Ape1ron / FastjsonInDeserializationDemo1Links
高版本Fastjson在Java原生反序列化中的利用演示
☆26Updated 8 months ago
Alternatives and similar repositories for FastjsonInDeserializationDemo1
Users that are interested in FastjsonInDeserializationDemo1 are comparing it to the libraries listed below
Sorting:
- 在spring-aop中新发现的反序列化gadget-chain☆51Updated 8 months ago
- 方便自己搭建codeql环境和数据库的工具。☆43Updated last month
- 之前方便自己研究RASP原理和绕过时顺手写的,用于快速启动和重置RASP环境☆71Updated 11 months ago
- A IntelliJ Plugin for Tabby to Find Vulnerabilities Easily☆37Updated 10 months ago
- ☆18Updated 8 months ago
- A lightweight reverse proxy server that converts TLS traffic to TCP, allowing secure communication between clients and upstream servers.☆76Updated last year
- Fenrir 是一个基于 MCP 协议与 AST 技术的代码审计工具,旨在解决安全研究与自动化代码审计领域中,面对大规模、结构复杂甚至反编译代码时,传统代码搜索与分析手段效率低、准确性差的问题。☆90Updated 2 weeks ago
- 使用 Docker 一键构建 JDK 源码的 CodeQL 数据库,方便使用 CodeQL 查找 JDK 中的数据。☆21Updated 4 months ago
- Java bytecode line number restoration tool☆88Updated 3 weeks ago
- A vul-finder for loading CPG and automated finding vul-call-chains☆62Updated last month
- 用于快速启动tabby 分析漏洞或者gadget的环境☆88Updated 2 months ago
- 多组件客户端☆74Updated 4 months ago
- idea插件,快速生成反序列化中常用的方法,比如setFieldValue、createTemplatesImpl等☆28Updated 11 months ago
- 利用代理驱动绕过JDBC Attack检测☆130Updated 3 months ago
- Easy burp sign extension!☆54Updated 7 months ago
- 如何将Java反序列化Payload极致缩小☆65Updated 3 years ago
- 如果反序列化过程中使用resolveClass拉黑了TemplatesImpl如何绕过☆52Updated 2 years ago
- 基于污点分析和模拟栈帧技术的JSP Webshell检测☆47Updated 2 months ago
- Java漏洞调试分析集合☆91Updated last year
- 一个基于 Vineflower 引擎的多线程 Java 批量反编译工具,支持快速处理大量的 class 文件和 JAR 文件。☆56Updated 4 months ago
- ☆28Updated last year
- 一个IDEA插件:一键收集项目中所有jar包依赖的工具插件。遍历项目目录收集所有jar文件,复制到all-in-one文件夹,并自动添加为项目库。☆49Updated last month
- Hessian UTF-8 Overlong Encoding☆19Updated last year
- JNDI/LDAP注入利用工具,对命令进行两种编码,支持多种绕过高版本JDK的方式(参考大佬代码造的轮子)☆44Updated 3 years ago
- Apache Dubbo漏洞测试Demo及其POC☆62Updated 2 years ago
- A list for Spring Security☆125Updated last year
- My security presentations☆28Updated 2 years ago
- JSHunter-一款针对于前端的未授权访问扫描工具☆65Updated 4 months ago
- nativeRasp that can hook native methods☆24Updated 2 years ago
- Collect some security conference topics☆52Updated last year