frohoff/ysoserial external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

frohoff/ysoserial

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/frohoff/ysoserial)

Close

frohoff / ysoserialView on GitHubMore

• External links
• Readme badge

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

☆8,837Dec 4, 2025Updated 4 months ago

Alternatives and similar repositories for ysoserial

Users that are interested in ysoserial are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• mbechler / marshalsec

  View on GitHub
  ☆3,670Jan 9, 2025Updated last year
• pwntester / ysoserial.net

  View on GitHub
  Deserialization payload generator for a variety of .NET formatters
  ☆3,700Dec 23, 2024Updated last year
• GrrrDog / Java-Deserialization-Cheat-Sheet

  View on GitHub
  The cheat sheet about Java Deserialization vulnerabilities
  ☆3,173May 26, 2023Updated 2 years ago
• ambionics / phpggc

  View on GitHub
  PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.
  ☆3,784Sep 29, 2025Updated 6 months ago
• rebeyond / Behinder

  View on GitHub
  “冰蝎”动态二进制加密网站管理客户端
  ☆6,151Aug 24, 2023Updated 2 years ago
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click and start building anything your business needs.
• vulhub / vulhub

  View on GitHub
  Pre-Built Vulnerable Environments Based on Docker-Compose
  ☆20,492Updated this week
• shmilylty / OneForAll

  View on GitHub
  OneForAll是一款功能强大的子域收集工具
  ☆9,719Sep 12, 2025Updated 6 months ago
• LandGrey / SpringBootVulExploit

  View on GitHub
  SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 check list
  ☆6,128Mar 10, 2021Updated 5 years ago
• BeichenDream / Godzilla

  View on GitHub
  哥斯拉
  ☆4,355Jul 17, 2024Updated last year
• tarunkant / Gopherus

  View on GitHub
  This tool generates gopher link for exploiting SSRF and gaining RCE in various servers
  ☆3,341Apr 18, 2023Updated 2 years ago
• TheKingOfDuck / fuzzDicts

  View on GitHub
  You Know, For WEB Fuzzing !
  ☆8,277Nov 13, 2023Updated 2 years ago
• welk1n / JNDI-Injection-Exploit

  View on GitHub
  JNDI注入测试工具（A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc）
  ☆2,800Mar 22, 2023Updated 3 years ago
• JoyChou93 / java-sec-code

  View on GitHub
  Java web common vulnerabilities and security code which is base on springboot and spring security
  ☆2,663Dec 2, 2024Updated last year
• L-codes / Neo-reGeorg

  View on GitHub
  Neo-reGeorg is a project that seeks to aggressively refactor reGeorg
  ☆3,338Mar 11, 2026Updated last month
• Managed Database hosting by DigitalOcean • Ad
  PostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
• chaitin / xray

  View on GitHub
  一款长亭自研的完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档
  ☆11,489Oct 29, 2024Updated last year
• phith0n / JavaThings

  View on GitHub
  Share Things Related to Java - Java安全漫谈笔记相关内容
  ☆2,003Apr 9, 2025Updated last year
• SecWiki / windows-kernel-exploits

  View on GitHub
  windows-kernel-exploits Windows平台提权漏洞集合
  ☆8,631Jun 11, 2021Updated 4 years ago
• joaomatosf / jexboss

  View on GitHub
  JexBoss: Jboss (and Java Deserialization Vulnerabilities) verify and EXploitation Tool
  ☆2,518Jan 21, 2020Updated 6 years ago
• c0ny1 / chunked-coding-converter

  View on GitHub
  Burp suite 分块传输辅助插件
  ☆2,031Feb 23, 2022Updated 4 years ago
• tennc / webshell

  View on GitHub
  This is a webshell open source project
  ☆10,714Dec 24, 2024Updated last year
• epinna / tplmap

  View on GitHub
  Server-Side Template Injection and Code Injection Detection and Exploitation Tool
  ☆4,135Apr 21, 2024Updated last year
• sensepost / reGeorg

  View on GitHub
  The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.
  ☆3,161Mar 6, 2025Updated last year
• maurosoria / dirsearch

  View on GitHub
  Web path scanner
  ☆14,156Mar 16, 2026Updated 3 weeks ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
• threedr3am / learnjavabug

  View on GitHub
  Java安全相关的漏洞和技术demo，原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security…
  ☆2,697Mar 14, 2024Updated 2 years ago
• feihong-cs / ShiroExploit-Deprecated

  View on GitHub
  Shiro550/Shiro721 一键化利用工具，支持多种回显方式
  ☆1,958Jun 4, 2021Updated 4 years ago
• Threezh1 / JSFinder

  View on GitHub
  JSFinder is a tool for quickly extracting URLs and subdomains from JS files on a website.
  ☆2,921Nov 24, 2021Updated 4 years ago
• SummerSec / ShiroAttack2

  View on GitHub
  shiro反序列化漏洞综合利用,包含（回显执行命令/注入内存马）修复原版中NoCC的问题 https://github.com/j1anFen/shiro_attack
  ☆2,444Mar 28, 2026Updated last week
• wyzxxz / jndi_tool

  View on GitHub
  JNDI服务利用工具 RMI/LDAP，支持部分场景回显、内存shell，高版本JDK场景下利用等，fastjson rce命令执行，log4j rce命令执行 漏洞检测辅助工具
  ☆2,016May 21, 2024Updated last year
• wh1t3p1g / ysomap

  View on GitHub
  A helpful Java Deserialization exploit framework.
  ☆1,244Feb 17, 2025Updated last year
• fortra / impacket

  View on GitHub
  Impacket is a collection of Python classes for working with network protocols.
  ☆15,608Updated this week
• NickstaDB / SerializationDumper

  View on GitHub
  A tool to dump Java serialization streams in a more human readable form.
  ☆1,068Jun 21, 2024Updated last year
• EdgeSecurityTeam / EHole

  View on GitHub
  EHole(棱洞)3.0 重构版-红队重点攻击系统指纹探测工具
  ☆3,460Apr 2, 2024Updated 2 years ago
• Managed Kubernetes at scale on DigitalOcean • Ad
  DigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
• rabbitmask / WeblogicScan

  View on GitHub
  Weblogic一键漏洞检测工具，V1.5，更新时间：20200730
  ☆2,269May 22, 2023Updated 2 years ago
• fnmsd / MySQL_Fake_Server

  View on GitHub
  MySQL Fake Server use to help MySQL Client File Reading and JDBC Client Java Deserialize
  ☆1,365Nov 18, 2021Updated 4 years ago
• JackOfMostTrades / gadgetinspector

  View on GitHub
  A byte code analyzer for finding deserialization gadget chains in Java applications
  ☆1,080Jun 15, 2021Updated 4 years ago
• cdk-team / CDK

  View on GitHub
  📦 Make security testing of K8s, Docker, and Containerd easier.
  ☆4,611Feb 23, 2026Updated last month
• rtcatc / Packer-Fuzzer

  View on GitHub
  Packer Fuzzer is a fast and efficient scanner for security detection of websites constructed by javascript module bundler such as Webpack…
  ☆3,223May 24, 2024Updated last year
• gh0stkey / HaE

  View on GitHub
  HaE - Highlighter and Extractor, Empower ethical hacker for efficient operations.
  ☆4,137Mar 31, 2026Updated last week
• zhzyker / exphub

  View on GitHub
  Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本，最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、…
  ☆4,275Apr 4, 2021Updated 5 years ago