cwkiller/Java-Puzzle external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

cwkiller/Java-Puzzle

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/cwkiller/Java-Puzzle)

Close

cwkiller / Java-PuzzleView on GitHubMore

• External links
• Readme badge

一个专注于 Java Web 特性、配置和 Trick 的安全谜题集合

☆123Dec 24, 2025Updated 3 months ago

Alternatives and similar repositories for Java-Puzzle

Users that are interested in Java-Puzzle are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• yulate / jdbc-tricks

  View on GitHub
  《深入JDBC安全：特殊URL构造与不出网反序列化利用技术揭秘》对应研究总结项目 "Deep Dive into JDBC Security: Special URL Construction and Non-Networked Deserialization Explo…
  ☆575Feb 7, 2026Updated 2 months ago
• cwkiller / ClassLinefix

  View on GitHub
  Java bytecode line number restoration tool
  ☆139Aug 31, 2025Updated 7 months ago
• tabby-sec / tabby-vul-finder

  View on GitHub
  A vul-finder for loading CPG and automated finding vul-call-chains
  ☆72Jul 22, 2025Updated 8 months ago
• 1ucky7 / MySQL_Fake_Server_for_woodpecker_yso

  View on GitHub
  MySQL_Fake_Server-啄木鸟yso适配版
  ☆45Sep 20, 2024Updated last year
• ReaJason / No-One

  View on GitHub
  No One（无名）：Next Generation Polyglot Website Manager
  ☆82Mar 26, 2026Updated 2 weeks ago
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click and start building anything your business needs.
• vaycore / DNStxt-exp

  View on GitHub
  一个提供查询 TXT 记录的 DNS 服务利用工具。例如：可配合 Windows 下的 certutil 工具传输小文件（64KB）
  ☆38Dec 31, 2021Updated 4 years ago
• unam4 / c3p0explore

  View on GitHub
  c3p0 new gadget
  ☆28Apr 1, 2025Updated last year
• yzddmr6 / Java-Js-Engine-Payloads

  View on GitHub
  Java Js Engine Payloads All in one
  ☆291Aug 21, 2023Updated 2 years ago
• h3h3qaq / JDK-CodeQLDB-Builder

  View on GitHub
  使用 Docker 一键构建 JDK 源码的 CodeQL 数据库，方便使用 CodeQL 查找 JDK 中的数据。
  ☆27May 14, 2025Updated 10 months ago
• cwkiller / JDBC-PROXY-Bypass

  View on GitHub
  利用代理驱动绕过JDBC Attack检测
  ☆144Jun 15, 2025Updated 9 months ago
• kezibei / fastjson_payload

  View on GitHub
  ☆244Feb 28, 2026Updated last month
• h00klod0er / JSFindAPI

  View on GitHub
  JSFindAPI是一款自动从html页面中获取js链接，并自动访问js提取js中的api路径，然后自动进行api未授权测试的插件，同时也可被动监听，当访问js时自动提取api进行访问，提取api接口主要根据AJAX，XMLHttpRequest，axios，Vue.js等…
  ☆30Oct 20, 2025Updated 5 months ago
• Ar3h / utf8-overlong-agent

  View on GitHub
  使用 agent 实现反序列化 utf8 overlong
  ☆84Apr 24, 2024Updated last year
• AFKL1919 / CTF-Challenges

  View on GitHub
  A collection of all the CTF challenges I have made.
  ☆11Aug 24, 2022Updated 3 years ago
• Wordpress hosting with auto-scaling on Cloudways • Ad
  Fully Managed hosting built for WordPress-powered businesses that need reliable, auto-scalable hosting. Cloudways SafeUpdates now available.
• c0ny1 / ascii-jar

  View on GitHub
  构造字节在ASCII范围内的jar
  ☆140Feb 14, 2022Updated 4 years ago
• h00klod0er / xxljob-Hessian-Exp

  View on GitHub
  xxljob-Hessian-Exp 一款XXL-JOB <=2.0.1 Hessian反序列化图形化利用工具，可不出网利用
  ☆36Dec 31, 2024Updated last year
• OneSourceCat / XxlJob-Hessian-RCE

  View on GitHub
  XxlJob<=2.1.2配置不当情况下反序列化RCE
  ☆121Nov 2, 2020Updated 5 years ago
• myzxcg / NoNameExploit

  View on GitHub
  集权利用工具
  ☆166Feb 28, 2025Updated last year
• ax1sX / RouteCheck-Alpha

  View on GitHub
  A Java Route Collection Tool
  ☆102Aug 1, 2024Updated last year
• AntSword-Store / as_plugin_godofhacker

  View on GitHub
  黑客神器，谁用谁知道！
  ☆10Jul 10, 2019Updated 6 years ago
• pen4uin / java-echo-generator

  View on GitHub
  一款支持自定义的 Java 回显载荷生成工具｜A customizable Java echo payload generation tool.
  ☆462Jan 12, 2025Updated last year
• Lotus6 / JavaGadgetGenerator

  View on GitHub
  JavaGadgetGenerator 工具，支持 ysoserial，Hessian，字节码，Expr/SSTI，Shiro，JDBC 等 Gadget 生成，封装，混淆，出网延迟探测，内存马注入等...
  ☆560Updated this week
• Whoopsunix / JavaRce

  View on GitHub
  Common Exploitation Techniques for Java RCE Vulnerabilities in Real-World Scenarios | 实战场景较通用的 Java Rce 相关漏洞的利用方式
  ☆546Mar 6, 2025Updated last year
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
• Ar3h / putter

  View on GitHub
  命令执行写任意文件，主要用于命令执行但不出网情况
  ☆31Sep 9, 2023Updated 2 years ago
• Chanzi-keji / chanzi

  View on GitHub
  "chanzi" is a simple and user-friendly JAVA SAST tool that utilizes taint analysis technology, includes built-in common vulnerability ru…
  ☆484Feb 1, 2026Updated 2 months ago
• lokerxx / JavaVul

  View on GitHub
  JAVA 安全靶场，IAST 测试用例，JAVA漏洞复现，代码审计，SAST测试用例，安全扫描（主动和被动），JAVA漏洞靶场，RASP测试用例 ； Java Security Testbed, IAST Test Cases, Java Vulnerability R…
  ☆278Mar 24, 2026Updated 2 weeks ago
• TFour123 / findsomething_plus

  View on GitHub
  添加识别与检测异步js逻辑
  ☆23Aug 26, 2025Updated 7 months ago
• X1r0z / hacking-espresso

  View on GitHub
  Hacking GraalVM Espresso - Abusing Continuation API to Make ROP-like Attack
  ☆36Aug 27, 2025Updated 7 months ago
• nex121 / RuoyiGui

  View on GitHub
  ☆26Dec 13, 2024Updated last year
• A0WaQ4 / HexDnsEchoT

  View on GitHub
  命令执行不回显但DNS协议出网的命令回显场景解决方案（修改为使用ceye接收请求，添加自定义DNS服务器）
  ☆293Aug 20, 2023Updated 2 years ago
• flowerwind / AutoGenerateXalanPayload

  View on GitHub
  cve-2022-34169 延伸出的Jdk Xalan的payload自动生成工具，可根据不同的Jdk生成出其所对应的xslt文件
  ☆93Jan 17, 2023Updated 3 years ago
• corener / JavaPassDump

  View on GitHub
  JavaPassDump
  ☆275Jan 7, 2022Updated 4 years ago
• Wordpress hosting with auto-scaling on Cloudways • Ad
  Fully Managed hosting built for WordPress-powered businesses that need reliable, auto-scalable hosting. Cloudways SafeUpdates now available.
• YYHYlh / Dubbo-Scan

  View on GitHub
  一款让你不只在dubbo-sample、vulhub或者其他测试环境里检测和利用成功的Apache Dubbo 漏洞检测工具。
  ☆171Aug 9, 2023Updated 2 years ago
• RuoJi6 / xxl-job-FLM

  View on GitHub
  xxl-job内存马
  ☆229Jan 26, 2025Updated last year
• Symph0nia / Coda

  View on GitHub
  入侵痕迹清理/Cleaning up traces of intrusion
  ☆247Nov 6, 2024Updated last year
• ReaJason / MemShellParty

  View on GitHub
  一款专注于 Java 主流 Web 中间件的内存马快速生成工具，致力于简化安全研究人员和红队成员的工作流程，提升攻防效率
  ☆1,401Mar 30, 2026Updated last week
• Y0n3er / CTF-Java

  View on GitHub
  ☆53Dec 8, 2025Updated 4 months ago
• Whoopsunix / utf-8-overlong-encoding

  View on GitHub
  抽离出 utf-8-overlong-encoding 的序列化逻辑，实现 2 3 字节加密序列化数组
  ☆140Mar 11, 2024Updated 2 years ago
• Y4Sec-Team / CVE-2023-21939

  View on GitHub
  JDK CVE-2023-21939
  ☆94Aug 26, 2023Updated 2 years ago