A helpful Java Deserialization exploit framework.
v0.1.5 2023.12.04 auto-generated by github actions
Release v0.1.4, current exploits(28) payloads(43) bullets(45)
:
Console functions:
yso
script supportscript /path/to/file.yso
to load yso
script on cli modedump /path/to/file.yso
to dump current session's settings on cli modeRunning mode:
java -jar ysomap.jar cli
to trigger cli modejava -jar ysomap.jar script /path/to/file.yso
to trigger script modeContributors on v0.1.4
v0.1.4 2023.10.15 auto-generated by github actions
Update:
[+] exploits(12) payloads(31) bullets(36)
MD5 (cli/target/ysomap.jar) = d4e72def5bfd8ab1d341a6b71caf16c0
感谢如下小伙伴的提交 XD
add ObjectInputFilter to solve deserialization problem
v0.1.1 20211122 release [+] exploits(11) payloads(31) bullets(29)
v0.0.1版本: