Skip to content
/ SerdeSniffer Public

SerdeSniffer uses taint analysis and flow-sensitive bottom-up summary algorithm to check component deserialization gadget chains detection in effective time.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

SerdeSniffer/SerdeSniffer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
Docker
Docker
 
 
example
example
 
 
testjars
testjars
 
 
tools
tools
 
 
.DS_Store
.DS_Store
 
 
Readme.md
Readme.md
 
 

Repository files navigation

SerdeSniffer

Introduction

SerdeSniffer uses taint analysis and flow-sensitive bottom-up summary algorithm to check component deserialization gadget chains detection in effective time.

SetUp(Todo)

Docker

The SerdeSniffer Dockerfile provides latest version of doop and souffle. After copying the SerdeSniffer project, use tools/summary-run-scripts/run.sh for analysis.

🐞Discovered vulnerabilities

Command execution

The combination of Spring-aop and ZAPROXY (Not accepted)

Referencs:

1711022209974poc.gif

org.clojure:clojure ( 1.9.0 - 1.12.0 )

Referencs:

command execution

Dos

org.clojure:clojure ( 1.2.0 - 1.12.0 )

Referencs:

About

SerdeSniffer uses taint analysis and flow-sensitive bottom-up summary algorithm to check component deserialization gadget chains detection in effective time.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages