Java安全相关的漏洞和技术demo，原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security Manager绕过、Dubbo-Hessian2安全加固等等实践代码。

Java web common vulnerabilities and security code which is base on springboot and spring security

Cknife

The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

A tool to dump Java serialization streams in a more human readable form.

JNDI-Exploitation-Kit（A modified version of the great JNDI-Injection-Exploit created by @welk1n. This tool can be used to start an HTTP Server, RMI Server and LDAP Server to exploit java web apps v…

This repository will serve as the "master" repo containing all trainings and tutorials done in preperation for OSWE in conjunction with the AWAE course. This repo will likely contain custom code by…

搜集了市面上绝大部分weblogic解密方式，整理了7种解密weblogic的方法及响应工具。

Java 内存马开聚会 🎉

Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.

Some payloads of JNDI Injection in JDK 1.8.0_191+

RMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities

Material for the training "Developing Burp Suite Extensions – From Manual Testing to Security Automation"

rmi、jndi、ldap、jrmp、jmx、jms一些demo测试

Vulnerable Java based Web Application

Java web and command line applications demonstrating various security topics

Purposely vulnerable Java application to help lead secure coding workshops

Burp scanner plugin based on Vulners.com vulnerability database