Lists (11)
Stars
Ghidra is a software reverse engineering (SRE) framework
Alibaba Java Diagnostic Tool Arthas/Alibaba Java诊断利器Arthas
Generate diagrams from textual description
OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
Real - time non-invasive AOP framework container based on JVM
A blazingly fast multi-language serialization framework powered by JIT and zero-copy.
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
shiro反序列化漏洞综合利用,包含(回显执行命令/注入内存马)修复原版中NoCC的问题 https://github.com/j1anFen/shiro_attack
一款支持自定义的 Java 内存马生成工具|A customizable Java in-memory webshell generation tool.
Modern Java decompiler aiming to be as accurate as possible, with an emphasis on output quality. Fork of the Fernflower decompiler.
An easy-to-learn/use static analysis framework for Java
FST: fast java serialization drop in-replacement
一款专注于 Java 主流 Web 中间件的内存马快速生成工具,致力于简化安全研究人员和红队成员的工作流程,提升攻防效率
🐱💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks
80+ Gadgets(30 More than ysoserial). JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and provide background services by starting RMI server,LDAP server and HTTP server.
搜集了市面上绝大部分weblogic解密方式,整理了7种解密weblogic的方法及响应工具。
JavaWeb MemoryShell Inject/Scan/Killer/Protect Research & Exploring
这个仓库收集了所有在 GitHub 上能找到的 CVE 漏洞利用工具。 This repository collects all CVE exploits found on GitHub.
A powerful JNDI injection exploitation framework that supports RMI, LDAP and LDAPS protocols, including various bypass methods for high-version JDK restrictions
《深入JDBC安全:特殊URL构造与不出网反序列化利用技术揭秘》对应研究总结项目 "Deep Dive into JDBC Security: Special URL Construction and Non-Networked Deserialization Exploitation Techniques Revealed" - Research Summary Project