JNDIExploit or a ysoserial.

80+ Gadgets(30 More than ysoserial). JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and provide background services by starting RMI server,LDAP server and HTTP server.

ZKar is a Java serialization protocol analysis tool implement in Go.

JMX enumeration and attacking tool.

Some codes for bypassing Oracle WebLogic CVE-2018-2628 patch

proof-of-concept for generating Java deserialization payload | Proxy MemShell

Programmatically create hunting rules for deserialization exploitation with multiple keywords, gadget chains, object types, encodings, and rule types

RmiTaste allows security professionals to detect, enumerate, interact and exploit RMI services by calling remote methods with gadgets from ysoserial.

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

Java反序列化/JNDI注入/恶意类生成工具，支持多种高版本bypass，支持回显/内存马等多种扩展利用。

🌊 Dockerfiles for apps I use. Also take a look at https://github.com/security-dockerfiles

Some PoC (Proof-of-Concept) about vulnerability of java deserialization of untrusted data

ysoserial A collection of works by various masters

ResourcesPayload

Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.

Automates generating Java serialized payload wordlist with Ysoserial and associated compression/encoding

Generate all ysoserial payloads with burp collaborator (or similar)

Python wrapper for ysoserial

Java反序列化漏洞Gadget Chain可视化图谱工具

Java object serialization stream parser written in Rust