Spel-research
☆26Jun 21, 2022Updated 3 years ago
Alternatives and similar repositories for Spel-research
Users that are interested in Spel-research are comparing it to the libraries listed below
Sorting:
- Memory Webshell for Spring Web - 适用于 Spring Web 的内存马☆25Jan 18, 2024Updated 2 years ago
- ☆17Apr 7, 2022Updated 3 years ago
- 配合 CVE-2023-22515 后台上传jar包实现RCE☆23Nov 9, 2023Updated 2 years ago
- ☆18Nov 23, 2023Updated 2 years ago
- woodpecker插件生成hessian利用payload☆20Sep 19, 2023Updated 2 years ago
- 基于BurpShiroPassiveScan修改增加了Xray回显链生成☆56Sep 6, 2022Updated 3 years ago
- 如何将Java反序列化Payload极致缩小☆69Jan 18, 2022Updated 4 years ago
- A list for Spring Security☆128Jan 16, 2024Updated 2 years ago
- JavaAgent内存马实现、检测、修复demo☆11Dec 7, 2022Updated 3 years ago
- 在原版nps的基础上,增加了nps探测,以及对应的利用方式(如获取cookie,页面等),进行一些简单的二开。未经过大量测试,可能存在bug。☆21Aug 5, 2025Updated 7 months ago
- ☆10Jul 21, 2022Updated 3 years ago
- java 内存马系列 实现(Servlets 、组件、Agent)☆10Mar 7, 2022Updated 4 years ago
- Netty/WebFlux 内存马☆26Nov 19, 2023Updated 2 years ago
- Yapi mock script RCE another version. Webshell way. 另一种 Webshell 方式的 Yapi 命令执行的方法 相比于其他的利用方式 更加微操和可控 影响更小☆66Jul 4, 2024Updated last year
- 在原有yso基础上实现依赖分离,内存马注入等功能。A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.☆68Sep 14, 2021Updated 4 years ago
- Java web路由内存分析工具☆438May 22, 2025Updated 9 months ago
- burp被动插件扫反射xss☆14Nov 29, 2023Updated 2 years ago
- ☆15Dec 1, 2023Updated 2 years ago
- ☆55Dec 29, 2021Updated 4 years ago
- ☆31Dec 6, 2024Updated last year
- JDBC Attack Tricks☆154Sep 3, 2023Updated 2 years ago
- OpenFire 管理后台账号密码解密☆30Dec 15, 2020Updated 5 years ago
- Spring内存马检测和隐形马研究☆13Nov 28, 2021Updated 4 years ago
- Several XStream gadgets ported from ysoserial☆33Sep 26, 2021Updated 4 years ago
- CVE-2021-1994、CVE-2021-2047、CVE-2021-2064、CVE-2021-2108、CVE-2021-2075、CVE-2019-17195、CVE-2020-14756、CVE-2021-2109☆12Sep 13, 2021Updated 4 years ago
- 用codeql分析grafana最新任意文件读取☆11Dec 10, 2021Updated 4 years ago
- A project demonstrating an app that is vulnerable to Spring Security authorization bypass CVE-2022-31692☆35Nov 7, 2022Updated 3 years ago
- 针对多个框架的高度自定义的内存马一键打入工具 | A highly customized memory shell one-click injection tool for multiple frameworks☆49Feb 6, 2024Updated 2 years ago
- CVE-2023-22515☆52Nov 10, 2023Updated 2 years ago
- springboot跨线程注入内存马☆123Apr 10, 2022Updated 3 years ago
- Thymeleaf SSTI Bypass☆13Nov 24, 2021Updated 4 years ago
- 专注于JVM的运行时防御系统RASP☆295Jun 14, 2024Updated last year
- anonymous to cluster-admin via Heapdump.☆30Nov 16, 2023Updated 2 years ago
- ☆308Feb 27, 2025Updated last year
- cve-2022-34169 延伸出的Jdk Xalan的payload自动生成工具,可根据不同的Jdk生成出其所对应的xslt文件☆93Jan 17, 2023Updated 3 years ago
- JDBC Connection URL Attack☆441Sep 10, 2021Updated 4 years ago
- java实现反序列化建立socket连接☆60Dec 27, 2024Updated last year
- Nacos JRaft Hessian 反序列化 RCE EXP☆65Jun 13, 2023Updated 2 years ago
- Hessian UTF-8 Overlong Encoding☆21Mar 9, 2024Updated 2 years ago