waderwu / extractor-java

CodeQL extractor for java, which don't need to compile java source

☆322

Related projects ⓘ

Alternatives and complementary repositories for extractor-java

ice-doom / codeql_compile
自动反编译闭源应用，创建codeql数据库
☆298Updated 2 years ago
Firebasky / CodeqlLearn
记录学习codeql的过程
☆363Updated last year
BytecodeDL / ByteCodeDL
A declarative static analysis tool for jvm bytecode based Datalog like CodeQL
☆327Updated 10 months ago
5wimming / gadgetinspector
利用链、漏洞检测工具
☆367Updated 3 months ago
l3yx / Choccy
GitHub项目监控 && CodeQL自动扫描 (GitHub project monitoring && CodeQL automatic analysis)
☆403Updated last week
kyo-w / router-router
Java web路由内存分析工具
☆424Updated this week
wh1t3p1g / tabby-path-finder
A neo4j procedure for tabby
☆116Updated 5 months ago
su18 / JDBC-Attack
JDBC Connection URL Attack
☆390Updated 3 years ago
su18 / hack-fastjson-1.2.80
☆492Updated 2 years ago
Y4er / dotnet-deserialization
dotnet 反序列化学习笔记
☆436Updated last year
ice-doom / CodeQLRule
个人使用CodeQL编写的一些规则
☆173Updated 2 years ago
l4yn3 / micro_service_seclab
Java漏洞靶场
☆313Updated 10 months ago
zema1 / ysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
☆351Updated 2 years ago
Whoopsunix / JavaRce
Common Exploitation Techniques for Java RCE Vulnerabilities in Real-World Scenarios | 实战场景较通用的 Java Rce 相关漏洞的利用方式
☆470Updated last month
ZhuriLab / Yi
项目监控工具以及 Codeql 自动运行
☆308Updated last year
twosmi1e / Static-Analysis-and-Automated-Code-Audit
静态分析及代码审计自动化相关资料收集
☆284Updated 2 years ago
LandGrey / spring-boot-upload-file-lead-to-rce-tricks
spring boot Fat Jar 任意写文件漏洞到稳定 RCE 利用技巧
☆684Updated 3 years ago
X1r0z / JNDIMap
JNDI 注入利用工具, 支持 RMI, LDAP 和 LDAPS 协议, 包含多种高版本 JDK 绕过方式 | A JNDI injection exploit tool that supports RMI, LDAP and LDAPS protocols, inclu…
☆332Updated last month
SummerSec / learning-codeql
CodeQL Java 全网最全的中文学习资料
☆740Updated 2 years ago
ASTTeam / SAST
《深入理解SAST静态应用安全测试》Static Application Security Testing.
☆321Updated 7 months ago
yzddmr6 / Java-Js-Engine-Payloads
Java Js Engine Payloads All in one
☆269Updated last year
Wker666 / wJa
java decompile audit tools
☆222Updated 2 years ago
threedr3am / gadgetinspector
一个利用ASM对字节码进行污点传播分析的静态代码审计应用（添加了大量代码注释，适合大家进行源码学习）。也加入了挖掘Fastjson反序列化gadget chains和SQLInject（JdbcTemplate、MyBatis、JPA、Hibernate、原生jdbc等）静…
☆442Updated 2 years ago
fdu-sec / JDD
☆80Updated 3 months ago
safe6Sec / CodeqlNote
Codeql学习笔记
☆842Updated 2 years ago
rzte / agentcrack
不那么一样的 Java Agent 内存马
☆255Updated 11 months ago
feihong-cs / memShell
FilterBased/ServletBased in memory shell for Tomcat and some other middlewares
☆356Updated 4 years ago
su18 / MemoryShell
JavaWeb MemoryShell Inject/Scan/Killer/Protect Research & Exploring
☆589Updated 3 years ago
waderwu / javaDeserializeLabs
javaDeserializeLabs
☆63Updated last year