Zjackky/CodeScan external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

Zjackky/CodeScan

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/Zjackky/CodeScan)

Close

Zjackky / CodeScanView on GitHubMore

• External links
• Readme badge

一款轻量级匹配Sink点的代码审计扫描器，为了帮助红队过程中快速代码审计的小工具

☆409Oct 6, 2024Updated last year

Alternatives and similar repositories for CodeScan

Users that are interested in CodeScan are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• SpringKill-team / CodeAuditAssistant

  View on GitHub
  🔍 CodeAuditAssistant - JetBrains Code Audit Plugin (Beta) ⚡ Deep Call-Chain Tracking | 🚀 Method/Class Search | 🔥 Prebuilt Vuln Sink…
  ☆784Mar 14, 2026Updated 3 weeks ago
• Chanzi-keji / chanzi

  View on GitHub
  "chanzi" is a simple and user-friendly JAVA SAST tool that utilizes taint analysis technology, includes built-in common vulnerability ru…
  ☆484Feb 1, 2026Updated 2 months ago
• ReaJason / MemShellParty

  View on GitHub
  一款专注于 Java 主流 Web 中间件的内存马快速生成工具，致力于简化安全研究人员和红队成员的工作流程，提升攻防效率
  ☆1,401Mar 30, 2026Updated last week
• Lotus6 / JavaGadgetGenerator

  View on GitHub
  JavaGadgetGenerator 工具，支持 ysoserial，Hessian，字节码，Expr/SSTI，Shiro，JDBC 等 Gadget 生成，封装，混淆，出网延迟探测，内存马注入等...
  ☆560Updated this week
• KimJun1010 / inspector

  View on GitHub
  IDEA代码审计辅助插件（深信服深蓝实验室天威战队强力驱动）
  ☆583Mar 10, 2025Updated last year
• End-to-end encrypted email - Proton Mail • Ad
  Special offer: 40% Off Yearly / 80% Off First Month. All Proton services are open source and independently audited for security.
• Phelaine / SinkFinder

  View on GitHub
  闭源系统半自动漏洞挖掘工具，针对 jar/war/zip 进行静态代码分析，输出从source到sink的可达路径。LLM将验证路径可达性，并根据上下文给出该路径可信分数
  ☆509Jan 12, 2026Updated 2 months ago
• novysodope / javaeasyscan

  View on GitHub
  javaeasyscanner - 富婆系列，代码审计辅助工具，致力于解放大脑，方便双手
  ☆278Jun 18, 2024Updated last year
• vulhub / java-chains

  View on GitHub
  Java Vulnerability Exploitation Platform
  ☆2,027Updated this week
• wa1ki0g / NoAuth

  View on GitHub
  java-web 自动化鉴权绕过
  ☆380Apr 3, 2025Updated last year
• leveryd / x-waf

  View on GitHub
  让"WAF绕过"变得简单
  ☆434Jan 26, 2025Updated last year
• DeEpinGh0st / MDUT-Extend-Release

  View on GitHub
  MDUT-Extend(扩展版本)
  ☆907Mar 27, 2026Updated last week
• for-A1kaid / CodeAudit

  View on GitHub
  记录一些代码审计过的源码
  ☆183Feb 26, 2025Updated last year
• yulate / jdbc-tricks

  View on GitHub
  《深入JDBC安全：特殊URL构造与不出网反序列化利用技术揭秘》对应研究总结项目 "Deep Dive into JDBC Security: Special URL Construction and Non-Networked Deserialization Explo…
  ☆575Feb 7, 2026Updated 2 months ago
• ekkoo-z / Z-Godzilla_ekp

  View on GitHub
  哥斯拉webshell管理工具二次开发规避流量检测设备
  ☆1,059Dec 2, 2025Updated 4 months ago
• Virtual machines for every use case on DigitalOcean • Ad
  Get dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
• Lotus6 / ConfluenceMemshell

  View on GitHub
  Confluence CVE 2021，2022，2023 利用工具，支持命令执行，哥斯拉，冰蝎 内存马注入
  ☆557Feb 1, 2024Updated 2 years ago
• c0r1 / BypassPro

  View on GitHub
  AutoBypass403-BurpSuite 插件二开重构，优化执行逻辑
  ☆307Oct 12, 2024Updated last year
• ax1sX / SecurityList

  View on GitHub
  A list for Web Security and Code Audit
  ☆1,229Dec 3, 2024Updated last year
• outlaws-bai / Galaxy

  View on GitHub
  一个想让你测试加密流量像测试明文一样简单高效的 Burp 插件。 A Burp plugin that makes testing encrypted traffic as simple and efficient as testing plaintext.
  ☆1,066Mar 27, 2026Updated last week
• wjlin0 / riverPass

  View on GitHub
  riverPass 是一个用Go编写的瑞数WAF绕过工具。它利用了WebSocket协议，将请求发送的自身浏览器中，从而绕过了瑞数WAF的检测。
  ☆234Oct 18, 2024Updated last year
• lintstar / CS-AutoPostChain

  View on GitHub
  基于 OPSEC 的 CobaltStrike 后渗透自动化链
  ☆453Mar 11, 2024Updated 2 years ago
• jar-analyzer / jar-analyzer

  View on GitHub
  Jar Analyzer - 一个 JAR 包 GUI 分析工具，方法调用关系搜索，方法调用链 DFS 算法分析，模拟 JVM 的污点分析验证 DFS 结果，字符串搜索，Java Web 组件入口分析，CFG 程序分析，JVM 栈帧分析，自定义表达式搜索，紧跟 AI 技术发…
  ☆2,037Apr 2, 2026Updated last week
• cwkiller / JDBC-PROXY-Bypass

  View on GitHub
  利用代理驱动绕过JDBC Attack检测
  ☆144Jun 15, 2025Updated 9 months ago
• Whoopsunix / JavaRce

  View on GitHub
  Common Exploitation Techniques for Java RCE Vulnerabilities in Real-World Scenarios | 实战场景较通用的 Java Rce 相关漏洞的利用方式
  ☆546Mar 6, 2025Updated last year
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
• xsshim / GzWebsocket

  View on GitHub
  哥斯拉webshell管理工具的插件，用于连接websocket型webshell
  ☆181Apr 17, 2024Updated last year
• wh1t3zer / SpringBootVul-GUI

  View on GitHub
  一个半自动化springboot打点工具，内置目前springboot所有漏洞
  ☆779Sep 30, 2025Updated 6 months ago
• bmth666 / Yongyou-Unserialize-plus

  View on GitHub
  用友的一些反序列化链子以及1day，二开了狼组的YongYouNcTool，改了一下逻辑以及poc
  ☆125Oct 12, 2024Updated last year
• X1r0z / JNDIMap

  View on GitHub
  A powerful JNDI injection exploitation framework that supports RMI, LDAP and LDAPS protocols, including various bypass methods for high-v…
  ☆573Feb 4, 2026Updated 2 months ago
• winezer0 / APIFinderPlus

  View on GitHub
  目标是成为当下最完善的API挖掘工具，实现自动提取响应敏感信息、URI信息，并且对URI进行自动|手动递归检查
  ☆257Aug 16, 2025Updated 7 months ago
• 4ra1n / class-obf

  View on GitHub
  一个 CLASS 文件混淆工具，支持方法字段参数名引用分析和重命名混淆，支持字符串提取/AES加密运行时解密/整型异或混淆/垃圾代码花指令混淆/错误注解崩溃/特殊字符迷惑用户/反编译器对抗/方法和字段的隐藏等，配置简单，容易上手
  ☆311Jan 26, 2026Updated 2 months ago
• Hutt0n0 / ActiveMqRCE

  View on GitHub
  用java实现构造openwire协议，利用activeMQ < 5.18.3 RCE 回显利用 内存马注入
  ☆288Nov 20, 2023Updated 2 years ago
• CodeSecurityTeam / frp

  View on GitHub
  基于frp-0.58.1魔改二开，随机化socks5账户密码及端口、钉钉上线下线通知、配置文件oss加密读取、域前置防止溯源、源码替换/编译混淆等
  ☆385Aug 6, 2024Updated last year
• pen4uin / java-memshell-generator

  View on GitHub
  一款支持自定义的 Java 内存马生成工具｜A customizable Java in-memory webshell generation tool.
  ☆2,177Aug 21, 2025Updated 7 months ago
• Wordpress hosting with auto-scaling on Cloudways • Ad
  Fully Managed hosting built for WordPress-powered businesses that need reliable, auto-scalable hosting. Cloudways SafeUpdates now available.
• pykiller / API-T00L

  View on GitHub
  互联网厂商API利用工具。
  ☆569Sep 13, 2024Updated last year
• xiaogang000 / XG_NTAI

  View on GitHub
  用于Webshell木马免杀、流量加密传输，多多支持star
  ☆1,041Jun 27, 2025Updated 9 months ago
• K-7H7l / Jeecg_Tools

  View on GitHub
  本工具为jeecg框架漏洞利用工具非jeecg-boot！
  ☆183Aug 13, 2024Updated last year
• libaibaia / cloudSec

  View on GitHub
  云安全利用工具-云平台AK/SK-WEB利用工具，添加AK/SK自动检测资源，无需手动执行，支持云服务器、存储桶、数据库操作
  ☆588Dec 19, 2024Updated last year
• lemono0 / FastJsonParty

  View on GitHub
  FastJson全版本Docker漏洞环境(涵盖1.2.47/1.2.68/1.2.80等版本)，主要包括JNDI注入及高版本绕过、waf绕过、文件读写、原生反序列化、利用链探测绕过、不出网利用等。从黑盒的角度覆盖FastJson深入利用
  ☆1,195Jul 12, 2024Updated last year
• Marven11 / EtherGhost

  View on GitHub
  新一代Webshell管理器，兼容蚁剑与冰蝎的PHP webshell
  ☆673Feb 12, 2026Updated last month
• RuoJi6 / xxl-job-FLM

  View on GitHub
  xxl-job内存马
  ☆229Jan 26, 2025Updated last year