keven1z/simpleIAST external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

keven1z/simpleIAST

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/keven1z/simpleIAST)

Close

keven1z / simpleIASTView on GitHubMore

• External links
• Readme badge

simpleIAST- 基于污点追踪的灰盒漏洞扫描工具。

☆101Mar 24, 2026Updated 3 weeks ago

Alternatives and similar repositories for simpleIAST

Users that are interested in simpleIAST are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• Qi4l-Labs / RLscan

  View on GitHub
  强化学习 + 端口扫描
  ☆127Feb 23, 2025Updated last year
• Zjackky / CodeScan

  View on GitHub
  一款轻量级匹配Sink点的代码审计扫描器，为了帮助红队过程中快速代码审计的小工具
  ☆408Oct 6, 2024Updated last year
• Phelaine / SinkFinder

  View on GitHub
  闭源系统半自动漏洞挖掘工具，针对 jar/war/zip 进行静态代码分析，输出从source到sink的可达路径。LLM将验证路径可达性，并根据上下文给出该路径可信分数
  ☆509Jan 12, 2026Updated 3 months ago
• 4ra1n / poc-runner

  View on GitHub
  Small & Fast Vulnerability Scanner Engine based on XRAY YAML Rule | 基于 XRAY YAML 规则的超轻量快速漏洞扫描引擎 | 基于 ANTLR 实现语法分析和完整的 XRAY YAML 规则实现 | 简单…
  ☆182Jul 10, 2025Updated 9 months ago
• wa1ki0g / NoAuth

  View on GitHub
  java-web 自动化鉴权绕过
  ☆380Apr 3, 2025Updated last year
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
• ReaJason / MemShellParty

  View on GitHub
  一款专注于 Java 主流 Web 中间件的内存马快速生成工具，致力于简化安全研究人员和红队成员的工作流程，提升攻防效率
  ☆1,411Updated this week
• qi4L / Ysoserial-go

  View on GitHub
  A Go library for generating Java deserialization payloads.
  ☆155Sep 9, 2024Updated last year
• luelueking / Bypass_JVM_Verifier

  View on GitHub
  Bypass JVM Class ByteCode Verifier , 对抗反编译器
  ☆116Sep 21, 2023Updated 2 years ago
• KimJun1010 / inspector

  View on GitHub
  IDEA代码审计辅助插件（深信服深蓝实验室天威战队强力驱动）
  ☆584Mar 10, 2025Updated last year
• Symph0nia / Coda

  View on GitHub
  入侵痕迹清理/Cleaning up traces of intrusion
  ☆248Nov 6, 2024Updated last year
• suizhibo / Tao

  View on GitHub
  Tao（道）一款用于java语言函数调用关系生成的工具，致力于提高java代码审计效率。
  ☆11Jul 2, 2024Updated last year
• kyo-w / router-router

  View on GitHub
  Java web路由内存分析工具
  ☆439May 22, 2025Updated 10 months ago
• yulate / jdbc-tricks

  View on GitHub
  《深入JDBC安全：特殊URL构造与不出网反序列化利用技术揭秘》对应研究总结项目 "Deep Dive into JDBC Security: Special URL Construction and Non-Networked Deserialization Explo…
  ☆575Feb 7, 2026Updated 2 months ago
• pen4uin / java-echo-generator

  View on GitHub
  一款支持自定义的 Java 回显载荷生成工具｜A customizable Java echo payload generation tool.
  ☆462Jan 12, 2025Updated last year
• Wordpress hosting with auto-scaling - Free Trial • Ad
  Fully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
• SpringKill-team / CodeAuditAssistant

  View on GitHub
  🔍 CodeAuditAssistant - JetBrains Code Audit Plugin (Beta) ⚡ Deep Call-Chain Tracking | 🚀 Method/Class Search | 🔥 Prebuilt Vuln Sink…
  ☆783Mar 14, 2026Updated last month
• ColinAgent / YNM3000

  View on GitHub
  要你命三千，集多种渗透工具于一身的终极武器霸王。
  ☆19Aug 11, 2022Updated 3 years ago
• Ar3h / utf8-overlong-agent

  View on GitHub
  使用 agent 实现反序列化 utf8 overlong
  ☆85Apr 24, 2024Updated last year
• ax1sX / RouteCheck-Alpha

  View on GitHub
  A Java Route Collection Tool
  ☆102Aug 1, 2024Updated last year
• luelueking / Deserial_Sink_With_JDBC

  View on GitHub
  Some ReadObject Sink With JDBC
  ☆245May 8, 2024Updated last year
• Whoopsunix / JavaRce

  View on GitHub
  Common Exploitation Techniques for Java RCE Vulnerabilities in Real-World Scenarios | 实战场景较通用的 Java Rce 相关漏洞的利用方式
  ☆548Mar 6, 2025Updated last year
• pacemrc / VulDebug

  View on GitHub
  Java漏洞调试分析集合
  ☆91Mar 11, 2024Updated 2 years ago
• Lotus6 / JavaGadgetGenerator

  View on GitHub
  JavaGadgetGenerator 工具，支持 ysoserial，Hessian，字节码，Expr/SSTI，Shiro，JDBC 等 Gadget 生成，封装，混淆，出网延迟探测，内存马注入等...
  ☆560Apr 3, 2026Updated last week
• 4ra1n / class-obf

  View on GitHub
  一个 CLASS 文件混淆工具，支持方法字段参数名引用分析和重命名混淆，支持字符串提取/AES加密运行时解密/整型异或混淆/垃圾代码花指令混淆/错误注解崩溃/特殊字符迷惑用户/反编译器对抗/方法和字段的隐藏等，配置简单，容易上手
  ☆311Jan 26, 2026Updated 2 months ago
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
• cwkiller / ClassLinefix

  View on GitHub
  Java bytecode line number restoration tool
  ☆139Aug 31, 2025Updated 7 months ago
• lokerxx / JavaVul

  View on GitHub
  JAVA 安全靶场，IAST 测试用例，JAVA漏洞复现，代码审计，SAST测试用例，安全扫描（主动和被动），JAVA漏洞靶场，RASP测试用例 ； Java Security Testbed, IAST Test Cases, Java Vulnerability R…
  ☆283Mar 24, 2026Updated 3 weeks ago
• woodpecker-appstore / yonyou-nc-decrypter

  View on GitHub
  用友 nc 系列密码解密
  ☆62Apr 7, 2023Updated 3 years ago
• lemono0 / FastJsonParty

  View on GitHub
  FastJson全版本Docker漏洞环境(涵盖1.2.47/1.2.68/1.2.80等版本)，主要包括JNDI注入及高版本绕过、waf绕过、文件读写、原生反序列化、利用链探测绕过、不出网利用等。从黑盒的角度覆盖FastJson深入利用
  ☆1,200Jul 12, 2024Updated last year
• pykiller / API-T00L

  View on GitHub
  互联网厂商API利用工具。
  ☆568Sep 13, 2024Updated last year
• alipay / ant-application-security-testing-benchmark

  View on GitHub
  xAST评价体系，让安全工具不再“黑盒”. The xAST evaluation benchmark makes security tools no longer a "black box".
  ☆470Updated this week
• tabby-sec / tabby

  View on GitHub
  A CAT called tabby ( Code Analysis Tool )
  ☆1,641Jan 17, 2026Updated 2 months ago
• xsshim / GzWebsocket

  View on GitHub
  哥斯拉webshell管理工具的插件，用于连接websocket型webshell
  ☆182Apr 17, 2024Updated last year
• Lotus6 / AutoRepeater

  View on GitHub
  Burp插件，自动化挖掘SSRF，Redirect，Sqli漏洞，自定义匹配参数
  ☆469Sep 10, 2023Updated 2 years ago
• Wordpress hosting with auto-scaling - Free Trial • Ad
  Fully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
• HHa1ey / CandleDragon

  View on GitHub
  一款基于JAVA编写的插件化漏洞利用工具
  ☆46Jul 30, 2025Updated 8 months ago
• d0ctorsec / LearnJavaMemshellFromZero-Recurrence

  View on GitHub
  基于W01fh4cker大佬的LearnJavaMemshellFromZero从零掌握java内存马的复现重组版本。
  ☆93Jul 7, 2025Updated 9 months ago
• burpheart / koko-moni

  View on GitHub
  一个基于网络空间搜索引擎的攻击面管理平台，可定时进行资产信息爬取，及时发现新增资产，本项目聚合了 Fofa、Hunter、Quake、Zoomeye 和 Threatbook 的数据源，并对获取到的数据进行去重与清洗
  ☆460Apr 19, 2023Updated 2 years ago
• Y4Sec-Team / mysql-jdbc-tricks

  View on GitHub
  JDBC Attack Tricks
  ☆154Sep 3, 2023Updated 2 years ago
• wjlin0 / riverPass

  View on GitHub
  riverPass 是一个用Go编写的瑞数WAF绕过工具。它利用了WebSocket协议，将请求发送的自身浏览器中，从而绕过了瑞数WAF的检测。
  ☆234Oct 18, 2024Updated last year
• Ed1s0nZ / PrivHunterAI

  View on GitHub
  一款通过被动代理方式，利用主流 AI（如 Kimi、DeepSeek、GPT 等）检测越权漏洞的工具。其核心检测功能依托相关 AI 引擎的开放 API 构建，支持 HTTPS 协议的数据传输与交互。
  ☆377Jun 7, 2025Updated 10 months ago
• ssssdl / fastjsonChecker

  View on GitHub
  burp手工检测fastjson辅助
  ☆87Mar 4, 2024Updated 2 years ago