kantega/notsoserial external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

kantega/notsoserial

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/kantega/notsoserial)

Close

kantega / notsoserialView on GitHubMore

• External links
• Readme badge

Java Agent which mitigates deserialisation attacks by making certain classes unserializable

☆191May 17, 2016Updated 10 years ago

Alternatives and similar repositories for notsoserial

Users that are interested in notsoserial are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• Contrast-Security-OSS / contrast-rO0

  View on GitHub
  A tiny Java agent that blocks attacks against unsafe deserialization
  ☆88Oct 9, 2017Updated 8 years ago
• ikkisoft / SerialKiller

  View on GitHub
  Look-Ahead Java Deserialization Library
  ☆423Jan 7, 2020Updated 6 years ago
• pwntester / SerialKillerBypassGadgetCollection

  View on GitHub
  Collection of bypass gadgets to extend and wrap ysoserial payloads
  ☆387Apr 16, 2022Updated 4 years ago
• pwntester / JRE8u20_RCE_Gadget

  View on GitHub
  JRE8u20_RCE_Gadget
  ☆255Jul 1, 2016Updated 9 years ago
• mogwailabs / deserialization-filter-blacklists

  View on GitHub
  Native Java serialization filter blacklist for common gadgets
  ☆20Sep 12, 2019Updated 6 years ago
• Simple, predictable pricing with DigitalOcean hosting • Ad
  Always know what you'll pay with monthly caps and flat pricing. Enterprise-grade infrastructure trusted by 600k+ customers.
• frohoff / inspector-gadget

  View on GitHub
  Primitive tool for exploring/querying Java classes via the Tinkerpop Gremlin graph traversal language
  ☆109May 12, 2016Updated 10 years ago
• Contrast-Security-OSS / joogle

  View on GitHub
  A static analysis API for finding deserialization attack gadgets
  ☆39Nov 7, 2022Updated 3 years ago
• irsl / jackson-rce-via-spel

  View on GitHub
  An example project that exploits the default typing issue in Jackson-databind via Spring application contexts and expressions
  ☆124Jan 9, 2018Updated 8 years ago
• mbechler / serjs

  View on GitHub
  A Java serializer in JavaScript
  ☆81May 21, 2018Updated 7 years ago
• ecbftw / poc

  View on GitHub
  A collection of published exploits and proof-of-concept code.
  ☆20Dec 19, 2017Updated 8 years ago
• nccgroup / freddy

  View on GitHub
  Automatically identify deserialisation issues in Java and .NET applications by using active and passive scans
  ☆584Sep 7, 2021Updated 4 years ago
• mbechler / serianalyzer

  View on GitHub
  A static byte code analyzer for Java deserialization gadget research
  ☆253Apr 17, 2017Updated 9 years ago
• vulhub / java

  View on GitHub
  Java every minor versions.
  ☆75Apr 19, 2023Updated 3 years ago
• foxglovesec / JavaUnserializeExploits

  View on GitHub
  ☆503Mar 10, 2016Updated 10 years ago
• AI Agents on DigitalOcean Gradient AI Platform • Ad
  Build production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
• mpgn / CVE-2019-0192

  View on GitHub
  RCE on Apache Solr using deserialization of untrusted data via jmx.serviceUrl
  ☆210Mar 10, 2019Updated 7 years ago
• shengqi158 / fastjson-remote-code-execute-poc

  View on GitHub
  fastjson remote code execute poc 直接用intellij IDEA打开即可 首先编译得到Test.class，然后运行Poc.java
  ☆403Dec 16, 2022Updated 3 years ago
• GrrrDog / Java-Deserialization-Cheat-Sheet

  View on GitHub
  The cheat sheet about Java Deserialization vulnerabilities
  ☆3,178May 26, 2023Updated 2 years ago
• federicodotta / Java-Deserialization-Scanner

  View on GitHub
  All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities
  ☆802Nov 7, 2021Updated 4 years ago
• LeadroyaL / fastjson-blacklist

  View on GitHub
  ☆836Jun 7, 2022Updated 3 years ago
• JavaPentesters / java_vul_target

  View on GitHub
  ☆28Oct 16, 2017Updated 8 years ago
• mbechler / marshalsec

  View on GitHub
  ☆3,683Jan 9, 2025Updated last year
• Ruil1n / after-deserialization-attack

  View on GitHub
  Java After-Deserialization Attack
  ☆78Apr 26, 2021Updated 5 years ago
• JackOfMostTrades / gadgetinspector

  View on GitHub
  A byte code analyzer for finding deserialization gadget chains in Java applications
  ☆1,083Jun 15, 2021Updated 4 years ago
• Deploy on Railway without the complexity - Free Credits Offer • Ad
  Connect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
• NickstaDB / BaRMIe

  View on GitHub
  Java RMI enumeration and attack tool.
  ☆747Sep 28, 2017Updated 8 years ago
• BishopFox / GadgetProbe

  View on GitHub
  Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.
  ☆615Mar 4, 2021Updated 5 years ago
• find-sec-bugs / find-sec-bugs

  View on GitHub
  The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala proje…
  ☆2,422Mar 26, 2026Updated last month
• mogwailabs / rmi-deserialization

  View on GitHub
  Slides/Demos from the BSides Munich 2019 talk "Attacking Java RMI in 2019"
  ☆101Sep 20, 2019Updated 6 years ago
• mogwaisec / mjet

  View on GitHub
  Mogwai Java Management Extensions (JMX) Exploitation Toolkit
  ☆175Jul 21, 2016Updated 9 years ago
• breenmachine / JavaUnserializeExploits

  View on GitHub
  ☆134Nov 6, 2015Updated 10 years ago
• joaomatosf / JavaDeserH2HC

  View on GitHub
  Sample codes written for the Hackers to Hackers Conference magazine 2017 (H2HC).
  ☆523Mar 11, 2022Updated 4 years ago
• matthiaskaiser / jmet

  View on GitHub
  Java Message Exploitation Tool
  ☆510Jul 6, 2022Updated 3 years ago
• NickstaDB / DeserLab

  View on GitHub
  Java deserialization exploitation lab.
  ☆237Mar 1, 2019Updated 7 years ago
• Open source password manager - Proton Pass • Ad
  Securely store, share, and autofill your credentials with Proton Pass, the end-to-end encrypted password manager trusted by millions.
• frohoff / ysoserial

  View on GitHub
  A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
  ☆8,887Dec 4, 2025Updated 5 months ago
• Bort-Millipede / WLT3Serial

  View on GitHub
  Native Java-based deserialization exploit for WebLogic T3 (and T3S) listeners.
  ☆34Mar 2, 2020Updated 6 years ago
• NickstaDB / SerializationDumper

  View on GitHub
  A tool to dump Java serialization streams in a more human readable form.
  ☆1,071Jun 21, 2024Updated last year
• Lonely-night / fastjson_gadgets_scanner

  View on GitHub
  ☆131Jun 17, 2022Updated 3 years ago
• zerothoughts / spring-jndi

  View on GitHub
  Proof of concept exploit, showing how to do bytecode injection through untrusted deserialization with Spring Framework 4.2.4
  ☆116May 17, 2019Updated 7 years ago
• GoSecure / break-fast-serial

  View on GitHub
  A proof of concept that demonstrates asynchronous scanning for Java deserialization bugs
  ☆55Mar 27, 2017Updated 9 years ago
• NickstaDB / SerialBrute

  View on GitHub
  Java serialization brute force attack tool.
  ☆123Aug 18, 2017Updated 8 years ago