Stars
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
Real - time non-invasive AOP framework container based on JVM
SpringBoot 相关漏洞学习资料,利用方法和技巧合集,黑盒安全评估 check list
lanproxy是一个将局域网个人电脑、服务器代理到公网的内网穿透工具,支持tcp流量转发,可支持任何tcp上层协议(访问内网网站、本地支付接口调试、ssh访问、远程桌面、http代理、https代理、socks5代理...)。技术交流QQ群 736294209
Picocli is a modern framework for building powerful, user-friendly, GraalVM-enabled command line apps with ease. It supports colors, autocompletion, subcommands, and more. In 1 source file so apps …
the fastest and most powerful android decompiler(native tool working without Java VM) for the APK, DEX, ODEX, OAT, JAR, AAR, and CLASS file. which supports malicious behavior detection, privacy lea…
JNDI注入测试工具(A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc)
Unirest in Java: Simplified, lightweight HTTP client library.
Java安全相关的漏洞和技术demo,原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security Manager绕过、Dubbo-Hessian2安全加固等等实践代码。
APIKit:Discovery, Scan and Audit APIs Toolkit All In One.
Share Things Related to Java - Java安全漫谈笔记相关内容
Burp extension to evade TLS fingerprinting. Bypass WAF, spoof any browser.
🎸 B3log 分布式社区的 Java 博客端节点系统,欢迎加入下一代社区网络。B3log distributed community blog-end node based on Java, welcome to join the next generation community network.
Collect JSP webshell of various implementation methods. 梳理和发现的JSP Webshell各种姿势
一款专注于 Java 主流 Web 中间件的内存马快速生成工具,致力于简化安全研究人员和红队成员的工作流程,提升攻防效率
A helpful Java Deserialization exploit framework.
Standalone unofficial fully-featured Whatsapp Web and Mobile API for Java and Kotlin
IDEA plugin for directly editing and modifying files in jar without decompression. (一款无需解压直接编辑修改jar包内文件的IDEA插件)
a webshell resides in the memory of java web server
Unexpected information 是用于标记请求包中的一些敏感信息、JS接口和一些特殊字段的BurpSuite 插件。
给woodpecker框架量身定制的ysoserial