The source code of [S&P'25] Detecting Taint-Style Vulnerabilities in Microservice-Structured Web Applications.
☆61Nov 20, 2025Updated 3 months ago
Alternatives and similar repositories for MScan
Users that are interested in MScan are comparing it to the libraries listed below
Sorting:
- The source code of [Sec'25] Make Agent Defeat Agent: Automatic Detection of Taint-Style Vulnerabilities in LLM-based Agents☆53Sep 9, 2025Updated 5 months ago
- nativeRasp that can hook native methods☆24Apr 24, 2023Updated 2 years ago
- SeCrux is a true enterprise-grade security management platform that seamlessly integrates with any form of SAST and SCA scanners, empower…☆203Feb 10, 2026Updated 2 weeks ago
- Tai-e的Web插件☆23Jun 11, 2024Updated last year
- Hacking GraalVM Espresso - Abusing Continuation API to Make ROP-like Attack☆36Aug 27, 2025Updated 6 months ago
- A benchmark for Java gadget chain detecting algorithms.☆15Jun 20, 2025Updated 8 months ago
- The next-generation AI Agent framework driven by Intent Engineering. Move beyond turn-based Function Calling to embrace code-level intent…☆65Jan 11, 2026Updated last month
- 用于快速启动tabby 分析漏洞或者gadget的环境☆94Jul 14, 2025Updated 7 months ago
- Holistic Concolic Execution for Dynamic Web Applications via Symbolic Interpreter Analysis (IEEE S&P 2024)☆13Oct 3, 2024Updated last year
- ☆12May 28, 2021Updated 4 years ago
- 护网杯 2018 WEB (4) easy_laravel☆12Aug 22, 2019Updated 6 years ago
- Code audit (code review) with VIM.☆17Jan 3, 2025Updated last year
- 利用代理驱动绕过JDBC Attack检测☆143Jun 15, 2025Updated 8 months ago
- Hessian UTF-8 Overlong Encoding☆21Mar 9, 2024Updated last year
- A vul-finder for loading CPG and automated finding vul-call-chains☆71Jul 22, 2025Updated 7 months ago
- 用于windows下通过NTFS MFT快速查找文件名中带有敏感词的文件☆44Sep 29, 2025Updated 4 months ago
- Java JDK 8-18 CodeQL databases☆17Jun 2, 2024Updated last year
- payloads☆15Mar 17, 2021Updated 4 years ago
- A Java Route Collection Tool☆102Aug 1, 2024Updated last year
- Topic: The Swiss Army Knife of Java Exploitation☆21Feb 25, 2025Updated last year
- JavaRce complements project - use RASP to prevent vulnerabilities☆24Apr 22, 2024Updated last year
- ☆206Oct 27, 2025Updated 4 months ago
- A containerized Model Context Protocol (MCP) server providing static code analysis using Joern's Code Property Graph (CPG) with support f…☆45Feb 21, 2026Updated last week
- 用来将Tai-e改造为开箱即用的静态代码安全分析框架的一些demo☆37Apr 17, 2024Updated last year
- YuraScanner☆73Feb 13, 2025Updated last year
- generate facts from bytecode (source is https://github.com/plast-lab/doop-mirror/tree/master/generators)☆23Nov 24, 2024Updated last year
- 高版本Fastjson在Java原生反序列化中的利用演示☆26Jan 12, 2025Updated last year
- [USENIX Security '25] My ZIP isn’t your ZIP: Identifying and Exploiting Semantic Gaps Between ZIP Parsers☆38Aug 22, 2025Updated 6 months ago
- Automatically scan jar packages by using ast to find fastjson gadgets. In particular, this project is limited to mining Gadgets that may …☆49Mar 8, 2022Updated 3 years ago
- Java表达式语句生成器☆194Oct 9, 2023Updated 2 years ago
- 使用 Docker 一键构建 JDK 源码的 CodeQL 数据库,方便使用 CodeQL 查找 JDK 中的数据。☆27May 14, 2025Updated 9 months ago
- Java 反序列化学习的实验代码 Java_deserialize_vuln_lab☆87Nov 26, 2018Updated 7 years ago
- ☆20Oct 27, 2020Updated 5 years ago
- oh my soot !☆93Aug 10, 2022Updated 3 years ago
- YASA is an open-source static program analysis project. Its core innovation lies in a unified intermediate representation called UAST, d…☆249Updated this week
- POC for leaking java version through file and ftp protocols☆24Nov 1, 2020Updated 5 years ago
- 一款使用Yaml定义搜索规则来搜索Class的工具☆108Aug 2, 2023Updated 2 years ago
- Testability Tarpits: the Impact of Code Patterns on the Security Testing of Web Applications (NDSS 2022)☆27Feb 14, 2024Updated 2 years ago
- 编译原理学习代码仓库☆23Jan 17, 2022Updated 4 years ago