Stars
Ghidra is a software reverse engineering (SRE) framework
😱 从源码层面,剖析挖掘互联网行业主流技术的底层实现原理,为广大开发者 “提升技术深度” 提供便利。目前开放 Spring 全家桶,Mybatis、Netty、Dubbo 框架,及 Redis、Tomcat 中间件等
A simple app to use Xposed without root, unlock the bootloader or modify system image, etc.
Virtual Engine for Android(Support 14.0 in business version)
SpringBoot 相关漏洞学习资料,利用方法和技巧合集,黑盒安全评估 check list
HaE - Highlighter and Extractor, Empower ethical hacker for efficient operations.
JNDI注入测试工具(A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc)
Java安全相关的漏洞和技术demo,原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security Manager绕过、Dubbo-Hessian2安全加固等等实践代码。
shiro反序列化漏洞综合利用,包含(回显执行命令/注入内存马)修复原版中NoCC的问题 https://github.com/j1anFen/shiro_attack
MDUT - Multiple Database Utilization Tools
一款支持自定义的 Java 内存马生成工具|A customizable Java in-memory webshell generation tool.
domain_hunter的高级版本,SRC挖洞、HW打点之必备!自动化资产收集;快速Title获取;外部工具联动;等等
Share Things Related to Java - Java安全漫谈笔记相关内容
Shiro550/Shiro721 一键化利用工具,支持多种回显方式
Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules thro…
A simple FOFA client written in JavaFX. Made by WgpSec, Maintained by f1ashine.
TCP/UDP Non-HTTP Proxy Extension (NoPE) for Burp Suite.
CaA - Collector and Analyzer, Insight into information, exploring with intelligence in a thousand ways.
Collect JSP webshell of various implementation methods. 梳理和发现的JSP Webshell各种姿势
Fastjson vulnerability quickly exploits the framework(fastjson漏洞快速利用框架)
Burp插件,根据自定义来达到对数据包的处理(适用于加解密、爆破等),类似mitmproxy,不同点在于经过了burp中转,在自动加解密的基础上,不影响APP、网站加解密正常逻辑等。