一个专注于 Java Web 特性、配置和 Trick 的安全谜题集合
☆124Dec 24, 2025Updated 5 months ago
Alternatives and similar repositories for Java-Puzzle
Users that are interested in Java-Puzzle are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- 《深入JDBC安全:特殊URL构造与不出网反序列化利用技术揭秘》对应研究总结项目 "Deep Dive into JDBC Security: Special URL Construction and Non-Networked Deserialization Explo…☆591Feb 7, 2026Updated 4 months ago
- Java bytecode line number restoration tool☆143Aug 31, 2025Updated 9 months ago
- A vul-finder for loading CPG and automated finding vul-call-chains☆71Jul 22, 2025Updated 10 months ago
- MySQL_Fake_Server-啄木鸟yso适配版☆44Sep 20, 2024Updated last year
- No One(无名):Next Generation Polyglot Website Manager☆83May 30, 2026Updated last week
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- 一个提供查询 TXT 记录的 DNS 服务利用工具。例如:可配合 Windows 下的 certutil 工具传输小文件(64KB)☆37Dec 31, 2021Updated 4 years ago
- c3p0 new gadget☆28Apr 1, 2025Updated last year
- Java Js Engine Payloads All in one☆292Aug 21, 2023Updated 2 years ago
- 使用 Docker 一键构建 JDK 源码的 CodeQL 数据库,方便使用 CodeQL 查找 JDK 中的数据。☆27May 14, 2025Updated last year
- 利用代理驱动绕过JDBC Attack检测☆145Jun 15, 2025Updated 11 months ago
- ☆247Apr 15, 2026Updated last month
- 使用 agent 实现反序列化 utf8 overlong☆86Apr 24, 2024Updated 2 years ago
- JSFindAPI是一款自动从html页面中获取js链接,并自动访问js提取js中的api路径,然后自动进行api未授权测试的插件,同时也可被动监听,当访问js时自动提取api进行访问,提取api接口主要根据AJAX,XMLHttpRequest,axios,Vue.js等…☆34Oct 20, 2025Updated 7 months ago
- A collection of all the CTF challenges I have made.☆11Aug 24, 2022Updated 3 years ago
- AI Agents on DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- 构造字节在ASCII范围内的jar☆142Feb 14, 2022Updated 4 years ago
- xxljob-Hessian-Exp 一款XXL-JOB <=2.0.1 Hessian反序列化图形化利用工具,可不出网利用��☆36Dec 31, 2024Updated last year
- XxlJob<=2.1.2配置不当情况下反序列化RCE☆123Nov 2, 2020Updated 5 years ago
- 集权利用工具☆167Feb 28, 2025Updated last year
- A Java Route Collection Tool☆102Aug 1, 2024Updated last year
- 黑客神器,谁用谁知道!☆10Jul 10, 2019Updated 6 years ago
- 一款支持自定义的 Java 回显载荷生成工具|A customizable Java echo payload generation tool.☆464Jan 12, 2025Updated last year
- JavaGadgetGenerator 工具,支持 ysoserial,Hessian,字节码,Expr/SSTI,Shiro,JDBC 等 Gadget 生成,封装,混淆,出网延迟探测,内存马注入等...☆571Apr 3, 2026Updated 2 months ago
- Common Exploitation Techniques for Java RCE Vulnerabilities in Real-World Scenarios | 实战场景较通用的 Java Rce 相关漏洞的利用方式☆550Mar 6, 2025Updated last year
- Deploy open-source AI quickly and easily - Special Bonus Offer • AdRunpod Hub is built for open source. One-click deployment and autoscaling endpoints without provisioning your own infrastructure.
- 命令执行写任意文件,主要用于命令执行但不出网情况☆31Sep 9, 2023Updated 2 years ago
- "chanzi" is a simple and user-friendly JAVA SAST tool that utilizes taint analysis technology, includes built-in common vulnerability ru…☆490Feb 1, 2026Updated 4 months ago
- 添加识别与检测异步js逻辑☆24Aug 26, 2025Updated 9 months ago
- JAVA 安全靶场,IAST 测试用例,JAVA漏洞复现,代码审计,SAST测试用例,安全扫描(主动和被动),JAVA漏洞靶场,RASP测试用例 ; Java Security Testbed, IAST Test Cases, Java Vulnerability R…☆288Apr 29, 2026Updated last month
- Hacking GraalVM Espresso - Abusing Continuation API to Make ROP-like Attack☆36Aug 27, 2025Updated 9 months ago
- ☆26Dec 13, 2024Updated last year
- 命令执行不回显但DNS协议出网的命令回显场景解决方案(修改为使用ceye接收请求,添加自定义DNS服务器)☆292Aug 20, 2023Updated 2 years ago
- cve-2022-34169 延伸出的Jdk Xalan的payload自动生成工具,可根据不同的Jdk生成出其所对应的xslt文件☆94Jan 17, 2023Updated 3 years ago
- JavaPassDump☆275Jan 7, 2022Updated 4 years ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- 一款让你不只在dubbo-sample、vulhub或者其他测试环境里检测和利用成功的Apache Dubbo 漏洞检测工具。☆172Aug 9, 2023Updated 2 years ago
- xxl-job内存马☆232Jan 26, 2025Updated last year
- 入侵痕迹清理/Cleaning up traces of intrusion☆249Nov 6, 2024Updated last year
- 抽离出 utf-8-overlong-encoding 的序列化逻辑,实现 2 3 字节加密序列化数组☆141Mar 11, 2024Updated 2 years ago
- 一款专注于 Java 主流 Web 中间件的内存马快速生成工具,致力于简化安全研究人员和红队成员的工作流程,提升攻防效率☆1,500May 30, 2026Updated last week
- JDK CVE-2023-21939☆94Aug 26, 2023Updated 2 years ago
- javaDeserializeLabs☆71Apr 18, 2023Updated 3 years ago