Data

Tools

Indexes

Applications

Experiments

Repos

An open API service providing repository metadata for many open source software ecosystems.

Topic: "deserialization-vulnerability"

vulhub/java-chains

vulhub Vulnerability Reproduction Designated Platform

Language: Dockerfile - Size: 4.29 MB - Last synced at: 21 days ago - Pushed at: 21 days ago - Stars: 1,392 - Forks: 110

a1phaboy/FastjsonScan

Fastjson扫描器,可识别版本、依赖库、autoType状态等。A tool to distinguish fastjson ,version and dependency

Language: Go - Size: 4.41 MB - Last synced at: 15 days ago - Pushed at: over 2 years ago - Stars: 1,016 - Forks: 98

SummerSec/JavaLearnVulnerability

Java漏洞学习笔记 Deserialization Vulnerability

Language: HTML - Size: 179 MB - Last synced at: 13 days ago - Pushed at: almost 2 years ago - Stars: 929 - Forks: 95

tweedge/springcore-0day-en

Everything I needed to understand what was going on with "Spring4Shell" - translated source materials, exploit, links to demo apps, and more.

Language: Python - Size: 2.17 MB - Last synced at: about 15 hours ago - Pushed at: about 3 years ago - Stars: 108 - Forks: 36

H4cking2theGate/ysogate

Java反序列化/JNDI注入/恶意类生成工具,支持多种高版本bypass,支持回显/内存马等多种扩展利用。

Language: Java - Size: 271 KB - Last synced at: 16 days ago - Pushed at: 3 months ago - Stars: 97 - Forks: 8

j0lt-github/python-deserialization-attack-payload-generator

Peas create serialized payload for deserialization RCE attack on python driven applications where pickle ,pyYAML, ruamel.yaml or jsonpickle module is used for deserialization of serialized data. I will update it with more attack vectors to targets other modules.

Language: Python - Size: 34.2 KB - Last synced at: over 1 year ago - Pushed at: about 4 years ago - Stars: 73 - Forks: 21

GrrrDog/ZeroNights-WebVillage-2017

Language: Java - Size: 21.5 KB - Last synced at: 6 days ago - Pushed at: over 7 years ago - Stars: 70 - Forks: 10

GhostTroops/AiCSA

GPT AiCSA(Code security audit),SAST(Static Application Security Testing,静态应用程序安全测试),JAR security analysis, static vulnerability and vulnerability analysis of various programming language codes

Language: JavaScript - Size: 22.3 MB - Last synced at: 4 months ago - Pushed at: over 1 year ago - Stars: 57 - Forks: 6

NyaMeeEain/Applications-Security

Size: 307 KB - Last synced at: almost 2 years ago - Pushed at: over 2 years ago - Stars: 16 - Forks: 15

hvqzao/java-deserialize-webapp

Vulnerable webapp testbed

Language: Java - Size: 6.63 MB - Last synced at: about 2 years ago - Pushed at: almost 9 years ago - Stars: 16 - Forks: 7

hktalent/AiCSA_pub

AiCSA,Move to https://github.com/hktalent/AiCSA

Language: Shell - Size: 572 KB - Last synced at: 23 days ago - Pushed at: about 2 years ago - Stars: 10 - Forks: 1

thomasleplus/jdk-serial-filter-trace

A JBoss Byteman rule to debug the trace the JDK deserialization filtering

Size: 150 KB - Last synced at: 2 days ago - Pushed at: 2 days ago - Stars: 5 - Forks: 3

klezVirus/deser-py

Python Deserialization Payload Generator

Language: Python - Size: 21.5 KB - Last synced at: 25 days ago - Pushed at: about 5 years ago - Stars: 4 - Forks: 1

klezVirus/deser-ruby

Ruby Deserialization Payload Generator

Language: Ruby - Size: 16.6 KB - Last synced at: 25 days ago - Pushed at: about 5 years ago - Stars: 4 - Forks: 2

nth347/CVE-2020-28032_PoC

PoC for CVE-2020-28032 (It's just a POP chain in WordPress < 5.5.2 for exploiting PHP Object Injection)

Language: PHP - Size: 1.95 KB - Last synced at: almost 2 years ago - Pushed at: over 3 years ago - Stars: 2 - Forks: 1

malectricasoftware/balsamic

Insecure deserialization library

Language: Python - Size: 70.3 KB - Last synced at: 12 days ago - Pushed at: 11 months ago - Stars: 1 - Forks: 0

AreedAhmed/Java-Deserializer

This tool is responsible to perform java deserialization attacks on server end points

Language: Python - Size: 5.86 KB - Last synced at: almost 2 years ago - Pushed at: almost 2 years ago - Stars: 1 - Forks: 0

dub-flow/java-gadget-chain

This project contains a Java deserialization vulnerability that is exploitable with some ysoserial payloads, but also contains a custom class that can be leveraged to get command execution upon deserialization.

Language: Java - Size: 17.6 KB - Last synced at: 21 days ago - Pushed at: over 2 years ago - Stars: 1 - Forks: 0

sum-catnip/maptool-rce

maptool unauthenticated rce exploit <1.8.0 beta2b

Language: Python - Size: 3.91 KB - Last synced at: about 18 hours ago - Pushed at: about 4 years ago - Stars: 1 - Forks: 0

trganda/fmysql

Fake MySQL Server for Exploit Vulnerability of MySQL JDBC Driver

Language: Java - Size: 181 KB - Last synced at: 12 months ago - Pushed at: almost 2 years ago - Stars: 0 - Forks: 0

Related Topics
java 7 deserialization 4 rce 3 python 3 pickle 3 vulnerability 2 jndi-exploit 2 exploit 2 jar-vulnerability-analysis 2 gpt-4 2 code-security-audit 2 chatgpt 2 ai 2 fastjson-rce 2 yaml 2 pyyaml 2 java-deserialization 2 redteam 2 jvm 1 jrmp 1 bypass 1 weblogic 1 weblogc-security 1 shiro-security 1 java-refilection 1 jackson-databind 1 commons-collections4 1 commons-collections3 1 python3 1 vulhub 1 payload 1 log4j-rce 1 jndi-injection 1 intentionally-vulnerable 1 javasecurity 1 fastjson 1 jdk 1 jboss-wildfly 1 jboss-eap 1 jboss 1 byteman-agent 1 byteman 1 vulnerable-container 1 jsonpickle 1 ruby 1 rails 1 command-execution 1 binary 1 maptool 1 hessian 1 ysoserial 1 rmi 1 payload-generator 1 ldap 1 jwtauth 1 serial-data 1 ruamelyaml 1 ruamel 1 penetration-testing 1 pentest 1 python-driven-applications 1 pentesting 1 pysyck 1 prick 1 msfvenom 1 hacking 1 deserialization-rce-attack 1 cmd 1 backdoor 1 attack-vectors 1 redteam-infrastructure 1 java-vulnerability 1 springcore 1 spring4shell 1 java-webapp 1 0day 1 serialization 1 security 1 deserialization-library 1 sast 1 security-vulnerability 1 gpt-security 1 wordpress 1 application-security 1 blind-sql-injection 1 mysql 1 jdbc 1 scanner-web 1 jwt-token 1