iiiusky / javaweb-codereview

Related projects ⓘ

Alternatives and complementary repositories for javaweb-codereview

• welk1n / FastjsonPocs
  一些结合第三方组件的Fastjson POC，在1.2.48以后版本中陆续被添加至黑名单。
  ☆56Updated 5 years ago
• SummerSec / LookupInterface
  CodeQL 寻找 JNDI利用 Lookup接口
  ☆162Updated 2 years ago
• threedr3am / fastjson-blacklist
  打CTF实在厌倦了找利用链，就知道一个fastjson的版本，一堆依赖找啊找，头都疼。为了解决这个烦恼，用了卓卓师傅的fastjson黑名单工具和库，自己改造了一下。
  ☆32Updated 4 years ago
• bit4woo / secqa
  解答开发关于安全漏洞的常见问题
  ☆41Updated 4 years ago
• JulianWu520 / ysoserial-mangguogan
  ☆4Updated 4 years ago
• SummerSec / BlogPapers
  <a href="sumsec.me"><img src="https://readme-typing-svg.demolab.com?font=Fira+Code&size=24&pause=1000&color=FDFDFD&background=13797800&ce…
  ☆53Updated this week
• TomAPU / ThinkPHP-Unserialize-Collection
  ThinkPHP各版本反序列化利用代码
  ☆32Updated 4 years ago
• wuppp / releaseBehinderShell
  卸载冰蝎内存马
  ☆68Updated 3 years ago
• shadowsock5 / ysoserial
  mvn clean package -DskipTests
  ☆45Updated last year
• BMSK1994 / JavaDeserialize-Note
  Tomcat内存马、XStream、Fastjson、Weblogic T3安全笔记
  ☆40Updated 3 years ago
• H3rmesk1t / Fastjson-Gadgets-Automatic-Scanner
  Automatically scan jar packages by using ast to find fastjson gadgets. In particular, this project is limited to mining Gadgets that may …
  ☆50Updated 2 years ago
• cyal1 / host_scan
  这是一个用于IP和域名碰撞匹配访问的小工具，旨意用来匹配出渗透过程中需要绑定hosts才能访问的弱主机或内部系统。https://github.com/fofapro/Hosts_scan implement in Go
  ☆114Updated 2 years ago
• 1135 / Kong_exploit
  ☆41Updated 4 years ago
• cckuailong / YarnRpcRCE
  ☆81Updated 3 years ago
• hosch3n / FastjsonVulns
  [fastjson 1.2.80] CVE-2022-25845 aspectj fileread & groovy remote classload
  ☆90Updated 2 years ago
• 0xrumble / BytecodeScreen
  ☆51Updated 2 years ago
• Firebasky / LdapBypassJndi
  The function of the tool is to inject JNDI through LDAP
  ☆28Updated 2 years ago
• longofo / Apache-Dubbo-Hessian2-CVE-2021-43297
  Apache Dubbo Hessian2 CVE-2021-43297 demo
  ☆46Updated 2 years ago
• K1p2y3 / Tencent_Yun_tools
  ☁️Tencent Cloud AccessKey tools
  ☆16Updated 4 months ago
• ldbfpiaoran / springboot-acl-bypass
  springboot getRequestURI acl bypass
  ☆37Updated 4 years ago
• HackJava / Shiro
  《Shiro漏洞研究》
  ☆53Updated last year
• zrools / tools
  ☆32Updated 4 years ago
• rufherg / WebLogic_Basic_Poc
  用于WebLogic poc及exp测试的基础脚本，后续将集成各版本poc库
  ☆94Updated 4 years ago
• jas502n / xxl-job
  xxl-job RESTful API RCE
  ☆72Updated 3 years ago
• longofo / PaddingOracleAttack-Shiro-721
  Shiro-721 Padding Oracle Attack
  ☆70Updated 3 years ago