CodeQLpy是一款基于CodeQL实现的半自动化代码审计工具,目前仅支持java语言。实现从源码反编译,数据库生成,脆弱性发现的全过程,可以辅助代码审计人员快速定位源码可能存在的漏洞。
☆851Jul 6, 2023Updated 2 years ago
Alternatives and similar repositories for CodeQLpy
Users that are interested in CodeQLpy are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- 一款支持自定义的 Java 内存马生成工具|A customizable Java in-memory webshell generation tool.☆2,177Aug 21, 2025Updated 7 months ago
- Java web路由内存分析工具☆439May 22, 2025Updated 10 months ago
- Common Exploitation Techniques for Java RCE Vulnerabilities in Real-World Scenarios | 实战场景较通用的 Java Rce 相关漏洞的利用方式☆548Mar 6, 2025Updated last year
- A CAT called tabby ( Code Analysis Tool )☆1,642Jan 17, 2026Updated 2 months ago
- CodeQL Java 全网最全的中文学习资料☆799Mar 18, 2022Updated 4 years ago
- End-to-end encrypted email - Proton Mail • AdSpecial offer: 40% Off Yearly / 80% Off First Month. All Proton services are open source and independently audited for security.
- IDEA代码审计辅助插件(深信服深蓝实验室天威战队强力驱动)☆584Mar 10, 2025Updated last year
- 项目监控工具 以及 Codeql 自动运行☆314Apr 13, 2023Updated 2 years ago
- 🔍 CodeAuditAssistant - JetBrains Code Audit Plugin (Beta) ⚡ Deep Call-Chain Tracking | 🚀 Method/Class Search | 🔥 Prebuilt Vuln Sink…☆784Mar 14, 2026Updated 3 weeks ago
- 一款支持自定义的 Java 回显载荷生成工具|A customizable Java echo payload generation tool.☆462Jan 12, 2025Updated last year
- A list for Web Security and Code Audit☆1,229Dec 3, 2024Updated last year
- 给woodpecker框架量身定制的ysoserial☆616Oct 26, 2022Updated 3 years ago
- spring boot Fat Jar 任意写文件漏洞到稳定 RCE 利用技巧☆754Apr 14, 2021Updated 4 years ago
- GitHub项目监控 && CodeQL自动扫描 (GitHub project monitoring && CodeQL automatic analysis)☆469Jan 19, 2025Updated last year
- 高性能 HTTP 正向代理工具 | A high-performance http tunneling tool☆2,694Feb 2, 2026Updated 2 months ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
- 建议使用新版:https://github.com/jar-analyzer/jar-analyzer☆899Nov 30, 2023Updated 2 years ago
- 《深入理解CodeQL》Finding vulnerabilities with CodeQL.☆1,765Nov 21, 2023Updated 2 years ago
- Fastjson姿势技巧集合☆1,837Oct 20, 2023Updated 2 years ago
- Java Vulnerability Exploitation Platform☆2,027Updated this week
- 纯 Java 实现的 MySQL Fake Server | 支持 GUI 版和命令行版 | 支持反序列化和文件读取的利用方式 | 支持常见的 GADGET 和自定义 GADGET 数据 | 根据目标环境自动生成匹配的 PAYLOAD | 支持 PGSQL 和 DERBY …☆827Sep 18, 2023Updated 2 years ago
- ysoserial修改版,着重修改ysoserial.payloads.util.Gadgets.createTemplatesImpl使其可以通过引入自定义class的形式来执行命令、内存马、反序列化回显。☆759Jan 11, 2024Updated 2 years ago
- Share Things Related to Java - Java安全漫谈笔记相关内容☆2,003Apr 9, 2025Updated last year
- Java RCE 回显测试代码☆1,017Oct 15, 2020Updated 5 years ago
- a rep for documenting my study, may be from 0 to 0.1☆2,263Mar 25, 2026Updated 2 weeks ago
- Open source password manager - Proton Pass • AdSecurely store, share, and autofill your credentials with Proton Pass, the end-to-end encrypted password manager trusted by millions.
- A helpful Java Deserialization exploit framework.☆1,244Feb 17, 2025Updated last year
- Codeql学习笔记☆903Apr 25, 2022Updated 3 years ago
- JNDI在java高版本的利用工具,FUZZ利用链☆599Oct 8, 2022Updated 3 years ago
- java内存对象搜索辅助工具☆823Sep 23, 2022Updated 3 years ago
- 面向红队的, 高性能高度自由可拓展的自动化扫描引擎 | A highly controllable and extensionable automated scanning engine for red teams☆2,037Feb 3, 2026Updated 2 months ago
- JavaWeb漏洞审计工具,构建方法调用链并模拟栈帧进行分析☆336Jun 3, 2023Updated 2 years ago
- Java Js Engine Payloads All in one☆291Aug 21, 2023Updated 2 years ago
- Some ReadObject Sink With JDBC☆245May 8, 2024Updated last year
- MySQL Fake Server use to help MySQL Client File Reading and JDBC Client Java Deserialize☆1,365Nov 18, 2021Updated 4 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
- Fastjson扫描器,可识别版本、依赖库、autoType状态等。A tool to distinguish fastjson ,version and dependency☆1,053Oct 7, 2022Updated 3 years ago
- 一个高价值漏洞采集与推送服务 | Collect valueable vulnerabilities and push them to various services☆1,817Nov 26, 2025Updated 4 months ago
- Confluence CVE 2021,2022,2023 利用工具,支持命令执行,哥斯拉,冰蝎 内存马注入☆557Feb 1, 2024Updated 2 years ago
- 80+ Gadgets(30 More than ysoserial). JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and provide background serv…☆873Jun 24, 2024Updated last year
- 高危漏洞精准检测与深度利用框架☆1,459Jan 8, 2023Updated 3 years ago
- WebSocket 内存马/Webshell,一种新型内存马/WebShell技术☆1,493Apr 10, 2023Updated 3 years ago
- 闭源系统半自动漏洞挖掘工具,针对 jar/war/zip 进行静态代码分析,输出从source到sink的可达路径。LLM将验证路径可达性,并根据上下文给出该路径可信分数☆509Jan 12, 2026Updated 2 months ago