jimocode / CodeInspectorLinks

基于Java ASM技术和GadgetInspector的原理，尝试实现一个自动Java代码审计工具。目前做到了可控参数分析和数据流跟踪分析

☆36

Alternatives and similar repositories for CodeInspector

Users that are interested in CodeInspector are comparing it to the libraries listed below

Sorting:

SummerSec / SPATool
静态程序分析工具主要生成方法的CFG和.java文件的AST
☆130Updated 2 years ago
threedr3am / log-agent
利用agent hock指定的class，在jar运行周期内，用于跟踪被执行的方法，辅助做一些事情，比如挖洞啊
☆126Updated 4 years ago
ASTTeam / DAST
《深入理解DAST动态应用程序安全测试》Dynamic Application Security Testing.
☆52Updated 2 years ago
threedr3am / fastjson-blacklist
打CTF实在厌倦了找利用链，就知道一个fastjson的版本，一堆依赖找啊找，头都疼。为了解决这个烦恼，用了卓卓师傅的fastjson黑名单工具和库，自己改造了一下。
☆32Updated 5 years ago
iiiusky / java_rasp_example
☆28Updated 4 years ago
Ant-FG-Lab / non_RCE
☆41Updated 4 years ago
xiaopan233 / Java_agent_without_file
Java agent without file 无文件的Java agent
☆78Updated 3 years ago
iiiusky / java_iast_example
JAVA IAST Example
☆49Updated 3 years ago
tongasdp / tongasdp-test
TongASDP漏洞测试环境
☆35Updated 2 years ago
h2-stack / LL-RASP
Low-level RASP: Protecting Applications Implemented in High-level Programming Languages
☆63Updated last year
threedr3am / FindClassInJars
个人用于在自动化挖掘gadget时，方便查找gadget chains中class所在jar包，以助于便捷审计测试gadget有效性的那么一个小工具。
☆60Updated 5 years ago
waderwu / nativeRasp
nativeRasp that can hook native methods
☆24Updated 2 years ago
haby0 / mark
notes
☆27Updated 2 years ago
Conanjun / codeql_chinese
CodeQL中文资料和常见使用解释。Chinese version of Codeql documents
☆9Updated 4 years ago
ODDFuzz / ODDFuzz
S&P2023 Paper
☆39Updated 2 years ago
cor0ps / codeql
收集规则
☆30Updated 2 years ago
langligelang / maobugs
java 漏洞平台包含各种CVE
☆23Updated 3 years ago
Lucifaer / head_first_javarasp
一些Java RASP demo
☆11Updated 5 years ago
threedr3am / GuanYu
JVM runtime class loading protection agent.（JVM类加载保护agent）
☆48Updated 4 years ago
HXSecurity / DongTai-Plugin-IDEA
Dongtai-plugin-idea is an IDEA plug-in developed by DongTai team for Java Web application developers. This plug-in provides functions suc…
☆27Updated last year
ATNX / javaweb-rasp
☆38Updated 3 years ago
JoyChou93 / trident
Java通用漏洞修复安全组件
☆59Updated 7 years ago
iiiusky / javaweb-codereview
javaweb-codereview
☆30Updated 6 years ago
testtttter / ACAF
Auto Code Audit Framework for Java
☆96Updated 3 years ago
keven1z / DHook
DHook是一个支持动态debug，动态修改java程序的web应用.
☆87Updated 7 months ago
bigBestWay / ice
Use java instrument API without JAR file
☆45Updated 3 years ago
Wfzsec / ysoserial-poc
记录调试分析ysoserial系列的学习过程，主要包含手动构造的一些poc，便于加深对漏洞和工具的理解
☆30Updated 5 years ago
bitterzzZZ / CVE-2021-43297-POC
CVE-2021-43297 POC，Apache Dubbo<= 2.7.13时可以实现RCE
☆38Updated 3 years ago
boundaryx / cloudrasp-log4j2
一个针对防御 log4j2 CVE-2021-44228 漏洞的 RASP 工具。 A Runtime Application Self-Protection module specifically designed for log4j2 RCE (CVE-2021-442…
☆123Updated 3 years ago
ldbfpiaoran / springboot-acl-bypass
springboot getRequestURI acl bypass
☆37Updated 4 years ago