English | 简体中文
Java-Chains is a Java Payload generation and vulnerability exploitation web platform, designed to facilitate security
researchers in quickly generating Java Payloads and conveniently and rapidly testing vulnerabilities such as JNDI
injection, MySQL JDBC deserialization, and JRMP deserialization. It aims to improve testing efficiency to a certain
extent.
Standing on the shoulders of giants
https://java-chains.vulhub.org/docs/guide
It only supports personal research and learning, and should never be used for illegal and criminal activities.
The developers, providers and maintainers of the project are not responsible for the actions and consequences of the user's use of the tool, and the user of the tool shall do so at their own risk.
Acknowledgments:
- https://github.com/wh1t3p1g/ysomap
- https://github.com/qi4L/JYso
- https://github.com/X1r0z/JNDIMap
- https://github.com/Whoopsunix/PPPYSO
- https://github.com/jar-analyzer/class-obf
- https://github.com/4ra1n/mysql-fake-server
- https://github.com/mbechler/marshalsec
- https://github.com/frohoff/ysoserial
- https://github.com/H4cking2theGate/ysogate
- https://github.com/Bl0omZ/JNDIEXP
- https://github.com/kezibei/Urldns
- https://github.com/rebeyond/JNDInjector
- https://github.dev/LxxxSec/CTF-Java-Gadget
- https://github.com/pen4uin/java-memshell-generator
- https://github.com/pen4uin/java-echo-generator
- https://github.com/NickstaDB/SerializationDumper
- https://xz.aliyun.com/t/5381
- http://rui0.cn/archives/1408
If you have any questions, please feel free to send issus