A vast collection of security tools for bug bounty, pentest and red teaming


Freddy Deserialization Bug Finder on offsec.tools
Freddy Deserialization Bug Finder

A Burp Suite extension to aid in detecting and exploiting serialisation libraries/APIs.

Java Deserialization Scanner on offsec.tools
Java Deserialization Scanner

All-in-one plugin for the detection and exploitation of Java deserialization vulnerabilities.

PHPGGC on offsec.tools

PHP unserialize() payloads along with a tool to generate them.

ysoserial.net on offsec.tools

Deserialization payload generator for a variety of .NET formatters.

GadgetProbe on offsec.tools

Probe endpoints consuming Java serialized objects for fingerprinting.

ysoserial on offsec.tools

Generates payloads that exploit unsafe Java object deserialization.