lokerxx/JavaVul external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

lokerxx/JavaVul

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/lokerxx/JavaVul)

Close

lokerxx / JavaVulView on GitHubMore

• External links
• Readme badge

JAVA 安全靶场，IAST 测试用例，JAVA漏洞复现，代码审计，SAST测试用例，安全扫描（主动和被动），JAVA漏洞靶场，RASP测试用例 ； Java Security Testbed, IAST Test Cases, Java Vulnerability Reproduction, Code Auditing, SAST Test Cases, Security Scanning (Active and Passive), Java Vulnerability Testbed, RASP Test Cases

☆284Apr 29, 2026Updated this week

Alternatives and similar repositories for JavaVul

Users that are interested in JavaVul are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• Whoopsunix / JavaRce

  View on GitHub
  Common Exploitation Techniques for Java RCE Vulnerabilities in Real-World Scenarios | 实战场景较通用的 Java Rce 相关漏洞的利用方式
  ☆546Mar 6, 2025Updated last year
• suizhibo / MemShellGene

  View on GitHub
  一款Java内存马生成、测试工具，搭配@ax1sX的MemShell食用。
  ☆264Feb 15, 2026Updated 2 months ago
• Lotus6 / ConfluenceMemshell

  View on GitHub
  Confluence CVE 2021，2022，2023 利用工具，支持命令执行，哥斯拉，冰蝎 内存马注入
  ☆556Feb 1, 2024Updated 2 years ago
• pen4uin / java-echo-generator

  View on GitHub
  一款支持自定义的 Java 回显载荷生成工具｜A customizable Java echo payload generation tool.
  ☆462Jan 12, 2025Updated last year
• K-7H7l / Jeecg_Tools

  View on GitHub
  本工具为jeecg框架漏洞利用工具非jeecg-boot！
  ☆183Aug 13, 2024Updated last year
• Simple, predictable pricing with DigitalOcean hosting • Ad
  Always know what you'll pay with monthly caps and flat pricing. Enterprise-grade infrastructure trusted by 600k+ customers.
• novysodope / javaeasyscan

  View on GitHub
  javaeasyscanner - 富婆系列，代码审计辅助工具，致力于解放大脑，方便双手
  ☆277Jun 18, 2024Updated last year
• BambiZombie / FrchannelPlus

  View on GitHub
  帆软bi反序列化漏洞利用工具
  ☆192Mar 23, 2024Updated 2 years ago
• whgojp / JavaSecLab

  View on GitHub
  JavaSecLab is a comprehensive Java vulnerability platform｜​ JavaSecLab是一款综合型Java漏洞平台，提供相关漏洞缺陷代码、修复代码、漏洞场景、审计SINK点、安全编码规范，覆盖多种漏洞场景，友好用户交互U…
  ☆837Mar 23, 2025Updated last year
• X1r0z / JNDIMap

  View on GitHub
  A powerful JNDI injection exploitation framework that supports RMI, LDAP and LDAPS protocols, including various bypass methods for high-v…
  ☆581Feb 4, 2026Updated 2 months ago
• for-A1kaid / CodeAudit

  View on GitHub
  记录一些代码审计过的源码
  ☆182Feb 26, 2025Updated last year
• whocansee / FilelessAgentMemShell

  View on GitHub
  无需文件落地Agent内存马生成器
  ☆250May 30, 2024Updated last year
• bmth666 / Yongyou-Unserialize-plus

  View on GitHub
  用友的一些反序列化链子以及1day，二开了狼组的YongYouNcTool，改了一下逻辑以及poc
  ☆126Oct 12, 2024Updated last year
• suizhibo / MemShellKiller

  View on GitHub
  基于Agent技术实现的Java内存马查杀、防护工具。
  ☆93Jul 25, 2024Updated last year
• Lotus6 / JavaGadgetGenerator

  View on GitHub
  JavaGadgetGenerator 工具，支持 ysoserial，Hessian，字节码，Expr/SSTI，Shiro，JDBC 等 Gadget 生成，封装，混淆，出网延迟探测，内存马注入等...
  ☆563Apr 3, 2026Updated 3 weeks ago
• Virtual machines for every use case on DigitalOcean • Ad
  Get dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
• ssssdl / fastjsonChecker

  View on GitHub
  burp手工检测fastjson辅助
  ☆87Mar 4, 2024Updated 2 years ago
• wa1ki0g / NoAuth

  View on GitHub
  java-web 自动化鉴权绕过
  ☆380Apr 3, 2025Updated last year
• lintstar / CS-AutoPostChain

  View on GitHub
  基于 OPSEC 的 CobaltStrike 后渗透自动化链
  ☆453Mar 11, 2024Updated 2 years ago
• MInggongK / jeecg-

  View on GitHub
  jeecg综合漏洞利用工具
  ☆436Aug 30, 2024Updated last year
• lemono0 / FastJsonParty

  View on GitHub
  FastJson全版本Docker漏洞环境(涵盖1.2.47/1.2.68/1.2.80等版本)，主要包括JNDI注入及高版本绕过、waf绕过、文件读写、原生反序列化、利用链探测绕过、不出网利用等。从黑盒的角度覆盖FastJson深入利用
  ☆1,205Jul 12, 2024Updated last year
• l3yx / jdwp-codeifier

  View on GitHub
  基于 jdwp-shellifier 的进阶JDWP漏洞利用脚本（动态执行Java/Js代码并获得回显）
  ☆324Dec 22, 2024Updated last year
• Chanzi-keji / chanzi

  View on GitHub
  "chanzi" is a simple and user-friendly JAVA SAST tool that utilizes taint analysis technology, includes built-in common vulnerability ru…
  ☆487Feb 1, 2026Updated 2 months ago
• wgpsec / lc

  View on GitHub
  LC（List Cloud）是一个多云攻击面资产梳理工具
  ☆641Oct 6, 2024Updated last year
• KimJun1010 / inspector

  View on GitHub
  IDEA代码审计辅助插件（深信服深蓝实验室天威战队强力驱动）
  ☆584Mar 10, 2025Updated last year
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• ax1sX / SecurityList

  View on GitHub
  A list for Web Security and Code Audit
  ☆1,230Dec 3, 2024Updated last year
• ReaJason / MemShellParty

  View on GitHub
  一款专注于 Java 主流 Web 中间件的内存马快速生成工具，致力于简化安全研究人员和红队成员的工作流程，提升攻防效率
  ☆1,434Updated this week
• Zjackky / CodeScan

  View on GitHub
  一款轻量级匹配Sink点的代码审计扫描器，为了帮助红队过程中快速代码审计的小工具
  ☆408Oct 6, 2024Updated last year
• Bl0omZ / JNDIEXP

  View on GitHub
  JNDI在java高版本的利用工具,FUZZ利用链
  ☆602Oct 8, 2022Updated 3 years ago
• xsshim / GzWebsocket

  View on GitHub
  哥斯拉webshell管理工具的插件，用于连接websocket型webshell
  ☆183Apr 17, 2024Updated 2 years ago
• yulate / jdbc-tricks

  View on GitHub
  《深入JDBC安全：特殊URL构造与不出网反序列化利用技术揭秘》对应研究总结项目 "Deep Dive into JDBC Security: Special URL Construction and Non-Networked Deserialization Explo…
  ☆578Feb 7, 2026Updated 2 months ago
• javaweb-rasp / javaweb-vuln

  View on GitHub
  RASP测试靶场
  ☆193Dec 22, 2022Updated 3 years ago
• j3ers3 / Hello-Java-Sec

  View on GitHub
  ☕️ Java Security，安全编码和代码审计
  ☆1,749Mar 7, 2025Updated last year
• veo / vagent

  View on GitHub
  多功能 java agent 内存马
  ☆525Oct 8, 2023Updated 2 years ago
• End-to-end encrypted email - Proton Mail • Ad
  Special offer: 40% Off Yearly / 80% Off First Month. All Proton services are open source and independently audited for security.
• savior-only / Spring_All_Reachable

  View on GitHub
  Spring漏洞综合利用工具
  ☆675Jul 5, 2023Updated 2 years ago
• yuxianzi / FrchannelPlus

  View on GitHub
  帆软bi反序列化漏洞利用工具
  ☆56Jun 4, 2024Updated last year
• kyo-w / router-router

  View on GitHub
  Java web路由内存分析工具
  ☆439May 22, 2025Updated 11 months ago
• vulhub / java-chains

  View on GitHub
  Java Vulnerability Exploitation Platform
  ☆2,036Apr 10, 2026Updated 2 weeks ago
• tangxiaofeng7 / SecExample

  View on GitHub
  JAVA 漏洞靶场 (Vulnerability Environment For Java)
  ☆482Jul 15, 2021Updated 4 years ago
• W01fh4cker / LearnFastjsonVulnFromZero-Improvement

  View on GitHub
  【两万字原创】零基础学fastjson漏洞（提高篇），公众号：追梦信安
  ☆212Dec 7, 2023Updated 2 years ago
• cckuailong / JNDI-Injection-Exploit-Plus

  View on GitHub
  80+ Gadgets(30 More than ysoserial). JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and provide background serv…
  ☆874Jun 24, 2024Updated last year