-Cheat-Sheet

  View on GitHub
  The cheat sheet about Java Deserialization vulnerabilities
  ☆3,177May 26, 2023Updated 3 years ago
• no-sec-marko / java-web-vulnerabilities

  View on GitHub
  Plattform to develop and experiment with existing java web attacks.
  ☆31Jan 8, 2018Updated 8 years ago
• summitt / burp-ysoserial

  View on GitHub
  YSOSERIAL Integration with burp suite
  ☆166Dec 16, 2022Updated 3 years ago
• frohoff / ysoserial

  View on GitHub
  A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
  ☆8,910Dec 4, 2025Updated 6 months ago
• raise-isayan / BigIPDiscover

  View on GitHub
  It becomes the extension of Burp suite. The cookie set by the BipIP server may include a private IP, which is an extension to detect tha…
  ☆16Mar 10, 2026Updated 2 months ago
• Wordpress hosting with auto-scaling - Free Trial Offer • Ad
  Fully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
• mbechler / serianalyzer

  View on GitHub
  A static byte code analyzer for Java deserialization gadget research
  ☆253Apr 17, 2017Updated 9 years ago
• ramshazar / orangetsai-springboot-actuator-poc

  View on GitHub
  ☆27Mar 6, 2021Updated 5 years ago
• pwntester / ysoserial.net

  View on GitHub
  Deserialization payload generator for a variety of .NET formatters
  ☆3,729Dec 23, 2024Updated last year
• hackerb9 / sixvid

  View on GitHub
  Simple script for animated GIF viewing using sixels
  ☆23Nov 5, 2021Updated 4 years ago
• nccgroup / freddy

  View on GitHub
  Automatically identify deserialisation issues in Java and .NET applications by using active and passive scans
  ☆583Sep 7, 2021Updated 4 years ago
• mbechler / marshalsec

  View on GitHub
  ☆3,686Jan 9, 2025Updated last year
• pwntester / SerialKillerBypassGadgetCollection

  View on GitHub
  Collection of bypass gadgets to extend and wrap ysoserial payloads
  ☆389Apr 16, 2022Updated 4 years ago
• sto / ssft

  View on GitHub
  Shell Scripts Frontend Tool. Function library useful to build shell script frontends
  ☆10Jun 16, 2020Updated 5 years ago
• jmarranz / jnieasy

  View on GitHub
  JNIEasy - Java Native Objects based on JNI
  ☆10Aug 30, 2023Updated 2 years ago
• AI Agents on DigitalOcean Gradient AI Platform • Ad
  Build production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
• amithur / jdtrace

  View on GitHub
  jdtrace - a DTrace based tool for Java
  ☆10May 17, 2016Updated 10 years ago
• NattyNarwhal / dispcalc-w16

  View on GitHub
  Win16 Display Calculator
  ☆11Dec 19, 2018Updated 7 years ago
• Fuyukai / Tinlok

  View on GitHub
  Kotlin/Native Standard Library (mirror)
  ☆11Mar 2, 2022Updated 4 years ago
• MRGEffitas / Write-into-screen

  View on GitHub
  ☆21Aug 7, 2014Updated 11 years ago
• beardache / WhyFi

  View on GitHub
  Are WiFi Passwords we use these day's actually safe?
  ☆10Mar 7, 2017Updated 9 years ago
• frohoff / inspector-gadget

  View on GitHub
  Primitive tool for exploring/querying Java classes via the Tinkerpop Gremlin graph traversal language
  ☆108May 12, 2016Updated 10 years ago
• irsl / jackson-rce-via-spel

  View on GitHub
  An example project that exploits the default typing issue in Jackson-databind via Spring application contexts and expressions
  ☆123Jan 9, 2018Updated 8 years ago
• software-revive / ccze-rv

  View on GitHub
  ☆14Sep 2, 2020Updated 5 years ago
• mogwailabs / rmi-deserialization

  View on GitHub
  Slides/Demos from the BSides Munich 2019 talk "Attacking Java RMI in 2019"
  ☆101Sep 20, 2019Updated 6 years ago
• Virtual machines for every use case on DigitalOcean • Ad
  Get dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
• PortSwigger / taborator

  View on GitHub
  A Burp extension to show the Collaborator client in a tab
  ☆37Dec 23, 2022Updated 3 years ago
• welk1n / JNDI-Injection-Bypass

  View on GitHub
  Some payloads of JNDI Injection in JDK 1.8.0_191+
  ☆483Dec 9, 2020Updated 5 years ago
• FrauBSD / ssd_report

  View on GitHub
  ☆10Sep 13, 2019Updated 6 years ago
• raoulDoc / CodePatternPlugin

  View on GitHub
  Example of a javac Plugin
  ☆14Dec 29, 2015Updated 10 years ago
• ThomasAdam / moxfm

  View on GitHub
  Motif version of the classic X File Manager (XFM)
  ☆19Nov 20, 2022Updated 3 years ago
• gattilorenz / Xenix-doom

  View on GitHub
  A port of Doom for Xenix 386
  ☆18May 16, 2026Updated 3 weeks ago
• junichi11 / netbeans-noext-mime-resolver

  View on GitHub
  ☆14Oct 2, 2020Updated 5 years ago
• threedr3am / gadgetinspector

  View on GitHub
  一个利用ASM对字节码进行污点传播分析的静态代码审计应用（添加了大量代码注释，适合大家进行源码学习）。也加入了挖掘Fastjson反序列化gadget chains和SQLInject（JdbcTemplate、MyBatis、JPA、Hibernate、原生jdbc等）静…
  ☆457Mar 24, 2022Updated 4 years ago
• federicodotta / Java-Deserialization-Scanner

  View on GitHub
  All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities
  ☆802Nov 7, 2021Updated 4 years ago
• Virtual machines for every use case on DigitalOcean • Ad
  Get dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
• NetSPI / JavaSerialKiller

  View on GitHub
  Burp extension to perform Java Deserialization Attacks
  ☆218Feb 2, 2024Updated 2 years ago
• saveourtool / diktat-demo

  View on GitHub
  Demo project to show how diKTat or KTlint rule-sets can fix style issues in your code.
  ☆14Mar 28, 2023Updated 3 years ago
• joaomatosf / jexboss

  View on GitHub
  JexBoss: Jboss (and Java Deserialization Vulnerabilities) verify and EXploitation Tool
  ☆2,517Jan 21, 2020Updated 6 years ago
• ju1ius / clisnips

  View on GitHub
  A command-line snippets manager.
  ☆17Apr 13, 2026Updated last month
• hl0rey / ADCode

  View on GitHub
  年轻时候单纯想法的产物
  ☆17Jan 29, 2018Updated 8 years ago
• threedr3am / learnjavabug

  View on GitHub
  Java安全相关的漏洞和技术demo，原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security…
  ☆2,693Mar 14, 2024Updated 2 years ago
• zerothoughts / jndipoc

  View on GitHub
  Proof of concept showing how java byte code can be injected through InitialContext.lookup() calls
  ☆43Jan 22, 2016Updated 10 years ago