waderwu/javaDeserializeLabs

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/waderwu/javaDeserializeLabs)

waderwu / javaDeserializeLabs

javaDeserializeLabs

☆70

Alternatives and similar repositories for javaDeserializeLabs

Users that are interested in javaDeserializeLabs are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

Sorting:

Y4tacker / CodeqlLearn
View on GitHub
记录学习codeql的过程
☆10Jan 27, 2022Updated 4 years ago
Firebasky / ctf-Challenge
View on GitHub
是一些比赛中的好题，加上自己出的一些。。。
☆43Jul 10, 2022Updated 3 years ago
YZloser / My-CTF-Challenges
View on GitHub
My-CTF-Challenges
☆15Sep 27, 2021Updated 4 years ago
luelueking / Deserial_Sink_With_JDBC
View on GitHub
Some ReadObject Sink With JDBC
☆245May 8, 2024Updated 2 years ago
waderwu / My-CTF-Challenges
View on GitHub
Collection of CTF Web challenges I made
☆53Apr 25, 2023Updated 3 years ago
Deploy to Railway using AI coding agents - Free Credits Offer • Ad
Use Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
wupco / PHP_INCLUDE_TO_SHELL_CHAR_DICT
View on GitHub
☆351Jan 24, 2023Updated 3 years ago
flowerwind / AutoGenerateXalanPayload
View on GitHub
cve-2022-34169 延伸出的Jdk Xalan的payload自动生成工具，可根据不同的Jdk生成出其所对应的xslt文件
☆93Jan 17, 2023Updated 3 years ago
tabby-sec / tabby
View on GitHub
A CAT called tabby ( Code Analysis Tool )
☆1,650Jan 17, 2026Updated 4 months ago
Whoopsunix / utf-8-overlong-encoding
View on GitHub
抽离出 utf-8-overlong-encoding 的序列化逻辑，实现 2 3 字节加密序列化数组
☆141Mar 11, 2024Updated 2 years ago
tabby-sec / tabby-path-finder
View on GitHub
A neo4j procedure for tabby
☆135May 17, 2025Updated last year
Y4tacker / JavaSec
View on GitHub
a rep for documenting my study, may be from 0 to 0.1
☆2,268Mar 25, 2026Updated last month
waderwu / extractor-java
View on GitHub
CodeQL extractor for java, which don't need to compile java source
☆347Nov 25, 2022Updated 3 years ago
LandGrey / spring-boot-upload-file-lead-to-rce-tricks
View on GitHub
spring boot Fat Jar 任意写文件漏洞到稳定 RCE 利用技巧
☆754Apr 14, 2021Updated 5 years ago
ceclin / 0ctf-2021-finals-soln-buggy-loader
View on GitHub
solution to buggyLoader of 0CTF/TCTF 2021 Finals
☆20Sep 27, 2021Updated 4 years ago
Managed Database hosting by DigitalOcean • Ad
PostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
Firebasky / Fastjson
View on GitHub
Fastjson姿势技巧集合
☆13Sep 18, 2022Updated 3 years ago
bfengj / CTF
View on GitHub
关于我在CTF中的所有东西
☆431Sep 22, 2025Updated 7 months ago
datouo / CTF-Java-Gadget
View on GitHub
CTF-Java-Gadget专注于收集CTF中Java赛题的反序列化片段
☆283Dec 13, 2024Updated last year
wh1t3p1g / ysomap
View on GitHub
A helpful Java Deserialization exploit framework.
☆1,242Feb 17, 2025Updated last year
whocansee / FilelessAgentMemShell
View on GitHub
无需文件落地Agent内存马生成器
☆250May 30, 2024Updated last year
phith0n / zkar
View on GitHub
ZKar is a Java serialization protocol analysis tool implement in Go.
☆651Apr 19, 2026Updated last month
bluE0a / java-memshell-scanner
View on GitHub
添加Connector内存马与ws内存马检测逻辑
☆16Oct 9, 2022Updated 3 years ago
cwkiller / Java-Puzzle
View on GitHub
一个专注于 Java Web 特性、配置和 Trick 的安全谜题集合
☆124Dec 24, 2025Updated 4 months ago
Y4Sec-Team / CVE-2023-21939
View on GitHub
JDK CVE-2023-21939
☆94Aug 26, 2023Updated 2 years ago
Managed Database hosting by DigitalOcean • Ad
PostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
Firebasky / Java
View on GitHub
关于学习java安全的一些知识,正在学习中ing,欢迎fork and star
☆790Jul 11, 2023Updated 2 years ago
artsploit / yaml-payload
View on GitHub
A tiny project for generating SnakeYAML deserialization payloads
☆632Oct 14, 2025Updated 7 months ago
fnmsd / MySQL_Fake_Server
View on GitHub
MySQL Fake Server use to help MySQL Client File Reading and JDBC Client Java Deserialize
☆1,368Nov 18, 2021Updated 4 years ago
BytecodeDL / ByteCodeDL
View on GitHub
A declarative static analysis tool for jvm bytecode based Datalog like CodeQL
☆341Jan 6, 2024Updated 2 years ago
c0ny1 / java-object-searcher
View on GitHub
java内存对象搜索辅助工具
☆822Sep 23, 2022Updated 3 years ago
pen4uin / java-memshell-generator
View on GitHub
一款支持自定义的 Java 内存马生成工具｜A customizable Java in-memory webshell generation tool.
☆2,191Aug 21, 2025Updated 8 months ago
feihong-cs / Java-Rce-Echo
View on GitHub
Java RCE 回显测试代码
☆1,012Oct 15, 2020Updated 5 years ago
X1r0z / JNDIMap
View on GitHub
A powerful JNDI injection exploitation framework that supports RMI, LDAP and LDAPS protocols, including various bypass methods for high-v…
☆582May 4, 2026Updated 2 weeks ago
threedr3am / JSP-WebShells
View on GitHub
Collect JSP webshell of various implementation methods. 梳理和发现的JSP Webshell各种姿势
☆1,404Jan 18, 2022Updated 4 years ago
End-to-end encrypted email - Proton Mail • Ad
Special offer: 40% Off Yearly / 80% Off First Month. All Proton services are open source and independently audited for security.
kyo-w / router-router
View on GitHub
Java web路由内存分析工具
☆438May 22, 2025Updated 11 months ago
phith0n / JavaThings
View on GitHub
Share Things Related to Java - Java安全漫谈笔记相关内容
☆2,013Apr 9, 2025Updated last year
safe6Sec / CodeqlNote
View on GitHub
Codeql学习笔记
☆899Apr 25, 2022Updated 4 years ago
Dor-Tumarkin / CVE-2019-17564-FastJson-Gadget
View on GitHub
Basic code for creating the Alibaba FastJson + Spring gadget chain, as used to exploit Apache Dubbo in CVE-2019-17564 - more information …
☆16Dec 10, 2022Updated 3 years ago
EddieIvan01 / pker
View on GitHub
Automatically converts Python source code to Pickle opcode
☆168Jan 2, 2025Updated last year
for-A1kaid / CodeAudit
View on GitHub
记录一些代码审计过的源码
☆183Feb 26, 2025Updated last year
threedr3am / ZhouYu
View on GitHub
（周瑜）Java - SpringBoot 持久化 WebShell（不仅仅是SpringBoot，适合任何符合JavaEE规范的服务）
☆615Dec 29, 2021Updated 4 years ago