From 31bed383a8cd218625194a52c56690686584f759 Mon Sep 17 00:00:00 2001
From: guyupro <i@guyu.pro>
Date: Wed, 17 Apr 2024 08:37:22 +0000
Subject: [PATCH] update

---
 content/Tools/Chunk-Proxy.md  |  4 ++++
 content/Tools/HTTPServerGO.md |  7 +++++++
 content/Tools/Neo-reGeorg.md  |  7 +++++++
 content/Tools/Stowaway.md     |  3 +++
 content/Tools/commando-vm.md  |  3 +++
 content/Tools/pystinger.md    |  3 +++
 content/Tools/suo5.md         |  7 +++++++
 content/Tools/ysoserial.md    | 32 ++++++++++++++++++++++++++++++++
 8 files changed, 66 insertions(+)
 create mode 100644 content/Tools/Chunk-Proxy.md
 create mode 100644 content/Tools/HTTPServerGO.md
 create mode 100644 content/Tools/Neo-reGeorg.md
 create mode 100644 content/Tools/Stowaway.md
 create mode 100644 content/Tools/commando-vm.md
 create mode 100644 content/Tools/pystinger.md
 create mode 100644 content/Tools/suo5.md
 create mode 100644 content/Tools/ysoserial.md

diff --git a/content/Tools/Chunk-Proxy.md b/content/Tools/Chunk-Proxy.md
new file mode 100644
index 0000000..f6a4dc8
--- /dev/null
+++ b/content/Tools/Chunk-Proxy.md
@@ -0,0 +1,4 @@
+
+
+
+<https://github.com/BeichenDream/Chunk-Proxy>
\ No newline at end of file
diff --git a/content/Tools/HTTPServerGO.md b/content/Tools/HTTPServerGO.md
new file mode 100644
index 0000000..05c0a4e
--- /dev/null
+++ b/content/Tools/HTTPServerGO.md
@@ -0,0 +1,7 @@
+---
+title: "HTTPServerGO"
+draft: false
+---
+
+
+<https://github.com/pho3n1x-web/HTTPServerGO>
\ No newline at end of file
diff --git a/content/Tools/Neo-reGeorg.md b/content/Tools/Neo-reGeorg.md
new file mode 100644
index 0000000..5dccf8e
--- /dev/null
+++ b/content/Tools/Neo-reGeorg.md
@@ -0,0 +1,7 @@
+---
+title: "Neo-reGeorg"
+draft: false
+---
+
+
+<https://github.com/L-codes/Neo-reGeorg>
\ No newline at end of file
diff --git a/content/Tools/Stowaway.md b/content/Tools/Stowaway.md
new file mode 100644
index 0000000..0160970
--- /dev/null
+++ b/content/Tools/Stowaway.md
@@ -0,0 +1,3 @@
+
+
+<https://github.com/ph4ntonn/Stowaway>
\ No newline at end of file
diff --git a/content/Tools/commando-vm.md b/content/Tools/commando-vm.md
new file mode 100644
index 0000000..ab8509a
--- /dev/null
+++ b/content/Tools/commando-vm.md
@@ -0,0 +1,3 @@
+
+
+<https://github.com/mandiant/commando-vm>
\ No newline at end of file
diff --git a/content/Tools/pystinger.md b/content/Tools/pystinger.md
new file mode 100644
index 0000000..7dd2557
--- /dev/null
+++ b/content/Tools/pystinger.md
@@ -0,0 +1,3 @@
+
+
+<https://github.com/FunnyWolf/pystinger>
\ No newline at end of file
diff --git a/content/Tools/suo5.md b/content/Tools/suo5.md
new file mode 100644
index 0000000..4aade8f
--- /dev/null
+++ b/content/Tools/suo5.md
@@ -0,0 +1,7 @@
+---
+title: "suo5"
+draft: false
+---
+
+
+<https://github.com/zema1/suo5>
\ No newline at end of file
diff --git a/content/Tools/ysoserial.md b/content/Tools/ysoserial.md
new file mode 100644
index 0000000..6525fef
--- /dev/null
+++ b/content/Tools/ysoserial.md
@@ -0,0 +1,32 @@
+---
+title: "ysoserial"
+draft: false
+---
+
+
+<https://github.com/frohoff/ysoserial/>
+
+## Description
+
+Originally released as part of AppSecCali 2015 Talk
+["Marshalling Pickles: how deserializing objects will ruin your day"](
+        https://frohoff.github.io/appseccali-marshalling-pickles/)
+with gadget chains for Apache Commons Collections (3.x and 4.x), Spring Beans/Core (4.x), and Groovy (2.3.x).
+Later updated to include additional gadget chains for
+[JRE <= 1.7u21](https://gist.github.com/frohoff/24af7913611f8406eaf3) and several other libraries.
+
+__ysoserial__ is a collection of utilities and property-oriented programming "gadget chains" discovered in common java
+libraries that can, under the right conditions, exploit Java applications performing __unsafe deserialization__ of
+objects. The main driver program takes a user-specified command and wraps it in the user-specified gadget chain, then
+serializes these objects to stdout. When an application with the required gadgets on the classpath unsafely deserializes
+this data, the chain will automatically be invoked and cause the command to be executed on the application host.
+
+It should be noted that the vulnerability lies in the application performing unsafe deserialization and NOT in having
+gadgets on the classpath.
+
+## Disclaimer
+
+This software has been created purely for the purposes of academic research and
+for the development of effective defensive techniques, and is not intended to be
+used to attack systems except where explicitly authorized. Project maintainers
+are not responsible or liable for misuse of the software. Use responsibly.
\ No newline at end of file