fergarrui / custom-bytecode-analyzerLinks
Java bytecode analyzer customizable via JSON rules
☆74Updated 7 years ago
Alternatives and similar repositories for custom-bytecode-analyzer
Users that are interested in custom-bytecode-analyzer are comparing it to the libraries listed below
Sorting:
- Primitive tool for exploring/querying Java classes via the Tinkerpop Gremlin graph traversal language☆107Updated 9 years ago
- Java bytecode analysis/deobfuscation tool☆197Updated 7 years ago
- Fake currentTimeMillis() without class loader hacks☆119Updated 4 years ago
- Deprecated: Please visit https://github.com/github/codeql instead.☆81Updated 3 years ago
- Demonstrate how usage of the Java Security Manager can prevent Remote Code Execution (RCE) exploits.☆26Updated last year
- A static analysis API for finding deserialization attack gadgets☆38Updated 2 years ago
- ☆133Updated 9 years ago
- Identify vulnerable libraries in Maven dependencies☆46Updated 2 years ago
- Java Agent which mitigates deserialisation attacks by making certain classes unserializable☆188Updated 9 years ago
- Java taint propagation for java. Define tainted sources, sanitizer methods and sinks via aspects.☆28Updated 6 years ago
- A tiny Java agent that blocks attacks against unsafe deserialization☆85Updated 7 years ago
- A practical tool for bytecode manipulation and creating Managed Code Rootkits (MCRs) in the Java Runtime Environment☆58Updated 5 years ago
- An example project that exploits the default typing issue in Jackson-databind via Spring application contexts and expressions☆123Updated 7 years ago
- JavaPayload is a collection of pure Java payloads to be used for post-exploitation from pure Java exploits or from common misconfiguratio…☆123Updated 6 months ago
- Proof of concept exploit, showing how to do bytecode injection through untrusted deserialization with Spring Framework 4.2.4☆116Updated 6 years ago
- some example ctf writeups☆27Updated 4 years ago
- Proof of concept showing how java byte code can be injected through InitialContext.lookup() calls☆42Updated 9 years ago
- Binary rewriting approach with fork server support to fuzz Java applications with afl-fuzz.☆91Updated 7 years ago
- Plume is a code representation benchmarking library with options to extract the AST from Java bytecode and store the result in various gr…☆74Updated 9 months ago
- Snowflake is a tool for exploiting randomness vulnerabilities by seed recovery attacks targetting the rand() and mt_rand() generators in …☆83Updated 8 years ago
- ☆154Updated last year
- Learn binary exploitation from angelboy's hitcon-training☆37Updated 7 years ago
- Marvin static analyzer is an Android application vulnerability scanner. The framework uses androguard and Static Android Analysis Framewo…☆68Updated 6 years ago
- ☆84Updated 8 years ago
- A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.☆12Updated 9 years ago
- Spring messaging STOMP protocol RCE☆113Updated 7 years ago
- PoC exploit for CVE-2018-11235 allowing RCE on git clone --recurse-submodules☆49Updated 4 years ago
- A Modular Android Fuzzing Toolkit☆29Updated 9 years ago
- Codyze is a static analyzer for Java, C, C++ based on code property graphs☆88Updated 6 months ago
- A Java serializer in JavaScript☆81Updated 7 years ago