1310 Open source projects that are alternatives of or similar to Ysoserial

Sample codes written for the Hackers to Hackers Conference magazine 2017 (H2HC).

JexBoss: Jboss (and Java Deserialization Vulnerabilities) verify and EXploitation Tool

Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本，最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340

Vulnerability Notes, PoC Exploits and Write-Ups for security issues disclosed by tintinweb

Proofs-of-concept

Misc. Public Reports of Penetration Testing and Security Audits.

ProxyToken (CVE-2021-33766) : An Authentication Bypass in Microsoft Exchange Server POC exploit

D(HE)ater is a proof of concept implementation of the D(HE)at attack (CVE-2002-20001) through which denial-of-service can be performed by enforcing the Diffie-Hellman key exchange.

A proof of concept that demonstrates asynchronous scanning for Java deserialization bugs

Juniper Junos Space (CVE-2020-1611) (PoC)

A personal collection of Windows CVE I have turned in to exploit source, as well as a collection of payloads I've written to be used in conjunction with these exploits.

A correct and safe JSON parser.

Guest to host VM escape exploit for Parallels Desktop

Kubernetes security and vulnerability tools and utilities.

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

A TypeScript serialization/deserialization library to convert objects to/from JSON

项目是根据LandGrey/SpringBootVulExploit清单编写，目的hvv期间快速利用漏洞、降低漏洞利用门槛。

Powerful dork searcher and vulnerability scanner for windows platform

IoT 固件漏洞复现环境

Simple dataclasses configuration management for Python with hocon/json/yaml/properties/env-vars/dict support.

Umbraco CMS 7.12.4 - (Authenticated) Remote Code Execution

Input/Output/Error management for your python controllers with Swagger doc generation

Apache Avro serializer for .NET

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

🦄🔒 Awesome list of secrets in environment variables 🖥️

Xbox One Symbolic Link Exploit: Access restricted/encrypted volumes using the Xbox File Explorer.

A handy swift json-object serialization/deserialization library

🏴‍☠️ Pwn misconfigured sites running ShareX custom image uploader API through chained exploit

Serializer/Deserializer for Kafka to serialize/deserialize Protocol Buffers messages

Extensible framework for analyzing publicly available information about vulnerabilities

JSON schema generation from dataclasses

A number of scripts POC's and problems solved as pentests move along.

KDL Parser for the JVM

A library to serialize and deserialize objects with minimum memory usage.

My exploitDB.

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

3389远程桌面代码执行漏洞CVE-2019-0708批量检测工具(Rdpscan Bluekeep Check)

Advanced Web Browser Fingerprinting

Apache Shiro 反序列化漏洞检测与利用工具

Exploit Development - Weaponized Exploit and Proof of Concepts (PoC)

[DEPRECATED]: Prefer Room by Google, or SQLDelight by Square.

Jenkins RCE Proof-of-Concept: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative)

AMQP 0.9.1 protocol serialization and deserialization implementation for Ruby (2.0+)

@codec("encoder", "decoder") var cool: Bool = true

Real world and CTFs exploiting web/binary POCs.

Jackson JSON without annotation.

NSE scripts to detect CVE-2020-1350 SIGRED and CVE-2020-0796 SMBGHOST, CVE-2021-21972, proxyshell, CVE-2021-34473

Scheme flooding vulnerability: how it works and why it is a threat to anonymous browsing

Code generator for serializing/deserializing C++ objects to/from JSON using Clang and RapidJSON

an RCE (remote command execution) approach of CVE-2018-7750

Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT

This is a minified exploit for mikrotik routers. It does not require any aditional modules to run.

An extremely simple, fast, efficient, cross-platform serialization format

OWASP VBScan is a Black Box vBulletin Vulnerability Scanner

Ladon Pentest Scanner framework 全平台LadonGo开源内网渗透扫描器框架，使用它可轻松一键批量探测C段、B段、A段存活主机、高危漏洞检测MS17010、SmbGhost，远程执行SSH/Winrm，密码爆破SMB/SSH/FTP/Mysql/Mssql/Oracle/Winrm/HttpBasic/Redis，端口扫描服务识别PortScan指纹识别/HttpBanner/HttpTitle/TcpBanner/Weblogic/Oxid多网卡主机，端口扫描服务识别PortScan。

iblessing is an iOS security exploiting toolkit, it mainly includes application information collection, static analysis and dynamic analysis. It can be used for reverse engineering, binary analysis and vulnerability mining.

Complex custom class converters for attrs.

Wordpress XMLRPC System Multicall Brute Force Exploit (0day) by 1N3 @ CrowdShield

hacker, ready for more of our story ! 🚀

💀Proof-of-Concept for CVE-2018-7600 Drupal SA-CORE-2018-002