Alternatives and similar repositories for xianzhi_assistant

Users that are interested in xianzhi_assistant are comparing it to the libraries listed below

• Roboterh / JNDI-injector

  View on GitHub
  ☆94May 14, 2025Updated 9 months ago
• kyo-w / router-router

  View on GitHub
  Java web路由内存分析工具
  ☆437May 22, 2025Updated 8 months ago
• l3yx / Choccy

  View on GitHub
  GitHub项目监控 && CodeQL自动扫描 (GitHub project monitoring && CodeQL automatic analysis)
  ☆466Jan 19, 2025Updated last year
• alipay / ant-application-security-testing-benchmark

  View on GitHub
  xAST评价体系，让安全工具不再“黑盒”. The xAST evaluation benchmark makes security tools no longer a "black box".
  ☆460Jan 15, 2026Updated last month
• datouo / CTF-Java-Gadget

  View on GitHub
  CTF-Java-Gadget专注于收集CTF中Java赛题的反序列化片段
  ☆276Dec 13, 2024Updated last year
• yulate / jdbc-tricks

  View on GitHub
  《深入JDBC安全：特殊URL构造与不出网反序列化利用技术揭秘》对应研究总结项目 "Deep Dive into JDBC Security: Special URL Construction and Non-Networked Deserialization Explo…
  ☆569Feb 7, 2026Updated last week
• rzte / agentcrack

  View on GitHub
  不那么一样的 Java Agent 内存马
  ☆289Nov 27, 2023Updated 2 years ago
• SpringKill-team / CodeAuditAssistant

  View on GitHub
  🔍 CodeAuditAssistant - IDEA代码审计插件（公测中） ⚡ 精准追踪复杂调用链 | 🚀 毫秒级方法搜索 | 🔥 内置高危漏洞检测 原生集成 | 反编译/路径分析 | 内存优化 | 安全审计利器 🔍 Co…
  ☆770Aug 3, 2025Updated 6 months ago
• jar-analyzer / jar-analyzer

  View on GitHub
  Jar Analyzer - 一个 JAR 包 GUI 分析工具，方法调用关系搜索，方法调用链 DFS 算法分析，模拟 JVM 的污点分析验证 DFS 结果，字符串搜索，Java Web 组件入口分析，CFG 程序分析，JVM 栈帧分析，自定义表达式搜索，紧跟 AI 技术发…
  ☆1,929Feb 9, 2026Updated last week
• KimJun1010 / inspector

  View on GitHub
  IDEA代码审计辅助插件（深信服深蓝实验室天威战队强力驱动）
  ☆580Mar 10, 2025Updated 11 months ago
• whocansee / FilelessAgentMemShell

  View on GitHub
  无需文件落地Agent内存马生成器
  ☆248May 30, 2024Updated last year
• Phelaine / SinkFinder

  View on GitHub
  闭源系统半自动漏洞挖掘工具，针对 jar/war/zip 进行静态代码分析，输出从source到sink的可达路径。LLM将验证路径可达性，并根据上下文给出该路径可信分数
  ☆502Jan 12, 2026Updated last month
• 4ra1n / class-obf

  View on GitHub
  一个 CLASS 文件混淆工具，支持方法字段参数名引用分析和重命名混淆，支持字符串提取/AES加密运行时解密/整型异或混淆/垃圾代码花指令混淆/错误注解崩溃/特殊字符迷惑用户/反编译器对抗/方法和字段的隐藏等，配置简单，容易上手
  ☆307Jan 26, 2026Updated 3 weeks ago
• LDrakura / CVE-Monitor

  View on GitHub
  GitHubApi CVE Poc监控工具
  ☆14Jan 23, 2026Updated 3 weeks ago
• tabby-sec / tabby

  View on GitHub
  A CAT called tabby ( Code Analysis Tool )
  ☆1,635Jan 17, 2026Updated last month
• Whoopsunix / JavaRce

  View on GitHub
  Common Exploitation Techniques for Java RCE Vulnerabilities in Real-World Scenarios | 实战场景较通用的 Java Rce 相关漏洞的利用方式
  ☆545Mar 6, 2025Updated 11 months ago
• wa1ki0g / NoAuth

  View on GitHub
  java-web 自动化鉴权绕过
  ☆376Apr 3, 2025Updated 10 months ago
• waderwu / nativeRasp

  View on GitHub
  nativeRasp that can hook native methods
  ☆24Apr 24, 2023Updated 2 years ago
• Y4tacker / JavaSec

  View on GitHub
  a rep for documenting my study, may be from 0 to 0.1
  ☆2,248Nov 10, 2025Updated 3 months ago
• luelueking / Deserial_Sink_With_JDBC

  View on GitHub
  Some ReadObject Sink With JDBC
  ☆243May 8, 2024Updated last year
• misaka19008 / PerlinPuzzle-Webshell-PHP

  View on GitHub
  使用分支对抗技术制作的PHP Webshell，截止2024年1月18日，共数十个查杀引擎免杀
  ☆303Jun 11, 2025Updated 8 months ago
• ReaJason / MemShellParty

  View on GitHub
  一款专注于 Java 主流 Web 中间件的内存马快速生成工具，致力于简化安全研究人员和红队成员的工作流程，提升攻防效率
  ☆1,338Feb 8, 2026Updated last week
• ax1sX / SecurityList

  View on GitHub
  A list for Web Security and Code Audit
  ☆1,212Dec 3, 2024Updated last year
• vulhub / java-chains

  View on GitHub
  Java Vulnerability Exploitation Platform
  ☆1,981Jan 6, 2026Updated last month
• lemono0 / FastJsonParty

  View on GitHub
  FastJson全版本Docker漏洞环境(涵盖1.2.47/1.2.68/1.2.80等版本)，主要包括JNDI注入及高版本绕过、waf绕过、文件读写、原生反序列化、利用链探测绕过、不出网利用等。从黑盒的角度覆盖FastJson深入利用
  ☆1,180Jul 12, 2024Updated last year
• X1r0z / JNDIMap

  View on GitHub
  A powerful JNDI injection exploitation framework that supports RMI, LDAP and LDAPS protocols, including various bypass methods for high-v…
  ☆565Feb 4, 2026Updated last week
• chainreactors / gogo

  View on GitHub
  面向红队的, 高性能高度自由可拓展的自动化扫描引擎 | A highly controllable and extensionable automated scanning engine for red teams
  ☆1,991Feb 3, 2026Updated 2 weeks ago
• Getshell / Fanzhi

  View on GitHub
  《FanZhi-攻击与反制的艺术》
  ☆67Dec 8, 2023Updated 2 years ago
• WDLegend / gokart-2

  View on GitHub
  ☆18Dec 25, 2024Updated last year
• leveryd / x-waf

  View on GitHub
  让"WAF绕过"变得简单
  ☆434Jan 26, 2025Updated last year
• tabby-sec / tabby-path-finder

  View on GitHub
  A neo4j procedure for tabby
  ☆137May 17, 2025Updated 9 months ago
• xsshim / GzWebsocket

  View on GitHub
  哥斯拉webshell管理工具的插件，用于连接websocket型webshell
  ☆176Apr 17, 2024Updated last year
• pen4uin / java-memshell-generator

  View on GitHub
  一款支持自定义的 Java 内存马生成工具｜A customizable Java in-memory webshell generation tool.
  ☆2,150Aug 21, 2025Updated 5 months ago
• yzddmr6 / Java-Js-Engine-Payloads

  View on GitHub
  Java Js Engine Payloads All in one
  ☆289Aug 21, 2023Updated 2 years ago
• tabby-sec / tabby-vul-finder

  View on GitHub
  A vul-finder for loading CPG and automated finding vul-call-chains
  ☆71Jul 22, 2025Updated 6 months ago
• W01fh4cker / LearnFastjsonVulnFromZero-Improvement

  View on GitHub
  【两万字原创】零基础学fastjson漏洞（提高篇），公众号：追梦信安
  ☆211Dec 7, 2023Updated 2 years ago
• SummerSec / SPATool

  View on GitHub
  静态程序分析工具 主要生成方法的CFG和.java文件的AST
  ☆132Jul 12, 2023Updated 2 years ago
• ZhuriLab / Yi

  View on GitHub
  项目监控工具 以及 Codeql 自动运行
  ☆313Apr 13, 2023Updated 2 years ago
• Zjackky / CodeScan

  View on GitHub
  一款轻量级匹配Sink点的代码审计扫描器，为了帮助红队过程中快速代码审计的小工具
  ☆409Oct 6, 2024Updated last year