Automatically scan jar packages by using ast to find fastjson gadgets. In particular, this project is limited to mining Gadgets that may be exploited, and screening results need to be excluded by themselves. Looking forward to Fork and Star.
☆49Mar 8, 2022Updated 4 years ago
Alternatives and similar repositories for Fastjson-Gadgets-Automatic-Scanner
Users that are interested in Fastjson-Gadgets-Automatic-Scanner are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- CodeQL 寻找 JNDI利用 Lookup接口☆166Apr 10, 2022Updated 3 years ago
- 用codeql分析grafana最新任意文件读取☆11Dec 10, 2021Updated 4 years ago
- CVE-2022-30525 Zyxel 防火墙命令注入漏洞 POC&EXPC☆12May 28, 2022Updated 3 years ago
- codemillx is a tool for CodeQL, extract the comments in the code and generate codeql module. 强化Go开源项目安全检测(内含开源项目漏洞挖掘方法)☆205Mar 19, 2022Updated 4 years ago
- fastjson不出网利用、c3p0☆256Jul 30, 2021Updated 4 years ago
- Load CLR to get RWX 通过加载clr在自身内存中产生rwx空间☆22Sep 28, 2022Updated 3 years ago
- An improvement over the original Mimikatz wrapper.☆19Aug 11, 2021Updated 4 years ago
- 注入JVM进程 动态获取目标进程连接的数据库☆341Mar 6, 2022Updated 4 years ago
- 在原版nps的基础上,增加了nps探测,以及对应的利用方式(如获取cookie,页面等),进行一些简单的二开。未经过大量测试,可能存在bug。☆21Aug 5, 2025Updated 7 months ago
- ☆143Jan 21, 2021Updated 5 years ago
- 基于dbcp的fastjson rce 回显☆197Jun 28, 2021Updated 4 years ago
- [fastjson 1.2.80] CVE-2022-25845 aspectj fileread & groovy remote classload☆91Sep 2, 2022Updated 3 years ago
- A neo4j procedure for tabby☆137May 17, 2025Updated 10 months ago
- Java XMLDecoder payload generator☆16Jul 27, 2021Updated 4 years ago
- 调用x64dbg中的loadll.exe白加黑示例代码☆65Jun 18, 2024Updated last year
- Java Js Engine Payloads All in one☆291Aug 21, 2023Updated 2 years ago
- ☆835Jun 7, 2022Updated 3 years ago
- 记录学习codeql的过程☆394Jun 9, 2023Updated 2 years ago
- Java应用的一些配置文件字典,来源于公开的字典与平时收集☆320Feb 1, 2024Updated 2 years ago
- Yapi mock script RCE another version. Webshell way. 另一种 Webshell 方式的 Yapi 命令执行的方法 相比于其他的利用方式 更加微操和可控 影响更小☆66Jul 4, 2024Updated last year
- 适用于weblogic和Tomcat的无文件的内存马(memshell)☆270Mar 4, 2022Updated 4 years ago
- CodeQL database manager☆48Apr 16, 2025Updated 11 months ago
- Finding Java gadget chains with CodeQL☆185Jan 14, 2025Updated last year
- 命令行版向日葵RCE漏洞利用工具 / cmd version of sunlogin exploit tool☆15Mar 26, 2022Updated 3 years ago
- CodeQL extractor for java, which don't need to compile java source☆348Nov 25, 2022Updated 3 years ago
- A Go library for generating Java deserialization payloads.☆155Sep 9, 2024Updated last year
- generate facts from bytecode (source is https://github.com/plast-lab/doop-mirror/tree/master/generators)☆23Nov 24, 2024Updated last year
- Oracle Access Manager Unauthenticated Attacker Vulnerability CVE-2021-35587☆42Mar 14, 2022Updated 4 years ago
- JDBC Connection URL Attack☆441Sep 10, 2021Updated 4 years ago
- Attack SQL Server through gopher protocol☆21Nov 22, 2021Updated 4 years ago
- Java反序列化漏洞利用链补全计划,仅用于个人归纳总结。☆420Dec 3, 2021Updated 4 years ago
- RMI 反序列化环境 一步步☆213Aug 31, 2020Updated 5 years ago
- CSAgent 与 GoogleAuth 的缝合体,cobalt strike的破解+otp动态口令的agent☆132Aug 3, 2022Updated 3 years ago
- Magisk burpsuite 证书模块,在安卓10以上通过magisk模块快速安装burpsuite证书☆41Feb 2, 2023Updated 3 years ago
- 用Java agent实现内存马等功能☆198Jul 27, 2023Updated 2 years ago
- springboot跨线程注入内存马☆123Apr 10, 2022Updated 3 years ago
- Redis-Attack By Replication (通过主从复制攻击Redis)☆356Nov 25, 2022Updated 3 years ago
- 域控安全one for all☆736Sep 9, 2024Updated last year
- java内存对象搜索辅助工具☆823Sep 23, 2022Updated 3 years ago