Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.

Astro

Last update: Sep 27, 2022

Overview

Pysoserial

介绍

Pysoserial是完全由python编写的用于生成利用不安全Java对象反序列化的有效负载的概念验证工具。工具参考ysoserial

安装

使用git拉取项目

git clone https://github.com/aStrowxyu/Pysoserial

使用

usage: JAVA deserialize payload [-h] [-p PAYLOAD] [-c COMMAND] [-o OUTPUT]
                                [-l]

Generate the JAVA Deserialize Payload

optional arguments:
  -h, --help            show this help message and exit
  -p PAYLOAD, --payload PAYLOAD
                        JAVA deserialize payload
  -c COMMAND, --command COMMAND
                        Payload Specifies the command to be executed
  -o OUTPUT, --output OUTPUT
                        Output to a file
  -l, --list            Payload List

examples:
  python pysoserial.py -p CommonsCollections1 -c whoami
  python pysoserial.py -p CommonsCollections1 -c whoami -o payload.ser

参考项目

https://github.com/frohoff/ysoserial

You might also like...

This is a proof-of-concept exploit for Grafana's Unauthorized Arbitrary File Read Vulnerability (CVE-2021-43798).

CVE-2021-43798 – Grafana Exploit About This is a proof-of-concept exploit for Grafana's Unauthorized Arbitrary File Read Vulnerability (CVE-2021-43798

12 Nov 18, 2022

A proof-of-concept exploit for Log4j RCE Unauthenticated (CVE-2021-44228)

CVE-2021-44228 – Log4j RCE Unauthenticated About This is a proof-of-concept exploit for Log4j RCE Unauthenticated (CVE-2021-44228). This vulnerability

20 Nov 11, 2022

Proof of concept for CVE-2021-31166, a remote HTTP.sys use-after-free triggered remotely.

CVE-2021-31166: HTTP Protocol Stack Remote Code Execution Vulnerability This is a proof of concept for CVE-2021-31166 ("HTTP Protocol Stack Remote Cod

820 Dec 18, 2022

A Proof-Of-Concept for the recently found CVE-2021-44228 vulnerability

log4j-shell-poc A Proof-Of-Concept for the recently found CVE-2021-44228 vulnerability. Recently there was a new vulnerability in log4j, a java loggin

1.5k Jan 4, 2023

Log4Shell Proof of Concept (CVE-2021-44228)

CVE-2021-44228 Log4Shell Proof of Concept (CVE-2021-44228) Make sure to use Java 8 JDK. Java 8 Download Images Credits Casey Dunham - Java Reverse She

3 Jul 23, 2022

proof-of-concept running docker container from omero web

docker-from-omero-poc proof-of-concept running docker container from omero web How-to Edit test_script.py so that the BaseClient is created pointing t

2 Jan 22, 2022

Proof of concept of CVE-2022-21907 Double Free in http.sys driver, triggering a kernel crash on IIS servers

CVE-2022-21907 - Double Free in http.sys driver Summary An unauthenticated attacker can send an HTTP request with an "Accept-Encoding" HTTP request he

71 Dec 22, 2022

Spring4Shell Proof Of Concept/And vulnerable application CVE-2022-22965

Spring4Shell-POC (CVE-2022-22965) Spring4Shell (CVE-2022-22965) Proof Of Concept/Information + A vulnerable Tomcat server with a vulnerable spring4she

309 Jan 2, 2023

This tool allows to automatically test for Content Security Policy bypass payloads.

CSPass This tool allows to automatically test for Content Security Policy bypass payloads. Usage [cspass]$ ./cspass.py -h usage: cspass.py [-h] [--no-

30 Nov 22, 2022

Owner

Astro

GitHub

Proof of Concept Exploit for vCenter CVE-2021-21972

CVE-2021-21972 Proof of Concept Exploit for vCenter CVE-2021-21972

210 Dec 31, 2022

Proof of concept for CVE-2021-24086, a NULL dereference in tcpip.sys triggered remotely.

CVE-2021-24086 This is a proof of concept for CVE-2021-24086 ("Windows TCP/IP Denial of Service Vulnerability "), a NULL dereference in tcpip.sys patc

220 Dec 14, 2022

Proof-of-concept obfuscation toolkit for C# post-exploitation tools

InvisibilityCloak Proof-of-concept obfuscation toolkit for C# post-exploitation tools. This will perform the below actions for a C# visual studio proj

259 Dec 19, 2022

Proof on Concept Exploit for CVE-2021-38647 (OMIGOD)

OMIGOD Proof on Concept Exploit for CVE-2021-38647 (OMIGOD) For background information and context, read the our blog post detailing this vulnerabilit

231 Nov 12, 2022

A Proof-of-Concept Layer 2 Denial of Service Attack that disrupts low level operations of Programmable Logic Controllers within industrial environments. Utilizing multithreaded processing, Automator-Terminator delivers a powerful wave of spoofed ethernet packets to a null MAC address.

Automator-Terminator A Proof-of-Concept Layer 2 Denial of Service Attack that disrupts low level operations of Programmable Logic Controllers (PLCs) w

25 Oct 10, 2022

IP Denial of Service Vulnerability ")A proof of concept for CVE-2021-24086 ("Windows TCP/IP Denial of Service Vulnerability ")

CVE-2021-24086 This is a proof of concept for CVE-2021-24086 ("Windows TCP/IP Denial of Service Vulnerability "), a NULL dereference in tcpip.sys patc

1 Nov 25, 2021

This is a partial and quick and dirty proof of concept implementation of the following specifications to configure a tor client to use trusted exit relays only.

This is a partial and quick and dirty proof of concept implementation of the following specifications to configure a tor client to use trusted exit re

22 Nov 9, 2022

Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.

Related tags

Overview

Pysoserial

介绍

安装

使用

参考项目

You might also like...

This is a proof-of-concept exploit for Grafana's Unauthorized Arbitrary File Read Vulnerability (CVE-2021-43798).

A proof-of-concept exploit for Log4j RCE Unauthenticated (CVE-2021-44228)

Proof of concept for CVE-2021-31166, a remote HTTP.sys use-after-free triggered remotely.

A Proof-Of-Concept for the recently found CVE-2021-44228 vulnerability

Log4Shell Proof of Concept (CVE-2021-44228)

proof-of-concept running docker container from omero web

Proof of concept of CVE-2022-21907 Double Free in http.sys driver, triggering a kernel crash on IIS servers

Spring4Shell Proof Of Concept/And vulnerable application CVE-2022-22965

This tool allows to automatically test for Content Security Policy bypass payloads.

Owner

Astro

Proof of Concept Exploit for vCenter CVE-2021-21972

Proof of concept for CVE-2021-24086, a NULL dereference in tcpip.sys triggered remotely.

Proof-of-concept obfuscation toolkit for C# post-exploitation tools

Proof on Concept Exploit for CVE-2021-38647 (OMIGOD)

A Proof-of-Concept Layer 2 Denial of Service Attack that disrupts low level operations of Programmable Logic Controllers within industrial environments. Utilizing multithreaded processing, Automator-Terminator delivers a powerful wave of spoofed ethernet packets to a null MAC address.

IP Denial of Service Vulnerability ")A proof of concept for CVE-2021-24086 ("Windows TCP/IP Denial of Service Vulnerability ")

This is a partial and quick and dirty proof of concept implementation of the following specifications to configure a tor client to use trusted exit relays only.

Proof of concept GnuCash Webinterface

Proof of concept to check if hosts are vulnerable to CVE-2021-41773

Proof of Concept Exploit for ManageEngine ServiceDesk Plus CVE-2021-44077