ysoserial Logo

ysoserial

0
Free
Visit Website

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. This tool is designed to help developers and security researchers identify and exploit vulnerabilities in Java applications. ysoserial is a command-line tool that generates payloads for various Java deserialization vulnerabilities, including those in Apache Commons Collections, Apache Commons BeanUtils, and others. ysoserial is a powerful tool for identifying and exploiting Java deserialization vulnerabilities, and can be used by developers, security researchers, and penetration testers to improve the security of their applications. ysoserial is available for download on GitHub.

FEATURES

ALTERNATIVES

Interactive .NET SQL console client with enhanced SQL Server discovery, access, and data exfiltration features

Repository of YARA rules for Trellix ATR blogposts and investigations

Online Java decompiler tool with support for modern Java features.

A library for running basic functions from stripped binaries cross platform.

YARA syntax highlighting for Gtk-based text editors

dynStruct is a tool for monitoring memory accesses of an ELF binary and recovering structures of the original code.

OCaml wrapper for YARA matching engine for malware identification

Valkyrie is a sophisticated file verdict system that enhances malware detection through behavioral analysis and extensive file feature examination.