🍬A set of tools that keep Java sweet.

😱 从源码层面，剖析挖掘互联网行业主流技术的底层实现原理，为广大开发者 “提升技术深度” 提供便利。目前开放 Spring 全家桶，Mybatis、Netty、Dubbo 框架，及 Redis、Tomcat 中间件等

SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 check list

Angry IP Scanner - fast and friendly network scanner

HaE - Highlighter and Extractor, Empower ethical hacker for efficient operations.

JNDI注入测试工具（A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc）

shiro反序列化漏洞综合利用,包含（回显执行命令/注入内存马）修复原版中NoCC的问题 https://github.com/j1anFen/shiro_attack

domain_hunter的高级版本，SRC挖洞、HW打点之必备！自动化资产收集；快速Title获取；外部工具联动；等等

Shiro550/Shiro721 一键化利用工具，支持多种回显方式

一款基于BurpSuite的被动式shiro检测插件

HackBar plugin for Burpsuite

Fastjson vulnerability quickly exploits the framework（fastjson漏洞快速利用框架）

Burp plugin able to find reflected XSS on page in real-time while browsing on site

Java RCE 回显测试代码

This project aims to provide a central repository for many useful Tsunami Security Scanner plugins.

sqlmap4burp++是一款兼容Windows，mac，linux多个系统平台的Burp与sqlmap联动插件

A Burp Suite Extension that try to find all sub-domain, similar-domain and related-domain of an organization automatically! 基于流量自动收集整个企业或组织的子域名、相似域名、相关域名的burp插件

JMX enumeration and attacking tool.

A collection of Cortana scripts that you may use with Armitage and Cobalt Strike 2.x. Cortana Scripts are not compatible with Cobalt Strike 3.x. Cobalt Strike 3.x uses a variant of Cortana called A…

Fastjson <= 1.2.47 远程命令执行漏洞利用工具及方法

帆软/致远密码解密工具

基于亚马逊S3\阿里云OSS\腾讯COS通信隧道的远程管理工具

A memory shell for ruoyi

attackRmi

一款基于webshell命令执行功能实现的GUI webshell管理工具，支持流量加密

A JSP backdoor that enables under Tomcat hiding arbitrary JSP files, in addition to their access logs.

RMI 反序列化环境 一步步

Struts2漏洞实例源码

基于dbcp的fastjson rce 回显

超硬核！使用图数据技术发现软件漏洞