j5s / XVulnFinderLinks
Java静态代码安全审计工具,使用JavaParser项目做语法分析,计划支持常见的Web漏洞与组件漏洞
☆21Updated 4 years ago
Alternatives and similar repositories for XVulnFinder
Users that are interested in XVulnFinder are comparing it to the libraries listed below
Sorting:
- 基于Java ASM技术和GadgetInspector的原理,尝试实现一个自动Java代码审计工具。目前做到了可控参数分析和数据流跟踪分析☆39Updated 4 years ago
- 静态程序分析工具 主要生成方法的CFG和.java文件的AST☆132Updated 2 years ago
- 阿里巴巴安全SDK,提供SSRF、JDBC、XXE防护能力☆118Updated 3 months ago
- JAVA IAST Example☆49Updated 4 years ago
- 一个基于jvm-sandbox高度定制化rasp☆58Updated 2 years ago
- Tai-e的Web插件☆23Updated last year
- nativeRasp that can hook native methods☆24Updated 2 years ago
- A neo4j procedure for tabby☆136Updated 8 months ago
- 针对于Spring框架的自动Java代码审计工具☆37Updated 4 years ago
- Apache Dubbo漏洞测试Demo及其POC☆65Updated 2 years ago
- Dongtai-plugin-idea is an IDEA plug-in developed by DongTai team for Java Web application developers. This plug-in provides functions suc…☆32Updated 2 years ago
- 2023白帽补天大会部分代码☆129Updated 2 years ago
- RASP测试靶场☆192Updated 3 years ago
- Lessons for syntaxflow zero to hero☆53Updated last year
- simpleIAST- 基于污点追踪的灰盒漏洞扫�描工具。☆99Updated last month
- CodeQL分析闭源Jar包脚本,基于Apache Ant构建CodeQL数据库☆42Updated 3 years ago
- 个人使用CodeQL编写的一些规则☆180Updated 3 years ago
- 通过JavaAgent与Javassist技术对JVM加载的类对象进行动态插桩,可以做一些破解、加密验证的绕过等操作☆115Updated last year
- 当死去的记忆突然开始攻击我,我终于想起了我还写过一款十分十分垃圾的 rasp 靶场。☆79Updated 3 years ago
- 一款使用Yaml定义搜索规则来搜索Class的工具☆107Updated 2 years ago
- 自学时写的适合Java安全小白用来学习Java反序列化漏洞的文章和Demo。(随懒狗的学习进度持续更新🐶)。Some articles and demos written during self-study which are suitable for Java Secu…☆11Updated 4 years ago
- Spring内存马检测和隐形马研究☆13Updated 4 years ago
- 收录go语言编写的项目、框架和组件出现的cve,或者一些相关的利用方式的文章☆47Updated 3 years ago
- ☆19Updated 2 years ago
- 简单实��现的 Java RASP☆35Updated 5 years ago
- 《深入理解DAST动态应用程序安全测试》Dynamic Application Security Testing.☆56Updated 3 years ago
- 鹏 RocB - Java代码审计IDEA插件 SAST☆151Updated 4 years ago
- A vul-finder for loading CPG and automated finding vul-call-chains☆71Updated 6 months ago
- 一个java代码审计辅助工具☆29Updated 3 years ago
- 利用agent hock指定的class,在jar运行周期内,用于跟踪被执行的方法,辅助做一些事情,比如挖洞啊☆125Updated 5 years ago