That repository contains my updates to the well know java deserialization exploitation tool ysoserial.
☆185May 15, 2022Updated 3 years ago
Alternatives and similar repositories for ysoserial-modified
Users that are interested in ysoserial-modified are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- This script implements the Proof of Concept attack from the Checkpoint research "NTLM Credentials Theft via PDF Files"☆29May 1, 2018Updated 7 years ago
- WebLogic Insecure Deserialization - CVE-2019-2725 payload builder & exploit☆51Sep 26, 2019Updated 6 years ago
- JNDI-Exploitation-Kit(A modified version of the great JNDI-Injection-Exploit created by @welk1n. This tool can be used to start an HTTP S…☆939Sep 2, 2025Updated 6 months ago
- ☆16Dec 15, 2021Updated 4 years ago
- CVE-2017-10366: Oracle PeopleSoft 8.54, 8.55, 8.56 Java deserialization exploit☆25Sep 4, 2018Updated 7 years ago
- Some payloads of JNDI Injection in JDK 1.8.0_191+☆484Dec 9, 2020Updated 5 years ago
- Native Java-based deserialization exploit for WebLogic T3 (and T3S) listeners.☆35Mar 2, 2020Updated 6 years ago
- Directory/File, DNS and VHost busting tool written in Go☆25Jan 3, 2020Updated 6 years ago
- X-Platform bind shell in TypeScript!☆29Jul 11, 2025Updated 8 months ago
- Slides/Demos from the BSides Munich 2019 talk "Attacking Java RMI in 2019"☆101Sep 20, 2019Updated 6 years ago
- POC tools for exploring SMB over QUIC protocol☆130Apr 6, 2022Updated 3 years ago
- RMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities☆447Sep 7, 2022Updated 3 years ago
- ☆20Apr 21, 2020Updated 5 years ago
- Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.☆612Mar 4, 2021Updated 5 years ago
- Deserialization payload generator for a variety of .NET formatters☆3,691Dec 23, 2024Updated last year
- cve-2020-0688☆328Jul 4, 2023Updated 2 years ago
- Golang PoC that sandboxes Defender (or other PPL) by setting its token integrity to Untrusted.☆12May 28, 2025Updated 9 months ago
- ☆667Nov 17, 2021Updated 4 years ago
- Framework for Kerberos relaying☆939May 29, 2022Updated 3 years ago
- libssh CVE-2018-10933☆22Oct 20, 2018Updated 7 years ago
- The cheat sheet about Java Deserialization vulnerabilities☆3,173May 26, 2023Updated 2 years ago
- miscellaneous security research stuff☆37Jul 16, 2019Updated 6 years ago
- List DTDs and generate XXE payloads using those local DTDs.☆653Feb 21, 2024Updated 2 years ago
- A proof of concept for Metasploit's CVE-2019-5624 vulnerability (Rubyzip insecure ZIP handling RCE)☆13May 2, 2019Updated 6 years ago
- A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.☆8,812Dec 4, 2025Updated 3 months ago
- Native Java serialization filter blacklist for common gadgets☆20Sep 12, 2019Updated 6 years ago
- This is a weaponized WSUS exploit☆300Nov 25, 2022Updated 3 years ago
- Java serialization brute force attack tool.☆123Aug 18, 2017Updated 8 years ago
- FrostByte is a POC project that combines different defense evasion techniques to build better redteam payloads☆384Apr 16, 2022Updated 3 years ago
- Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user☆1,045Jul 10, 2022Updated 3 years ago
- A collection of curated Java Deserialization Exploits☆591May 16, 2021Updated 4 years ago
- win32k LPE☆464Jan 27, 2022Updated 4 years ago
- JRE8u20_RCE_Gadget☆255Jul 1, 2016Updated 9 years ago
- All about CVE-2018-14667; From what it is to how to successfully exploit it.☆50Nov 30, 2018Updated 7 years ago
- PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.☆2,197Aug 15, 2024Updated last year
- JMX enumeration and attacking tool.☆499Jun 26, 2025Updated 8 months ago
- Notes about attacking Jenkins servers☆2,089Jul 10, 2024Updated last year
- MOGWAI LABS JMX exploitation toolkit☆205Mar 13, 2023Updated 3 years ago
- CVE-2021-42287/CVE-2021-42278 Scanner & Exploiter.☆1,398Dec 16, 2021Updated 4 years ago