l3yx / javaDeserializeNotesLinks

Java反序列化漏洞学习笔记

☆16

Alternatives and similar repositories for javaDeserializeNotes

Users that are interested in javaDeserializeNotes are comparing it to the libraries listed below

Sorting:

lalajun / RMIDeserialize
RMI 反序列化环境一步步
☆213Updated 5 years ago
fengupupup / RocB
鹏 RocB - Java代码审计IDEA插件 SAST
☆150Updated 3 years ago
testtttter / ACAF
Auto Code Audit Framework for Java
☆96Updated 3 years ago
threedr3am / fastjson-blacklist
打CTF实在厌倦了找利用链，就知道一个fastjson的版本，一堆依赖找啊找，头都疼。为了解决这个烦恼，用了卓卓师傅的fastjson黑名单工具和库，自己改造了一下。
☆32Updated 5 years ago
potats0 / javaSerializationTools
☆142Updated 4 years ago
LFYSec / ActuatorExploit
SpringBoot Actuator未授权自动化利用，支持信息泄漏/RCE
☆231Updated 4 years ago
Y4er / fastjson-bypass-autotype-1.2.68
fastjson bypass autotype 1.2.68 with Throwable and AutoCloseable.
☆227Updated 2 years ago
iSafeBlue / fastjson-autotype-bypass-demo
fastjson 1.2.68 版本 autotype bypass
☆141Updated 3 years ago
su18 / rasp-vuln
当死去的记忆突然开始攻击我，我终于想起了我还写过一款十分十分垃圾的 rasp 靶场。
☆78Updated 3 years ago
flowerwind / JspFinder
一款通过污点追踪发现Jsp webshell的工具(A tool to find Jsp Webshell through stain tracking)
☆178Updated 3 years ago
ccdr4gon / Dr4gonSword
☆97Updated last year
Mochazz / Struts2-Vuln
关于Struts2框架的历史漏洞个人分析文章
☆54Updated 5 years ago
kingkaki / ysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
☆102Updated 5 years ago
Afant1 / JavaSearchTools
☆61Updated 4 years ago
keven1z / weblogic_memshell
适用于weblogic和Tomcat的无文件的内存马(memshell)
☆270Updated 3 years ago
kingkaki / Struts2-Vulenv
struts2 漏洞环境源代码
☆75Updated 3 years ago
Bywalks / OnTimeHacker
爬取各大SRC当日公告 | 通过微信通知的小工具 | 赏金工具
☆101Updated 3 years ago
threedr3am / log-agent
利用agent hock指定的class，在jar运行周期内，用于跟踪被执行的方法，辅助做一些事情，比如挖洞啊
☆126Updated 5 years ago
longofo / PaddingOracleAttack-Shiro-721
Shiro-721 Padding Oracle Attack
☆73Updated 4 years ago
KpLi0rn / ysoserial
在原有yso基础上实现依赖分离，内存马注入等功能。A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
☆68Updated 3 years ago
xhycccc / Shiro-Vuln-Demo
Shiro漏洞实例源码
☆26Updated 4 years ago
langligelang / CAS_EXP
CAS 硬编码远程代码执行漏洞
☆126Updated 4 years ago
KpLi0rn / ShiroVulnEnv
Shiro内存马注入环境
☆60Updated 4 years ago
R17a-17 / JavaVulnSummary
Java漏洞分析汇合
☆142Updated 3 years ago
Conanjun / passive-scan-client-and-sendto
burp被动扫描自动转发和手动重发插件
☆51Updated 5 years ago
Y4er / yaml-payload
Spring Cloud SnakeYAML 反序列化一键注入cmdshell和reGeorg
☆135Updated 4 years ago
vulhub / Apereo-CAS-Attack
WIP: Demo for Attacking Apereo CAS
☆94Updated 5 years ago
Y4er / javaagent-tomcat-memshell
使用java agent反序列化注入内存shell
☆68Updated 4 years ago
boundaryx / cloudrasp-log4j2
一个针对防御 log4j2 CVE-2021-44228 漏洞的 RASP 工具。 A Runtime Application Self-Protection module specifically designed for log4j2 RCE (CVE-2021-442…
☆123Updated 3 years ago
longofo / Apache-Dubbo-Hessian2-CVE-2021-43297
Apache Dubbo Hessian2 CVE-2021-43297 demo
☆46Updated 3 years ago