reddit hackernews mail facebook facebook linkedin
deser-node

deser-node

NodeJS deserialization payload generator.

Deser-node is a script to automatically generate serialized payloads for NodeJS driven applications, which deserialize data from user input using one of the following vulnerable module:
- node-serialize
- funcster
- cryo

The generated payloads are designed to operate in standard RCE mode, that allows to execute system commands on the target, and in reverse-shell mode, which is designed to obtain shell access using a non-blocking reverse TCP connection from the target to an attacker controlled machine.