Fastjson扫描器,可识别版本、依赖库、autoType状态等。A tool to distinguish fastjson ,version and dependency
-
Updated
Oct 7, 2022 - Go
#
deserialization-vulnerability
Here are 21 public repositories matching this topic...
Java漏洞学习笔记 Deserialization Vulnerability
java vulnerability weblogic shiro-security deserialization-vulnerability jackson-databind fastjson-rce commons-collections3 java-refilection commons-collections4 weblogc-security
-
Updated
Jun 14, 2023 - HTML
Web 版 Java Payload 生成与利用工具,提供 Java 反序列化、Hessian 1/2 反序列化等Payload生成,以及 JNDI、Fake Mysql、JRMPListener 等利用|The web version of Java Payload generation and utilization tool provides Payload generation such as Java deserialization and Hessian 1/2 deserialization, as well as JNDI, Fake Mysql, JRMPListener, etc
-
Updated
Dec 11, 2024 - Dockerfile
Everything I needed to understand what was going on with "Spring4Shell" - translated source materials, exploit, links to demo apps, and more.
-
Updated
Apr 5, 2022 - Python
Peas create serialized payload for deserialization RCE attack on python driven applications where pickle ,pyYAML, ruamel.yaml or jsonpickle module is used for deserialization of serialized data. I will update it with more attack vectors to targets other modules.
python yaml backdoor hacking deserialization rce cmd pickle msfvenom serial-data deserialization-vulnerability pyyaml deserialization-rce-attack attack-vectors python-driven-applications prick ruamel ruamelyaml pysyck
-
Updated
Nov 25, 2023 - Python
Java反序列化/JNDI注入/恶意类生成工具,支持多种高版本bypass,支持回显/内存马等多种扩展利用。
-
Updated
Nov 9, 2024 - Java
-
Updated
Nov 20, 2017 - Java
GPT AiCSA(Code security audit),SAST(Static Application Security Testing,静态应用程序安全测试),JAR security analysis, static vulnerability and vulnerability analysis of various programming language codes
ai deserialization-vulnerability sast gpt-4 chatgpt code-security-audit jar-vulnerability-analysis gpt-security
-
Updated
Dec 26, 2023 - JavaScript
Vulnerable webapp testbed
-
Updated
May 11, 2016 - Java
AiCSA,Move to https://github.com/hktalent/AiCSA
-
Updated
Apr 3, 2023 - Shell
A JBoss Byteman rule to debug the trace the JDK deserialization filtering
-
Updated
Dec 20, 2024
Python Deserialization Payload Generator
-
Updated
Mar 15, 2020 - Python
PoC for CVE-2020-28032 (It's just a POP chain in WordPress < 5.5.2 for exploiting PHP Object Injection)
-
Updated
Nov 17, 2021 - PHP
Ruby Deserialization Payload Generator
-
Updated
Mar 8, 2020 - Ruby
maptool unauthenticated rce exploit <1.8.0 beta2b
-
Updated
Feb 10, 2021 - Python
This project contains a Java deserialization vulnerability that is exploitable with some ysoserial payloads, but also contains a custom class that can be leveraged to get command execution upon deserialization.
-
Updated
Aug 8, 2022 - Java
Fake MySQL Server for Exploit Vulnerability of MySQL JDBC Driver
-
Updated
Jun 9, 2023 - Java
This tool is responsible to perform java deserialization attacks on server end points
-
Updated
Jul 10, 2023 - Python
-
Updated
Jun 21, 2023 - Python
Improve this page
Add a description, image, and links to the deserialization-vulnerability topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the deserialization-vulnerability topic, visit your repo's landing page and select "manage topics."