ysogate

Java反序列化/JNDI注入/恶意类生成工具，支持多种高版本bypass，支持回显/内存马等多种扩展利用。

Introduction

Introduction

ysogate is a comprehensive Java exploitation tool designed for Java deserialization, JNDI injection, and malicious class generation.

Key Features:

Supports various high version JDK bypass methods.
Contains multiple JNDI injection exploitation techniques.
Offers a flexible command-line interface to switch between different operational modes: Payload, JNDI, and Gen.
Capable of generating a wide range of Java deserialization gadget payloads.
Systems for loading arbitrary bytecode and generating malicious classes.

Benefits:

Ideal for security research and educational purposes.
Provides a variety of ways to execute commands on target systems via deserialization attacks.
Allows for extensions and integration of new gadgets and attack vectors.

Usage Scenarios:

Payload generation for custom instances.
Running a local JNDI server for malicious payload delivery.
Generating and customizing evil classes for exploitation.

Disclaimer: This project is intended for security research and learning only. Any illegal use is strictly prohibited and is the user's responsibility.

Information

Publisher
AISecKit
Websitegithub.com
Published date2025/04/28

Categories

Tags

More Products

Exploiting AI

An introductory class on understanding AI security risks and mitigation strategies.

Prompt Injection Generative AI Red Team Testing Data Poisoning

PINT Benchmark

A benchmark for prompt injection detection systems, providing a neutral way to evaluate their performance.

Prompt Injection Model Robustness Security Auditing

Folly

Open-source LLM Prompt-Injection and Jailbreaking Playground for testing LLM security vulnerabilities.

Prompt Injection Open Source API Security Security Testing LLM Security+1