English | 简体中文

Java Chains

Java-Chains is a Java Payload generation and vulnerability exploitation web platform, designed to facilitate security researchers in quickly generating Java Payloads and conveniently and rapidly testing vulnerabilities such as JNDI injection, MySQL JDBC deserialization, and JRMP deserialization. It aims to improve testing efficiency to a certain extent.

Standing on the shoulders of giants

Get started quickly

https://java-chains.vulhub.org/docs/guide

Updated content

CHANGELOG.md

References and acknowledgments

It only supports personal research and learning, and should never be used for illegal and criminal activities.

The developers, providers and maintainers of the project are not responsible for the actions and consequences of the user's use of the tool, and the user of the tool shall do so at their own risk.

Acknowledgments:

• https://github.com/ReaJason/MemShellParty
• https://github.com/wh1t3p1g/ysomap
• https://github.com/qi4L/JYso
• https://github.com/X1r0z/JNDIMap
• https://github.com/Whoopsunix/PPPYSO
• https://github.com/jar-analyzer/class-obf
• https://github.com/4ra1n/mysql-fake-server
• https://github.com/mbechler/marshalsec
• https://github.com/frohoff/ysoserial
• https://github.com/H4cking2theGate/ysogate
• https://github.com/Bl0omZ/JNDIEXP
• https://github.com/kezibei/Urldns
• https://github.com/rebeyond/JNDInjector
• https://github.dev/LxxxSec/CTF-Java-Gadget
• https://github.com/pen4uin/java-memshell-generator
• https://github.com/pen4uin/java-echo-generator
• https://github.com/NickstaDB/SerializationDumper
• https://xz.aliyun.com/t/5381
• http://rui0.cn/archives/1408

Communication

If you have any questions, please feel free to send issus

Star History