A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
☆34Sep 19, 2016Updated 9 years ago
Alternatives and similar repositories for ysoserial
Users that are interested in ysoserial are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Demo server for testing Java deserialization payloads☆15Sep 18, 2016Updated 9 years ago
- CVE-2018-19276 - OpenMRS Insecure Object Deserialization RCE☆16Mar 11, 2019Updated 7 years ago
- A custom web vulnerability scanner☆28Nov 17, 2018Updated 7 years ago
- Scans tcl for command injection☆36May 24, 2019Updated 6 years ago
- CVE-2019-6467 (BIND nxdomain-redirect)☆26Apr 25, 2019Updated 6 years ago
- Wordpress hosting with auto-scaling on Cloudways • AdFully Managed hosting built for WordPress-powered businesses that need reliable, auto-scalable hosting. Cloudways SafeUpdates now available.
- ☆34Jul 17, 2019Updated 6 years ago
- ☆108Feb 4, 2022Updated 4 years ago
- Web Application Security related tools. Includes backdoors, proof of concepts and tricks☆37Oct 21, 2014Updated 11 years ago
- Result files from various fuzzing runs☆16Oct 18, 2021Updated 4 years ago
- RCE Exploit PoC for Spring based RESTFul APIs using XStream as Unmarshaler☆20Dec 24, 2013Updated 12 years ago
- Ucki's Recon & Enumeration Pack☆39May 9, 2016Updated 9 years ago
- 🐱💻 Poc of CVE-2019-7238 - Nexus Repository Manager 3 Remote Code Execution 🐱💻☆153Feb 25, 2019Updated 7 years ago
- .NET Deserialization Passive Scanner☆46Mar 23, 2018Updated 8 years ago
- An example project that exploits the default typing issue in Jackson-databind via Spring application contexts and expressions☆124Jan 9, 2018Updated 8 years ago
- Open source password manager - Proton Pass • AdSecurely store, share, and autofill your credentials with Proton Pass, the end-to-end encrypted password manager trusted by millions.
- Golang code to crawl website, extract links from html, paths from JavaScript code, follow and repeat.☆12Jun 4, 2018Updated 7 years ago
- Remote Desktop Protocol in Twisted Python☆26Apr 13, 2018Updated 7 years ago
- Extract Juniper firewall usernames and hashes and put into a John the Ripper format for cracking☆13Jul 4, 2014Updated 11 years ago
- Automatically identify deserialisation issues in Java and .NET applications by using active and passive scans☆583Sep 7, 2021Updated 4 years ago
- Weape-Wireless-EAP-Extractor☆29Sep 1, 2013Updated 12 years ago
- Github Desktop RCE PoC☆28Dec 4, 2018Updated 7 years ago
- Break and Elevation of Privilege the API v2 using JSON Web Token (JWT)☆15Jul 8, 2017Updated 8 years ago
- PoC for leaking text nodes via CSS injection☆35Aug 20, 2018Updated 7 years ago
- meow☆12Dec 6, 2015Updated 10 years ago
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- ☆30Jul 17, 2018Updated 7 years ago
- A Java serializer in JavaScript☆80May 21, 2018Updated 7 years ago
- Deprecated: Please visit https://github.com/github/codeql instead.☆82Apr 8, 2022Updated 3 years ago
- Jenkins RCE PoC. From unauthenticated user to remote code execution, it's a hacker's dream!☆298Jun 10, 2019Updated 6 years ago
- Firefox extension which parses the headers of all the requests which are being flowing through your firefox browser to detect for vulnera…☆60Oct 28, 2018Updated 7 years ago
- A Tool for cross-platform System Enumeration☆12Mar 20, 2017Updated 9 years ago
- ☆16Mar 4, 2019Updated 7 years ago
- Bypassing FILTER_SANITIZE_EMAIL & FILTER_VALIDATE_EMAIL filters in filter_var for SQL Injection ( xD )☆32Nov 3, 2019Updated 6 years ago
- Tool for checking Whether a domain or its multiple sub-domains are up and running.☆72Jan 21, 2019Updated 7 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
- Automatically extracts API Keys from APK files☆13Feb 1, 2022Updated 4 years ago
- A tool to speed up Android pentesting by automating the APK acquisition and information gathering☆18Jul 6, 2022Updated 3 years ago
- 2 web tasks from ZeroNights HackQuest 2016☆50Mar 24, 2017Updated 9 years ago
- The cheat sheet about Java Deserialization vulnerabilities☆3,172May 26, 2023Updated 2 years ago
- Simple PoC to leak contents from embedded origin☆26Sep 17, 2019Updated 6 years ago
- notorious BIG IP☆15Aug 8, 2019Updated 6 years ago
- WebLogic wls9-async反序列化远程命令执行漏洞☆240May 26, 2019Updated 6 years ago