javadeser

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

翻译 - 概念证明工具，用于生成利用不安全的Java对象反序列化的有效负载。

The cheat sheet about Java Deserialization vulnerabilities

JexBoss: Jboss (and Java Deserialization Vulnerabilities) verify and EXploitation Tool

Sample codes written for the Hackers to Hackers Conference magazine 2017 (H2HC).

Library for manually creating Java serialization data.