Skills
.Work. You
Rest

deserialization-java

Official

Exploit Java deserialization vulnerabilities.

Software Engineering#web security#rce#gadget chain#java deserialization#ysoserial#log4shell
Authorblacklanternsecurity
Version1.0.0
Installs0

System Documentation

What problem does it solve?

This Skill helps penetration testers identify and exploit Java deserialization vulnerabilities, enabling remote code execution on vulnerable systems.

Core Features & Use Cases

  • Vulnerability Detection: Identifies Java serialized objects and potential entry points.
  • Gadget Chain Exploitation: Leverages tools like ysoserial to craft and deliver payloads for RCE.
  • Framework-Specific Attacks: Includes modules for exploiting vulnerabilities in WebLogic, JBoss, Jenkins, and JSF applications.
  • Use Case: A penetration tester discovers a web application that deserializes user input. This Skill guides them through detecting the vulnerability, identifying the correct gadget chain, and achieving remote code execution.

Quick Start

Use the deserialization-java skill to exploit a Java deserialization vulnerability on the target URL.

Dependency Matrix

Required Modules

None required

Components

scriptsreferences

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: deserialization-java
Download link: https://github.com/blacklanternsecurity/red-run/archive/main.zip#deserialization-java

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.