find-sec-bugs/find-sec-bugs external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

find-sec-bugs/find-sec-bugs

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/find-sec-bugs/find-sec-bugs)

Close

find-sec-bugs / find-sec-bugsView on GitHubMore

• External links
• Readme badge

The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

☆2,412Jun 17, 2025Updated 8 months ago

Alternatives and similar repositories for find-sec-bugs

Users that are interested in find-sec-bugs are comparing it to the libraries listed below

• spotbugs / spotbugs

  View on GitHub
  SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.
  ☆3,828Updated this week
• GrrrDog / Java-Deserialization-Cheat-Sheet

  View on GitHub
  The cheat sheet about Java Deserialization vulnerabilities
  ☆3,167May 26, 2023Updated 2 years ago
• FeeiCN / Cobra

  View on GitHub
  Source Code Security Audit (源代码安全审计)
  ☆3,188Sep 16, 2022Updated 3 years ago
• JoyChou93 / java-sec-code

  View on GitHub
  Java web common vulnerabilities and security code which is base on springboot and spring security
  ☆2,649Dec 2, 2024Updated last year
• JackOfMostTrades / gadgetinspector

  View on GitHub
  A byte code analyzer for finding deserialization gadget chains in Java applications
  ☆1,079Jun 15, 2021Updated 4 years ago
• frohoff / ysoserial

  View on GitHub
  A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
  ☆8,765Dec 4, 2025Updated 3 months ago
• mbechler / marshalsec

  View on GitHub
  ☆3,660Jan 9, 2025Updated last year
• LeadroyaL / fastjson-blacklist

  View on GitHub
  ☆835Jun 7, 2022Updated 3 years ago
• BishopFox / GadgetProbe

  View on GitHub
  Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.
  ☆613Mar 4, 2021Updated 5 years ago
• cujanovic / SSRF-Testing

  View on GitHub
  SSRF (Server Side Request Forgery) testing resources
  ☆2,482Oct 12, 2024Updated last year
• Cryin / JavaID

  View on GitHub
  java source code static code analysis and danger function identify prog
  ☆534Feb 18, 2019Updated 7 years ago
• dependency-check / DependencyCheck

  View on GitHub
  OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependen…
  ☆7,445Updated this week
• LoRexxar / Kunlun-M

  View on GitHub
  KunLun-M是一个完全开源的静态白盒扫描工具，支持PHP、JavaScript的语义扫描，基础安全、组件安全扫描，Chrome Ext\Solidity的基础扫描。
  ☆2,379Jan 16, 2026Updated last month
• threedr3am / gadgetinspector

  View on GitHub
  一个利用ASM对字节码进行污点传播分析的静态代码审计应用（添加了大量代码注释，适合大家进行源码学习）。也加入了挖掘Fastjson反序列化gadget chains和SQLInject（JdbcTemplate、MyBatis、JPA、Hibernate、原生jdbc等）静…
  ☆458Mar 24, 2022Updated 3 years ago
• tabby-sec / tabby

  View on GitHub
  A CAT called tabby ( Code Analysis Tool )
  ☆1,637Jan 17, 2026Updated last month
• pwntester / JRE8u20_RCE_Gadget

  View on GitHub
  JRE8u20_RCE_Gadget
  ☆255Jul 1, 2016Updated 9 years ago
• federicodotta / Java-Deserialization-Scanner

  View on GitHub
  All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities
  ☆799Nov 7, 2021Updated 4 years ago
• threedr3am / learnjavabug

  View on GitHub
  Java安全相关的漏洞和技术demo，原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security…
  ☆2,689Mar 14, 2024Updated last year
• veracode-research / solr-injection

  View on GitHub
  Apache Solr Injection Research
  ☆579Jan 28, 2020Updated 6 years ago
• wh1t3p1g / ysomap

  View on GitHub
  A helpful Java Deserialization exploit framework.
  ☆1,240Feb 17, 2025Updated last year
• pwntester / SerialKillerBypassGadgetCollection

  View on GitHub
  Collection of bypass gadgets to extend and wrap ysoserial payloads
  ☆387Apr 16, 2022Updated 3 years ago
• joaomatosf / jexboss

  View on GitHub
  JexBoss: Jboss (and Java Deserialization Vulnerabilities) verify and EXploitation Tool
  ☆2,514Jan 21, 2020Updated 6 years ago
• dschadow / Java-Web-Security

  View on GitHub
  Java-Web-Security - Sichere Webanwendungen mit Java entwickeln
  ☆220Feb 19, 2026Updated 2 weeks ago
• Cryin / Paper

  View on GitHub
  Web Security Technology & Vulnerability Analysis Whitepapers
  ☆549Jan 1, 2019Updated 7 years ago
• Coalfire-Research / java-deserialization-exploits

  View on GitHub
  A collection of curated Java Deserialization Exploits
  ☆591May 16, 2021Updated 4 years ago
• Lonely-night / fastjson_gadgets_scanner

  View on GitHub
  ☆131Jun 17, 2022Updated 3 years ago
• NickstaDB / BaRMIe

  View on GitHub
  Java RMI enumeration and attack tool.
  ☆743Sep 28, 2017Updated 8 years ago
• NickstaDB / SerializationDumper

  View on GitHub
  A tool to dump Java serialization streams in a more human readable form.
  ☆1,065Jun 21, 2024Updated last year
• baidu / openrasp

  View on GitHub
  🔥Open source RASP solution
  ☆2,953Oct 2, 2025Updated 5 months ago
• Qianlitp / crawlergo

  View on GitHub
  A powerful browser crawler for web vulnerability scanners
  ☆3,016Mar 11, 2025Updated 11 months ago
• c0ny1 / java-object-searcher

  View on GitHub
  java内存对象搜索辅助工具
  ☆823Sep 23, 2022Updated 3 years ago
• baidu-security / openrasp-iast

  View on GitHub
  IAST 灰盒扫描工具
  ☆447Jul 19, 2022Updated 3 years ago
• nccgroup / freddy

  View on GitHub
  Automatically identify deserialisation issues in Java and .NET applications by using active and passive scans
  ☆584Sep 7, 2021Updated 4 years ago
• zsdlove / Hades

  View on GitHub
  Static code auditing system
  ☆467Jan 8, 2021Updated 5 years ago
• momosecurity / momo-code-sec-inspector-java

  View on GitHub
  IDEA静态代码安全审计及漏洞一键修复插件
  ☆1,047Mar 10, 2022Updated 3 years ago
• c0ny1 / FastjsonExploit

  View on GitHub
  Fastjson vulnerability quickly exploits the framework（fastjson漏洞快速利用框架）
  ☆1,389Dec 16, 2022Updated 3 years ago
• ajinabraham / nodejsscan

  View on GitHub
  nodejsscan is a static security code scanner for Node.js applications.
  ☆2,553Oct 10, 2025Updated 4 months ago
• orangetw / awesome-jenkins-rce-2019

  View on GitHub
  There is no pre-auth RCE in Jenkins since May 2017, but this is the one!
  ☆607May 17, 2019Updated 6 years ago
• threedr3am / JSP-WebShells

  View on GitHub
  Collect JSP webshell of various implementation methods. 梳理和发现的JSP Webshell各种姿势
  ☆1,404Jan 18, 2022Updated 4 years ago