FIXME **Le PAD pour proposer une amélioration à cette page :** https://pad.zenk-security.com/p/merci

====== Des outils pour la Déserialisation ======





**PHP**


🛠 PHPGGC 	https://github.com/ambionics/phpggc


**JAVA** 

🛠 A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization . https://github.com/frohoff/ysoserial


🛠 Burp extension to perform Java Deserialization Attacks
 https://github.com/NetSPI/JavaSerialKiller


🛠  All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities
 https://github.com/federicodotta/Java-Deserialization-Scanner


🛠 Allows you to deserialize java objects to XML and lets you dynamically load classes/jars as needed https://github.com/IOActive/BurpJDSer-ng


📔 The cheat sheet about Java Deserialization vulnerabilities https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet


📔 Explication en Francais de ce qu'est la déserialisation  https://connect.ed-diamond.com/MISC/MISC-101/Deserialisation-Java-une-breve-introduction-au-ROP-de-haut-niveau



**Java (JBOSS)**


🛠 JexBoss - JBoss (and others Java Deserialization Vulnerabilities) verify and EXploitation Tool https://github.com/joaomatosf/jexboss

** autre ** 


🛠 It is designed to help security testers by speeding up manual testing of (web)application and extend the Burp Scanner and Burp Intruder automated test capabilities. 
https://github.com/marcotinari/CustomDeserializer