A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. This tool is designed to help developers and security researchers identify and exploit vulnerabilities in Java applications. ysoserial is a command-line tool that generates payloads for various Java deserialization vulnerabilities, including those in Apache Commons Collections, Apache Commons BeanUtils, and others. ysoserial is a powerful tool for identifying and exploiting Java deserialization vulnerabilities, and can be used by developers, security researchers, and penetration testers to improve the security of their applications. ysoserial is available for download on GitHub.
FEATURES
SIMILAR TOOLS
A tool that extracts and deobfuscates strings from malware binaries using advanced static analysis techniques.
A program to manage yara ruleset in a database with support for different databases and configuration options.
Joe Sandbox Community provides automated cloud-based malware analysis across multiple OS platforms.
Intezer is a cloud-based malware analysis platform that detects and classifies malware using genetic code analysis.
Code to prevent a managed .NET debugger/profiler from working.
Valkyrie is a sophisticated file verdict system that enhances malware detection through behavioral analysis and extensive file feature examination.
Blazingly fast Yara queries for malware analysts with an analyst-friendly web GUI.
A binary analysis and management framework for organizing and analyzing malware and exploit samples, and creating plugins.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.