threedr3am / gadgetinspector

一个利用ASM对字节码进行污点传播分析的静态代码审计应用（添加了大量代码注释，适合大家进行源码学习）。也加入了挖掘Fastjson反序列化gadget chains和SQLInject（JdbcTemplate、MyBatis、JPA、Hibernate、原生jdbc等）静态检测功能。并且加入了很多功能以方便进行漏洞自动化挖掘。

☆446

Alternatives and similar repositories for gadgetinspector:

Users that are interested in gadgetinspector are comparing it to the libraries listed below

5wimming / gadgetinspector
利用链、漏洞检测工具
☆367Updated 5 months ago
c0ny1 / java-object-searcher
java内存对象搜索辅助工具
☆797Updated 2 years ago
zema1 / ysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
☆352Updated 2 years ago
jweny / MemShellDemo
内存马Demo合集 memshell demo for java / php / python
☆407Updated 3 years ago
threedr3am / ZhouYu
（周瑜）Java - SpringBoot 持久化 WebShell 学习demo（不仅仅是SpringBoot，适合任何符合JavaEE规范的服务）
☆590Updated 3 years ago
ice-doom / codeql_compile
自动反编译闭源应用，创建codeql数据库
☆298Updated 2 years ago
firstC99 / fastjson-1.2.47-RCE
Fastjson <= 1.2.47 远程命令执行漏洞利用工具及方法
☆402Updated last week
SPuerBRead / Bridge
无回显漏洞测试辅助平台，平台使用Java编写，提供DNSLOG，HTTPLOG等功能，辅助渗透测试过程中无回显漏洞及SSRF等漏洞的验证和利用。
☆383Updated last year
DragonGrowlTeam / Address
☆212Updated 4 months ago
threedr3am / ysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.优化了一些东西。
☆215Updated 3 years ago
longofo / rmi-jndi-ldap-jrmp-jmx-jms
rmi、jndi、ldap、jrmp、jmx、jms一些demo测试
☆306Updated 2 years ago
waderwu / extractor-java
CodeQL extractor for java, which don't need to compile java source
☆333Updated 2 years ago
LandGrey / spring-boot-upload-file-lead-to-rce-tricks
spring boot Fat Jar 任意写文件漏洞到稳定 RCE 利用技巧
☆693Updated 3 years ago
firebroo / sec_tools
☆235Updated 5 years ago
Firebasky / CodeqlLearn
记录学习codeql的过程
☆368Updated last year
jiangsir404 / POC-S
POC-T强化版本 POC-S , 用于红蓝对抗中快速验证Web应用漏洞，对功能进行强化以及脚本进行分类添加，自带dnslog等, 平台补充来自vulhub靶机及其他开源项目的高可用POC
☆359Updated 4 years ago
bit4woo / burp-api-drops
burp插件开发指南
☆611Updated 3 years ago
Litch1-v / ysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
☆181Updated 3 years ago
Y4er / WebLogic-Shiro-shell
WebLogic利用CVE-2020-2883打Shiro rememberMe反序列化漏洞，一键注册蚁剑filter内存shell
☆531Updated 4 years ago
ggg4566 / SQLEXP
SQL 注入利用工具，存在waf的情况下自定义编写tamper脚本 dump数据
☆283Updated 4 years ago
r35tart / RedisWriteFile
通过 Redis 主从写出无损文件
☆703Updated 4 years ago
l4yn3 / micro_service_seclab
Java漏洞靶场
☆331Updated last year
gyyyy / footprint
个人笔记
☆214Updated 4 years ago
woodpecker-framework / ysoserial-for-woodpecker
给woodpecker框架量身定制的ysoserial
☆547Updated 2 years ago
lalajun / RMIDeserialize
RMI 反序列化环境一步步
☆212Updated 4 years ago
potats0 / shiroPoc
☆320Updated 3 years ago
zema1 / yarx
An awesome reverse engine for xray poc. | 一个自动化根据 xray poc 生成对应靶站的工具
☆411Updated last year
xhycccc / Struts2-Vuln-Demo
Struts2漏洞实例源码
☆205Updated 4 years ago
LandGrey / copagent
java memory web shell extracting tool
☆421Updated 3 years ago
Wker666 / wJa
java decompile audit tools
☆222Updated 2 years ago