Share
## https://sploitus.com/exploit?id=E1088B26-BEB7-5D13-8680-D7F8FD7C27EA
This is a Java-based proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. The tool, named ysoserial, is designed to create gadgets that can be used to execute arbitrary commands on a vulnerable application. The gadgets are created by wrapping a user-specified command in a gadget chain, which is then serialized to stdout. When an application with the required gadgets on the classpath unsafely deserializes this data, the chain will automatically be invoked and cause the command to be executed on the application host.

The tool is not intended to be used to attack systems except where explicitly authorized, and the project maintainers are not responsible or liable for misuse of the software. The tool has been created purely for the purposes of academic research and for the development of effective defensive techniques.

The ysoserial tool uses a variety of gadget chains, including those for Apache Commons Collections (3.x and 4.x), Spring Beans/Core (4.x), and Groovy (2.3.x). The tool also includes a feature to generate payloads for JRE versions 1.6, 1.7, and 1.8.

The tool is built using Maven and is available on GitHub. The project has a complex build process, involving multiple plugins and dependencies. The tool