awesome-repositories.com
المدونة
awesome-repositories.com

اكتشف أفضل مستودعات المصادر المفتوحة باستخدام بحث مدعوم بالذكاء الاصطناعي.

استكشفعمليات بحث منسقةبدائل مفتوحة المصدربرمجيات ذاتية الاستضافةالمدونةخريطة الموقع
المشروعحولكيفية ترتيب النتائجالصحافةخادم MCP
قانونيالخصوصيةالشروط
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·

4 مستودعات

Awesome GitHub RepositoriesDeserialization Exploits

Exploits that trigger arbitrary code execution by manipulating serialized data objects during reconstruction.

Distinct from Code Execution Engines: Focuses on offensive deserialization attacks rather than secure sandboxes or general execution runtimes.

Explore 4 awesome GitHub repositories matching security & cryptography · Deserialization Exploits. Refine with filters or upvote what's useful.

Awesome Deserialization Exploits GitHub Repositories

اعثر على أفضل المستودعات باستخدام الذكاء الاصطناعي.سنبحث عن أفضل المستودعات المطابقة باستخدام الذكاء الاصطناعي.
  • zhzyker/exphubالصورة الرمزية لـ zhzyker

    zhzyker/exphub

    4,282عرض على GitHub↗

    Exphub is a CVE exploit script library and enterprise software vulnerability suite designed to verify and exploit known security flaws in server environments such as WebLogic, Struts2, Tomcat, and JBoss. It functions as a remote code execution toolkit and a web shell deployment framework for triggering unauthorized command execution and establishing persistent access on remote systems. The project includes specialized utilities for internal network reconnaissance, specifically using server-side request forgery to scan for open ports and services. It further provides mechanisms for bypassing a

    Implements attacks that execute arbitrary commands via serialized object reconstruction in server environments.

    Pythoncve-2020-10199cve-2020-10204cve-2020-11444
    عرض على GitHub↗4,282
  • ambionics/phpggcالصورة الرمزية لـ ambionics

    ambionics/phpggc

    3,832عرض على GitHub↗

    phpggc is a security assessment utility and command-line tool designed for the automated generation, obfuscation, and wrapping of serialized object chains. It functions as a gadget chain framework used to identify and verify remote code execution vectors by testing for PHP object injection vulnerabilities. The project provides a modular system for constructing complex serialized object sequences and includes a dedicated payload obfuscator to transform byte streams for bypassing web application firewalls and security filters. It also features a generator for wrapping serialized data into archi

    Functions as a command-line tool for generating serialized object gadget chains to exploit PHP deserialization flaws.

    PHP
    عرض على GitHub↗3,832
  • pwntester/ysoserial.netالصورة الرمزية لـ pwntester

    pwntester/ysoserial.net

    3,735عرض على GitHub↗

    ysoserial.net is a payload generator for .NET deserialization, designed to create malicious serialized objects and structured gadget chains. It serves as a tool for generating command execution strings and security testing suites used to assess vulnerabilities in .NET formatters. The tool enables the creation of sequences of object calls that trigger remote code execution during the reconstruction of serialized data. It produces specialized payloads for executing system commands, loading remote libraries, and accessing local file systems. The project includes capabilities for optimizing payl

    Provides a tool for creating malicious serialized objects to exploit unsafe deserialization in .NET applications.

    C#
    عرض على GitHub↗3,735
  • mbechler/marshalsecالصورة الرمزية لـ mbechler

    mbechler/marshalsec

    3,691عرض على GitHub↗

    Marshalsec is a toolkit designed for generating malicious serialized Java objects to achieve remote code execution during the unmarshalling process. It functions as a Java deserialization exploit tool and a framework for triggering Java Naming and Directory Interface lookups to remote servers. The project provides a JNDI redirector service that intercepts lookups and points targets toward a remote codebase. It includes utilities for crafting payloads that force Java applications to download and execute arbitrary classes from a remote URL. The toolset covers security analysis activities inclu

    Provides a toolkit for generating exploits that trigger arbitrary code execution via manipulated serialized data objects.

    Java
    عرض على GitHub↗3,691
  1. Home
  2. Security & Cryptography
  3. Deserialization Exploits