pimps/ysoserial-modified

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/pimps/ysoserial-modified)

pimps / ysoserial-modified

That repository contains my updates to the well know java deserialization exploitation tool ysoserial.

☆185

Alternatives and similar repositories for ysoserial-modified

Users that are interested in ysoserial-modified are comparing it to the libraries listed below

Sorting:

pimps / JNDI-Exploit-Kit
View on GitHub
JNDI-Exploitation-Kit（A modified version of the great JNDI-Injection-Exploit created by @welk1n. This tool can be used to start an HTTP S…
☆936Sep 2, 2025Updated 6 months ago
pimps / pdf-NTLMLeaker
View on GitHub
This script implements the Proof of Concept attack from the Checkpoint research "NTLM Credentials Theft via PDF Files"
☆29May 1, 2018Updated 7 years ago
pimps / CVE-2019-2725
View on GitHub
WebLogic Insecure Deserialization - CVE-2019-2725 payload builder & exploit
☆51Sep 26, 2019Updated 6 years ago
ab0x90 / CVE-2021-44228_PoC
View on GitHub
☆16Dec 15, 2021Updated 4 years ago
Bort-Millipede / WLT3Serial
View on GitHub
Native Java-based deserialization exploit for WebLogic T3 (and T3S) listeners.
☆35Mar 2, 2020Updated 6 years ago
welk1n / JNDI-Injection-Bypass
View on GitHub
Some payloads of JNDI Injection in JDK 1.8.0_191+
☆484Dec 9, 2020Updated 5 years ago
syriusbughunt / CVE-2018-14667
View on GitHub
All about CVE-2018-14667; From what it is to how to successfully exploit it.
☆50Nov 30, 2018Updated 7 years ago
BishopFox / GadgetProbe
View on GitHub
Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.
☆613Mar 4, 2021Updated 5 years ago
mogwailabs / rmi-deserialization
View on GitHub
Slides/Demos from the BSides Munich 2019 talk "Attacking Java RMI in 2019"
☆101Sep 20, 2019Updated 6 years ago
BishopFox / rmiscout
View on GitHub
RMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities
☆446Sep 7, 2022Updated 3 years ago
pwntester / ysoserial.net
View on GitHub
Deserialization payload generator for a variety of .NET formatters
☆3,679Dec 23, 2024Updated last year
qtc-de / beanshooter
View on GitHub
JMX enumeration and attacking tool.
☆493Jun 26, 2025Updated 8 months ago
Ridter / cve-2020-0688
View on GitHub
cve-2020-0688
☆329Jul 4, 2023Updated 2 years ago
gquere / pwn_jenkins
View on GitHub
Notes about attacking Jenkins servers
☆2,091Jul 10, 2024Updated last year
GrrrDog / Java-Deserialization-Cheat-Sheet
View on GitHub
The cheat sheet about Java Deserialization vulnerabilities
☆3,167May 26, 2023Updated 2 years ago
NickstaDB / SerialBrute
View on GitHub
Java serialization brute force attack tool.
☆123Aug 18, 2017Updated 8 years ago
Coalfire-Research / java-deserialization-exploits
View on GitHub
A collection of curated Java Deserialization Exploits
☆591May 16, 2021Updated 4 years ago
cube0x0 / KrbRelay
View on GitHub
Framework for Kerberos relaying
☆936May 29, 2022Updated 3 years ago
sensepost / SapCap
View on GitHub
SApCap is a SAP packet sniffer and decompression tool for analysing SAP GUI (DIAG) traffic
☆17Apr 20, 2017Updated 8 years ago
GoSecure / dtd-finder
View on GitHub
List DTDs and generate XXE payloads using those local DTDs.
☆649Feb 21, 2024Updated 2 years ago
mogwailabs / mjet
View on GitHub
MOGWAI LABS JMX exploitation toolkit
☆206Mar 13, 2023Updated 2 years ago
alt3kx / CVE-2021-21985_PoC
View on GitHub
☆214Jan 19, 2023Updated 3 years ago
topotam / PetitPotam
View on GitHub
PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.
☆2,186Aug 15, 2024Updated last year
xpn / ntlmquic
View on GitHub
POC tools for exploring SMB over QUIC protocol
☆131Apr 6, 2022Updated 3 years ago
pwntester / JRE8u20_RCE_Gadget
View on GitHub
JRE8u20_RCE_Gadget
☆255Jul 1, 2016Updated 9 years ago
blazeinfosec / CVE-2017-10366_peoplesoft
View on GitHub
CVE-2017-10366: Oracle PeopleSoft 8.54, 8.55, 8.56 Java deserialization exploit
☆25Sep 4, 2018Updated 7 years ago
safebuffer / sam-the-admin
View on GitHub
Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user
☆1,041Jul 10, 2022Updated 3 years ago
joxeankoret / CVE-2017-7494
View on GitHub
Remote root exploit for the SAMBA CVE-2017-7494 vulnerability
☆260Mar 9, 2021Updated 4 years ago
ShutdownRepo / pywhisker
View on GitHub
Python version of the C# tool for "Shadow Credentials" attacks
☆861Feb 14, 2026Updated 2 weeks ago
zer1t0 / ticket_converter
View on GitHub
A little tool to convert ccache tickets into kirbi (KRB-CRED) and vice versa based on impacket.
☆169Jun 16, 2022Updated 3 years ago
lc / research
View on GitHub
miscellaneous security research stuff
☆37Jul 16, 2019Updated 6 years ago
V1V1 / Sleight
View on GitHub
Empire HTTP(S) C2 redirector setup script
☆48Jul 10, 2018Updated 7 years ago
cube0x0 / CVE-2021-1675
View on GitHub
C# and Impacket implementation of PrintNightmare CVE-2021-1675/CVE-2021-34527
☆1,967Jul 20, 2021Updated 4 years ago
CCob / SweetPotato
View on GitHub
Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019
☆1,811Sep 4, 2024Updated last year
cube0x0 / SharpMapExec
View on GitHub
☆667Nov 17, 2021Updated 4 years ago
jas502n / CVE-2018-10933
View on GitHub
libssh CVE-2018-10933
☆21Oct 20, 2018Updated 7 years ago
EdoardoVignati / java-deserialization-of-untrusted-data-poc
View on GitHub
Some PoC (Proof-of-Concept) about vulnerability of java deserialization of untrusted data
☆26Jul 12, 2021Updated 4 years ago
itm4n / PrintSpoofer
View on GitHub
Abusing impersonation privileges through the "Printer Bug"
☆2,191Sep 10, 2020Updated 5 years ago
NotSoSecure / Blacklist3r
View on GitHub
project-blacklist3r
☆638Oct 3, 2025Updated 5 months ago