HXSecurity/DongTai-agent-java

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/HXSecurity/DongTai-agent-java)

HXSecurity / DongTai-agent-java

Java Agent is a Java application probe of DongTai IAST, which collects method invocation data during runtime of Java application by dynamic hooks.

☆697

Alternatives and similar repositories for DongTai-agent-java

Users that are interested in DongTai-agent-java are comparing it to the libraries listed below

Sorting:

baidu-security / openrasp-iast
View on GitHub
IAST 灰盒扫描工具
☆447Jul 19, 2022Updated 3 years ago
threedr3am / ZhouYu
View on GitHub
（周瑜）Java - SpringBoot 持久化 WebShell（不仅仅是SpringBoot，适合任何符合JavaEE规范的服务）
☆614Dec 29, 2021Updated 4 years ago
LandGrey / spring-boot-upload-file-lead-to-rce-tricks
View on GitHub
spring boot Fat Jar 任意写文件漏洞到稳定 RCE 利用技巧
☆754Apr 14, 2021Updated 4 years ago
LeadroyaL / fastjson-blacklist
View on GitHub
☆835Jun 7, 2022Updated 3 years ago
tabby-sec / tabby
View on GitHub
A CAT called tabby ( Code Analysis Tool )
☆1,640Jan 17, 2026Updated 2 months ago
feihong-cs / Java-Rce-Echo
View on GitHub
Java RCE 回显测试代码
☆1,015Oct 15, 2020Updated 5 years ago
c0ny1 / java-object-searcher
View on GitHub
java内存对象搜索辅助工具
☆823Sep 23, 2022Updated 3 years ago
LoRexxar / Kunlun-M
View on GitHub
KunLun-M是一个完全开源的静态白盒扫描工具，支持PHP、JavaScript的语义扫描，基础安全、组件安全扫描，Chrome Ext\Solidity的基础扫描。
☆2,379Jan 16, 2026Updated 2 months ago
threedr3am / log-agent
View on GitHub
利用agent hock指定的class，在jar运行周期内，用于跟踪被执行的方法，辅助做一些事情，比如挖洞啊
☆125Jul 17, 2020Updated 5 years ago
HXSecurity / DongTai
View on GitHub
Dongtai IAST is an open-source Interactive Application Security Testing (IAST) tool that enables real-time detection of common vulnerabil…
☆1,316May 22, 2025Updated 9 months ago
threedr3am / learnjavabug
View on GitHub
Java安全相关的漏洞和技术demo，原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security…
☆2,693Mar 14, 2024Updated 2 years ago
wh1t3p1g / ysomap
View on GitHub
A helpful Java Deserialization exploit framework.
☆1,242Feb 17, 2025Updated last year
momosecurity / momo-code-sec-inspector-java
View on GitHub
IDEA静态代码安全审计及漏洞一键修复插件
☆1,049Mar 10, 2022Updated 4 years ago
iceyhexman / flask_memory_shell
View on GitHub
Flask 内存马
☆314Mar 26, 2021Updated 4 years ago
threedr3am / gadgetinspector
View on GitHub
一个利用ASM对字节码进行污点传播分析的静态代码审计应用（添加了大量代码注释，适合大家进行源码学习）。也加入了挖掘Fastjson反序列化gadget chains和SQLInject（JdbcTemplate、MyBatis、JPA、Hibernate、原生jdbc等）静…
☆458Mar 24, 2022Updated 3 years ago
5wimming / gadgetinspector
View on GitHub
利用链、漏洞检测工具
☆373Jul 31, 2024Updated last year
threedr3am / JSP-WebShells
View on GitHub
Collect JSP webshell of various implementation methods. 梳理和发现的JSP Webshell各种姿势
☆1,405Jan 18, 2022Updated 4 years ago
Y4er / fastjson-bypass-autotype-1.2.68
View on GitHub
fastjson bypass autotype 1.2.68 with Throwable and AutoCloseable.
☆229Oct 12, 2022Updated 3 years ago
inbug-team / InScan
View on GitHub
边界打点后的自动化渗透工具
☆1,891Jul 19, 2021Updated 4 years ago
timwhitez / crawlergo_x_XRAY
View on GitHub
360/0Kee-Team/crawlergo动态爬虫结合长亭XRAY扫描器的被动扫描功能
☆1,183Nov 10, 2021Updated 4 years ago
phith0n / JavaThings
View on GitHub
Share Things Related to Java - Java安全漫谈笔记相关内容
☆1,997Apr 9, 2025Updated 11 months ago
keven1z / weblogic_memshell
View on GitHub
适用于weblogic和Tomcat的无文件的内存马(memshell)
☆270Mar 4, 2022Updated 4 years ago
dr0op / shiro-550-with-NoCC
View on GitHub
Shiro-550 不依赖CC链利用工具
☆450Jun 19, 2024Updated last year
JoyChou93 / java-sec-code
View on GitHub
Java web common vulnerabilities and security code which is base on springboot and spring security
☆2,658Dec 2, 2024Updated last year
QAX-A-Team / WeblogicEnvironment
View on GitHub
Weblogic环境搭建工具
☆796Apr 23, 2020Updated 5 years ago
longofo / rmi-jndi-ldap-jrmp-jmx-jms
View on GitHub
rmi、jndi、ldap、jrmp、jmx、jms一些demo测试
☆311Jun 17, 2022Updated 3 years ago
XTeam-Wing / RedTeaming2020
View on GitHub
RedTeaming知识星球2020年安全知识汇总
☆473May 5, 2021Updated 4 years ago
welk1n / JNDI-Injection-Bypass
View on GitHub
Some payloads of JNDI Injection in JDK 1.8.0_191+
☆484Dec 9, 2020Updated 5 years ago
r35tart / RedisWriteFile
View on GitHub
通过 Redis 主从写出无损文件
☆718May 25, 2020Updated 5 years ago
JackOfMostTrades / gadgetinspector
View on GitHub
A byte code analyzer for finding deserialization gadget chains in Java applications
☆1,080Jun 15, 2021Updated 4 years ago
Qianlitp / crawlergo
View on GitHub
A powerful browser crawler for web vulnerability scanners
☆3,020Mar 11, 2025Updated last year
MountCloud / BehinderClientSource
View on GitHub
❄️冰蝎客户端源码-V4.0.6🔞
☆940Jul 8, 2025Updated 8 months ago
bitterzzZZ / MemoryShellLearn
View on GitHub
分享几个直接可用的内存马，记录一下学习过程中看过的文章
☆979Mar 23, 2022Updated 3 years ago
Ramos-dev / graph4code
View on GitHub
超硬核！使用图数据技术发现软件漏洞
☆185Sep 1, 2021Updated 4 years ago
wyzxxz / jndi_tool
View on GitHub
JNDI服务利用工具 RMI/LDAP，支持部分场景回显、内存shell，高版本JDK场景下利用等，fastjson rce命令执行，log4j rce命令执行漏洞检测辅助工具
☆2,014May 21, 2024Updated last year
alipay / ant-application-security-testing-benchmark
View on GitHub
xAST评价体系，让安全工具不再“黑盒”. The xAST evaluation benchmark makes security tools no longer a "black box".
☆467Jan 15, 2026Updated 2 months ago
SummerSec / learning-codeql
View on GitHub
CodeQL Java 全网最全的中文学习资料
☆799Mar 18, 2022Updated 4 years ago
Maskhe / javasec
View on GitHub
自己学习java安全的一些总结，主要是安全审计相关
☆1,695Jan 5, 2022Updated 4 years ago
safe6Sec / CodeqlNote
View on GitHub
Codeql学习笔记
☆899Apr 25, 2022Updated 3 years ago