Java安全相关的漏洞和技术demo，原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security Manager绕过、Dubbo-Hessian2安全加固等等实践代码。

Java web common vulnerabilities and security code which is base on springboot and spring security

Base Admin一套简单通用的后台管理系统，主要功能有：权限管理、菜单管理、用户管理，系统设置、实时日志，实时监控，API加密，以及登录用户修改密码、配置个性菜单等

A cli tool that helps signing and zip aligning single or multiple Android application packages (APKs) with either debug or provided release certificates. It supports v1, v2 and v3 Android signing s…

shiro反序列化漏洞综合利用,包含（回显执行命令/注入内存马）修复原版中NoCC的问题 https://github.com/j1anFen/shiro_attack

A Burp Suite extension that integrates OpenAI's GPT to perform an additional passive scan for discovering highly bespoke vulnerabilities and enables running traffic-based analysis of any type.

APIKit：Discovery, Scan and Audit APIs Toolkit All In One.

一款支持自定义的 Java 内存马生成工具｜A customizable Java in-memory webshell generation tool.

More than 2.7 million lines of code modification continuously iterated for 9 years to modernize java cms, easily supporting tens of millions of data, tens of millions of PV; Support static, server …

Burp suite 分块传输辅助插件

Share Things Related to Java - Java安全漫谈笔记相关内容

Shiro550/Shiro721 一键化利用工具，支持多种回显方式

项目是根据LandGrey/SpringBootVulExploit清单编写，目的hvv期间快速利用漏洞、降低漏洞利用门槛。

SEKIRO is a multi-language, distributed, network topology-independent service publishing platform. By writing handlers in their respective languages, functionalities can be published to the central…

A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅

Jar Analyzer - 一个 JAR 包 GUI 分析工具，方法调用关系搜索，方法调用链 DFS 算法分析，模拟 JVM 的污点分析验证 DFS 结果，字符串搜索，Java Web 组件入口分析，CFG 程序分析，JVM 栈帧分析，自定义表达式搜索，支持 MCP 调用，文档：https://docs.qq.com/doc/DV3pKbG9GS0pJS0tk

An easy-to-learn/use static analysis framework for Java

JNDIExploit or a ysoserial.

TCP/UDP Non-HTTP Proxy Extension (NoPE) for Burp Suite.

BusyBox for Android

HeapDump敏感信息提取工具

A CAT called tabby ( Code Analysis Tool )

WebSocket 内存马/Webshell，一种新型内存马/WebShell技术

🔓 Disable SSL verification and pinning on Android, system-wide

Dynamic java method hook framework on ART. Allowing you to change almost all java methods' behavior dynamically.

Fastjson vulnerability quickly exploits the framework（fastjson漏洞快速利用框架）

support android 12 应用分身、模拟设备、模拟wifi、虚拟多开、钉钉打卡、企微打卡、插件开发、XP插件、模拟用户操作、java hook、c++ hook

Web漏洞扫描工具XRAY的GUI启动器

Burp插件，根据自定义来达到对数据包的处理（适用于加解密、爆破等），类似mitmproxy，不同点在于经过了burp中转，在自动加解密的基础上，不影响APP、网站加解密正常逻辑等。

记录一下 Java 安全学习历程，也算是半条学习路线了