deserialization
Hunt insecure deserialization (CWE-502) across Python pickle, Java ObjectInputStream / Jackson / SnakeYAML, .NET BinaryFormatter / DataContractJson, PHP unserialize, Ruby Marshal/YAML.load, and Node.js vm. Direct path to unauthenticated RCE.
Best for Security auditsWorks with GitHubHigh risk
⌘source
- author
@PurpleAILAB- language
- Python
★2.1kstars
366forks
Apr 18, 2026
✦overview.md
Key Features
- ·Identifies insecure deserialization vulnerabilities (CWE-502)
- ·Covers multiple languages: Python, Java, .NET, PHP, Ruby, Node.js
- ·Lists dangerous deserialization sinks for each language
- ·Provides example grep and semgrep commands for detection
- ·Highlights common sources of user-controlled deserialization data
Use Cases
- →Security engineers scanning codebases for deserialization flaws
- →Developers reviewing third-party libraries for unsafe deserialization usage
- →Penetration testers hunting for RCE vectors in web applications
- →DevOps teams implementing security checks in CI/CD pipelines
Best for
- ✓Security audits
- ✓Vulnerability assessment
- ✓Penetration testing
Not ideal for
- !General code quality reviews
- !Performance optimization
- !Documentation generation
FAQs
name
deserialization
description
Hunt insecure deserialization (CWE-502) across Python pickle, Java ObjectInputStream / Jackson / SnakeYAML, .NET BinaryFormatter / DataContractJson, PHP unserialize, Ruby Marshal/YAML.load, and Node.js vm. Direct path to unauthenticated RCE.
Insecure Deserialization Playbook
Deserialization is the single most reliable path from a byte string under user control to unauthenticated remote code execution. Modern frameworks have tried to wall this off, but chained-gadget attacks (ysoserial, ysoserial.net, marshalsec, phpggc) still make this a top-tier finding.
1. Sources (user-controlled data that becomes an object)
- HTTP body, cookie, header, query param
- Message queue payload (Kafka, RabbitMQ, SQS)
- File upload parsed as config
- WebSocket messages
- Inter-service RPC
2. Dangerous sinks by language
Python
pickle.loads/pickle.load/pickle.Unpicklerdill.loads,cloudpickle.loads,shelve.openyaml.load()withoutLoader=SafeLoaderjsonpickle.decodenumpy.load(allow_pickle=True)torch.load(loads pickled tensors → RCE)joblib.loadmarshal.loads
grep -rE 'pickle\.loads?\(|yaml\.load\([^)]*Loader=(FullLoader|Loader)?\)|torch\.load\(' /workspace/src
semgrep --config p/insecure-transport --config p/python /workspace/src -o /workspace/sem-deser.sarif
Java
ObjectInputStream.readObjectXMLDecoder.readObject
$install
1-click copynpx skills add PurpleAILAB/Decepticon --skill deserializationSafety assessment
★
Clarity score
How clear and easy to understand the SKILL.md instructions are, rated from 1 to 5.
4/ 5
very goodClear and well structured, with only minor parts that might need a second read.
◎
Actionability score
How directly an agent can act on the SKILL.md instructions, rated from 1 to 5.
3/ 5
mediumPartially actionable with several concrete steps, but still missing important details.