Alternatives and similar repositories for javaweb-sec

Users that are interested in javaweb-sec are comparing it to the libraries listed below

• langligelang / maobugs
  java 漏洞平台包含各种CVE
  ☆23Updated 3 years ago
• AMJIYU / javaweb-sec
  攻击Java Web应用-[Java Web安全]
  ☆78Updated 5 years ago
• lalajun / RMIDeserialize
  RMI 反序列化环境 一步步
  ☆212Updated 4 years ago
• fengupupup / RocB
  鹏 RocB - Java代码审计IDEA插件 SAST
  ☆150Updated 3 years ago
• mtxiaowangzi / CAFJE
  又一个Java Web代码审计工具
  ☆100Updated 7 years ago
• threedr3am / log-agent
  利用agent hock指定的class，在jar运行周期内，用于跟踪被执行的方法，辅助做一些事情，比如挖洞啊
  ☆126Updated 5 years ago
• l3yx / javaDeserializeNotes
  Java反序列化漏洞学习笔记
  ☆16Updated 5 years ago
• iSafeBlue / fastjson-autotype-bypass-demo
  fastjson 1.2.68 版本 autotype bypass
  ☆141Updated 3 years ago
• threedr3am / ysoserial
  A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.优化了一些东西。
  ☆215Updated 3 years ago
• feihong-cs / JspMaster-Deprecated
  一款基于webshell命令执行功能实现的GUI webshell管理工具，支持流量加密
  ☆217Updated 4 years ago
• Y4er / fastjson-bypass-autotype-1.2.68
  fastjson bypass autotype 1.2.68 with Throwable and AutoCloseable.
  ☆226Updated 2 years ago
• potats0 / javaSerializationTools
  ☆142Updated 4 years ago
• p1g3 / Fastjson-Scanner
  a burp extension to find where use fastjson
  ☆165Updated 5 years ago
• yzddmr6 / JspForAntSword
  中国蚁剑JSP一句话Payload
  ☆121Updated 4 years ago
• Mochazz / Struts2-Vuln
  关于Struts2框架的历史漏洞个人分析文章
  ☆54Updated 5 years ago
• sa1tor / dnslog
  a dnslog platform with tornado, less code.
  ☆23Updated 5 years ago
• 0x9f99 / Recon
  自动化护网/SRC致富脚本
  ☆82Updated 4 years ago
• kingkaki / ysoserial
  A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
  ☆102Updated 5 years ago
• longofo / rmi-jndi-ldap-jrmp-jmx-jms
  rmi、jndi、ldap、jrmp、jmx、jms一些demo测试
  ☆309Updated 3 years ago
• Artemis1029 / Java_xmlhack
  帮助java环境下任意文件下载情况自动化读取源码的小工具
  ☆166Updated 6 years ago
• boundaryx / cloudrasp-log4j2
  一个针对防御 log4j2 CVE-2021-44228 漏洞的 RASP 工具。 A Runtime Application Self-Protection module specifically designed for log4j2 RCE (CVE-2021-442…
  ☆123Updated 3 years ago
• Afant1 / JavaSearchTools
  ☆61Updated 4 years ago
• bigsizeme / shiro-check
  Shiro反序列化回显利用、内存shell、检查 Burp插件
  ☆217Updated 2 years ago
• langligelang / CAS_EXP
  CAS 硬编码 远程代码执行漏洞
  ☆126Updated 4 years ago
• Y4er / javaagent-tomcat-memshell
  使用java agent反序列化注入内存shell
  ☆68Updated 4 years ago
• Maskhe / vuls
  收集整理一些漏洞，利用方法，poc等等，方便快速查阅
  ☆59Updated 4 years ago
• TheKingOfDuck / paramFuzzer
  一款高效的参数fuzz工具|A faster param fuzzing test tool
  ☆102Updated 4 years ago
• flowerwind / JspFinder
  一款通过污点追踪发现Jsp webshell的工具(A tool to find Jsp Webshell through stain tracking)
  ☆178Updated 3 years ago
• Ramos-dev / OSSTunnel
  基于亚马逊S3\阿里云OSS\腾讯COS通信隧道的远程管理工具
  ☆325Updated 4 years ago
• Litch1-v / ysoserial
  A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
  ☆182Updated 4 years ago