baidu-security / openrasp-v8
Google V8 with OpenRASP builtins
☆57Updated 3 years ago
Alternatives and similar repositories for openrasp-v8:
Users that are interested in openrasp-v8 are comparing it to the libraries listed below
- 基于JVM-Sandbox�实现RASP安全监控防护☆52Updated last year
- 🌶 一些和容器化/容器编排/服务网格等技术相关的安全代码片段[自用备份]☆80Updated 3 years ago
- 分析验证安全漏洞,仅供学习☆21Updated 4 years ago
- A Java runtime information-gathering tool which uses the Java Attach API for information acquisition☆204Updated 3 years ago
- 超硬核!使用图数据技术发现软件漏洞☆183Updated 3 years ago
- log4j2-vaccine☆85Updated 3 years ago
- Go Agent is a go application probe of DongTai IAST, which collects method invocation data during runtime of Go application by dynamic hoo…☆41Updated last month
- 利用agent hock指定的class,在jar运行周期内,用于跟踪被执行的方法,辅助做一些事情,比如挖洞啊☆126Updated 4 years ago
- 一个针对防御 log4j2 CVE-2021-44228 漏洞的 RASP 工具。 A Runtime Application Self-Protection module specifically designed for log4j2 RCE (CVE-2021-442…☆122Updated 3 years ago
- 基于AST的JSONP劫持漏洞自动化挖掘☆93Updated 4 years ago
- GO开发而成,用于NIDS HIDS 分析的规则引擎,使用WorkerPool 高性能检测,支持多字段 "和" "或" 检测, 支持频率检测☆77Updated last week
- codemillx is a tool for CodeQL, extract the comments in the code and generate codeql module. 强化Go开源项目安全检测(内含开源项目漏洞挖掘方法)☆205Updated 2 years ago
- 用于检测maven项目的第三方依赖组件是否存在安全漏洞。☆103Updated 2 years ago
- Java通用漏洞修复安全组件☆58Updated 7 years ago
- Low-level RASP: Protecting Applications Implemented in High-level Programming Languages☆57Updated last year
- rmi、jndi、ldap、jrmp、jmx、jms一些demo测试☆306Updated 2 years ago
- 总结了免杀webshell的方法论☆48Updated 4 years ago
- a dnslog platform with tornado, less code.☆23Updated 4 years ago
- 《深入理解Semgrep》Finding vulnerabilities with Semgrep.☆44Updated last year
- Demo code for post <Restrictions of JNDI Manipulation RCE & Bypass>☆259Updated 2 years ago
- 一个利用ASM对字节码进行污点传播分析的静态代码审计应用(添加了大量代码注释,适合大家进行源码学习)。也加入了挖掘Fastjson反序列化gadget chains和SQLInject(JdbcTemplate、MyBatis、JPA、Hibernate、原生jdbc等)静…☆446Updated 2 years ago
- tomcat使用了自带session同步功能时,不安全的配置(没有使用EncryptInterceptor)导致存在的反序列化漏洞,通过精心构�造的数据包, 可以对使用了tomcat自带session同步功能的服务器进行攻击。PS:这个不是CVE-2020-9484,9484…☆213Updated 4 years ago
- 《深入理解DAST动态应用程序安全测试》Dynamic Application Security Testing.☆49Updated 2 years ago
- ☆28Updated 4 years ago
- ☆22Updated 5 years ago
- 总结了一下2019年在JVM环境中使用XXE攻击的知识☆57Updated 5 years ago
- 基于亚马逊S3\阿里云OSS\腾讯COS通信隧道的远程管理工具☆320Updated 4 years ago
- TongASDP漏洞测试环境☆34Updated last year
- A simple web platform for WatchAD☆110Updated last year
- 基于Java ASM技术和GadgetInspector的原理,尝试实现一个自动Java代码审计工具。目前做到了可控参数分析和数据流跟踪分析☆36Updated 3 years ago