deserialization-vulnerability
There are 20 repositories under deserialization-vulnerability topic.
a1phaboy/FastjsonScan
Fastjson扫描器,可识别版本、依赖库、autoType状态等。A tool to distinguish fastjson ,version and dependency
SummerSec/JavaLearnVulnerability
Java漏洞学习笔记 Deserialization Vulnerability
tweedge/springcore-0day-en
Everything I needed to understand what was going on with "Spring4Shell" - translated source materials, exploit, links to demo apps, and more.
j0lt-github/python-deserialization-attack-payload-generator
Peas create serialized payload for deserialization RCE attack on python driven applications where pickle ,pyYAML, ruamel.yaml or jsonpickle module is used for deserialization of serialized data. I will update it with more attack vectors to targets other modules.
H4cking2theGate/ysogate
Java反序列化/JNDI注入/恶意类生成工具,支持多种高版本bypass,支持回显/内存马等多种扩展利用。
GhostTroops/AiCSA
GPT AiCSA(Code security audit),SAST(Static Application Security Testing,静态应用程序安全测试),JAR security analysis, static vulnerability and vulnerability analysis of various programming language codes
hvqzao/java-deserialize-webapp
Vulnerable webapp testbed
hktalent/AiCSA_pub
AiCSA,Move to https://github.com/hktalent/AiCSA
thomasleplus/jdk-serial-filter-trace
A JBoss Byteman rule to debug the trace the JDK deserialization filtering
klezVirus/deser-py
Python Deserialization Payload Generator
klezVirus/deser-ruby
Ruby Deserialization Payload Generator
nth347/CVE-2020-28032_PoC
PoC for CVE-2020-28032 (It's just a POP chain in WordPress < 5.5.2 for exploiting PHP Object Injection)
AreedAhmed/Java-Deserializer
This tool is responsible to perform java deserialization attacks on server end points
sum-catnip/maptool-rce
maptool unauthenticated rce exploit <1.8.0 beta2b
dub-flow/java-gadget-chain
This project contains a Java deserialization vulnerability that is exploitable with some ysoserial payloads, but also contains a custom class that can be leveraged to get command execution upon deserialization.
DenseLance/Who-Stole-My-Pickles
This report serves as a primer to the vulnerability of the Python pickle module and the dangers of insecure deserialization.
trganda/fmysql
Fake MySQL Server for Exploit Vulnerability of MySQL JDBC Driver