https://github.com/vulhub/java-chains

Java Vulnerability Exploitation Platform
https://github.com/vulhub/java-chains

deserialization-vulnerability java java-vulnerability javasecurity jndi-exploit jndi-injection log4j-rce payload redteam vulhub vulnerability

Last synced: 4 days ago
JSON representation

Java Vulnerability Exploitation Platform

• Host: GitHub
• URL: https://github.com/vulhub/java-chains
• Owner: vulhub
• Created: 2024-11-02T10:41:25.000Z (over 1 year ago)
• Default Branch: main
• Last Pushed: 2026-04-01T12:35:30.000Z (6 days ago)
• Last Synced: 2026-04-01T14:38:37.419Z (5 days ago)
• Topics: deserialization-vulnerability, java, java-vulnerability, javasecurity, jndi-exploit, jndi-injection, log4j-rce, payload, redteam, vulhub, vulnerability
• Language: Dockerfile
• Homepage: https://java-chains.vulhub.org
• Size: 5.03 MB
• Stars: 2,021
• Watchers: 17
• Forks: 166
• Open Issues: 12
• Metadata Files:
  • Readme: README.md
  • Changelog: CHANGELOG.md

Awesome Lists containing this project

• awesome-hacking-lists - vulhub/java-chains - vulhub Vulnerability Reproduction Designated Platform (Dockerfile)

README

          
English | 简体中文



Java Chains









  







    





`Java-Chains` is a Java Payload generation and vulnerability exploitation web platform, designed to facilitate security

researchers in quickly generating Java Payloads and conveniently and rapidly testing vulnerabilities such as JNDI

injection, MySQL JDBC deserialization, and JRMP deserialization. It aims to improve testing efficiency to a certain

extent.

> Standing on the shoulders of giants



  



## Get started quickly

https://java-chains.vulhub.org/docs/guide

## Updated content

[CHANGELOG.md](./CHANGELOG.md)

## References and acknowledgments

It only supports personal research and learning, and should never be used for illegal and criminal activities.

The developers, providers and maintainers of the project are not responsible for the actions and consequences of the

user's use of the tool, and the user of the tool shall do so at their own risk.

Acknowledgments:

- https://github.com/ReaJason/MemShellParty

- https://github.com/wh1t3p1g/ysomap

- https://github.com/qi4L/JYso

- https://github.com/X1r0z/JNDIMap

- https://github.com/Whoopsunix/PPPYSO

- https://github.com/jar-analyzer/class-obf

- https://github.com/4ra1n/mysql-fake-server

- https://github.com/mbechler/marshalsec

- https://github.com/frohoff/ysoserial

- https://github.com/H4cking2theGate/ysogate

- https://github.com/Bl0omZ/JNDIEXP

- https://github.com/kezibei/Urldns

- https://github.com/rebeyond/JNDInjector

- https://github.dev/LxxxSec/CTF-Java-Gadget

- https://github.com/pen4uin/java-memshell-generator

- https://github.com/pen4uin/java-echo-generator

- https://github.com/NickstaDB/SerializationDumper

- https://xz.aliyun.com/t/5381

- http://rui0.cn/archives/1408

## Communication

If you have any questions, please feel free to send issus

## Star History

[![Star History Chart](https://api.star-history.com/svg?repos=vulhub/java-chains&type=Date)](https://star-history.com/#vulhub/java-chains&Date)