vulhub Vulnerability Reproduction Designated Platform
Fastjson扫描器,可识别版本、依赖库、autoType状态等。A tool to distinguish fastjson ,version and dependency
Java漏洞学习笔记 Deserialization Vulnerability
Peas create serialized payload for deserialization RCE attack on python driven applications where pickle ,pyYAML, ruamel.yaml or jsonpickle module is used for deserialization of serialized data. I wil...
Everything I needed to understand what was going on with "Spring4Shell" - translated source materials, exploit, links to demo apps, and more.
Java反序列化/JNDI注入/恶意类生成工具,支持多种高版本bypass,支持回显/内存马等多种扩展利用。
#大语言模型#GPT AiCSA(Code security audit),SAST(Static Application Security Testing,静态应用程序安全测试),JAR security analysis, static vulnerability and vulnerability analysis of various programming language codes
#大语言模型#AiCSA,Move to https://github.com/hktalent/AiCSA
A JBoss Byteman rule to debug the trace the JDK deserialization filtering
Python Deserialization Payload Generator
PoC for CVE-2020-28032 (It's just a POP chain in WordPress < 5.5.2 for exploiting PHP Object Injection)
Ruby Deserialization Payload Generator
maptool unauthenticated rce exploit <1.8.0 beta2b
This project contains a Java deserialization vulnerability that is exploitable with some ysoserial payloads, but also contains a custom class that can be leveraged to get command execution upon deseri...
Insecure deserialization library
Fake MySQL Server for Exploit Vulnerability of MySQL JDBC Driver
This tool is responsible to perform java deserialization attacks on server end points