HXSecurity / DongTai-engineLinks
 This repository has been merged into https://github.com/HXSecurity/DongTai. DongTai-engine used to analyze the method data collected by the probe, analyze whether there are vulnerabilities in API requests through the algorithm of taint tracking, and is also responsible for timing tasks, including: expired log cleaning, probe state maintenance, …
☆20Updated 3 years ago
Alternatives and similar repositories for DongTai-engine
Users that are interested in DongTai-engine are comparing it to the libraries listed below
Sorting:
- A Vulnerable Web App written by JavaScript (Vue+Egg)☆12Updated last year
- 超硬核!使用图数据技术发现软件漏洞☆185Updated 4 years ago
- ☆22Updated 6 years ago
- 基于JVM-Sandbox实现RASP安全监控防护☆52Updated 2 years ago
- 静态分析及代码审计自动化相关资料收集☆296Updated 3 years ago
- A benchmark to evaluate taint analysis☆28Updated 3 years ago
- Personal CodeQL queries☆63Updated last month
- browser_vuln_check ,利用已知的浏览器漏洞PoC 来快速检测Webview 和浏览器环境是否存在安全漏洞,只需要访问run.html 即可获取所有扫描结果,适用场景包含:APP 发布之前的内部安全测试,第三方Webview 漏洞检测等(browser_vu…☆118Updated 8 years ago
- ☆35Updated 6 years ago
- 2018大学生信息安全国赛pwn出题docker☆26Updated 7 years ago
- CVE exploits for Web, Windows, Linux and others are independently written by Zhuri Lab☆46Updated 4 years ago
- 基于Java ASM技术和GadgetInspector的原理,尝试实现一个自动Java代码审计工具。目前做到了可控参数分析和数据流跟踪分析☆37Updated 4 years ago
- ☆78Updated 5 years ago
- Fuzzing dictionaries for afl-fuzz/LibFuzzer☆90Updated 4 years ago
- 总结了一下2019年在JVM环境中使用XXE攻击的知识☆58Updated 6 years ago
- 企业级安全智能化实践☆69Updated 3 years ago
- A declarative static analysis tool for jvm bytecode based Datalog like CodeQL☆342Updated last year
- 这个脚本主要提供对pypi供应链的源头进行安全扫描研究,扫描并发现未知的恶意包情况。☆28Updated 2 years ago
- Taint analysis implementation based on Heros and Soot☆45Updated last year
- ☆28Updated 5 years ago
- S&P2023 Paper☆39Updated 3 years ago
- ☆131Updated 3 years ago
- Browser Fuzz Summarize / 浏览器模糊测试综述☆142Updated 5 years ago
- Corax for Java: A general static analysis framework for java code checking.☆253Updated 10 months ago
- ☆151Updated 6 years ago
- A curated list of audit rules which extract from Source Code Auditing tools.☆15Updated 5 years ago
- A Java runtime information-gathering tool which uses the Java Attach API for information acquisition☆203Updated 4 years ago
- 一个利用ASM对字节码进行污点传播分析的静态代码审计应用(添加了大量代码注释 ,适合大家进行源码学习)。也加入了挖掘Fastjson反序列化gadget chains和SQLInject(JdbcTemplate、MyBatis、JPA、Hibernate、原生jdbc等)静…☆454Updated 3 years ago
- Low-level RASP: Protecting Applications Implemented in High-level Programming Languages☆68Updated last week
- Detecting Flow of Sensitive Data in Mini-Programs with Static Taint Analysis☆78Updated last year