打CTF实在厌倦了找利用链,就知道一个fastjson的版本,一堆依赖找啊找,头都疼。为了解决这个烦恼,用了卓卓师傅的fastjson黑名单工具和库,自己改造了一下。
☆32Jan 3, 2020Updated 6 years ago
Alternatives and similar repositories for fastjson-blacklist
Users that are interested in fastjson-blacklist are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- solution to buggyLoader of 0CTF/TCTF 2021 Finals☆20Sep 27, 2021Updated 4 years ago
- Code go audit tool with ai☆23Jan 13, 2025Updated last year
- 个人用于在自动化挖掘gadget时,方便查找gadget chains中class所在jar包,以助于便捷审计测试gadget有效性的那么一个小工具。☆60Mar 25, 2020Updated 6 years ago
- Writeup and environment for XCTF2021Final-Dubbo☆44May 31, 2021Updated 4 years ago
- 利用agent hock指定的class,在jar运行周期内,用于跟踪被执行的方法,辅助做一些事情,比如挖洞啊☆125Jul 17, 2020Updated 5 years ago
- Proton VPN Special Offer - Get 70% off • AdSpecial partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
- 简单实现的 Java RASP☆35Oct 14, 2020Updated 5 years ago
- ☆12Nov 16, 2020Updated 5 years ago
- Java agent without file 无文件的Java agent☆82Apr 7, 2022Updated 3 years ago
- Java version of Tomcat-AJP-EXP, for practice☆42Oct 13, 2020Updated 5 years ago
- Java After-Deserialization Attack☆79Apr 26, 2021Updated 4 years ago
- 通过Web获取访客机器的hostname字段内容。☆65Oct 19, 2021Updated 4 years ago
- SUCTF iCloudMusic 源码及writeup☆10Oct 12, 2022Updated 3 years ago
- ☆72Mar 26, 2022Updated 4 years ago
- 护网杯 2018 WEB (4) easy_laravel☆12Aug 22, 2019Updated 6 years ago
- GPU virtual machines on DigitalOcean Gradient AI • AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- 快速切换公司,家里,机房,客户公司等各种场景ip设置☆37Dec 15, 2017Updated 8 years ago
- WALA 学习笔记☆14Aug 8, 2023Updated 2 years ago
- A simple JavaScript beautify tool☆28May 3, 2021Updated 4 years ago
- 炭火,渗透测试全流程工具☆24Sep 1, 2025Updated 6 months ago
- Fastjson Poc for 1.2.33~1.2.36 with bcel☆11Oct 27, 2020Updated 5 years ago
- 一个利用ASM对字节码进行污点传播分析的静态代码审计应用(添加了大量代码注释,适合大家进行源码学习)。也加入了挖掘Fastjson反序列化gadget chains和SQLInject(JdbcTemplate、MyBatis、JPA、Hibernate、原生jdbc等)静…☆458Mar 24, 2022Updated 4 years ago
- 利用链、漏洞检测工具☆374Jul 31, 2024Updated last year
- [WIP] a simple UI for Vulhub☆16Jun 10, 2021Updated 4 years ago
- spring boot Fat Jar 任意写文件漏洞到稳定 RCE 利用技巧☆753Apr 14, 2021Updated 4 years ago
- NordVPN Special Discount Offer • AdSave on top-rated NordVPN 1 or 2-year plans with secure browsing, privacy protection, and support for for all major platforms.
- Learning JAVA for Security☆34Jun 9, 2022Updated 3 years ago
- 通过正则搜索、批量反编译特定Jar包中的class名称☆321Dec 9, 2021Updated 4 years ago
- 这个工具只是临时名称,我称他为端口隧道技术,解决隔离内网上线问题。☆78May 31, 2022Updated 3 years ago
- Java漏洞分析汇合☆142Dec 14, 2021Updated 4 years ago
- Java漏洞调试分析集合☆91Mar 11, 2024Updated 2 years ago
- Shiro_721 exp 纯手工实现Padding Oracle整个过程☆67Nov 20, 2019Updated 6 years ago
- fastjson_rce工具,不用搭建HTTP服务,不受JDK版本限制☆10Nov 25, 2019Updated 6 years ago
- 一个定制自己渗透测试的python框架☆14Jun 10, 2021Updated 4 years ago
- 是一些比赛中的好题,加上自己出的一些。。。☆43Jul 10, 2022Updated 3 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
- ☆55Dec 29, 2021Updated 4 years ago
- ☆34Sep 19, 2022Updated 3 years ago
- java memory web shell extracting tool☆496May 17, 2021Updated 4 years ago
- Several XStream gadgets ported from ysoserial☆33Sep 26, 2021Updated 4 years ago
- ☆131Jun 17, 2022Updated 3 years ago
- dubbo快速利用exp,基本上老版本覆盖100%。☆161Jun 30, 2025Updated 8 months ago
- 基于BurpShiroPassiveScan修改增加了Xray回显链生成☆56Sep 6, 2022Updated 3 years ago