awesome-repositories.com
Blog
awesome-repositories.com

Entdecke die besten Open-Source-Repositories mit KI-gestützter Suche.

EntdeckenKuratierte SuchenOpen-Source-AlternativenSelf-hosted SoftwareBlogSitemap
ProjektÜber unsRanking-MethodikPresseMCP-Server
RechtlichesDatenschutzAGB
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·

5 Repos

Awesome GitHub RepositoriesDeserialization Vulnerability Testing

Testing applications for insecure deserialization by generating malicious serialized objects.

Distinct from Java: No candidate focuses on the specific security domain of deserialization testing; most candidates are general Java development.

Explore 5 awesome GitHub repositories matching security & cryptography · Deserialization Vulnerability Testing. Refine with filters or upvote what's useful.

Awesome Deserialization Vulnerability Testing GitHub Repositories

Finde die besten Repos mit KI.Wir suchen mit KI nach den am besten passenden Repositories.
  • frohoff/ysoserialAvatar von frohoff

    frohoff/ysoserial

    8,750Auf GitHub ansehen↗

    ysoserial is a security research tool and payload generator designed to identify and exploit insecure Java deserialization. It functions as a framework for creating malicious serialized objects that can trigger remote code execution on Java virtual machines. The project provides a library of known gadget chains, which are sequences of vulnerable class calls that achieve arbitrary command execution during the deserialization process. It automates the generation of these payloads by leveraging common third-party libraries. The tool covers capabilities for security penetration testing, Java app

    Creates malicious serialized objects to test if a Java application is vulnerable to remote code execution.

    Javadeserializationexploitgadget
    Auf GitHub ansehen↗8,750
  • ambionics/phpggcAvatar von ambionics

    ambionics/phpggc

    3,832Auf GitHub ansehen↗

    phpggc is a security assessment utility and command-line tool designed for the automated generation, obfuscation, and wrapping of serialized object chains. It functions as a gadget chain framework used to identify and verify remote code execution vectors by testing for PHP object injection vulnerabilities. The project provides a modular system for constructing complex serialized object sequences and includes a dedicated payload obfuscator to transform byte streams for bypassing web application firewalls and security filters. It also features a generator for wrapping serialized data into archi

    Generates serialized object chains to identify and verify object injection vulnerabilities in PHP applications.

    PHP
    Auf GitHub ansehen↗3,832
  • pwntester/ysoserial.netAvatar von pwntester

    pwntester/ysoserial.net

    3,735Auf GitHub ansehen↗

    ysoserial.net is a payload generator for .NET deserialization, designed to create malicious serialized objects and structured gadget chains. It serves as a tool for generating command execution strings and security testing suites used to assess vulnerabilities in .NET formatters. The tool enables the creation of sequences of object calls that trigger remote code execution during the reconstruction of serialized data. It produces specialized payloads for executing system commands, loading remote libraries, and accessing local file systems. The project includes capabilities for optimizing payl

    Generates malicious serialized objects to test for insecure deserialization vulnerabilities in .NET applications.

    C#
    Auf GitHub ansehen↗3,735
  • mbechler/marshalsecAvatar von mbechler

    mbechler/marshalsec

    3,691Auf GitHub ansehen↗

    Marshalsec is a toolkit designed for generating malicious serialized Java objects to achieve remote code execution during the unmarshalling process. It functions as a Java deserialization exploit tool and a framework for triggering Java Naming and Directory Interface lookups to remote servers. The project provides a JNDI redirector service that intercepts lookups and points targets toward a remote codebase. It includes utilities for crafting payloads that force Java applications to download and execute arbitrary classes from a remote URL. The toolset covers security analysis activities inclu

    Tests applications for insecure deserialization by generating malicious serialized objects.

    Java
    Auf GitHub ansehen↗3,691
  • joaomatosf/jexbossAvatar von joaomatosf

    joaomatosf/jexboss

    2,512Auf GitHub ansehen↗

    jexboss is a Java deserialization exploit framework and network vulnerability scanner designed to identify and exploit deserialization flaws to achieve remote code execution on target servers. It functions as a suite of tools for delivering payloads and executing system commands on vulnerable remote applications. The project includes a reverse shell orchestrator to establish and maintain persistent remote command connections from exploited targets back to a listener. It also provides post-exploitation automation for managing remote access and updating software on compromised systems. The fra

    Simulates remote code execution attacks to verify if applications properly secure their data deserialization processes.

    Pythondeserializationexploitexploiting-vulnerabilities
    Auf GitHub ansehen↗2,512
  1. Home
  2. Security & Cryptography
  3. Deserialization Vulnerability Testing