luelueking/CVE-2022-25845-In-Spring external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

luelueking/CVE-2022-25845-In-Spring

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/luelueking/CVE-2022-25845-In-Spring)

Close

luelueking / CVE-2022-25845-In-SpringView on GitHubMore

• External links
• Readme badge

CVE-2022-25845(fastjson1.2.80) exploit in Spring Env!

☆109Nov 7, 2024Updated last year

Alternatives and similar repositories for CVE-2022-25845-In-Spring

Users that are interested in CVE-2022-25845-In-Spring are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• luelueking / Deserial_Sink_With_JDBC

  View on GitHub
  Some ReadObject Sink With JDBC
  ☆245May 8, 2024Updated 2 years ago
• yulate / jdbc-tricks

  View on GitHub
  《深入JDBC安全：特殊URL构造与不出网反序列化利用技术揭秘》对应研究总结项目 "Deep Dive into JDBC Security: Special URL Construction and Non-Networked Deserialization Explo…
  ☆590Feb 7, 2026Updated 4 months ago
• c0ny1 / ascii-jar

  View on GitHub
  构造字节在ASCII范围内的jar
  ☆142Feb 14, 2022Updated 4 years ago
• datouo / CTF-Java-Gadget

  View on GitHub
  CTF-Java-Gadget专注于收集CTF中Java赛题的反序列化片段
  ☆288Dec 13, 2024Updated last year
• yzddmr6 / Java-Js-Engine-Payloads

  View on GitHub
  Java Js Engine Payloads All in one
  ☆292Aug 21, 2023Updated 2 years ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• cwkiller / JDBC-PROXY-Bypass

  View on GitHub
  利用代理驱动绕过JDBC Attack检测
  ☆145Jun 15, 2025Updated 11 months ago
• X1r0z / JNDIMap

  View on GitHub
  A powerful JNDI injection exploitation framework that supports RMI, LDAP and LDAPS protocols, including various bypass methods for high-v…
  ☆585May 4, 2026Updated last month
• ReaJason / MemShellParty

  View on GitHub
  一款专注于 Java 主流 Web 中间件的内存马快速生成工具，致力于简化安全研究人员和红队成员的工作流程，提升攻防效率
  ☆1,501May 30, 2026Updated last week
• l3yx / Java-RASP-Research-Env

  View on GitHub
  之前方便自己研究RASP原理和绕过时顺手写的，用于快速启动和重置RASP环境
  ☆72Oct 13, 2024Updated last year
• Whoopsunix / JavaRce

  View on GitHub
  Common Exploitation Techniques for Java RCE Vulnerabilities in Real-World Scenarios | 实战场景较通用的 Java Rce 相关漏洞的利用方式
  ☆550Mar 6, 2025Updated last year
• kyo-w / router-router

  View on GitHub
  Java web路由内存分析工具
  ☆439May 22, 2025Updated last year
• luelueking / Bypass_JVM_Verifier

  View on GitHub
  Bypass JVM Class ByteCode Verifier , 对抗反编译器
  ☆116Sep 21, 2023Updated 2 years ago
• su18 / JDBC-Attack

  View on GitHub
  JDBC Connection URL Attack
  ☆451Sep 10, 2021Updated 4 years ago
• RuoJi6 / xxl-job-FLM

  View on GitHub
  xxl-job内存马
  ☆232Jan 26, 2025Updated last year
• GPU virtual machines on DigitalOcean Gradient AI • Ad
  Get to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
• cwkiller / ClassLinefix

  View on GitHub
  Java bytecode line number restoration tool
  ☆144Aug 31, 2025Updated 9 months ago
• Phelaine / SinkFinder

  View on GitHub
  闭源系统半自动漏洞挖掘工具，针对 jar/war/zip 进行静态代码分析，输出从source到sink的可达路径。LLM将验证路径可达性，并根据上下文给出该路径可信分数
  ☆508Jan 12, 2026Updated 4 months ago
• Hutt0n0 / ActiveMqRCE

  View on GitHub
  用java实现构造openwire协议，利用activeMQ < 5.18.3 RCE 回显利用 内存马注入
  ☆290Nov 20, 2023Updated 2 years ago
• Lotus6 / ConfluenceMemshell

  View on GitHub
  Confluence CVE 2021，2022，2023 利用工具，支持命令执行，哥斯拉，冰蝎 内存马注入
  ☆558Feb 1, 2024Updated 2 years ago
• 4ra1n / class-obf

  View on GitHub
  一个 CLASS 文件混淆工具，支持方法字段参数名引用分析和重命名混淆，支持字符串提取/AES加密运行时解密/整型异或混淆/垃圾代码花指令混淆/错误注解崩溃/特殊字符迷惑用户/反编译器对抗/方法和字段的隐藏等，配置简单，容易上手
  ☆323Jan 26, 2026Updated 4 months ago
• unam4 / java_gadget_flow

  View on GitHub
  一些总结出来的gadget的flow，后续合适和加入新的flow
  ☆69Dec 6, 2025Updated 6 months ago
• achuna33 / Memoryshell-JavaALL

  View on GitHub
  收集内存马打入方式
  ☆508May 20, 2022Updated 4 years ago
• novysodope / javaeasyscan

  View on GitHub
  javaeasyscanner - 富婆系列，代码审计辅助工具，致力于解放大脑，方便双手
  ☆277Jun 18, 2024Updated last year
• BeichenDream / GodzillaMemoryShellProject

  View on GitHub
  ☆312Feb 27, 2025Updated last year
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• Whoopsunix / PPPYSO

  View on GitHub
  proof-of-concept for generating Java deserialization payload | Proxy MemShell
  ☆226Jun 8, 2024Updated 2 years ago
• LandGrey / spring-boot-upload-file-lead-to-rce-tricks

  View on GitHub
  spring boot Fat Jar 任意写文件漏洞到稳定 RCE 利用技巧
  ☆757Apr 14, 2021Updated 5 years ago
• SpringKill-team / CodeAuditAssistant

  View on GitHub
  🔍 CodeAuditAssistant - JetBrains Code Audit Plugin (Beta) ⚡ Deep Call-Chain Tracking | 🚀 Method/Class Search | 🔥 Prebuilt Vuln Sink…
  ☆784Mar 14, 2026Updated 2 months ago
• pen4uin / java-echo-generator

  View on GitHub
  一款支持自定义的 Java 回显载荷生成工具｜A customizable Java echo payload generation tool.
  ☆464Jan 12, 2025Updated last year
• wa1ki0g / NoAuth

  View on GitHub
  java-web 自动化鉴权绕过
  ☆381Apr 3, 2025Updated last year
• YYHYlh / Dubbo-Scan

  View on GitHub
  一款让你不只在dubbo-sample、vulhub或者其他测试环境里检测和利用成功的Apache Dubbo 漏洞检测工具。
  ☆172Aug 9, 2023Updated 2 years ago
• Ape1ron / SpringAopInDeserializationDemo1

  View on GitHub
  在spring-aop中新发现的反序列化gadget-chain
  ☆52Jan 12, 2025Updated last year
• vulhub / java-chains

  View on GitHub
  Java Vulnerability Exploitation Platform
  ☆2,077Apr 29, 2026Updated last month
• Chave0v0 / API-Highlighter

  View on GitHub
  API Highlighter 是一个用于 BurpSuite 的插件，主要用于 web 应用迭代安全测试时高亮指定的新增接口，该插件最初用 Python 编写，现重构为 Java 版本。
  ☆43Feb 19, 2025Updated last year
• Proton VPN Special Offer - Get 70% off • Ad
  Special partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
• wjlin0 / riverPass

  View on GitHub
  riverPass 是一个用Go编写的瑞数WAF绕过工具。它利用了WebSocket协议，将请求发送的自身浏览器中，从而绕过了瑞数WAF的检测。
  ☆234Oct 18, 2024Updated last year
• rzte / agentcrack

  View on GitHub
  不那么一样的 Java Agent 内存马
  ☆288Nov 27, 2023Updated 2 years ago
• pen4uin / java-memshell-generator

  View on GitHub
  一款支持自定义的 Java 内存马生成工具｜A customizable Java in-memory webshell generation tool.
  ☆2,207Aug 21, 2025Updated 9 months ago
• lintstar / CS-AutoPostChain

  View on GitHub
  基于 OPSEC 的 CobaltStrike 后渗透自动化链
  ☆452Mar 11, 2024Updated 2 years ago
• flowerwind / AutoGenerateXalanPayload

  View on GitHub
  cve-2022-34169 延伸出的Jdk Xalan的payload自动生成工具，可根据不同的Jdk生成出其所对应的xslt文件
  ☆94Jan 17, 2023Updated 3 years ago
• Lotus6 / JavaGadgetGenerator

  View on GitHub
  JavaGadgetGenerator 工具，支持 ysoserial，Hessian，字节码，Expr/SSTI，Shiro，JDBC 等 Gadget 生成，封装，混淆，出网延迟探测，内存马注入等...
  ☆571Apr 3, 2026Updated 2 months ago
• whocansee / FilelessAgentMemShell

  View on GitHub
  无需文件落地Agent内存马生成器
  ☆250May 30, 2024Updated 2 years ago