haby0/sec-note external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

haby0/sec-note

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/haby0/sec-note)

Close

haby0 / sec-noteView on GitHubMore

• External links
• Readme badge

记录各语言、框架中危险的sink，个人代码审计、漏洞研究使用。

☆117Dec 30, 2021Updated 4 years ago

Alternatives and similar repositories for sec-note

Users that are interested in sec-note are comparing it to the libraries listed below

• wuppp / releaseBehinderShell

  View on GitHub
  卸载冰蝎内存马
  ☆68Apr 13, 2021Updated 4 years ago
• depycode / fastjson-c3p0

  View on GitHub
  fastjson不出网利用、c3p0
  ☆255Jul 30, 2021Updated 4 years ago
• hudangwei / codemillx

  View on GitHub
  codemillx is a tool for CodeQL, extract the comments in the code and generate codeql module. 强化Go开源项目安全检测(内含开源项目漏洞挖掘方法)
  ☆205Mar 19, 2022Updated 3 years ago
• 5wimming / gadgetinspector

  View on GitHub
  利用链、漏洞检测工具
  ☆373Jul 31, 2024Updated last year
• SafeGroceryStore / Caesar

  View on GitHub
  一个全新的敏感文件发现工具
  ☆270Jan 5, 2021Updated 5 years ago
• Ppsoft1991 / CodeReviewTools

  View on GitHub
  通过正则搜索、批量反编译特定Jar包中的class名称
  ☆320Dec 9, 2021Updated 4 years ago
• fynch3r / fynch3r.github.io

  View on GitHub
  Java安全路上的学习笔记
  ☆84Feb 24, 2023Updated 3 years ago
• NyDubh3 / Pentesting-Active-Directory-CN

  View on GitHub
  域渗透脑图中文翻译版
  ☆280Sep 18, 2021Updated 4 years ago
• SummerSec / learning-codeql

  View on GitHub
  CodeQL Java 全网最全的中文学习资料
  ☆799Mar 18, 2022Updated 3 years ago
• Rvn0xsy / DumperAnalyze

  View on GitHub
  通过JavaAgent与Javassist技术对JVM加载的类对象进行动态插桩，可以做一些破解、加密验证的绕过等操作
  ☆116Jun 18, 2024Updated last year
• keven1z / weblogic_memshell

  View on GitHub
  适用于weblogic和Tomcat的无文件的内存马(memshell)
  ☆269Mar 4, 2022Updated 3 years ago
• An0nySec / UserAdd

  View on GitHub
  Bypass AV 用户添加
  ☆169Dec 30, 2021Updated 4 years ago
• dr0op / shiro-550-with-NoCC

  View on GitHub
  Shiro-550 不依赖CC链利用工具
  ☆451Jun 19, 2024Updated last year
• A-D-Team / attackRmi

  View on GitHub
  ☆232Jan 3, 2022Updated 4 years ago
• Lotus6 / FileMonitor

  View on GitHub
  Java命令行文件监控小工具(代码审计)
  ☆103Nov 29, 2021Updated 4 years ago
• LandGrey / spring-boot-upload-file-lead-to-rce-tricks

  View on GitHub
  spring boot Fat Jar 任意写文件漏洞到稳定 RCE 利用技巧
  ☆754Apr 14, 2021Updated 4 years ago
• bigsizeme / fastjson-check

  View on GitHub
  fastjson 被动扫描、不出网payload生成
  ☆367Nov 19, 2021Updated 4 years ago
• zxcvbn001 / CodeReview

  View on GitHub
  代码审计总结
  ☆85Sep 1, 2021Updated 4 years ago
• f0ng / JavaFileDict

  View on GitHub
  Java应用的一些配置文件字典，来源于公开的字典与平时收集
  ☆321Feb 1, 2024Updated 2 years ago
• fengupupup / RocB

  View on GitHub
  鹏 RocB - Java代码审计IDEA插件 SAST
  ☆151Sep 16, 2021Updated 4 years ago
• r0eXpeR / fingerprint

  View on GitHub
  各种工具指纹收集分享
  ☆529Nov 3, 2021Updated 4 years ago
• Y4er / dotnet-deserialization

  View on GitHub
  dotnet 反序列化学习笔记
  ☆513Oct 19, 2023Updated 2 years ago
• 0x727 / ShuiYing_0x727

  View on GitHub
  检测域环境内，域机器的本地管理组成员是否存在弱口令和通用口令，对域用户的权限分配以及域内委派查询
  ☆355Aug 10, 2021Updated 4 years ago
• Firebasky / GoRmi

  View on GitHub
  该项目是通过go语言实现防止rmi利用被反置的问题。
  ☆44Dec 30, 2021Updated 4 years ago
• BeichenDream / InjectJDBC

  View on GitHub
  注入JVM进程 动态获取目标进程连接的数据库
  ☆342Mar 6, 2022Updated 3 years ago
• ffffffff0x / 403-fuzz

  View on GitHub
  针对 403 页面的 fuzz 脚本
  ☆123Feb 14, 2022Updated 4 years ago
• 0671 / RabR

  View on GitHub
  Redis-Attack By Replication (通过主从复制攻击Redis)
  ☆356Nov 25, 2022Updated 3 years ago
• safe6Sec / CodeqlNote

  View on GitHub
  Codeql学习笔记
  ☆900Apr 25, 2022Updated 3 years ago
• LeadroyaL / fastjson-blacklist

  View on GitHub
  ☆835Jun 7, 2022Updated 3 years ago
• A-D-Team / grafanaExp

  View on GitHub
  A exploit tool for Grafana Unauthorized arbitrary file reading vulnerability (CVE-2021-43798), it can burst plugins / extract secret_key …
  ☆268Oct 17, 2025Updated 4 months ago
• iSafeBlue / fastjson-autotype-bypass-demo

  View on GitHub
  fastjson 1.2.68 版本 autotype bypass
  ☆142Jun 17, 2022Updated 3 years ago
• c0ny1 / java-object-searcher

  View on GitHub
  java内存对象搜索辅助工具
  ☆823Sep 23, 2022Updated 3 years ago
• jkgh006 / assetscan

  View on GitHub
  资产扫描工具
  ☆45Sep 1, 2020Updated 5 years ago
• JDArmy / DCSec

  View on GitHub
  域控安全one for all
  ☆736Sep 9, 2024Updated last year
• Richard-Tang / x1DecoderPlus

  View on GitHub
  AntSword(蚁剑)全参数流量XOR和Base64加伪装WebShell
  ☆163Sep 28, 2021Updated 4 years ago
• pmiaowu / RMITest

  View on GitHub
  就是一个练习RMI反序列化的最简单环境
  ☆30Jan 8, 2022Updated 4 years ago
• Wrin9 / weaverOA_v9_ALL_upload_RCE

  View on GitHub
  泛微OA_V9全版本前台任意文件上传漏洞
  ☆29Apr 26, 2022Updated 3 years ago
• twosmi1e / Static-Analysis-and-Automated-Code-Audit

  View on GitHub
  静态分析及代码审计自动化相关资料收集
  ☆298Jul 29, 2022Updated 3 years ago
• Ch1ngg / WebLogicPasswordDecryptorUi

  View on GitHub
  解密weblogic AES或DES加密方法
  ☆232Dec 3, 2020Updated 5 years ago