awesome-repositories.com
Blog
awesome-repositories.com

Entdecke die besten Open-Source-Repositories mit KI-gestützter Suche.

EntdeckenKuratierte SuchenOpen-Source-AlternativenSelf-hosted SoftwareBlogSitemap
ProjektÜber unsRanking-MethodikPresseMCP-Server
RechtlichesDatenschutzAGB
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·

4 Repos

Awesome GitHub RepositoriesDeserialization Exploits

Exploits that trigger arbitrary code execution by manipulating serialized data objects during reconstruction.

Distinct from Code Execution Engines: Focuses on offensive deserialization attacks rather than secure sandboxes or general execution runtimes.

Explore 4 awesome GitHub repositories matching security & cryptography · Deserialization Exploits. Refine with filters or upvote what's useful.

Awesome Deserialization Exploits GitHub Repositories

Finde die besten Repos mit KI.Wir suchen mit KI nach den am besten passenden Repositories.
  • zhzyker/exphubAvatar von zhzyker

    zhzyker/exphub

    4,282Auf GitHub ansehen↗

    Exphub ist eine Bibliothek für CVE-Exploit-Skripte und eine Suite für Unternehmenssoftware-Schwachstellen, die darauf ausgelegt ist, bekannte Sicherheitslücken in Serverumgebungen wie WebLogic, Struts2, Tomcat und JBoss zu verifizieren und auszunutzen. Es fungiert als Toolkit für Remote Code Execution und als Framework für die Bereitstellung von Web-Shells, um unbefugte Befehlsausführungen auszulösen und persistenten Zugriff auf entfernte Systeme zu etablieren. Das Projekt enthält spezialisierte Dienstprogramme für interne Netzwerkaufklärung, insbesondere durch Server-Side Request Forgery, um offene Ports und Dienste zu scannen. Zudem bietet es Mechanismen zur Umgehung von Zugriffskontrollen sowie für unbefugte Dateizugriffe und Uploads. Die Suite deckt breite Einsatzbereiche ab, darunter Schwachstellenanalyse, Penetrationstests und die Ausführung von Proof-of-Concept-Skripten zur Bestätigung von Sicherheitslücken.

    Implements attacks that execute arbitrary commands via serialized object reconstruction in server environments.

    Pythoncve-2020-10199cve-2020-10204cve-2020-11444
    Auf GitHub ansehen↗4,282
  • ambionics/phpggcAvatar von ambionics

    ambionics/phpggc

    3,832Auf GitHub ansehen↗

    phpggc is a security assessment utility and command-line tool designed for the automated generation, obfuscation, and wrapping of serialized object chains. It functions as a gadget chain framework used to identify and verify remote code execution vectors by testing for PHP object injection vulnerabilities. The project provides a modular system for constructing complex serialized object sequences and includes a dedicated payload obfuscator to transform byte streams for bypassing web application firewalls and security filters. It also features a generator for wrapping serialized data into archi

    Functions as a command-line tool for generating serialized object gadget chains to exploit PHP deserialization flaws.

    PHP
    Auf GitHub ansehen↗3,832
  • pwntester/ysoserial.netAvatar von pwntester

    pwntester/ysoserial.net

    3,735Auf GitHub ansehen↗

    ysoserial.net is a payload generator for .NET deserialization, designed to create malicious serialized objects and structured gadget chains. It serves as a tool for generating command execution strings and security testing suites used to assess vulnerabilities in .NET formatters. The tool enables the creation of sequences of object calls that trigger remote code execution during the reconstruction of serialized data. It produces specialized payloads for executing system commands, loading remote libraries, and accessing local file systems. The project includes capabilities for optimizing payl

    Provides a tool for creating malicious serialized objects to exploit unsafe deserialization in .NET applications.

    C#
    Auf GitHub ansehen↗3,735
  • mbechler/marshalsecAvatar von mbechler

    mbechler/marshalsec

    3,691Auf GitHub ansehen↗

    Marshalsec is a toolkit designed for generating malicious serialized Java objects to achieve remote code execution during the unmarshalling process. It functions as a Java deserialization exploit tool and a framework for triggering Java Naming and Directory Interface lookups to remote servers. The project provides a JNDI redirector service that intercepts lookups and points targets toward a remote codebase. It includes utilities for crafting payloads that force Java applications to download and execute arbitrary classes from a remote URL. The toolset covers security analysis activities inclu

    Provides a toolkit for generating exploits that trigger arbitrary code execution via manipulated serialized data objects.

    Java
    Auf GitHub ansehen↗3,691
  1. Home
  2. Security & Cryptography
  3. Deserialization Exploits