ysoserial topic
beanshooter
JMX enumeration and attacking tool.
zkar
ZKar is a Java serialization protocol analysis tool implement in Go.
heyserial
Programmatically create hunting rules for deserialization exploitation with multiple keywords, gadget chains, object types, encodings, and rule types
ysoserial-cve-2018-2628
Some codes for bypassing Oracle WebLogic CVE-2018-2628 patch
JNDI-Injection-Exploit-Plus
80+ Gadgets(30 More than ysoserial). JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and provide background services by starting RMI server,LDAP server and HTTP server.
RmiTaste
RmiTaste allows security professionals to detect, enumerate, interact and exploit RMI services by calling remote methods with gadgets from ysoserial.
java-deserialization-of-untrusted-data-poc
Some PoC (Proof-of-Concept) about vulnerability of java deserialization of untrusted data
dockerfiles
🌊 Dockerfiles for apps I use. Also take a look at https://github.com/security-dockerfiles
JYso
It can be either a JNDIExploit or a ysoserial.
ysoserial-rs
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.