offensive-deserialization
CommunityIdentify insecure deserialization flows.
Authorriparino
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Insecure deserialization creates risk by allowing attackers to manipulate serialized objects, potentially leading to code execution, data exposure, or service disruption. This skill provides a structured checklist to identify sinks, gadget chains, and bypass opportunities across common stacks (Java, PHP, .NET, Python) and to design safe tests.
Core Features & Use Cases
- Checklist-based discovery: Identify where user-controlled data is deserialized and where unsafe types or polymorphic typing could trigger execution.
- Gadget chain analysis guidance: Recognize typical gadget chains in popular ecosystems and how to validate mitigations.
- Safe testing guidance: Plan non-destructive tests and remediation steps for developers and security teams.
- Use Case: A security engineer reviews an API that processes user-supplied payloads and uses the checklist to map deserialization sinks and potential bypasses.
Quick Start
Begin by mapping the target application's deserialization points to the checklist to identify sinks and potential gadget chains.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: offensive-deserialization Download link: https://github.com/riparino/Claude-Cyber/archive/main.zip#offensive-deserialization Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.