fengchenzxc
Follow
Stars
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
SpringBoot 相关漏洞学习资料,利用方法和技巧合集,黑盒安全评估 check list
Unofficial mirror of FernFlower Java decompiler (All pulls should be submitted upstream)
HaE - Highlighter and Extractor, Empower ethical hacker for efficient operations.
JNDI注入测试工具(A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc)
Java安全相关的漏洞和技术demo,原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security Manager绕过、Dubbo-Hessian2安全加固等等实践代码。
一款高性能 HTTP 代理隧道工具 | A high-performance http proxy tunneling tool
shiro反序列化漏洞综合利用,包含(回显执行命令/注入内存马)修复原版中NoCC的问题 https://github.com/j1anFen/shiro_attack
MDUT - Multiple Database Utilization Tools
A Burp Suite extension that integrates OpenAI's GPT to perform an additional passive scan for discovering highly bespoke vulnerabilities and enables running traffic-based analysis of any type.
a rep for documenting my study, may be from 0 to 0.1
Share Things Related to Java - Java安全漫谈笔记相关内容
一款支持自定义的 Java 内存马生成工具|A customizable Java in-memory webshell generation tool.
A simple FOFA client written in JavaFX. Made by WgpSec, Maintained by f1ashine.
An easy-to-learn/use static analysis framework for Java
Collect JSP webshell of various implementation methods. 收集JSP Webshell的各种姿势
Jar Analyzer - 一个JAR包分析工具,批量分析,SCA漏洞分析,方法调用关系搜索,字符串搜索,Spring组件分析,信息泄露检查,CFG程序分析,JVM栈帧分析,进阶表达式搜索,字节码指令级的动态调试分析,反编译JAR包一键导出,一键提取序列化数据恶意代码,一键分析BCEL字节码
A helpful Java Deserialization exploit framework.
A byte code analyzer for finding deserialization gadget chains in Java applications
Nacos漏洞综合利用GUI工具,集成了默认口令漏洞、SQL注入漏洞、身份认证绕过漏洞、反序列化漏洞的检测及其利用
🐱💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks