search

gwen001 / offsectools_www

A vast collection of security tools and resources curated by the community.
https://offsec.tools
186 stars 23 forks source link

[addtool] Java Deserialization Scanner #485

Closed gwen001 closed 1 year ago

gwen001 commented 1 year ago

[link]https://github.com/PortSwigger/java-deserialization-scanner[/link] [tags]java,scanner,deserialization[/tags] [short_descr]All-in-one plugin for the detection and exploitation of Java deserialization vulnerabilities.[/short_descr] [long_descr]Java Deserialization Scanner is a Burp Suite plugin aimed at detect and exploit Java deserialization vulnerabilities. The plugin is made up of three different components:

  1. Integration with Burp Suite active and passive scanner
  2. Manual tester, for the detection of Java deserialization vulnerabilities on custom insertion points
  3. Exploiter, that allow to actively exploit Java deserialization vulnerabilies, using frohoff ysoserial[/long_descr] [image]https://raw.githubusercontent.com/gwen001/offsectools_www/main/df92ec1aaa0b91a4c29c64eff923e214.png[/image]
gwen001 commented 1 year ago

Issue correctly handled, tool is waiting for human validation.

gwen001 commented 1 year ago

Tool has been accepted by the team: https://offsec.tools/tool/java-deserialization-scanner

Thank you for your contribution!