JYso-skills

JYso-skills is a collection of skill definition files for AI coding agents, specifically designed to help an AI assistant operate JYso, a Java security testing tool. The repository is written entirely in Chinese. JYso itself is a tool used in penetration testing and security research that deals with two categories of Java vulnerabilities: deserialization attacks (where malformed serialized data is used to trigger unintended code execution) and JNDI injection (where an attacker can point a Java application at a remote server to load malicious code). The skills here are structured reference documents that teach an AI agent how to use JYso's command-line options, routing configurations, and payload generation modes.

The repository organizes these skills into a main entry point directory called jyso/ and four topic-specific directories covering JNDI service setup, payload construction, multi-format output, and standalone exploit entry points. There is also a separate skill called pentest-java-deser-jndi/ which is designed to automatically trigger when an AI agent detects signs of Java deserialization or JNDI injection during a penetration testing session, then coordinate the right JYso commands in response.

The content was distilled from the JYso project's wiki documentation and reorganized for use with AI agents rather than as a direct reference for humans. The reorganization groups information by task type, strips out redundant explanations, and separates currently working features from older modules that have been removed from JYso. Details that an AI might need only occasionally are moved into reference sub-files so that the main skill entry stays concise.

This repository does not contain the JYso tool itself. It contains only the structured instruction files that tell an AI agent how to operate JYso. The source material for the skills is the JYso project wiki at github.com/qi4L/JYso/wiki.