# joaomatosf/jexboss

**Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/joaomatosf-jexboss).**

2,512 stars · 642 forks · Python · other

## Links

- GitHub: https://github.com/joaomatosf/jexboss
- awesome-repositories: https://awesome-repositories.com/repository/joaomatosf-jexboss.md

## Topics

`deserialization` `exploit` `exploiting-vulnerabilities` `gadget` `javadeser` `reverse-shell`

## Description

jexboss is a Java deserialization exploit framework and network vulnerability scanner designed to identify and exploit deserialization flaws to achieve remote code execution on target servers. It functions as a suite of tools for delivering payloads and executing system commands on vulnerable remote applications.

The project includes a reverse shell orchestrator to establish and maintain persistent remote command connections from exploited targets back to a listener. It also provides post-exploitation automation for managing remote access and updating software on compromised systems.

The framework covers vulnerability assessment through network scanning across IP ranges and ports, as well as verification of deserialization flaws across various request vectors and endpoints. Its capabilities extend to remote command orchestration and the delivery of payloads via network parameters or admin consoles.

## Tags

### Part of an Awesome List

- [Java Deserialization Exploits](https://awesome-repositories.com/f/awesome-lists/security/vulnerability-exploitation-frameworks/batch-exploit-execution/java-deserialization-exploits.md) — Provides a framework to deliver specialized Java deserialization payloads to achieve remote code execution. ([source](https://github.com/joaomatosf/jexboss#readme))
- [Vulnerability Scanners](https://awesome-repositories.com/f/awesome-lists/devtools/vulnerability-scanners.md) — Identifies vulnerable Java services across network ranges and ports to automate target discovery.
- [Active Vulnerability Scanning](https://awesome-repositories.com/f/awesome-lists/security/network-vulnerability-scanning/active-vulnerability-scanning.md) — Performs intrusive network probing across IP ranges and ports to identify services susceptible to deserialization exploits.
- [Middleware Exploitation](https://awesome-repositories.com/f/awesome-lists/security/middleware-exploitation.md) — Verification and exploitation tool for JBoss and Java deserialization.
- [Security Tools](https://awesome-repositories.com/f/awesome-lists/security/security-tools.md) — Verification and exploitation tool for Java deserialization vulnerabilities

### Security & Cryptography

- [Deserialization Vulnerability Testing](https://awesome-repositories.com/f/security-cryptography/deserialization-vulnerability-testing.md) — Simulates remote code execution attacks to verify if applications properly secure their data deserialization processes.
- [Exploit Frameworks](https://awesome-repositories.com/f/security-cryptography/exploit-frameworks.md) — Functions as a modular platform for scanning and exploiting Java deserialization vulnerabilities.
- [Serialized Payload Execution](https://awesome-repositories.com/f/security-cryptography/in-memory-payload-execution/serialized-payload-execution.md) — Triggers unauthorized command execution by sending serialized data objects to target servers.
- [Network Vulnerability Scanning](https://awesome-repositories.com/f/security-cryptography/network-vulnerability-scanning.md) — Identifies vulnerable services across specified network ranges and ports to automate target discovery. ([source](https://github.com/joaomatosf/jexboss/blob/master/README.md))
- [Remote Command Execution Tools](https://awesome-repositories.com/f/security-cryptography/remote-command-execution-tools.md) — Ships a suite of utilities for delivering payloads and executing system commands on vulnerable applications.
- [Reverse Shells](https://awesome-repositories.com/f/security-cryptography/reverse-shells.md) — Establishes a persistent network connection from the compromised target back to a listener for remote terminal access.
- [Payload Injection Techniques](https://awesome-repositories.com/f/security-cryptography/payload-injection-techniques.md) — Implements techniques to inject exploit strings into network parameters and admin endpoints to bypass security filters.
- [Post-Exploitation Frameworks](https://awesome-repositories.com/f/security-cryptography/post-exploitation-frameworks.md) — Provides automation for managing remote access and updating software on compromised systems.

### System Administration & Monitoring

- [Remote Command Execution](https://awesome-repositories.com/f/system-administration-monitoring/remote-command-execution.md) — Executes system-level instructions on a target host immediately following a successful vulnerability exploit.