Java Security Documents
☆81Sep 19, 2019Updated 6 years ago
Alternatives and similar repositories for Java-Security
Users that are interested in Java-Security are comparing it to the libraries listed below
Sorting:
- 几条关于CVE-2020-15148(yii2反序列化)的绕过☆75Sep 21, 2020Updated 5 years ago
- attackRmi☆258Oct 14, 2020Updated 5 years ago
- MySQL JDBC Deserialization Payload / MySQL客户端jdbc反序列化漏洞payload☆13Feb 8, 2020Updated 6 years ago
- ☆131Jun 17, 2022Updated 3 years ago
- Slides/Demos from the BSides Munich 2019 talk "Attacking Java RMI in 2019"☆101Sep 20, 2019Updated 6 years ago
- CVE-2019-2725 命令回显☆436May 8, 2023Updated 2 years ago
- LANGZI_SRC_安全巡航 是一款集成漏扫,验证,资产监控,自动复现并且生成结果表报的工具,实现初衷是为了帮助白帽子在SRC中节约时间成本的自动化工具。☆14Jul 7, 2019Updated 6 years ago
- Exploitation Script for CVE-2020-0688 "Microsoft Exchange default MachineKeySection deserialize vulnerability"☆11Apr 1, 2020Updated 5 years ago
- ☆835Jun 7, 2022Updated 3 years ago
- Weblogic coherence.jar RCE☆176May 10, 2020Updated 5 years ago
- A blind XXE injection callback handler. Uses HTTP and FTP to extract information. Originally written in Ruby by ONsec-Lab.☆518Jul 29, 2020Updated 5 years ago
- 一个利用ASM对字节码进行污点传播分析的静态代码审计应用(添加了大量代码注释,适合大家进行源码学习)。也加入了挖掘Fastjson反序列化gadget chains和SQLInject(JdbcTemplate、MyBatis、JPA、Hibernate、原生jdbc等)静…☆458Mar 24, 2022Updated 3 years ago
- RCE on Apache Solr using deserialization of untrusted data via jmx.serviceUrl☆210Mar 10, 2019Updated 7 years ago
- 绕过专业工具检测的Webshell研究文章和免杀的Webshell☆1,733Nov 15, 2020Updated 5 years ago
- PoC exploit for VMware Cloud Director RCE (CVE-2020-3956)☆89Jun 2, 2020Updated 5 years ago
- win内网_域控安全☆364May 14, 2019Updated 6 years ago
- ☆153Jun 24, 2019Updated 6 years ago
- ☆143Jan 21, 2021Updated 5 years ago
- dynamic crawler for web vulnerability scanner☆252Updated this week
- ssrf、ssrfIntranetFuzz、dnsRebinding、recordEncode、dnsPoisoning、Support ipv4/ipv6☆217Aug 17, 2017Updated 8 years ago
- (周瑜)Java - SpringBoot 持久化 WebShell(不仅仅是SpringBoot,适合任何符合JavaEE规范的服务)☆614Dec 29, 2021Updated 4 years ago
- JCE - JSP/JPSX CodeEncode - 用于 Webshell 逃避静态查杀的辅助脚本☆258Oct 29, 2021Updated 4 years ago
- A fake JDBC driver that allows OS command execution.☆125Oct 2, 2022Updated 3 years ago
- A Java runtime information-gathering tool which uses the Java Attach API for information acquisition☆204Apr 26, 2021Updated 4 years ago
- Java-Web-Security - Sichere Webanwendungen mit Java entwickeln☆221Updated this week
- a webshell resides in the memory of java web server☆700Jun 26, 2018Updated 7 years ago
- 一个各种方式突破Disable_functions达到命令执行的shell☆1,198Oct 17, 2023Updated 2 years ago
- MySQL Fake Server use to help MySQL Client File Reading and JDBC Client Java Deserialize☆1,362Nov 18, 2021Updated 4 years ago
- a simple tool to detect potential security threat in php code☆316Sep 9, 2024Updated last year
- Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.☆612Mar 4, 2021Updated 5 years ago
- 记录个人XSS学习☆105Oct 12, 2020Updated 5 years ago
- Collect JSP webshell of various implementation methods. 梳理和发现的JSP Webshell各种姿势☆1,405Jan 18, 2022Updated 4 years ago
- 用于辅助安全工程师漏洞挖掘、测试、复现,集合了mock、httplog、dns tools、xss,可用于测试各类无回显、无法直观判断或特定场景下的漏洞。☆866Jul 21, 2019Updated 6 years ago
- 🌶 一些和容器化/容器编排/服务网格等技术相关的安全代码片段[自用备份]☆81Jul 23, 2021Updated 4 years ago
- CMS和中间件指纹库☆399Apr 30, 2019Updated 6 years ago
- ☆146Jun 20, 2018Updated 7 years ago
- The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.☆19Apr 9, 2018Updated 7 years ago
- 本项目是一篇NTLM中高级进阶进阶文章,后续我也会在Github和Gitbook对此文进行持续性的更新NTLM以及常见的协议中高级进阶并计划开源部分协议调试工具,望各位issue勘误。☆113Jul 10, 2020Updated 5 years ago
- ☆10Jul 5, 2020Updated 5 years ago