Fushuling/TaintScaner external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

Fushuling/TaintScaner

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/Fushuling/TaintScaner)

Close

Fushuling / TaintScanerView on GitHubMore

• External links
• Readme badge

一款基于污点分析的PHP扫描工具，能快速匹配从常见Source点如$_POST、$GET到Sink点system等的路径，同时支持单独对函数的扫描。

☆172Apr 10, 2025Updated 11 months ago

Alternatives and similar repositories for TaintScaner

Users that are interested in TaintScaner are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• yulate / jdbc-tricks

  View on GitHub
  《深入JDBC安全：特殊URL构造与不出网反序列化利用技术揭秘》对应研究总结项目 "Deep Dive into JDBC Security: Special URL Construction and Non-Networked Deserialization Explo…
  ☆575Feb 7, 2026Updated 2 months ago
• yulate / CtfAgent

  View on GitHub
  ctf awd比赛快速hook java题，提供一键流量转发，无痛修复
  ☆61Mar 17, 2025Updated last year
• h3h3qaq / JavaDecompiler

  View on GitHub
  一个基于 Vineflower 引擎的多线程 Java 批量反编译工具，支持快速处理大量的 class 文件和 JAR 文件。
  ☆58Apr 28, 2025Updated 11 months ago
• Boogipop / JavaSec

  View on GitHub
  JavaSec
  ☆47Mar 18, 2024Updated 2 years ago
• freeFV / ShortPayload

  View on GitHub
  如何将Java反序列化Payload极致缩小
  ☆70Jan 18, 2022Updated 4 years ago
• Virtual machines for every use case on DigitalOcean • Ad
  Get dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
• Zjackky / CodeScan

  View on GitHub
  一款轻量级匹配Sink点的代码审计扫描器，为了帮助红队过程中快速代码审计的小工具
  ☆409Oct 6, 2024Updated last year
• ax1sX / RouteCheck-Alpha

  View on GitHub
  A Java Route Collection Tool
  ☆102Aug 1, 2024Updated last year
• X1r0z / hessian-overlong-encoding

  View on GitHub
  Hessian UTF-8 Overlong Encoding
  ☆21Mar 9, 2024Updated 2 years ago
• unam4 / fineldapc

  View on GitHub
  某软最新公开gadgegt,新加入不出网利用。
  ☆88Sep 6, 2024Updated last year
• Java-Chains / chains-plugin-demo

  View on GitHub
  Java Chains 插件编写 demo
  ☆15Mar 5, 2025Updated last year
• SpringKill-team / CodeAuditAssistant

  View on GitHub
  🔍 CodeAuditAssistant - JetBrains Code Audit Plugin (Beta) ⚡ Deep Call-Chain Tracking | 🚀 Method/Class Search | 🔥 Prebuilt Vuln Sink…
  ☆784Mar 14, 2026Updated 3 weeks ago
• luelueking / Deserial_Sink_With_JDBC

  View on GitHub
  Some ReadObject Sink With JDBC
  ☆245May 8, 2024Updated last year
• luelueking / CVE-2022-25845-In-Spring

  View on GitHub
  CVE-2022-25845(fastjson1.2.80) exploit in Spring Env!
  ☆108Nov 7, 2024Updated last year
• cwkiller / ClassLinefix

  View on GitHub
  Java bytecode line number restoration tool
  ☆139Aug 31, 2025Updated 7 months ago
• Open source password manager - Proton Pass • Ad
  Securely store, share, and autofill your credentials with Proton Pass, the end-to-end encrypted password manager trusted by millions.
• leveryd / x-waf

  View on GitHub
  让"WAF绕过"变得简单
  ☆434Jan 26, 2025Updated last year
• alibaba / seckit

  View on GitHub
  阿里巴巴安全SDK，提供SSRF、JDBC、XXE防护能力
  ☆119Oct 15, 2025Updated 5 months ago
• Whoopsunix / utf-8-overlong-encoding

  View on GitHub
  抽离出 utf-8-overlong-encoding 的序列化逻辑，实现 2 3 字节加密序列化数组
  ☆140Mar 11, 2024Updated 2 years ago
• ReaJason / MemShellParty

  View on GitHub
  一款专注于 Java 主流 Web 中间件的内存马快速生成工具，致力于简化安全研究人员和红队成员的工作流程，提升攻防效率
  ☆1,401Mar 30, 2026Updated last week
• Neo-Maoku / MultiTshProxy

  View on GitHub
  tsh多终端代理通信
  ☆19Feb 26, 2025Updated last year
• vulhub / java-chains

  View on GitHub
  Java Vulnerability Exploitation Platform
  ☆2,027Updated this week
• bfengj / Cloud-Security

  View on GitHub
  记录自己在云安全上的学习笔记等。
  ☆134Sep 18, 2024Updated last year
• ChangeYourWay / Fenrir-CodeAuditTool

  View on GitHub
  Fenrir 是一个基于 MCP 协议与 AST 技术的代码审计工具，旨在解决安全研究与自动化代码审计领域中，面对大规模、结构复杂甚至反编译代码时，传统代码搜索与分析手段效率低、准确性差的问题。
  ☆178Oct 21, 2025Updated 5 months ago
• Y4Sec-Team / mysql-jdbc-tricks

  View on GitHub
  JDBC Attack Tricks
  ☆154Sep 3, 2023Updated 2 years ago
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click and start building anything your business needs.
• X1r0z / JNDIMap

  View on GitHub
  A powerful JNDI injection exploitation framework that supports RMI, LDAP and LDAPS protocols, including various bypass methods for high-v…
  ☆573Feb 4, 2026Updated 2 months ago
• bcvgh / Kingdee_erp_MemShell

  View on GitHub
  金蝶星空云反序列化漏洞内存马
  ☆52Mar 27, 2024Updated 2 years ago
• l3yx / Java-RASP-Research-Env

  View on GitHub
  之前方便自己研究RASP原理和绕过时顺手写的，用于快速启动和重置RASP环境
  ☆71Oct 13, 2024Updated last year
• Zacarx / AICodeScan

  View on GitHub
  一款基于Zjackky/CodeScan的轻量级匹配Sink点并AI审计的代码审计扫描器
  ☆251Feb 13, 2025Updated last year
• Phelaine / SinkFinder

  View on GitHub
  闭源系统半自动漏洞挖掘工具，针对 jar/war/zip 进行静态代码分析，输出从source到sink的可达路径。LLM将验证路径可达性，并根据上下文给出该路径可信分数
  ☆509Jan 12, 2026Updated 2 months ago
• shanshanerxi / Memory-horse

  View on GitHub
  关于内存马的学习研究支持新手从0到1，从内存马原理，内存马植入 内存马检测 到内存马防御与内存马应急以及内存马查杀全系列java内存马/php/.net/c++/python 喜欢可以点个star 后续持续更新
  ☆143Apr 24, 2024Updated last year
• StarfireLab / EFSRPCrpc

  View on GitHub
  利用EFSRPC协议批量探测出网
  ☆67Oct 12, 2023Updated 2 years ago
• Whoopsunix / PPPYSO

  View on GitHub
  proof-of-concept for generating Java deserialization payload | Proxy MemShell
  ☆225Jun 8, 2024Updated last year
• unam4 / java_gadget_flow

  View on GitHub
  一些总结出来的gadget的flow，后续合适和加入新的flow
  ☆68Dec 6, 2025Updated 4 months ago
• End-to-end encrypted email - Proton Mail • Ad
  Special offer: 40% Off Yearly / 80% Off First Month. All Proton services are open source and independently audited for security.
• fdu-sec / JDD

  View on GitHub
  ☆207Oct 27, 2025Updated 5 months ago
• Marven11 / EtherGhost

  View on GitHub
  新一代Webshell管理器，兼容蚁剑与冰蝎的PHP webshell
  ☆673Feb 12, 2026Updated last month
• yulate / tabby-pipeline

  View on GitHub
  用于快速启动tabby 分析漏洞或者gadget的环境
  ☆94Jul 14, 2025Updated 8 months ago
• datouo / CTF-Java-Gadget

  View on GitHub
  CTF-Java-Gadget专注于收集CTF中Java赛题的反序列化片段
  ☆284Dec 13, 2024Updated last year
• keven1z / simpleIAST

  View on GitHub
  simpleIAST- 基于污点追踪的灰盒漏洞扫描工具。
  ☆101Mar 24, 2026Updated 2 weeks ago
• Drun1baby / FineReportExploit

  View on GitHub
  帆软报表漏洞检测工具
  ☆116Jun 10, 2025Updated 9 months ago
• 0x3rhy / BOF-DCOMPotato-PrintNotify

  View on GitHub
  Cobalt Strike Beacon Object File (BOF) that obtain SYSTEM privilege with SeImpersonate privilege by passing a malicious IUnknwon object t…
  ☆13Feb 4, 2024Updated 2 years ago