GitHub topics: deserialization-vulnerability

Repositories

thomasleplus/jdk-serial-filter-trace

A JBoss Byteman rule to debug the trace the JDK deserialization filtering

Size: 219 KB - Last synced at: 1 day ago - Pushed at: 2 days ago - Stars: 5 - Forks: 3

H4cking2theGate/ysogate

Java反序列化/JNDI注入/恶意类生成工具，支持多种高版本bypass，支持回显/内存马等多种扩展利用。

Language: Java - Size: 282 KB - Last synced at: 8 days ago - Pushed at: 8 days ago - Stars: 126 - Forks: 11

GhostTroops/AiCSA

GPT AiCSA(Code security audit)，SAST（Static Application Security Testing，静态应用程序安全测试），JAR security analysis, static vulnerability and vulnerability analysis of various programming language codes

Language: JavaScript - Size: 22.3 MB - Last synced at: 6 days ago - Pushed at: over 1 year ago - Stars: 60 - Forks: 5

malectricasoftware/balsamic

Insecure deserialization library

Language: Python - Size: 70.3 KB - Last synced at: 24 days ago - Pushed at: over 1 year ago - Stars: 2 - Forks: 0

SummerSec/JavaLearnVulnerability

Java漏洞学习笔记 Deserialization Vulnerability

Language: HTML - Size: 179 MB - Last synced at: 2 months ago - Pushed at: about 2 years ago - Stars: 935 - Forks: 97

GrrrDog/ZeroNights-WebVillage-2017

Language: Java - Size: 21.5 KB - Last synced at: 3 months ago - Pushed at: almost 8 years ago - Stars: 71 - Forks: 11

tweedge/springcore-0day-en

Everything I needed to understand what was going on with "Spring4Shell" - translated source materials, exploit, links to demo apps, and more.

Language: Python - Size: 2.17 MB - Last synced at: 5 days ago - Pushed at: over 3 years ago - Stars: 107 - Forks: 35

vulhub/java-chains

Vulhub Vulnerability Reproduction Designated Platform

Language: Dockerfile - Size: 4.29 MB - Last synced at: 4 months ago - Pushed at: 5 months ago - Stars: 1,504 - Forks: 121

a1phaboy/FastjsonScan

Fastjson扫描器，可识别版本、依赖库、autoType状态等。A tool to distinguish fastjson ,version and dependency

Language: Go - Size: 4.41 MB - Last synced at: 5 months ago - Pushed at: almost 3 years ago - Stars: 1,016 - Forks: 98

This project contains a Java deserialization vulnerability that is exploitable with some ysoserial payloads, but also contains a custom class that can be leveraged to get command execution upon deserialization.

Language: Java - Size: 17.6 KB - Last synced at: 2 months ago - Pushed at: about 3 years ago - Stars: 1 - Forks: 0

klezVirus/deser-py

Python Deserialization Payload Generator

Language: Python - Size: 21.5 KB - Last synced at: 4 months ago - Pushed at: over 5 years ago - Stars: 4 - Forks: 1

klezVirus/deser-ruby

Ruby Deserialization Payload Generator

Language: Ruby - Size: 16.6 KB - Last synced at: 3 months ago - Pushed at: over 5 years ago - Stars: 4 - Forks: 2

NyaMeeEain/Applications-Security

Size: 307 KB - Last synced at: 3 months ago - Pushed at: almost 3 years ago - Stars: 17 - Forks: 14

hktalent/AiCSA_pub

AiCSA，Move to https://github.com/hktalent/AiCSA

Language: Shell - Size: 572 KB - Last synced at: 3 months ago - Pushed at: over 2 years ago - Stars: 10 - Forks: 1

trganda/fmysql

Fake MySQL Server for Exploit Vulnerability of MySQL JDBC Driver

Language: Java - Size: 181 KB - Last synced at: over 1 year ago - Pushed at: over 2 years ago - Stars: 0 - Forks: 0

j0lt-github/python-deserialization-attack-payload-generator

Peas create serialized payload for deserialization RCE attack on python driven applications where pickle ,pyYAML, ruamel.yaml or jsonpickle module is used for deserialization of serialized data. I will update it with more attack vectors to targets other modules.

Language: Python - Size: 34.2 KB - Last synced at: about 2 years ago - Pushed at: over 4 years ago - Stars: 73 - Forks: 21