This article introduces BlackSerial, a tool for identifying working gadget chains during blackbox pentests by industrializing the payload generation with multiple tools, languages and formats.

It helps to identify working gadget chains in blackbox scenarios.

And also, as web application are relying more on more on JSON RESTfull API, it will help being more extensive on fuzzing JSON user input to detect underlying vulnerable deserialization vulnerabilities in libraries or custom implementation. This also apply for XML or YAML payloads.