awesome-repositories.com
Blog
awesome-repositories.com

Descubre los mejores repositorios open-source con nuestra búsqueda potenciada por IA.

ExplorarBúsquedas curadasAlternativas open-sourceSoftware autohospedableBlogMapa del sitio
ProyectoAcerca deCómo clasificamosPrensaServidor MCP
Aviso legalPrivacidadTérminos
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·

5 repositorios

Awesome GitHub RepositoriesDeserialization Vulnerability Testing

Testing applications for insecure deserialization by generating malicious serialized objects.

Distinct from Java: No candidate focuses on the specific security domain of deserialization testing; most candidates are general Java development.

Explore 5 awesome GitHub repositories matching security & cryptography · Deserialization Vulnerability Testing. Refine with filters or upvote what's useful.

Awesome Deserialization Vulnerability Testing GitHub Repositories

Encuentra los mejores repositorios con IA.Buscaremos los repositorios que mejor coincidan usando IA.
  • frohoff/ysoserialAvatar de frohoff

    frohoff/ysoserial

    8,750Ver en GitHub↗

    ysoserial is a security research tool and payload generator designed to identify and exploit insecure Java deserialization. It functions as a framework for creating malicious serialized objects that can trigger remote code execution on Java virtual machines. The project provides a library of known gadget chains, which are sequences of vulnerable class calls that achieve arbitrary command execution during the deserialization process. It automates the generation of these payloads by leveraging common third-party libraries. The tool covers capabilities for security penetration testing, Java app

    Creates malicious serialized objects to test if a Java application is vulnerable to remote code execution.

    Javadeserializationexploitgadget
    Ver en GitHub↗8,750
  • ambionics/phpggcAvatar de ambionics

    ambionics/phpggc

    3,832Ver en GitHub↗

    phpggc is a security assessment utility and command-line tool designed for the automated generation, obfuscation, and wrapping of serialized object chains. It functions as a gadget chain framework used to identify and verify remote code execution vectors by testing for PHP object injection vulnerabilities. The project provides a modular system for constructing complex serialized object sequences and includes a dedicated payload obfuscator to transform byte streams for bypassing web application firewalls and security filters. It also features a generator for wrapping serialized data into archi

    Generates serialized object chains to identify and verify object injection vulnerabilities in PHP applications.

    PHP
    Ver en GitHub↗3,832
  • pwntester/ysoserial.netAvatar de pwntester

    pwntester/ysoserial.net

    3,735Ver en GitHub↗

    ysoserial.net is a payload generator for .NET deserialization, designed to create malicious serialized objects and structured gadget chains. It serves as a tool for generating command execution strings and security testing suites used to assess vulnerabilities in .NET formatters. The tool enables the creation of sequences of object calls that trigger remote code execution during the reconstruction of serialized data. It produces specialized payloads for executing system commands, loading remote libraries, and accessing local file systems. The project includes capabilities for optimizing payl

    Generates malicious serialized objects to test for insecure deserialization vulnerabilities in .NET applications.

    C#
    Ver en GitHub↗3,735
  • mbechler/marshalsecAvatar de mbechler

    mbechler/marshalsec

    3,691Ver en GitHub↗

    Marshalsec is a toolkit designed for generating malicious serialized Java objects to achieve remote code execution during the unmarshalling process. It functions as a Java deserialization exploit tool and a framework for triggering Java Naming and Directory Interface lookups to remote servers. The project provides a JNDI redirector service that intercepts lookups and points targets toward a remote codebase. It includes utilities for crafting payloads that force Java applications to download and execute arbitrary classes from a remote URL. The toolset covers security analysis activities inclu

    Tests applications for insecure deserialization by generating malicious serialized objects.

    Java
    Ver en GitHub↗3,691
  • joaomatosf/jexbossAvatar de joaomatosf

    joaomatosf/jexboss

    2,512Ver en GitHub↗

    jexboss is a Java deserialization exploit framework and network vulnerability scanner designed to identify and exploit deserialization flaws to achieve remote code execution on target servers. It functions as a suite of tools for delivering payloads and executing system commands on vulnerable remote applications. The project includes a reverse shell orchestrator to establish and maintain persistent remote command connections from exploited targets back to a listener. It also provides post-exploitation automation for managing remote access and updating software on compromised systems. The fra

    Simulates remote code execution attacks to verify if applications properly secure their data deserialization processes.

    Pythondeserializationexploitexploiting-vulnerabilities
    Ver en GitHub↗2,512
  1. Home
  2. Security & Cryptography
  3. Deserialization Vulnerability Testing