HXSecurity / DongTai-engine
This repository has been merged into https://github.com/HXSecurity/DongTai. DongTai-engine used to analyze the method data collected by the probe, analyze whether there are vulnerabilities in API requests through the algorithm of taint tracking, and is also responsible for timing tasks, including: expired log cleaning, probe state maintenance, …
☆20Updated 2 years ago
Alternatives and similar repositories for DongTai-engine:
Users that are interested in DongTai-engine are comparing it to the libraries listed below
- 总结了一下2019年在JVM环境中使用XXE攻击的知识☆57Updated 5 years ago
- 基于JVM-Sandbox实现RASP安全监控防护☆52Updated last year
- ☆22Updated 5 years ago
- A Vulnerable Web App written by JavaScript (Vue+Egg)☆12Updated 5 months ago
- A benchmark to evaluate taint analysis☆30Updated 2 years ago
- 利 用agent hock指定的class,在jar运行周期内,用于跟踪被执行的方法,辅助做一些事情,比如挖洞啊☆126Updated 4 years ago
- 基于Java ASM技术和GadgetInspector的原理,尝试实现一个自动Java代码审计工具。目前做到了可控参数分析和数据流跟踪分析☆36Updated 3 years ago
- 个人用于在自动化挖掘gadget时,方便查找gadget chains中class所在jar包,以助于便捷审计测试gadget有效性的那么一个小工具。☆60Updated 5 years ago
- Dongtai-plugin-idea is an IDEA plug-in developed by DongTai team for Java Web application developers. This plug-in provides functions suc…☆27Updated last year
- 总结了免杀webshell的方法论☆48Updated 4 years ago
- HTTP/HTTPS proxy server by golang [high performance version]☆53Updated 4 years ago
- 静态程序分析工具 主要生成方法的CFG和.java文件的AST☆128Updated last year
- SeeCode Scanner 扫描引擎☆2Updated 5 years ago
- notes☆27Updated 2 years ago
- 用于检测gradle项目的第三方依赖组件是否存在安全漏洞。☆24Updated 2 years ago
- 企业级安全智能化实践☆69Updated 3 years ago
- ☆28Updated 4 years ago
- 这个脚本主要提供对pypi供应链的源头进行安全扫描研究,扫描并发现未知的恶意包情况。☆29Updated last year
- S&P2023 Paper☆39Updated 2 years ago
- gosec动态规则修改版☆12Updated 3 years ago
- 超硬核!使用图数据技术发现软件漏洞☆183Updated 3 years ago
- Java层frida hook学习笔记 https://uknowsec.cn☆46Updated 5 years ago
- Personal CodeQL queries☆61Updated last week
- 基于AST的JSONP劫持漏洞自动化挖掘☆93Updated 4 years ago
- ☆41Updated 4 years ago
- Writeup and environment for XCTF2021Final-Dubbo☆44Updated 3 years ago
- JVM runtime class loading protection agent.(JVM类加载保护agent)☆48Updated 4 years ago
- 面向项目版本差异性的漏洞识别技术研究☆14Updated 3 years ago
- Unofficial Dockerfile and scripts for building CodeQL databases for the OpenJDK☆48Updated last year
- Use java instrument API without JAR file☆45Updated 2 years ago