pimps/ysoserial-modified external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

pimps/ysoserial-modified

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/pimps/ysoserial-modified)

Close

pimps / ysoserial-modifiedView on GitHubMore

• External links
• Readme badge

That repository contains my updates to the well know java deserialization exploitation tool ysoserial.

☆189May 15, 2022Updated 4 years ago

Alternatives and similar repositories for ysoserial-modified

Users that are interested in ysoserial-modified are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• pimps / pdf-NTLMLeaker

  View on GitHub
  This script implements the Proof of Concept attack from the Checkpoint research "NTLM Credentials Theft via PDF Files"
  ☆29May 1, 2018Updated 8 years ago
• pimps / CVE-2019-2725

  View on GitHub
  WebLogic Insecure Deserialization - CVE-2019-2725 payload builder & exploit
  ☆52Sep 26, 2019Updated 6 years ago
• pimps / JNDI-Exploit-Kit

  View on GitHub
  JNDI-Exploitation-Kit（A modified version of the great JNDI-Injection-Exploit created by @welk1n. This tool can be used to start an HTTP S…
  ☆940Sep 2, 2025Updated 9 months ago
• ab0x90 / CVE-2021-44228_PoC

  View on GitHub
  ☆16Dec 15, 2021Updated 4 years ago
• blazeinfosec / CVE-2017-10366_peoplesoft

  View on GitHub
  CVE-2017-10366: Oracle PeopleSoft 8.54, 8.55, 8.56 Java deserialization exploit
  ☆25Sep 4, 2018Updated 7 years ago
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
• welk1n / JNDI-Injection-Bypass

  View on GitHub
  Some payloads of JNDI Injection in JDK 1.8.0_191+
  ☆484Dec 9, 2020Updated 5 years ago
• Bort-Millipede / WLT3Serial

  View on GitHub
  Native Java-based deserialization exploit for WebLogic T3 (and T3S) listeners.
  ☆34Mar 2, 2020Updated 6 years ago
• IppSec / gobuster

  View on GitHub
  Directory/File, DNS and VHost busting tool written in Go
  ☆25Jan 3, 2020Updated 6 years ago
• f11snipe / f11

  View on GitHub
  X-Platform bind shell in TypeScript!
  ☆30Jul 11, 2025Updated 11 months ago
• mogwailabs / rmi-deserialization

  View on GitHub
  Slides/Demos from the BSides Munich 2019 talk "Attacking Java RMI in 2019"
  ☆101Sep 20, 2019Updated 6 years ago
• xpn / ntlmquic

  View on GitHub
  POC tools for exploring SMB over QUIC protocol
  ☆132Apr 6, 2022Updated 4 years ago
• VirtueSecurity / benigncertain-monitor

  View on GitHub
  ☆20Apr 21, 2020Updated 6 years ago
• BishopFox / rmiscout

  View on GitHub
  RMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities
  ☆449Sep 7, 2022Updated 3 years ago
• BishopFox / GadgetProbe

  View on GitHub
  Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.
  ☆616Mar 4, 2021Updated 5 years ago
• AI Agents on DigitalOcean Gradient AI Platform • Ad
  Build production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
• pwntester / ysoserial.net

  View on GitHub
  Deserialization payload generator for a variety of .NET formatters
  ☆3,734Jun 11, 2026Updated last week
• Ridter / cve-2020-0688

  View on GitHub
  cve-2020-0688
  ☆326Jul 4, 2023Updated 2 years ago
• sakkis91 / SandboxPPL

  View on GitHub
  Golang PoC that sandboxes Defender (or other PPL) by setting its token integrity to Untrusted.
  ☆14May 28, 2025Updated last year
• cube0x0 / SharpMapExec

  View on GitHub
  ☆668Nov 17, 2021Updated 4 years ago
• jas502n / CVE-2018-10933

  View on GitHub
  libssh CVE-2018-10933
  ☆22Oct 20, 2018Updated 7 years ago
• cube0x0 / KrbRelay

  View on GitHub
  Framework for Kerberos relaying
  ☆950May 29, 2022Updated 4 years ago
• GrrrDog / Java-Deserialization-Cheat-Sheet

  View on GitHub
  The cheat sheet about Java Deserialization vulnerabilities
  ☆3,177May 26, 2023Updated 3 years ago
• lc / research

  View on GitHub
  miscellaneous security research stuff
  ☆37Jul 16, 2019Updated 6 years ago
• GoSecure / dtd-finder

  View on GitHub
  List DTDs and generate XXE payloads using those local DTDs.
  ☆661Feb 21, 2024Updated 2 years ago
• Managed Database hosting by DigitalOcean • Ad
  PostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
• VoidSec / CVE-2019-5624

  View on GitHub
  A proof of concept for Metasploit's CVE-2019-5624 vulnerability (Rubyzip insecure ZIP handling RCE)
  ☆13May 2, 2019Updated 7 years ago
• frohoff / ysoserial

  View on GitHub
  A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
  ☆8,919Dec 4, 2025Updated 6 months ago
• mogwailabs / deserialization-filter-blacklists

  View on GitHub
  Native Java serialization filter blacklist for common gadgets
  ☆20Sep 12, 2019Updated 6 years ago
• pimps / wsuxploit

  View on GitHub
  This is a weaponized WSUS exploit
  ☆299Nov 25, 2022Updated 3 years ago
• NickstaDB / SerialBrute

  View on GitHub
  Java serialization brute force attack tool.
  ☆124Aug 18, 2017Updated 8 years ago
• pwn1sher / frostbyte

  View on GitHub
  FrostByte is a POC project that combines different defense evasion techniques to build better redteam payloads
  ☆385Apr 16, 2022Updated 4 years ago
• safebuffer / sam-the-admin

  View on GitHub
  Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user
  ☆1,059Jul 10, 2022Updated 3 years ago
• Coalfire-Research / java-deserialization-exploits

  View on GitHub
  A collection of curated Java Deserialization Exploits
  ☆594May 16, 2021Updated 5 years ago
• KaLendsi / CVE-2022-21882

  View on GitHub
  win32k LPE
  ☆462Jan 27, 2022Updated 4 years ago
• Serverless GPU API endpoints on Runpod - Get Bonus Credits • Ad
  Skip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
• pwntester / JRE8u20_RCE_Gadget

  View on GitHub
  JRE8u20_RCE_Gadget
  ☆255Jul 1, 2016Updated 9 years ago
• syriusbughunt / CVE-2018-14667

  View on GitHub
  All about CVE-2018-14667; From what it is to how to successfully exploit it.
  ☆50Nov 30, 2018Updated 7 years ago
• qtc-de / beanshooter

  View on GitHub
  JMX enumeration and attacking tool.
  ☆505Jun 26, 2025Updated 11 months ago
• topotam / PetitPotam

  View on GitHub
  PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.
  ☆2,241Aug 15, 2024Updated last year
• gquere / pwn_jenkins

  View on GitHub
  Notes about attacking Jenkins servers
  ☆2,099Jul 10, 2024Updated last year
• mogwailabs / mjet

  View on GitHub
  MOGWAI LABS JMX exploitation toolkit
  ☆207Mar 13, 2023Updated 3 years ago
• cube0x0 / noPac

  View on GitHub
  CVE-2021-42287/CVE-2021-42278 Scanner & Exploiter.
  ☆1,403Dec 16, 2021Updated 4 years ago