j5s/XVulnFinder

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/j5s/XVulnFinder)

j5s / XVulnFinder

Java静态代码安全审计工具，使用JavaParser项目做语法分析，计划支持常见的Web漏洞与组件漏洞

☆21

Alternatives and similar repositories for XVulnFinder

Users that are interested in XVulnFinder are comparing it to the libraries listed below

Sorting:

jimocode / CodeInspector
View on GitHub
基于Java ASM技术和GadgetInspector的原理，尝试实现一个自动Java代码审计工具。目前做到了可控参数分析和数据流跟踪分析
☆39Oct 26, 2021Updated 4 years ago
Roboterh / study_summary
View on GitHub
study_summary
☆10Aug 8, 2022Updated 3 years ago
j5s / SpringInspector
View on GitHub
针对于Spring框架的自动Java代码审计工具
☆37Jan 24, 2022Updated 4 years ago
bingtangbanli / java-Code-Audit
View on GitHub
java代码审计笔记
☆19Jun 8, 2024Updated last year
mtxiaowangzi / CAFJE
View on GitHub
又一个Java Web代码审计工具
☆100May 7, 2018Updated 7 years ago
webraybtl / StudyCodeQLpy
View on GitHub
☆19Jul 6, 2023Updated 2 years ago
ffadd / JNDIKit
View on GitHub
JNDI/LDAP注入利用工具，对命令进行两种编码，支持多种绕过高版本JDK的方式（参考大佬代码造的轮子）
☆44Dec 22, 2021Updated 4 years ago
SuperDolby / hw-
View on GitHub
整理的一些hw前期准备工作以及针对攻击者的溯源思路水平较菜，如有错误或者遗漏的地方还请各位指正参考资料较多动态 IP 移动基站代理池IP(谷歌、百度是否有处于代理池C段) 国外扫描傀儡机（被标记时间普遍较久、扫描目标众多）动态域名服务商（如花生壳、公云等） …
☆21Apr 3, 2021Updated 4 years ago
SummerSec / Loader
View on GitHub
动态链接库加载工具
☆20Jan 26, 2022Updated 4 years ago
hugsy / ida-headless
View on GitHub
IDA (sort of) headless
☆27Feb 17, 2024Updated 2 years ago
SummerSec / BlogPapers
View on GitHub
<a href="sumsec.me"><img src="https://readme-typing-svg.demolab.com?font=Fira+Code&size=24&pause=1000&color=FDFDFD&background=13797800&ce…
☆54Updated this week
fengupupup / RocB
View on GitHub
鹏 RocB - Java代码审计IDEA插件 SAST
☆151Sep 16, 2021Updated 4 years ago
4ra1n / code-inspector
View on GitHub
JavaWeb漏洞审计工具，构建方法调用链并模拟栈帧进行分析
☆335Jun 3, 2023Updated 2 years ago
ice-doom / CodeQLRule
View on GitHub
个人使用CodeQL编写的一些规则
☆180Mar 30, 2022Updated 3 years ago
ffffffff0x / JVWA
View on GitHub
java 代码审计学习靶场
☆119Jan 11, 2024Updated 2 years ago
Firebasky / LdapBypassJndi
View on GitHub
The function of the tool is to inject JNDI through LDAP
☆28Dec 21, 2021Updated 4 years ago
tabby-sec / tabby-path-finder
View on GitHub
A neo4j procedure for tabby
☆137May 17, 2025Updated 9 months ago
rmb122 / easyrasp
View on GitHub
简单实现的 Java RASP
☆35Oct 14, 2020Updated 5 years ago
SummerSec / SPATool
View on GitHub
静态程序分析工具主要生成方法的CFG和.java文件的AST
☆132Jul 12, 2023Updated 2 years ago
yeqifu / warehouse-web
View on GitHub
仓库管理系统前后端分离-前端
☆10Feb 9, 2020Updated 6 years ago
midisec / CVE-2023-36899
View on GitHub
CVE-2023-36899漏洞的复现环境和工具，针对ASP.NET框架中的无cookie会话身份验证绕过。
☆32Aug 15, 2023Updated 2 years ago
GHSmaster / JavaSecurity
View on GitHub
Java代码审计学习笔记
☆13Dec 20, 2024Updated last year
lizhuoyuan / HiWeekend_android
View on GitHub
周末为广大社会青年推荐同城活动、美食、周边游、运动、话剧、音乐会、读书会、展览、户外、酒吧、购物、电影等活动，提供信息，并且能够帮助客户实时在线预订、信息查询、网上支付以及地图定位与导航。周末为广大商家提供宣传推广，帮助商家增加周末客流量，完善广大商家网上营销的空缺，增加…
☆11Nov 21, 2018Updated 7 years ago
HangboQuan / wolfblog
View on GitHub
一个适合初学者学习的博客项目（ssm+redis+elk+layui+jsp）
☆10Apr 14, 2023Updated 2 years ago
LEOGGMAGIC / TongDaOA-EXP
View on GitHub
通达OA系列检测EXP
☆35Nov 23, 2021Updated 4 years ago
MortalAndTry / ProxyRelay
View on GitHub
Exchange ProxyRelay POC
☆38Oct 20, 2022Updated 3 years ago
Wker666 / wJa
View on GitHub
java decompile audit tools
☆226Oct 9, 2022Updated 3 years ago
F-JH / static-chain-analysis
View on GitHub
用于静态分析Java工程的调用链，对比新老分支代码的差异，并给出受到影响的接口作为建议，通俗一点地说：能够通过一段修改过的代码，推断出测试要回归哪些接口用例
☆39Jun 2, 2023Updated 2 years ago
dosxuz / ProcessGhosting
View on GitHub
Small POC for process ghosting
☆40Feb 1, 2022Updated 4 years ago
PGzxc / PGzxc.github.io
View on GitHub
☆12Updated this week
xiaxuchen / web-common-starters
View on GitHub
基于springboot starter机制封装web通用的starter
☆12Aug 17, 2023Updated 2 years ago
Hyrmm / wms-server
View on GitHub
☆11Jan 6, 2024Updated 2 years ago
juhewu / juhewu-file-project
View on GitHub
在 Spring Boot 项目中简单的将文件存储到：aws-s3、服务器本地、自定义的渠道，同时支持多个存储方式，上传文件时指定存储方式。
☆14Aug 5, 2023Updated 2 years ago
WormholePistachio / SQM
View on GitHub
服务质量监控，检测从研发到测试的过程中，研发质量。包括；接口列表、热点接口、接口质量(通过次数/单测次数)，等信息。
☆11Jun 17, 2022Updated 3 years ago
mrx325 / hVNC-Recoded
View on GitHub
Original hVNC has been recoded to work with all version of windows above XP. Thanks to the original author for this wonderful tool.
☆10Oct 13, 2021Updated 4 years ago
cheng-junfeng / smart
View on GitHub
☆11Feb 25, 2019Updated 7 years ago
longofo / javaweb-sec
View on GitHub
攻击Java Web应用-[Java Web安全]
☆12Dec 10, 2019Updated 6 years ago
DongZhouGu / XRPC
View on GitHub
实现轻量级RPC框架，网络通信框架Netty、注册中心（Zookeeper、Nacos）、Java基础（注解、反射、多线程、Future、SPI 、动态代理）、自定义传输协议、多种序列化（ProtoBuf / Kyro / Hessian）、Gzip压缩、轮询、随机、一致性…
☆14May 7, 2022Updated 3 years ago
f0212 / ff0
View on GitHub
通过网络资产线索（如：域名，IP地址，资产名称等），利用FOFA访问网络空间测绘数据
☆11Apr 23, 2024Updated last year