## https://sploitus.com/exploit?id=6F3BA3A0-B427-5084-9FF0-5E8E44FBC995
It is an offensive tool for Java deserialization vulnerabilities. The repository contains a Java tool called "marshalsec" that exploits Java object deserialization vulnerabilities, allowing for remote code execution. The tool includes payload generators for various Java serialization libraries, including BlazeDS AMF (Action Message Format) and Hessian. The tool is designed to test Java applications for these vulnerabilities and demonstrate the potential impact of a successful exploitation.
The tool uses the following libraries:
BlazeDS AMF (Action Message Format)
Hessian
Castor
Jackson
The tool generates payloads for each library and demonstrates how to exploit the vulnerabilities. The payloads are designed to execute arbitrary code on the target system.
The tool is intended for educational purposes only and should not be used to attack systems without permission. The tool is designed to help developers and security researchers understand the risks associated with Java object deserialization vulnerabilities and how to mitigate them.
The tool can be used to test Java applications for the following vulnerabilities:
BlazeDS AMF (Action Message Format) vulnerabilities
Hessian vulnerabilities
Castor vulnerabilities
Jackson vulnerabilities
The tool can be used to exploit these vulnerabilities and demonstrate the potential impact of a successful exploitation.
The tool is designed to be used with Java 8 and can be built using Maven