serialkiller.conf 5.78 KB

Raw Blame History Permalink

<?xml version="1.0" encoding="UTF-8"?>
<!-- serialkiller.conf -->
<config>
  <refresh>6000</refresh>
  <mode>
    <!-- set to 'false' for blocking mode -->
    <profiling>false</profiling>
  </mode>
  <!-- if you're changing the logging settings, restart your app -->
  <logging>
    <enabled>true</enabled>
    <logfile>/tmp/serialkiller.log</logfile>
  </logging>
  <blacklist>
    <!-- ysoserial's BeanShell1 payload  -->
    <regexp>bsh\.XThis$</regexp>
    <regexp>bsh\.Interpreter$</regexp>
    <!-- ysoserial's C3P0 payload  -->
    <regexp>com\.mchange\.v2\.c3p0\.impl\.PoolBackedDataSourceBase$</regexp>
    <!-- ysoserial's CommonsBeanutils1 payload  -->
    <regexp>org\.apache\.commons\.beanutils\.BeanComparator$</regexp>
    <!-- ysoserial's CommonsCollections1,3,5,6 payload  -->
    <regexp>org\.apache\.commons\.collections\.Transformer$</regexp>
    <regexp>org\.apache\.commons\.collections\.functors\.InvokerTransformer$</regexp>
    <regexp>org\.apache\.commons\.collections\.functors\.ChainedTransformer$</regexp>
    <regexp>org\.apache\.commons\.collections\.functors\.ConstantTransformer$</regexp>
    <regexp>org\.apache\.commons\.collections\.functors\.InstantiateTransformer$</regexp>
    <!-- ysoserial's CommonsCollections2,4 payload  -->
    <regexp>org\.apache\.commons\.collections4\.functors\.InvokerTransformer$</regexp>
    <regexp>org\.apache\.commons\.collections4\.functors\.ChainedTransformer$</regexp>
    <regexp>org\.apache\.commons\.collections4\.functors\.ConstantTransformer$</regexp>
    <regexp>org\.apache\.commons\.collections4\.functors\.InstantiateTransformer$</regexp>
    <regexp>org\.apache\.commons\.collections4\.comparators\.TransformingComparator$</regexp>
    <!-- ysoserial's FileUpload1,Wicket1 payload  -->
    <regexp>org\.apache\.commons\.fileupload\.disk\.DiskFileItem$</regexp>
    <regexp>org\.apache\.wicket\.util\.upload\.DiskFileItem$</regexp>
    <!-- ysoserial's Groovy payload  -->
    <regexp>org\.codehaus\.groovy\.runtime\.ConvertedClosure$</regexp>
    <regexp>org\.codehaus\.groovy\.runtime\.MethodClosure$</regexp>
    <!-- ysoserial's Hibernate1,2 payload  -->
    <regexp>org\.hibernate\.engine\.spi\.TypedValue$</regexp>
    <regexp>org\.hibernate\.tuple\.component\.AbstractComponentTuplizer$</regexp>
    <regexp>org\.hibernate\.tuple\.component\.PojoComponentTuplizer$</regexp>
    <regexp>org\.hibernate\.type\.AbstractType$</regexp>
    <regexp>org\.hibernate\.type\.ComponentType$</regexp>
    <regexp>org\.hibernate\.type\.Type$</regexp>
    <regexp>com\.sun\.rowset\.JdbcRowSetImpl$</regexp>
    <!-- ysoserial's JBossInterceptors1, JavassistWeld1 payload -->
    <regexp>org\.jboss\.(weld\.)?interceptor\.builder\.InterceptionModelBuilder$</regexp>
    <regexp>org\.jboss\.(weld\.)?interceptor\.builder\.MethodReference$</regexp>
    <regexp>org\.jboss\.(weld\.)?interceptor\.proxy\.DefaultInvocationContextFactory$</regexp>
    <regexp>org\.jboss\.(weld\.)?interceptor\.proxy\.InterceptorMethodHandler$</regexp>
    <regexp>org\.jboss\.(weld\.)?interceptor\.reader\.ClassMetadataInterceptorReference$</regexp>
    <regexp>org\.jboss\.(weld\.)?interceptor\.reader\.DefaultMethodMetadata$</regexp>
    <regexp>org\.jboss\.(weld\.)?interceptor\.reader\.ReflectiveClassMetadata$</regexp>
    <regexp>org\.jboss\.(weld\.)?interceptor\.reader\.SimpleInterceptorMetadata$</regexp>
    <regexp>org\.jboss\.(weld\.)?interceptor\.spi\.instance\.InterceptorInstantiator$</regexp>
    <regexp>org\.jboss\.(weld\.)?interceptor\.spi\.metadata\.InterceptorReference$</regexp>
    <regexp>org\.jboss\.(weld\.)?interceptor\.spi\.metadata\.MethodMetadata$</regexp>
    <regexp>org\.jboss\.(weld\.)?interceptor\.spi\.model\.InterceptionModel$</regexp>
    <regexp>org\.jboss\.(weld\.)?interceptor\.spi\.model\.InterceptionType$</regexp>
    <!-- ysoserial's JRMPClient payload  -->
    <regexp>java\.rmi\.registry\.Registry$</regexp>
    <regexp>java\.rmi\.server\.ObjID$</regexp>
    <regexp>java\.rmi\.server\.RemoteObjectInvocationHandler$</regexp>
    <!-- ysoserial's JSON1 payload  -->
    <regexp>net\.sf\.json\.JSONObject$</regexp>
    <!-- ysoserial's Jdk7u21 payload -->
    <regexp>javax\.xml\.transform\.Templates$</regexp>
    <!-- ysoserial's Jython1 payload -->
    <regexp>org\.python\.core\.PyObject$</regexp>
    <regexp>org\.python\.core\.PyBytecode$</regexp>
    <regexp>org\.python\.core\.PyFunction$</regexp>
    <!-- ysoserial's MozillaRhino1 payload -->
    <regexp>org\.mozilla\.javascript\..*$</regexp>
    <!-- ysoserial's Myfaces1,2 payload  -->
    <regexp>org\.apache\.myfaces\.context\.servlet\.FacesContextImpl$</regexp>
    <regexp>org\.apache\.myfaces\.context\.servlet\.FacesContextImplBase$</regexp>
    <regexp>org\.apache\.myfaces\.el\.CompositeELResolver$</regexp>
    <regexp>org\.apache\.myfaces\.el\.unified\.FacesELContext$</regexp>
    <regexp>org\.apache\.myfaces\.view\.facelets\.el\.ValueExpressionMethodExpression$</regexp>
    <!-- ysoserial's ROME payload  -->
    <regexp>com\.sun\.syndication\.feed\.impl\.ObjectBean$</regexp>
    <!-- ysoserial's Spring1,2 payload  -->
    <regexp>org\.springframework\.beans\.factory\.ObjectFactory$</regexp>
    <regexp>org\.springframework\.core\.SerializableTypeWrapper\$MethodInvokeTypeProvider$</regexp>
    <regexp>org\.springframework\.aop\.framework\.AdvisedSupport$</regexp>
    <regexp>org\.springframework\.aop\.target\.SingletonTargetSource$</regexp>
    <regexp>org\.springframework\.aop\.framework\.JdkDynamicAopProxy$</regexp>
    <regexp>org\.springframework\.core\.SerializableTypeWrapper\$TypeProvider$</regexp>
    <!-- other trigger gadgets or payloads -->
    <regexp>java\.util\.PriorityQueue$</regexp>
    <regexp>java\.lang\.reflect\.Proxy$</regexp>
    <regexp>java\.util\.Comparator$</regexp>
    <regexp>org\.reflections\.Reflections$</regexp>
  </blacklist>
  <whitelist>
    <regexp>.*</regexp>
  </whitelist>
</config>