A vast collection of security tools for bug bounty, pentest and red teaming


Java Deserialization Scanner on offsec.tools
Java Deserialization Scanner

All-in-one plugin for the detection and exploitation of Java deserialization vulnerabilities.

Freddy Deserialization Bug Finder on offsec.tools
Freddy Deserialization Bug Finder

A Burp Suite extension to aid in detecting and exploiting serialisation libraries/APIs.

GadgetProbe on offsec.tools

Probe endpoints consuming Java serialized objects for fingerprinting.

ysoserial on offsec.tools

Generates payloads that exploit unsafe Java object deserialization.

jSQL Injection on offsec.tools
jSQL Injection

Java application for automatic SQL database injection.