CodeQLpy是一款基于CodeQL实现的半自动化代码审计工具,目前仅支持java语言。实现从源码反编译,数据库生成,脆弱性发现的全过程,可以辅助代码审计人员快速定位源码可能存在的漏洞。
☆850Jul 6, 2023Updated 2 years ago
Alternatives and similar repositories for CodeQLpy
Users that are interested in CodeQLpy are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- 一款支持自定义的 Java 内存马生成工具|A customizable Java in-memory webshell generation tool.☆2,191Aug 21, 2025Updated 8 months ago
- Java web路由内存分析工具☆438May 22, 2025Updated 11 months ago
- Common Exploitation Techniques for Java RCE Vulnerabilities in Real-World Scenarios | 实战场景较通用的 Java Rce 相关漏洞的利用方式☆548Mar 6, 2025Updated last year
- A CAT called tabby ( Code Analysis Tool )☆1,650Jan 17, 2026Updated 4 months ago
- CodeQL Java 全网最全的中文学习资料☆799Mar 18, 2022Updated 4 years ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- IDEA代码审计辅助插件(深信服深蓝实验室天威战队强力驱动)☆584Mar 10, 2025Updated last year
- 项目监控工具 以及 Codeql 自动运行☆312Apr 13, 2023Updated 3 years ago
- 🔍 CodeAuditAssistant - JetBrains Code Audit Plugin (Beta) ⚡ Deep Call-Chain Tracking | 🚀 Method/Class Search | 🔥 Prebuilt Vuln Sink…☆786Mar 14, 2026Updated 2 months ago
- 一款支持自定义的 Java 回显载荷生成工具|A customizable Java echo payload generation tool.☆463Jan 12, 2025Updated last year
- A list for Web Security and Code Audit☆1,233Dec 3, 2024Updated last year
- spring boot Fat Jar 任意写文件漏洞到稳定 RCE 利用技巧☆754Apr 14, 2021Updated 5 years ago
- GitHub项目监控 && CodeQL自动扫描 (GitHub project monitoring && CodeQL automatic analysis)☆469Jan 19, 2025Updated last year
- 给woodpecker框架量身定制的ysoserial☆620Oct 26, 2022Updated 3 years ago
- 高性能 HTTP 正向代理工具 | A high-performance http tunneling tool☆2,715Feb 2, 2026Updated 3 months ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- 建议使用新版:https://github.com/jar-analyzer/jar-analyzer☆896Nov 30, 2023Updated 2 years ago
- 《深入理�解CodeQL》Finding vulnerabilities with CodeQL.☆1,767Nov 21, 2023Updated 2 years ago
- Fastjson姿势技巧集合☆1,842Oct 20, 2023Updated 2 years ago
- 纯 Java 实现的 MySQL Fake Server | 支持 GUI 版和命令行版 | 支持反序列化和文件读取的利用方式 | 支持常见的 GADGET 和自定义 GADGET 数据 | 根据目标环境自动生成匹配的 PAYLOAD | 支持 PGSQL 和 DERBY …☆828Sep 18, 2023Updated 2 years ago
- Java Vulnerability Exploitation Platform☆2,056Apr 29, 2026Updated 3 weeks ago
- ysoserial修改版,着重修改ysoserial.payloads.util.Gadgets.createTemplatesImpl使其可以通过引入自定义class的形式来执行命令、内存马、反序列化回显。☆767Jan 11, 2024Updated 2 years ago
- a rep for documenting my study, may be from 0 to 0.1☆2,268Mar 25, 2026Updated last month
- Share Things Related to Java - Java安全漫谈笔记相关内容☆2,013Apr 9, 2025Updated last year
- Java RCE 回显测试代码☆1,012Oct 15, 2020Updated 5 years ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- A helpful Java Deserialization exploit framework.☆1,242Feb 17, 2025Updated last year
- Codeql学习笔记☆899Apr 25, 2022Updated 4 years ago
- JNDI在java高版本的利用工具,FUZZ利用链☆602Oct 8, 2022Updated 3 years ago
- 面向红队的, 高性能高度自由可拓展的自动化扫描引擎 | A highly controllable and extensionable automated scanning engine for red teams☆2,054May 9, 2026Updated last week
- java内存对象搜索辅助工具☆822Sep 23, 2022Updated 3 years ago
- JavaWeb漏洞审计工具,构建方法调用链并模拟栈帧进行分析☆336Jun 3, 2023Updated 2 years ago
- Some ReadObject Sink With JDBC☆245May 8, 2024Updated 2 years ago
- Java Js Engine Payloads All in one☆291Aug 21, 2023Updated 2 years ago
- 一个高价值漏洞采集与推送服务 | Collect valueable vulnerabilities and push them to various services☆1,844Nov 26, 2025Updated 5 months ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- MySQL Fake Server use to help MySQL Client File Reading and JDBC Client Java Deserialize☆1,368Nov 18, 2021Updated 4 years ago
- Fastjson扫描器,可识别版本、依赖库、autoType状态等。A tool to distinguish fastjson ,version and dependency☆1,054Oct 7, 2022Updated 3 years ago
- Confluence CVE 2021,2022,2023 利用工具,支持命令执行,哥斯拉,冰蝎 内存马注入☆560Feb 1, 2024Updated 2 years ago
- 80+ Gadgets(30 More than ysoserial). JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and provide background serv…☆873Jun 24, 2024Updated last year
- 高危漏洞精准检测与深度利用框架☆1,461Jan 8, 2023Updated 3 years ago
- WebSocket 内存马/Webshell,一种新型内存马/WebShell技术☆1,493Apr 10, 2023Updated 3 years ago
- 闭源系统半自动漏洞挖掘工具,针对 jar/war/zip 进行静态代码分析,输出从source到sink的可达路径。LLM将验证路径可达性,并根据上下文给出该路径可信分数☆510Jan 12, 2026Updated 4 months ago