cldrn/codeql-queries

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/cldrn/codeql-queries)

cldrn / codeql-queries

My CodeQL queries collection

☆98

Alternatives and similar repositories for codeql-queries

Users that are interested in codeql-queries are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

Sorting:

BeichenDream / Kcon2021Code
View on GitHub
☆275Oct 28, 2021Updated 4 years ago
securingdev / custom-codeql-queries
View on GitHub
Custom / Experimental CodeQL queries
☆37Apr 21, 2022Updated 4 years ago
Marcono1234 / codeql-java-queries
View on GitHub
Personal CodeQL queries
☆66Apr 6, 2026Updated 2 months ago
ice-doom / CodeQLRule
View on GitHub
个人使用CodeQL编写的一些规则
☆181Mar 30, 2022Updated 4 years ago
haby0 / mark
View on GitHub
notes
☆27Oct 10, 2022Updated 3 years ago
Proton VPN Special Offer - Get 70% off • Ad
Special partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
Lucifaer / Joker
View on GitHub
一个Java攻击框架
☆22Nov 27, 2020Updated 5 years ago
pwntester / codeql_grehack_workshop
View on GitHub
GreHack 2021 CodeQL for Java workshop
☆73Nov 19, 2021Updated 4 years ago
threedr3am / gadgetinspector
View on GitHub
一个利用ASM对字节码进行污点传播分析的静态代码审计应用（添加了大量代码注释，适合大家进行源码学习）。也加入了挖掘Fastjson反序列化gadget chains和SQLInject（JdbcTemplate、MyBatis、JPA、Hibernate、原生jdbc等）静…
☆457Mar 24, 2022Updated 4 years ago
safe6Sec / CodeqlNote
View on GitHub
Codeql学习笔记
☆902Apr 25, 2022Updated 4 years ago
SummerSec / learning-codeql
View on GitHub
CodeQL Java 全网最全的中文学习资料
☆800Mar 18, 2022Updated 4 years ago
waderwu / attackRmi
View on GitHub
attackRmi
☆258Oct 14, 2020Updated 5 years ago
ice-doom / codeql_compile
View on GitHub
自动反编译闭源应用，创建codeql数据库
☆320Mar 2, 2022Updated 4 years ago
iSafeBlue / fastjson-autotype-bypass-demo
View on GitHub
fastjson 1.2.68 版本 autotype bypass
☆142Jun 17, 2022Updated 3 years ago
waderwu / extractor-java
View on GitHub
CodeQL extractor for java, which don't need to compile java source
☆347Nov 25, 2022Updated 3 years ago
End-to-end encrypted cloud storage - Proton Drive • Ad
Special offer: 40% Off Yearly / 80% Off First Month. Protect your most important files, photos, and documents from prying eyes.
A-D-Team / attackRmi
View on GitHub
☆231Jan 3, 2022Updated 4 years ago
Dor-Tumarkin / CVE-2021-25641-Proof-of-Concept
View on GitHub
Apache/Alibaba Dubbo <= 2.7.3 PoC Code for CVE-2021-25641 RCE via Deserialization of Untrusted Data; Affects Versions <= 2.7.6 With Diffe…
☆53Jun 6, 2021Updated 5 years ago
j3ssie / codeql-docker
View on GitHub
Ready to use docker image for CodeQL
☆90Jan 10, 2024Updated 2 years ago
LandGrey / spring-boot-upload-file-lead-to-rce-tricks
View on GitHub
spring boot Fat Jar 任意写文件漏洞到稳定 RCE 利用技巧
☆757Apr 14, 2021Updated 5 years ago
opensec-cn / conote-community
View on GitHub
Conote 综合安全测试平台社区版。
☆374Aug 15, 2024Updated last year
githubsatelliteworkshops / codeql
View on GitHub
GitHub Satellite 2020 workshops on finding security vulnerabilities with CodeQL for Java/JavaScript.
☆211Sep 27, 2024Updated last year
phith0n / zkar
View on GitHub
ZKar is a Java serialization protocol analysis tool implement in Go.
☆652Apr 19, 2026Updated last month
KpLi0rn / LearnCompiler
View on GitHub
编译原理学习代码仓库
☆23Jan 17, 2022Updated 4 years ago
c0ny1 / java-object-searcher
View on GitHub
java内存对象搜索辅助工具
☆820Sep 23, 2022Updated 3 years ago
Managed hosting for WordPress and PHP on Cloudways • Ad
Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
threedr3am / tomcat-cluster-session-sync-exp
View on GitHub
tomcat使用了自带session同步功能时，不安全的配置（没有使用EncryptInterceptor）导致存在的反序列化漏洞，通过精心构造的数据包，可以对使用了tomcat自带session同步功能的服务器进行攻击。PS:这个不是CVE-2020-9484，9484…
☆213May 19, 2020Updated 6 years ago
su18 / JDBC-Attack
View on GitHub
JDBC Connection URL Attack
☆451Sep 10, 2021Updated 4 years ago
iceyhexman / flask_memory_shell
View on GitHub
Flask 内存马
☆314Mar 26, 2021Updated 5 years ago
su18 / hack-fastjson-1.2.80
View on GitHub
☆528Sep 16, 2022Updated 3 years ago
5wimming / gadgetinspector
View on GitHub
利用链、漏洞检测工具
☆376Jul 31, 2024Updated last year
kyo-w / router-router
View on GitHub
Java web路由内存分析工具
☆439May 22, 2025Updated last year
A-D-Team / grafanaExp
View on GitHub
A exploit tool for Grafana Unauthorized arbitrary file reading vulnerability (CVE-2021-43798), it can burst plugins / extract secret_key …
☆268Oct 17, 2025Updated 7 months ago
JackOfMostTrades / gadgetinspector
View on GitHub
A byte code analyzer for finding deserialization gadget chains in Java applications
☆1,083Jun 15, 2021Updated 4 years ago
zema1 / ysoserial
View on GitHub
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
☆357Sep 20, 2022Updated 3 years ago
Managed Kubernetes at scale on DigitalOcean • Ad
DigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
boundaryx / cloudrasp-log4j2
View on GitHub
一个针对防御 log4j2 CVE-2021-44228 漏洞的 RASP 工具。 A Runtime Application Self-Protection module specifically designed for log4j2 RCE (CVE-2021-442…
☆125Dec 11, 2021Updated 4 years ago
potats0 / javaSerializationTools
View on GitHub
☆145Jan 21, 2021Updated 5 years ago
synacktiv / QLinspector
View on GitHub
Finding Java gadget chains with CodeQL
☆188Apr 18, 2026Updated last month
Jarijaas / helsec-1103
View on GitHub
☆22Nov 3, 2022Updated 3 years ago
hudangwei / codemillx
View on GitHub
codemillx is a tool for CodeQL, extract the comments in the code and generate codeql module. 强化Go开源项目安全检测(内含开源项目漏洞挖掘方法)
☆205Mar 19, 2022Updated 4 years ago
Marcono1234 / codeql-jdk-docker
View on GitHub
Unofficial Dockerfile and scripts for building CodeQL databases for the OpenJDK
☆49Jan 7, 2024Updated 2 years ago
r0eXpeR / supplier
View on GitHub
主流供应商的一些攻击性漏洞汇总
☆803Nov 8, 2021Updated 4 years ago