A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 check list

一个漏洞 PoC 知识库。A knowledge base for vulnerability PoCs(Proof of Concept), with 1k+ vulnerabilities.

a rep for documenting my study, may be from 0 to 0.1

A byte code analyzer for finding deserialization gadget chains in Java applications

A malicious LDAP server for JNDI injection attacks

80+ Gadgets(30 More than ysoserial). JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and provide background services by starting RMI server,LDAP server and HTTP server.

Java RMI enumeration and attack tool.

Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.

Java Message Exploitation Tool

SHELLING - a comprehensive OS command injection payload generator

JavaWeb漏洞审计工具，构建方法调用链并模拟栈帧进行分析

forked from frohoff/ysoserial and added my own payloads.

AI Substitutor is an extension for Burp Suite that uses AI functionality to substitute values of HTTP request parameters and headers.

su18 ysoserial

Community fork of OpenAM, an authentication and authorization system originally developed by ForgeRock.