https://github.com/vulhub/java-chains

Java Vulnerability Exploitation Platform

deserialization-vulnerability java java-vulnerability javasecurity jndi-exploit jndi-injection log4j-rce payload redteam vulhub vulnerability

Last synced: 03 Apr 2026

https://github.com/a1phaboy/FastjsonScan

Fastjson扫描器，可识别版本、依赖库、autoType状态等。A tool to distinguish fastjson ,version and dependency

deserialization-vulnerability fastjson fastjson-rce scanner-web

Last synced: 10 Apr 2025

https://github.com/SummerSec/JavaLearnVulnerability

Java漏洞学习笔记 Deserialization Vulnerability

commons-collections3 commons-collections4 deserialization-vulnerability fastjson-rce jackson-databind java java-refilection shiro-security vulnerability weblogc-security weblogic

Last synced: 11 Jul 2025

https://github.com/summersec/javalearnvulnerability

Java漏洞学习笔记 Deserialization Vulnerability

commons-collections3 commons-collections4 deserialization-vulnerability fastjson-rce jackson-databind java java-refilection shiro-security vulnerability weblogc-security weblogic

Last synced: 12 Apr 2025

https://github.com/h4cking2thegate/ysogate

Java反序列化/JNDI注入/恶意类生成工具，支持多种高版本bypass，支持回显/内存马等多种扩展利用。

bypass deserialization-vulnerability java jndi-exploit jrmp ldap payload-generator rmi ysoserial

Last synced: 19 Aug 2025

https://github.com/tweedge/springcore-0day-en

Everything I needed to understand what was going on with "Spring4Shell" - translated source materials, exploit, links to demo apps, and more.

0day deserialization-vulnerability exploit java spring4shell springcore

Last synced: 05 Apr 2025

https://github.com/H4cking2theGate/ysogate

Java反序列化/JNDI注入/恶意类生成工具，支持多种高版本bypass，支持回显/内存马等多种扩展利用。

bypass deserialization-vulnerability java jndi-exploit jrmp ldap payload-generator rmi ysoserial

Last synced: 04 Apr 2025

https://github.com/grrrdog/zeronights-webvillage-2017

deserialization-vulnerability vulnerable-container

Last synced: 14 Sep 2025

https://github.com/GhostTroops/AiCSA

GPT AiCSA(Code security audit)，SAST（Static Application Security Testing，静态应用程序安全测试），JAR security analysis, static vulnerability and vulnerability analysis of various programming language codes

ai chatgpt code-security-audit deserialization-vulnerability gpt-4 gpt-security jar-vulnerability-analysis sast

Last synced: 07 Sep 2025

https://github.com/hktalent/aicsa_pub

AiCSA，Move to https://github.com/hktalent/AiCSA

ai chatgpt code-security-audit deserialization-vulnerability gpt-4 jar-vulnerability-analysis

Last synced: 18 Jun 2025

https://github.com/thomasleplus/jdk-serial-filter-trace

A JBoss Byteman rule to debug the trace the JDK deserialization filtering

byteman byteman-agent deserialization-vulnerability java jboss jboss-eap jboss-wildfly jdk jvm

Last synced: 13 Apr 2025

https://github.com/klezvirus/deser-ruby

Ruby Deserialization Payload Generator

binary command-execution deserialization deserialization-vulnerability rails rce ruby yaml

Last synced: 29 Jun 2025

https://github.com/klezvirus/deser-py

Python Deserialization Payload Generator

deserialization deserialization-vulnerability jsonpickle pickle python pyyaml

Last synced: 08 May 2025

https://github.com/dub-flow/java-gadget-chain

This project contains a Java deserialization vulnerability that is exploitable with some ysoserial payloads, but also contains a custom class that can be leveraged to get command execution upon deserialization.

deserialization-vulnerability java

Last synced: 07 Jul 2025

https://github.com/malectricasoftware/balsamic

Insecure deserialization library

deserialization-library deserialization-vulnerability pickle python security serialization

Last synced: 14 Jan 2026