web-deserialization
CommunityExpose deserialization risks and craft safe tests.
Authorbrucesongs
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Insecure deserialization vulnerabilities across multiple platforms allow attackers to manipulate serialized data and potentially execute arbitrary code, making applications vulnerable to remote control, data leakage, and service disruption.
Core Features & Use Cases
- Cross-platform assessment: Detect and map deserialization weaknesses in Java, PHP, .NET, Python, Ruby, and JSON/XML payloads.
- Gadget chain exploration: Identify viable gadget chains and test payloads against target classpaths and frameworks.
- Exploitation workflows: Generate and deliver serialization payloads to common entry points (cookies, parameters, API bodies) and verify outcomes via out-of-band callbacks.
- Remediation guidance: Provide defense-oriented recommendations for mitigations across languages and frameworks.
Quick Start
Run a cross-platform deserialization test by injecting a crafted payload into a serialized input (cookie or parameter) and monitor the callback channel for evidence of execution.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: web-deserialization Download link: https://github.com/brucesongs/kali-claw/archive/main.zip#web-deserialization Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 510,000+ vetted skills library on demand.