ysoserial Logo

ysoserial

0
Free
Visit Website

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. This tool is designed to help developers and security researchers identify and exploit vulnerabilities in Java applications. ysoserial is a command-line tool that generates payloads for various Java deserialization vulnerabilities, including those in Apache Commons Collections, Apache Commons BeanUtils, and others. ysoserial is a powerful tool for identifying and exploiting Java deserialization vulnerabilities, and can be used by developers, security researchers, and penetration testers to improve the security of their applications. ysoserial is available for download on GitHub.

FEATURES

ALTERNATIVES

Automatic analysis of malware behavior using machine learning.

A Python script that finds endpoints in JavaScript files to identify potential security vulnerabilities.

A collection of publicly available YARA rules for detecting and classifying malware.

Collection of malware persistence information and techniques

A developer added malicious code to a popular open-source package, wiping files on computers in Russia and Belarus as a protest.

A tool that executes programs in memory from various sources

A library of PHP unserialize() payloads and a tool to generate them.

A command-line tool for identifying NoSQL injection vulnerabilities in MongoDB databases