H3rmesk1t/Fastjson-Gadgets-Automatic-Scanner external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

H3rmesk1t/Fastjson-Gadgets-Automatic-Scanner

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/H3rmesk1t/Fastjson-Gadgets-Automatic-Scanner)

Close

H3rmesk1t / Fastjson-Gadgets-Automatic-ScannerView on GitHubMore

• External links
• Readme badge

Automatically scan jar packages by using ast to find fastjson gadgets. In particular, this project is limited to mining Gadgets that may be exploited, and screening results need to be excluded by themselves. Looking forward to Fork and Star.

☆49Mar 8, 2022Updated 4 years ago

Alternatives and similar repositories for Fastjson-Gadgets-Automatic-Scanner

Users that are interested in Fastjson-Gadgets-Automatic-Scanner are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• SummerSec / LookupInterface

  View on GitHub
  CodeQL 寻找 JNDI利用 Lookup接口
  ☆166Apr 10, 2022Updated 4 years ago
• Y4tacker / CodeqlLearn

  View on GitHub
  记录学习codeql的过程
  ☆10Jan 27, 2022Updated 4 years ago
• safe6Sec / codeql-grafana

  View on GitHub
  用codeql分析grafana最新任意文件读取
  ☆11Dec 10, 2021Updated 4 years ago
• west9b / CVE-2022-30525

  View on GitHub
  CVE-2022-30525 Zyxel 防火墙命令注入漏洞 POC&EXPC
  ☆12May 28, 2022Updated 3 years ago
• hudangwei / codemillx

  View on GitHub
  codemillx is a tool for CodeQL, extract the comments in the code and generate codeql module. 强化Go开源项目安全检测(内含开源项目漏洞挖掘方法)
  ☆206Mar 19, 2022Updated 4 years ago
• GPU virtual machines on DigitalOcean Gradient AI • Ad
  Get to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
• depycode / fastjson-c3p0

  View on GitHub
  fastjson不出网利用、c3p0
  ☆257Jul 30, 2021Updated 4 years ago
• timwhitez / CLR-RWX

  View on GitHub
  Load CLR to get RWX 通过加载clr在自身内存中产生rwx空间
  ☆22Sep 28, 2022Updated 3 years ago
• wheelerlaw / go-mimikatz

  View on GitHub
  An improvement over the original Mimikatz wrapper.
  ☆19Aug 11, 2021Updated 4 years ago
• BeichenDream / InjectJDBC

  View on GitHub
  注入JVM进程 动态获取目标进程连接的数据库
  ☆343Mar 6, 2022Updated 4 years ago
• TryGOTry / Debug-Nps

  View on GitHub
  在原版nps的基础上，增加了nps探测，以及对应的利用方式（如获取cookie，页面等），进行一些简单的二开。未经过大量测试，可能存在bug。
  ☆21Aug 5, 2025Updated 9 months ago
• potats0 / javaSerializationTools

  View on GitHub
  ☆145Jan 21, 2021Updated 5 years ago
• depycode / fastjson-local-echo

  View on GitHub
  基于dbcp的fastjson rce 回显
  ☆197Jun 28, 2021Updated 4 years ago
• hosch3n / FastjsonVulns

  View on GitHub
  [fastjson 1.2.80] CVE-2022-25845 aspectj fileread & groovy remote classload
  ☆91Sep 2, 2022Updated 3 years ago
• tabby-sec / tabby-path-finder

  View on GitHub
  A neo4j procedure for tabby
  ☆137May 17, 2025Updated 11 months ago
• Wordpress hosting with auto-scaling - Free Trial Offer • Ad
  Fully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
• woodpecker-appstore / xmldecoder-payload-generator

  View on GitHub
  Java XMLDecoder payload generator
  ☆16Jul 27, 2021Updated 4 years ago
• Rvn0xsy / Invoke-x64dbg-loaddll

  View on GitHub
  调用x64dbg中的loadll.exe白加黑示例代码
  ☆65Jun 18, 2024Updated last year
• yzddmr6 / Java-Js-Engine-Payloads

  View on GitHub
  Java Js Engine Payloads All in one
  ☆291Aug 21, 2023Updated 2 years ago
• LeadroyaL / fastjson-blacklist

  View on GitHub
  ☆835Jun 7, 2022Updated 3 years ago
• Esonhugh / yapi-rce-webshell

  View on GitHub
  Yapi mock script RCE another version. Webshell way. 另一种 Webshell 方式的 Yapi 命令执行的方法 相比于其他的利用方式 更加微操和可控 影响更小
  ☆66Jul 4, 2024Updated last year
• f0ng / JavaFileDict

  View on GitHub
  Java应用的一些配置文件字典，来源于公开的字典与平时收集
  ☆321Feb 1, 2024Updated 2 years ago
• Firebasky / CodeqlLearn

  View on GitHub
  记录学习codeql的过程
  ☆396Jun 9, 2023Updated 2 years ago
• keven1z / weblogic_memshell

  View on GitHub
  适用于weblogic和Tomcat的无文件的内存马(memshell)
  ☆271Mar 4, 2022Updated 4 years ago
• GitHubSecurityLab / gh-qldb

  View on GitHub
  CodeQL database manager
  ☆49Apr 16, 2025Updated last year
• AI Agents on DigitalOcean Gradient AI Platform • Ad
  Build production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
• theLSA / sunlogin-exp-cmd

  View on GitHub
  命令行版向日葵RCE漏洞利用工具 / cmd version of sunlogin exploit tool
  ☆15Mar 26, 2022Updated 4 years ago
• waderwu / extractor-java

  View on GitHub
  CodeQL extractor for java, which don't need to compile java source
  ☆347Nov 25, 2022Updated 3 years ago
• synacktiv / QLinspector

  View on GitHub
  Finding Java gadget chains with CodeQL
  ☆188Apr 18, 2026Updated 2 weeks ago
• qi4L / Ysoserial-go

  View on GitHub
  A Go library for generating Java deserialization payloads.
  ☆155Sep 9, 2024Updated last year
• BytecodeDL / soot-fact-generator

  View on GitHub
  generate facts from bytecode (source is https://github.com/plast-lab/doop-mirror/tree/master/generators)
  ☆23Nov 24, 2024Updated last year
• ZZ-SOCMAP / CVE-2021-35587

  View on GitHub
  Oracle Access Manager Unauthenticated Attacker Vulnerability CVE-2021-35587
  ☆42Mar 14, 2022Updated 4 years ago
• su18 / JDBC-Attack

  View on GitHub
  JDBC Connection URL Attack
  ☆448Sep 10, 2021Updated 4 years ago
• hack2fun / gopher_attack_mssql

  View on GitHub
  Attack SQL Server through gopher protocol
  ☆21Nov 22, 2021Updated 4 years ago
• fynch3r / Gadgets

  View on GitHub
  Java反序列化漏洞利用链补全计划，仅用于个人归纳总结。
  ☆420Dec 3, 2021Updated 4 years ago
• End-to-end encrypted email - Proton Mail • Ad
  Special offer: 40% Off Yearly / 80% Off First Month. All Proton services are open source and independently audited for security.
• lalajun / RMIDeserialize

  View on GitHub
  RMI 反序列化环境 一步步
  ☆213Aug 31, 2020Updated 5 years ago
• lovechoudoufu / GoogleCSAgent_cdf

  View on GitHub
  CSAgent 与 GoogleAuth 的缝合体，cobalt strike的破解+otp动态口令的agent
  ☆133Aug 3, 2022Updated 3 years ago
• ethushiroha / JavaAgentTools

  View on GitHub
  用Java agent实现内存马等功能
  ☆201Jul 27, 2023Updated 2 years ago
• r1is / Magisk_burpsuite_cert

  View on GitHub
  Magisk burpsuite 证书模块，在安卓10以上通过magisk模块快速安装burpsuite证书
  ☆41Feb 2, 2023Updated 3 years ago
• passer-W / snakeyaml-memshell

  View on GitHub
  springboot跨线程注入内存马
  ☆123Apr 10, 2022Updated 4 years ago
• 0671 / RabR

  View on GitHub
  Redis-Attack By Replication (通过主从复制攻击Redis)
  ☆360Nov 25, 2022Updated 3 years ago
• JDArmy / DCSec

  View on GitHub
  域控安全one for all
  ☆739Sep 9, 2024Updated last year