Java Vulnerability Exploitation Platform

Fastjson扫描器，可识别版本、依赖库、autoType状态等。A tool to distinguish fastjson ,version and dependency

Java漏洞学习笔记 Deserialization Vulnerability

Java反序列化/JNDI注入/恶意类生成工具，支持多种高版本bypass，支持回显/内存马等多种扩展利用。

Peas create serialized payload for deserialization RCE attack on python driven applications where pickle ,pyYAML, ruamel.yaml or jsonpickle module is used for deserialization of serialized data. I will update it with more attack vectors to targets other modules.

Everything I needed to understand what was going on with "Spring4Shell" - translated source materials, exploit, links to demo apps, and more.

GPT AiCSA(Code security audit)，SAST（Static Application Security Testing，静态应用程序安全测试），JAR security analysis, static vulnerability and vulnerability analysis of various programming language codes

Vulnerable webapp testbed

GadgetExplorer is a .NET command-line tool for finding potential deserialization gadget chains in managed applications. It scans one or more assemblies, builds a reachability graph with dispatch and callback heuristics, and reports when a deserialization entrypoint can reach a sink you care about.

AiCSA，Move to https://github.com/hktalent/AiCSA

A JBoss Byteman rule to debug the trace the JDK deserialization filtering

PoC for CVE-2020-28032 (It's just a POP chain in WordPress < 5.5.2 for exploiting PHP Object Injection)

Python Deserialization Payload Generator

Ruby Deserialization Payload Generator

maptool unauthenticated rce exploit <1.8.0 beta2b

Fake MySQL Server for Exploit Vulnerability of MySQL JDBC Driver

Proof of Concept of an unsafe pickle deserialization vulnerability in Socket.IO

This project contains a Java deserialization vulnerability that is exploitable with some ysoserial payloads, but also contains a custom class that can be leveraged to get command execution upon deserialization.