Cette page vous donne les différences entre la révision choisie et la version actuelle de la page.
des_outils_pour_la_deserialisation [2019/10/14 19:51] M0N5T3R créée |
des_outils_pour_la_deserialisation [2020/09/21 00:33] (Version actuelle) M0N5T3R |
||
---|---|---|---|
Ligne 1: | Ligne 1: | ||
+ | FIXME **Le PAD pour proposer une amélioration à cette page :** https://pad.zenk-security.com/p/merci | ||
+ | |||
+ | ====== Des outils pour la Déserialisation ====== | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | **PHP** | ||
+ | |||
+ | |||
+ | 🛠 PHPGGC https://github.com/ambionics/phpggc | ||
+ | |||
+ | |||
**JAVA** | **JAVA** | ||
Ligne 6: | Ligne 20: | ||
🛠 Burp extension to perform Java Deserialization Attacks | 🛠 Burp extension to perform Java Deserialization Attacks | ||
https://github.com/NetSPI/JavaSerialKiller | https://github.com/NetSPI/JavaSerialKiller | ||
+ | |||
+ | |||
+ | 🛠 All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities | ||
+ | https://github.com/federicodotta/Java-Deserialization-Scanner | ||
+ | |||
+ | |||
+ | 🛠 Allows you to deserialize java objects to XML and lets you dynamically load classes/jars as needed https://github.com/IOActive/BurpJDSer-ng | ||
+ | |||
+ | |||
+ | 📔 The cheat sheet about Java Deserialization vulnerabilities https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet | ||
+ | |||
+ | |||
+ | 📔 Explication en Francais de ce qu'est la déserialisation https://connect.ed-diamond.com/MISC/MISC-101/Deserialisation-Java-une-breve-introduction-au-ROP-de-haut-niveau | ||
+ | |||
+ | |||
+ | |||
+ | **Java (JBOSS)** | ||
+ | |||
+ | |||
+ | 🛠 JexBoss - JBoss (and others Java Deserialization Vulnerabilities) verify and EXploitation Tool https://github.com/joaomatosf/jexboss | ||
+ | |||
+ | ** autre ** | ||
+ | |||
+ | |||
+ | 🛠 It is designed to help security testers by speeding up manual testing of (web)application and extend the Burp Scanner and Burp Intruder automated test capabilities. | ||
+ | https://github.com/marcotinari/CustomDeserializer | ||
+ | |||
+ | |||
+ |