That repository contains my updates to the well know java deserialization exploitation tool ysoserial.
☆189May 15, 2022Updated 4 years ago
Alternatives and similar repositories for ysoserial-modified
Users that are interested in ysoserial-modified are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- This script implements the Proof of Concept attack from the Checkpoint research "NTLM Credentials Theft via PDF Files"☆29May 1, 2018Updated 8 years ago
- WebLogic Insecure Deserialization - CVE-2019-2725 payload builder & exploit☆52Sep 26, 2019Updated 6 years ago
- JNDI-Exploitation-Kit(A modified version of the great JNDI-Injection-Exploit created by @welk1n. This tool can be used to start an HTTP S…☆939Sep 2, 2025Updated 8 months ago
- ☆16Dec 15, 2021Updated 4 years ago
- CVE-2017-10366: Oracle PeopleSoft 8.54, 8.55, 8.56 Java deserialization exploit☆25Sep 4, 2018Updated 7 years ago
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- Some payloads of JNDI Injection in JDK 1.8.0_191+☆483Dec 9, 2020Updated 5 years ago
- Native Java-based deserialization exploit for WebLogic T3 (and T3S) listeners.☆34Mar 2, 2020Updated 6 years ago
- Directory/File, DNS and VHost busting tool written in Go☆25Jan 3, 2020Updated 6 years ago
- X-Platform bind shell in TypeScript!☆30Jul 11, 2025Updated 10 months ago
- Slides/Demos from the BSides Munich 2019 talk "Attacking Java RMI in 2019"☆101Sep 20, 2019Updated 6 years ago
- POC tools for exploring SMB over QUIC protocol☆132Apr 6, 2022Updated 4 years ago
- RMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities☆449Sep 7, 2022Updated 3 years ago
- Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.☆616Mar 4, 2021Updated 5 years ago
- Deserialization payload generator for a variety of .NET formatters☆3,723Dec 23, 2024Updated last year
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- cve-2020-0688☆327Jul 4, 2023Updated 2 years ago
- ☆669Nov 17, 2021Updated 4 years ago
- libssh CVE-2018-10933☆22Oct 20, 2018Updated 7 years ago
- Framework for Kerberos relaying☆947May 29, 2022Updated 4 years ago
- The cheat sheet about Java Deserialization vulnerabilities☆3,177May 26, 2023Updated 3 years ago
- miscellaneous security research stuff☆37Jul 16, 2019Updated 6 years ago
- List DTDs and generate XXE payloads using those local DTDs.☆661Feb 21, 2024Updated 2 years ago
- A proof of concept for Metasploit's CVE-2019-5624 vulnerability (Rubyzip insecure ZIP handling RCE)☆13May 2, 2019Updated 7 years ago
- A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.☆8,894Dec 4, 2025Updated 5 months ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- Native Java serialization filter blacklist for common gadgets☆20Sep 12, 2019Updated 6 years ago
- This is a weaponized WSUS exploit☆299Nov 25, 2022Updated 3 years ago
- Java serialization brute force attack tool.☆123Aug 18, 2017Updated 8 years ago
- FrostByte is a POC project that combines different defense evasion techniques to build better redteam payloads☆385Apr 16, 2022Updated 4 years ago
- Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user☆1,057Jul 10, 2022Updated 3 years ago
- A collection of curated Java Deserialization Exploits☆593May 16, 2021Updated 5 years ago
- win32k LPE☆462Jan 27, 2022Updated 4 years ago
- JRE8u20_RCE_Gadget☆255Jul 1, 2016Updated 9 years ago
- All about CVE-2018-14667; From what it is to how to successfully exploit it.☆50Nov 30, 2018Updated 7 years ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- JMX enumeration and attacking tool.☆505Jun 26, 2025Updated 11 months ago
- PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.☆2,233Aug 15, 2024Updated last year
- Notes about attacking Jenkins servers☆2,096Jul 10, 2024Updated last year
- MOGWAI LABS JMX exploitation toolkit☆206Mar 13, 2023Updated 3 years ago
- CVE-2021-42287/CVE-2021-42278 Scanner & Exploiter.☆1,399Dec 16, 2021Updated 4 years ago
- project-blacklist3r☆646Oct 3, 2025Updated 7 months ago
- Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019☆1,820Sep 4, 2024Updated last year