Lists (16)
Stars
Ghidra is a software reverse engineering (SRE) framework
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.
SpringBoot 相关漏洞学习资料,利用方法和技巧合集,黑盒安全评估 check list
Angry IP Scanner - fast and friendly network scanner
HaE - Highlighter and Extractor, Empower ethical hacker for efficient operations.
JNDI注入测试工具(A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc)
Java安全相关的漏洞和技术demo,原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security Manager绕过、Dubbo-Hessian2安全加固等等实践代码。
一款高性能 HTTP 代理隧道工具 | A high-performance http proxy tunneling tool
The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
shiro反序列化漏洞综合利用,包含(回显执行命令/注入内存马)修复原版中NoCC的问题 https://github.com/j1anFen/shiro_attack
APIKit:Discovery, Scan and Audit APIs Toolkit All In One.
MDUT - Multiple Database Utilization Tools
溯光 (TrackRay) 3 beta⚡渗透测试框架(资产扫描|指纹识别|暴力破解|网页爬虫|端口扫描|漏洞扫描|代码审计|AWVS|NMAP|Metasploit|SQLMap)
Shiro550/Shiro721 一键化利用工具,支持多种回显方式
Share Things Related to Java - Java安全漫谈笔记相关内容
项目是根据LandGrey/SpringBootVulExploit清单编写,目的hvv期间快速利用漏洞、降低漏洞利用门槛。
BurpCrypto is a collection of burpsuite encryption plug-ins, support AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite). 支持多种加密算法或直接执行JS代码的用于爆破前端加密的BurpSuite插件
Thinkphp(GUI)漏洞利用工具,支持各版本TP漏洞检测,命令执行,getshell。
Collect JSP webshell of various implementation methods. 梳理和发现的JSP Webshell各种姿势
Alibaba-Nacos-Unauthorized/ApacheDruid-RCE_CVE-2021-25646/MS-Exchange-SSRF-CVE-2021-26885/Oracle-WebLogic-CVE-2021-2109_RCE/RG-CNVD-2021-14536/RJ-SSL-VPN-UltraVires/Redis-Unauthorized-RCE/TDOA-V11.…
🐱💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks