Heyserial will Programmatically create hunting rules for deserialization exploitation with multiple

  • keywords (e.g. cmd.exe)
  • gadget chains (e.g. CommonsCollection)
  • object types (e.g. ViewState, Java, Python Pickle, PHP)
  • encodings (e.g. Base64, raw)
  • rule types (e.g. Snort, Yara)


Help: python3 heyserial.py -h


python3 heyserial.py -c ‘ExampleChain::condition1+condition2’ -t JavaObj
python3 heyserial.py -k cmd.exe whoami ‘This file cannot be run in DOS mode’
python3 heyserial.py -k Process.Start -t NETViewState -e base64 “base64+utf16le”



This is a tool to automate bulk testing of Snort and Yara rules on a variety of sample files.

Usage: python3 checkyoself.py [-y rules.yara] [-s rules.snort] [-o file_output_prefix] [--matches] [--misses] -d malware.exe malware.pcap

Examples: python3 checkyoself.py -y rules/javaobj -s rules/javaobj -d payloads/javaobj pcaps --misses -o java_misses


YSoSerial.NET v1.34 payload generation. Run on Windows from the ./utils directory.

  • Source: https://github.com/pwntester/ysoserial.net
  • License: ysoserial.net_LICENSE.txt


YSoSerial payload generation. Run on Linux from the ./utils directory.

  • Source: https://github.com/frohoff/ysoserial
  • License: ysoserial_LICENSE.txt


Installing Snort on a Debian based system was a bit finnicky for me, so I wrote my install notes here.

Use at your own risk in a VM that you have snapshotted recently.


Simple Python script that runs an HTTP server on and accepts POST requests.

Handy for generating test PCAPs.