haby0/sec-note external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

haby0/sec-note

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/haby0/sec-note)

Close

haby0 / sec-noteView on GitHubMore

• External links
• Readme badge

记录各语言、框架中危险的sink，个人代码审计、漏洞研究使用。

☆117Dec 30, 2021Updated 4 years ago

Alternatives and similar repositories for sec-note

Users that are interested in sec-note are comparing it to the libraries listed below

• SafeGroceryStore / Caesar

  View on GitHub
  一个全新的敏感文件发现工具
  ☆270Jan 5, 2021Updated 5 years ago
• depycode / fastjson-c3p0

  View on GitHub
  fastjson不出网利用、c3p0
  ☆256Jul 30, 2021Updated 4 years ago
• 5wimming / gadgetinspector

  View on GitHub
  利用链、漏洞检测工具
  ☆373Jul 31, 2024Updated last year
• wuppp / releaseBehinderShell

  View on GitHub
  卸载冰蝎内存马
  ☆68Apr 13, 2021Updated 4 years ago
• fynch3r / Gadgets

  View on GitHub
  Java反序列化漏洞利用链补全计划，仅用于个人归纳总结。
  ☆420Dec 3, 2021Updated 4 years ago
• Ppsoft1991 / CodeReviewTools

  View on GitHub
  通过正则搜索、批量反编译特定Jar包中的class名称
  ☆321Dec 9, 2021Updated 4 years ago
• hudangwei / codemillx

  View on GitHub
  codemillx is a tool for CodeQL, extract the comments in the code and generate codeql module. 强化Go开源项目安全检测(内含开源项目漏洞挖掘方法)
  ☆205Mar 19, 2022Updated 4 years ago
• dr0op / shiro-550-with-NoCC

  View on GitHub
  Shiro-550 不依赖CC链利用工具
  ☆450Jun 19, 2024Updated last year
• An0nySec / UserAdd

  View on GitHub
  Bypass AV 用户添加
  ☆169Dec 30, 2021Updated 4 years ago
• Rvn0xsy / DumperAnalyze

  View on GitHub
  通过JavaAgent与Javassist技术对JVM加载的类对象进行动态插桩，可以做一些破解、加密验证的绕过等操作
  ☆117Jun 18, 2024Updated last year
• bigsizeme / fastjson-check

  View on GitHub
  fastjson 被动扫描、不出网payload生成
  ☆367Nov 19, 2021Updated 4 years ago
• NyDubh3 / Pentesting-Active-Directory-CN

  View on GitHub
  域渗透脑图中文翻译版
  ☆280Sep 18, 2021Updated 4 years ago
• A-D-Team / attackRmi

  View on GitHub
  ☆231Jan 3, 2022Updated 4 years ago
• fynch3r / fynch3r.github.io

  View on GitHub
  Java安全路上的学习笔记
  ☆84Feb 24, 2023Updated 3 years ago
• SummerSec / learning-codeql

  View on GitHub
  CodeQL Java 全网最全的中文学习资料
  ☆799Mar 18, 2022Updated 4 years ago
• LandGrey / spring-boot-upload-file-lead-to-rce-tricks

  View on GitHub
  spring boot Fat Jar 任意写文件漏洞到稳定 RCE 利用技巧
  ☆754Apr 14, 2021Updated 4 years ago
• Firebasky / GoRmi

  View on GitHub
  该项目是通过go语言实现防止rmi利用被反置的问题。
  ☆44Dec 30, 2021Updated 4 years ago
• fengupupup / RocB

  View on GitHub
  鹏 RocB - Java代码审计IDEA插件 SAST
  ☆151Sep 16, 2021Updated 4 years ago
• keven1z / weblogic_memshell

  View on GitHub
  适用于weblogic和Tomcat的无文件的内存马(memshell)
  ☆270Mar 4, 2022Updated 4 years ago
• Y4er / dotnet-deserialization

  View on GitHub
  dotnet 反序列化学习笔记
  ☆513Oct 19, 2023Updated 2 years ago
• Firebasky / LdapBypassJndi

  View on GitHub
  The function of the tool is to inject JNDI through LDAP
  ☆28Dec 21, 2021Updated 4 years ago
• f0ng / JavaFileDict

  View on GitHub
  Java应用的一些配置文件字典，来源于公开的字典与平时收集
  ☆320Feb 1, 2024Updated 2 years ago
• zxcvbn001 / CodeReview

  View on GitHub
  代码审计总结
  ☆85Sep 1, 2021Updated 4 years ago
• r0eXpeR / fingerprint

  View on GitHub
  各种工具指纹收集分享
  ☆529Nov 3, 2021Updated 4 years ago
• 0x727 / ShuiYing_0x727

  View on GitHub
  检测域环境内，域机器的本地管理组成员是否存在弱口令和通用口令，对域用户的权限分配以及域内委派查询
  ☆355Aug 10, 2021Updated 4 years ago
• iSafeBlue / fastjson-autotype-bypass-demo

  View on GitHub
  fastjson 1.2.68 版本 autotype bypass
  ☆142Jun 17, 2022Updated 3 years ago
• Ch1ngg / SharpGetTitle

  View on GitHub
  SharpGetTitle - 基于 C# 的多线程 Web Title 扫描器
  ☆15Nov 26, 2020Updated 5 years ago
• xiecat / sec-docker

  View on GitHub
  常用安全工具 docker镜像 自动更新仓库
  ☆65Mar 21, 2022Updated 4 years ago
• ffffffff0x / 403-fuzz

  View on GitHub
  针对 403 页面的 fuzz 脚本
  ☆123Feb 14, 2022Updated 4 years ago
• welk1n / FastjsonPocs

  View on GitHub
  一些结合第三方组件的Fastjson POC，在1.2.48以后版本中陆续被添加至黑名单。
  ☆56Oct 29, 2019Updated 6 years ago
• safe6Sec / CodeqlNote

  View on GitHub
  Codeql学习笔记
  ☆899Apr 25, 2022Updated 3 years ago
• BeichenDream / InjectJDBC

  View on GitHub
  注入JVM进程 动态获取目标进程连接的数据库
  ☆341Mar 6, 2022Updated 4 years ago
• Lotus6 / FileMonitor

  View on GitHub
  Java命令行文件监控小工具(代码审计)
  ☆106Nov 29, 2021Updated 4 years ago
• twosmi1e / Static-Analysis-and-Automated-Code-Audit

  View on GitHub
  静态分析及代码审计自动化相关资料收集
  ☆298Jul 29, 2022Updated 3 years ago
• LeadroyaL / fastjson-blacklist

  View on GitHub
  ☆835Jun 7, 2022Updated 3 years ago
• c0ny1 / java-object-searcher

  View on GitHub
  java内存对象搜索辅助工具
  ☆823Sep 23, 2022Updated 3 years ago
• Richard-Tang / x1DecoderPlus

  View on GitHub
  AntSword(蚁剑)全参数流量XOR和Base64加伪装WebShell
  ☆163Sep 28, 2021Updated 4 years ago
• Y4er / WebLogic-Shiro-shell

  View on GitHub
  WebLogic利用CVE-2020-2883打Shiro rememberMe反序列化漏洞，一键注册蚁剑filter内存shell
  ☆535Aug 25, 2020Updated 5 years ago
• jkgh006 / assetscan

  View on GitHub
  资产扫描工具
  ☆45Sep 1, 2020Updated 5 years ago