EastSword/skill-dfyx_code_security_review

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/EastSword/skill-dfyx_code_security_review)

EastSword / skill-dfyx_code_security_review

东方隐侠团队出品，代码审计skill

☆79

Alternatives and similar repositories for skill-dfyx_code_security_review

Users that are interested in skill-dfyx_code_security_review are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

Sorting:

goddemondemongod / god_bak
View on GitHub
☆13Nov 7, 2023Updated 2 years ago
sdfwesfe / cowcow
View on GitHub
一款支持目录扫描(可配合熊猫头)+自动绕403+敏感匹配等的小脚本工具，目前此脚本属于创始测试版，后续会继续升级！！！CowCow🐂🐂
☆18Dec 27, 2024Updated last year
Chave0v0 / API-Highlighter
View on GitHub
API Highlighter 是一个用于 BurpSuite 的插件，主要用于 web 应用迭代安全测试时高亮指定的新增接口，该插件最初用 Python 编写，现重构为 Java 版本。
☆42Feb 19, 2025Updated last year
ax1sX / RouteCheck-Alpha
View on GitHub
A Java Route Collection Tool
☆102Aug 1, 2024Updated last year
Clayeee / Win-Logs-Parse-tool
View on GitHub
☆22Mar 4, 2019Updated 7 years ago
NordVPN Special Discount Offer • Ad
Save on top-rated NordVPN 1 or 2-year plans with secure browsing, privacy protection, and support for for all major platforms.
X1r0z / hessian-overlong-encoding
View on GitHub
Hessian UTF-8 Overlong Encoding
☆21Mar 9, 2024Updated 2 years ago
woodpecker-appstore / zip-tools
View on GitHub
zip slip
☆38Apr 7, 2023Updated 3 years ago
z-bool / SQLDownload
View on GitHub
内网大型数据拖库解决方案，隧道不稳定时将内网数据库保存为csv格式文件
☆34Nov 1, 2023Updated 2 years ago
prepar-z / inspectorz
View on GitHub
Java 代码审计 idea 插件
☆26Mar 8, 2025Updated last year
yezere / codeql_n1ght
View on GitHub
方便自己搭建codeql环境和数据库的工具。
☆64Mar 25, 2026Updated 2 weeks ago
likeNlong / dll_finder
View on GitHub
XXST-白加黑辅助挖掘工具，全程静默运行不影响正常使用
☆17Apr 12, 2024Updated last year
shanxigetanxiaochou / burp-xss-scan
View on GitHub
burp被动插件扫反射xss
☆14Nov 29, 2023Updated 2 years ago
Vistaminc / AuditLuma
View on GitHub
AuditLuma是一个AI+智能体代码审计系统，它利用多个AI代理和先进的技术，包括多代理合作协议（MCP）和Self-RAG（检索增强生成），为代码库提供全面的安全分析，目前已经支持ollama部署的本地大模型
☆241Aug 1, 2025Updated 8 months ago
tanweai / xianzhi-research
View on GitHub
☆154Jan 29, 2026Updated 2 months ago
NordVPN Special Discount Offer • Ad
Save on top-rated NordVPN 1 or 2-year plans with secure browsing, privacy protection, and support for for all major platforms.
Zacarx / JavaSinkTracer_MCP
View on GitHub
基于函数级污点分析的 Java 源代码漏洞审计工具JavaSinkTracer，通过 Model Context Protocol (MCP) 为 AI 助手提供安全分析能力。
☆109Oct 7, 2025Updated 6 months ago
xsshim / GzWebsocket
View on GitHub
哥斯拉webshell管理工具的插件，用于连接websocket型webshell
☆181Apr 17, 2024Updated last year
bansh2eBreak / SpringVulnBoot-frontend
View on GitHub
基于 Vue + SpringBoot 构建的前后端分离的 Java 安全靶场。
☆16Feb 28, 2026Updated last month
wangsz05 / LearnDemo
View on GitHub
☆16Oct 30, 2022Updated 3 years ago
Nbccccc / FinderFuzz
View on GitHub
用于渗透测试的WebFuzz扫描工具
☆37Aug 3, 2025Updated 8 months ago
watanabe-hsad / GoPhantom
View on GitHub
GoPhantom 是一个为红队演练和安全研究设计的下一代荷载加载器（Payload Loader）生成器。它利用 Go 语言的强大功能，将原始的 Shellcode 和一个诱饵文件打包成一个独立的、具有较强免杀（AV-Evasion）能力的 Windows 可执行文件。
☆198Mar 19, 2026Updated 2 weeks ago
Veraxy00 / SecVulList-Veraxy00
View on GitHub
发布一些我发现的漏洞以及利用脚本。
☆15Jun 29, 2023Updated 2 years ago
unam4 / java_gadget_flow
View on GitHub
一些总结出来的gadget的flow，后续合适和加入新的flow
☆68Dec 6, 2025Updated 4 months ago
e1arth / Godzilla_bypass_webshell
View on GitHub
哥斯拉反射自定义 AES 通信插件加密器，基于基于AES+自定义Stream Wrapper注册+include执行，全链路零eval，类多态触发的webshell生成器。
☆46Mar 24, 2026Updated 2 weeks ago
1-Click AI Models by DigitalOcean Gradient • Ad
Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click and start building anything your business needs.
ce-automne / OrderbyHunter
View on GitHub
一款辅助探测Orderby注入漏洞的BurpSuite插件
☆25Oct 19, 2021Updated 4 years ago
X1r0z / hacking-espresso
View on GitHub
Hacking GraalVM Espresso - Abusing Continuation API to Make ROP-like Attack
☆36Aug 27, 2025Updated 7 months ago
3stoneBrother / code-audit
View on GitHub
☆499Feb 13, 2026Updated last month
tabby-sec / tabby-vul-finder
View on GitHub
A vul-finder for loading CPG and automated finding vul-call-chains
☆72Jul 22, 2025Updated 8 months ago
Whoopsunix / utf-8-overlong-encoding
View on GitHub
抽离出 utf-8-overlong-encoding 的序列化逻辑，实现 2 3 字节加密序列化数组
☆140Mar 11, 2024Updated 2 years ago
ChenChen753 / Nuclei_Gui
View on GitHub
基于 PyQt5 的 Nuclei 漏洞扫描图形化工具，支持 POC 管理、FOFA/Hunter/Shodan 资产搜索、AI 辅助分析、漏洞报告生成等功能
☆46Feb 28, 2026Updated last month
Ape1ron / SpringAopInDeserializationDemo1
View on GitHub
在spring-aop中新发现的反序列化gadget-chain
☆52Jan 12, 2025Updated last year
test502git / SScan
View on GitHub
一款src捡洞扫描器
☆25Jan 13, 2021Updated 5 years ago
xzajyjs / SpringBoot-whitelabel-error-rce-EXP
View on GitHub
Spring Boot whitelabel error page SpEL rce EXP
☆13May 24, 2024Updated last year
Managed hosting for WordPress and PHP on Cloudways • Ad
Managed hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
zhzhdoai / Weblogic_Vuln
View on GitHub
CVE-2015-4852、CVE-2016-0638、CVE-2016-3510、CVE-2019-2890漏洞POC
☆17Aug 11, 2020Updated 5 years ago
hldfight / Tai-e-WebPlugin
View on GitHub
Tai-e的Web插件
☆23Jun 11, 2024Updated last year
Ar3h / utf8-overlong-agent
View on GitHub
使用 agent 实现反序列化 utf8 overlong
☆84Apr 24, 2024Updated last year
pap1rman / JNDIExploit-modify
View on GitHub
对原版JNDIExploit进行修改增加线程和JMX注入内存马
☆17Apr 23, 2025Updated 11 months ago
miekrr / HashPump
View on GitHub
A tool to exploit the hash length extension attack in various hashing algorithms
☆17Sep 11, 2012Updated 13 years ago
bmth666 / GeoServer-Tools-CVE-2024-36401
View on GitHub
CVE-2024-36401 图形化利用工具，支持各个JDK版本利用以及回显、内存马实现
☆40Jul 16, 2025Updated 8 months ago
jar-analyzer / jar-analyzer-claude
View on GitHub
Claude Code plugin for Java JAR security audit — 基于 jar-analyzer 的 Claude Code 安全审计插件，构建数据库，AI 深入分析
☆110Mar 20, 2026Updated 2 weeks ago