A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

Quickly find differences and similarities in disassembled code

Java安全相关的漏洞和技术demo，原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security Manager绕过、Dubbo-Hessian2安全加固等等实践代码。

a rep for documenting my study, may be from 0 to 0.1

一款支持自定义的 Java 内存马生成工具｜A customizable Java in-memory webshell generation tool.

Share Things Related to Java - Java安全漫谈笔记相关内容

An easy-to-learn/use static analysis framework for Java

HeapDump敏感信息提取工具

A CAT called tabby ( Code Analysis Tool )

WebSocket 内存马/Webshell，一种新型内存马/WebShell技术

一款专注于 Java 主流 Web 中间件的内存马快速生成工具，致力于简化安全研究人员和红队成员的工作流程，提升攻防效率

A helpful Java Deserialization exploit framework.

A byte code analyzer for finding deserialization gadget chains in Java applications

A malicious LDAP server for JNDI injection attacks

A tool to dump Java serialization streams in a more human readable form.

java内存对象搜索辅助工具

关于学习java安全的一些知识,正在学习中ing,欢迎fork and star

给woodpecker框架量身定制的ysoserial

《深入JDBC安全：特殊URL构造与不出网反序列化利用技术揭秘》对应研究总结项目 "Deep Dive into JDBC Security: Special URL Construction and Non-Networked Deserialization Exploitation Techniques Revealed" - Research Summary Project

一款支持自定义的 Java 回显载荷生成工具｜A customizable Java echo payload generation tool.

Java web路由内存分析工具

Dump classes from running JVM process.

Look-Ahead Java Deserialization Library

Collection of bypass gadgets to extend and wrap ysoserial payloads

Apache Dubbo (CVE-2023-23638)漏洞利用的工程化实践

Spring Actuator端点的BurpSuite被动扫描插件。

Java表达式语句生成器