HXSecurity / DongTai-engine
This repository has been merged into https://github.com/HXSecurity/DongTai. DongTai-engine used to analyze the method data collected by the probe, analyze whether there are vulnerabilities in API requests through the algorithm of taint tracking, and is also responsible for timing tasks, including: expired log cleaning, probe state maintenance, …
☆20Updated 2 years ago
Related projects ⓘ
Alternatives and complementary repositories for DongTai-engine
- A Vulnerable Web App written by JavaScript (Vue+Egg)☆12Updated last week
- 基于JVM-Sandbox实现RASP安全监控防护☆51Updated last year
- ☆22Updated 5 years ago
- 移动安全☆29Updated 4 years ago
- CodeQL中文资料和常见使用解释。Chinese version of Codeql documents☆9Updated 4 years ago
- ☆28Updated 4 years ago
- 这个脚本主要提供对pypi供应链的源头进行安全扫描研究,扫描并发现未知的恶意包情况。☆31Updated last year
- 《深入理解Semgrep》Finding vulnerabilities with Semgrep.☆38Updated last year
- 总结了一下2019年在JVM环境中使用XXE攻击的知识☆57Updated 5 years ago
- 移动安全检测平台,支持Android和iOS应用辅助分析。☆45Updated 4 years ago
- 基于Java ASM技术和GadgetInspector的原理,尝试实现一个自动Java代码审计工具。目前做到了可控参数分析和数据流跟踪分析☆36Updated 3 years ago
- 2018大学生信息安全国赛pwn出题docker☆25Updated 6 years ago
- Java通用漏洞修复安全组件☆58Updated 7 years ago
- 个人用于在自动化挖掘gadget时,方便查找gadget chains中class所在jar包,以助于便捷审计测试gadget有效性的那么一个小工具。☆60Updated 4 years ago
- 利用agent hock指定的class,在jar运行周期内,用于跟踪被执行的方法,辅助做一些事情,比如挖洞啊☆126Updated 4 years ago
- 《深入理解DAST动态应用程序安全测试》Dynamic Application Security Testing.☆47Updated 2 years ago
- A benchmark to evaluate taint analysis☆30Updated 2 years ago
- A js encode/decode simple tool for XSS☆27Updated 4 years ago
- Low-level RASP: Protecting Applications Implemented in High-level Programming Languages☆56Updated last year
- 基于AST的JSONP劫持漏洞自动化挖掘☆94Updated 4 years ago
- vulhub-compose是一款屏蔽docker-compose的命令行工具,目的是降低火线平台社区用户使用vulhub靶场的难度,减少学习docker-compose的时间成本;同时,支持直接安装洞态IAST(原灵芝IAST)到vulhub靶场,用于漏洞复现、漏洞挖掘。☆44Updated 3 years ago
- S&P2023 Paper☆39Updated 2 years ago
- notes☆26Updated 2 years ago
- 静态程序分析工具 主要生成方法的CFG和.java文件的AST☆126Updated last year
- JAVA IAST Example☆46Updated 2 years ago
- 一个针对防御 log4j2 CVE-2021-44228 漏洞的 RASP 工具。 A Runtime Application Self-Protection module specifically designed for log4j2 RCE (CVE-2021-442…☆122Updated 2 years ago
- Log4j 漏洞本地检测脚本。 Scan all java processes on your host to check whether it's affected by log4j2 remote code execution vulnerability (CVE-20…☆85Updated 2 years ago
- Java 反序列化学习的实验代码 Java_deserialize_vuln_lab☆87Updated 5 years ago