Deser-py is a script to automatically generate serialized payloads for Python driven applications, which deserialize data from user input using one of the following vulnerable module:
- _pickle, cPickle
- jsonpickle
- yaml, ruamel.yaml
The generated payloads are designed to operate both with system and Popen, which allow to execute system commands on the target. When choosing among them, conisder that Popen, as a class, is considered more reliable than system to gain RCE capabilities.
This tool has been realised as part of a research on common deserialization issues. For further information, consider reading the following article:
Using deser-py is very straightforward::
$ python3 deser-py.py -h
usage: deser-py.py [-h] [-d] [-s] [-v {os,subprocess}] -f {pickle,json,yaml,#}
[-c COMMAND]
deser-py - A simple serialization payload generator
optional arguments:
-h, --help show this help message and exit
-d, --debug Enable debug messages
-s, --save Save payload to file
-v {os,subprocess}, --vector {os,subprocess}
Save payload to file
-f {pickle,json,yaml,#}, --format {pickle,json,yaml,#}
Serialization archive format
-c COMMAND, --command COMMAND
Command for the payload
In order to use deser-py, jsonpickle and PyYAML modules must be installed:
pip install -r requirements.txt
- Implement automatic reverse shell mode
- Implement encoding schemes:
- base64
- urlencoded
- others