ysogate

Introduction

ysogate is a comprehensive Java exploitation tool designed for Java deserialization, JNDI injection, and malicious class generation.

Key Features:

• Supports various high version JDK bypass methods.
• Contains multiple JNDI injection exploitation techniques.
• Offers a flexible command-line interface to switch between different operational modes: Payload, JNDI, and Gen.
• Capable of generating a wide range of Java deserialization gadget payloads.
• Systems for loading arbitrary bytecode and generating malicious classes.

Benefits:

• Ideal for security research and educational purposes.
• Provides a variety of ways to execute commands on target systems via deserialization attacks.
• Allows for extensions and integration of new gadgets and attack vectors.

Usage Scenarios:

• Payload generation for custom instances.
• Running a local JNDI server for malicious payload delivery.
• Generating and customizing evil classes for exploitation.

Disclaimer: This project is intended for security research and learning only. Any illegal use is strictly prohibited and is the user's responsibility.