Binary rewriting approach with fork server support to fuzz Java applications with afl-fuzz.
☆91May 3, 2018Updated 7 years ago
Alternatives and similar repositories for java-afl
Users that are interested in java-afl are comparing it to the libraries listed below
Sorting:
- AFL-based fuzzing for Java☆238Jan 26, 2020Updated 6 years ago
- Result files from various fuzzing runs☆16Oct 18, 2021Updated 4 years ago
- Native Java serialization filter blacklist for common gadgets☆20Sep 12, 2019Updated 6 years ago
- JQF + Zest: Coverage-guided semantic fuzzing for Java.☆724Sep 22, 2025Updated 5 months ago
- ☆41Mar 10, 2021Updated 4 years ago
- Proof of Work generator☆12Jun 26, 2019Updated 6 years ago
- 超硬核!使用图数据技术发现软件漏洞☆185Sep 1, 2021Updated 4 years ago
- Coverage-guided, in-process fuzzing for the JVM☆1,196Feb 20, 2026Updated last week
- ☆38Nov 29, 2022Updated 3 years ago
- ☆18Jul 30, 2018Updated 7 years ago
- Native Java-based deserialization exploit for WebLogic T3 (and T3S) listeners.☆35Mar 2, 2020Updated 5 years ago
- springboot getRequestURI acl bypass☆37Oct 13, 2020Updated 5 years ago
- coverage guided fuzz testing for java☆228Apr 30, 2021Updated 4 years ago
- Tools that run inside the guest☆11Jan 2, 2020Updated 6 years ago
- Slides/Demos from the BSides Munich 2019 talk "Attacking Java RMI in 2019"☆101Sep 20, 2019Updated 6 years ago
- ☆22Nov 3, 2022Updated 3 years ago
- IAST 灰盒扫描工具☆448Jul 19, 2022Updated 3 years ago
- JRE8u20_RCE_Gadget☆255Jul 1, 2016Updated 9 years ago
- An AFL implementation with UnTracer (our coverage-guided tracer)☆124Jul 7, 2022Updated 3 years ago
- Phosphor: Dynamic Taint Tracking for the JVM☆180Jun 17, 2025Updated 8 months ago
- Primitive tool for exploring/querying Java classes via the Tinkerpop Gremlin graph traversal language☆110May 12, 2016Updated 9 years ago
- Java层frida hook学习笔记 https://uknowsec.cn☆47Feb 6, 2020Updated 6 years ago
- cve-2022-34169 延伸出的Jdk Xalan的payload自动生成工具,可根据不同的Jdk生成出其所对应的xslt文件☆93Jan 17, 2023Updated 3 years ago
- ☆352Aug 29, 2024Updated last year
- ☆11Oct 10, 2018Updated 7 years ago
- A byte code analyzer for finding deserialization gadget chains in Java applications☆1,079Jun 15, 2021Updated 4 years ago
- MySQL JDBC Deserialization Payload / MySQL客户端jdbc反序列化漏洞payload☆13Feb 8, 2020Updated 6 years ago
- https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet☆54Sep 11, 2021Updated 4 years ago
- 基于JVM-Sandbox实现RASP安全监控防护☆53Aug 8, 2023Updated 2 years ago
- Static code auditing system☆468Jan 8, 2021Updated 5 years ago
- PaddingZip is a tool that you can craft a zip file that contains the padding characters between the file content.☆81Aug 14, 2022Updated 3 years ago
- Windows Graphics Device Interface (GDI+) fuzzer☆130Aug 13, 2020Updated 5 years ago
- A declarative static analysis tool for jvm bytecode based Datalog like CodeQL☆345Jan 6, 2024Updated 2 years ago
- tomcat使用了自带session同步功能时,不安全的配置(没有使用EncryptInterceptor)导致存在的反序列化漏洞,通过精心构造的数据包, 可以对使用了tomcat自带session同步功能的服务器进行攻击。PS:这个不是CVE-2020-9484,9484…☆212May 19, 2020Updated 5 years ago
- A deflate compressor that emits compressed data that is in the [A-Za-z0-9] ASCII byte range.☆39Jan 25, 2022Updated 4 years ago
- 一个利用ASM对字节码进行污点传播分析的静态代码审计应用(添加了大量代码注释,适合大家进行源码学��习)。也加入了挖掘Fastjson反序列化gadget chains和SQLInject(JdbcTemplate、MyBatis、JPA、Hibernate、原生jdbc等)静…☆458Mar 24, 2022Updated 3 years ago
- Java After-Deserialization Attack☆79Apr 26, 2021Updated 4 years ago
- A helpful Java Deserialization exploit framework.☆1,240Feb 17, 2025Updated last year
- 利用agent hock指定的class,在jar运行周期内,用于跟踪被执�行的方法,辅助做一些事情,比如挖洞啊☆125Jul 17, 2020Updated 5 years ago