CodeQLpy是一款基于CodeQL实现的半自动化代码审计工具,目前仅支持java语言。实现从源码反编译,数据库生成,脆弱性发现的全过程,可以辅助代码审计人员快速定位源码可能存在的漏洞。
☆851Jul 6, 2023Updated 2 years ago
Alternatives and similar repositories for CodeQLpy
Users that are interested in CodeQLpy are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- 一款支持自定义的 Java 内存马生成工具|A customizable Java in-memory webshell generation tool.☆2,188Aug 21, 2025Updated 8 months ago
- Java web路由内存分析工具☆439May 22, 2025Updated 11 months ago
- Common Exploitation Techniques for Java RCE Vulnerabilities in Real-World Scenarios | 实战场景较通用的 Java Rce 相关漏洞的利用方式☆546Mar 6, 2025Updated last year
- A CAT called tabby ( Code Analysis Tool )☆1,646Jan 17, 2026Updated 3 months ago
- CodeQL Java 全网最全的中文学习资料☆800Mar 18, 2022Updated 4 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- IDEA代码审计辅助插件(深信服深蓝实验室天威战队强力驱动)☆584Mar 10, 2025Updated last year
- 项目监控工具 以及 Codeql 自动运行☆314Apr 13, 2023Updated 3 years ago
- 🔍 CodeAuditAssistant - JetBrains Code Audit Plugin (Beta) ⚡ Deep Call-Chain Tracking | 🚀 Method/Class Search | 🔥 Prebuilt Vuln Sink…☆785Mar 14, 2026Updated last month
- 一款支持自定义的 Java 回显载荷生成工具|A customizable Java echo payload generation tool.☆462Jan 12, 2025Updated last year
- A list for Web Security and Code Audit☆1,230Dec 3, 2024Updated last year
- spring boot Fat Jar 任意写文件漏洞到稳定 RCE 利用技巧☆754Apr 14, 2021Updated 5 years ago
- 给woodpecker框架量身定制的ysoserial☆617Oct 26, 2022Updated 3 years ago
- GitHub项目监控 && CodeQL自动扫描 (GitHub project monitoring && CodeQL automatic analysis)☆469Jan 19, 2025Updated last year
- 高性能 HTTP 正向代理工具 | A high-performance http tunneling tool☆2,708Feb 2, 2026Updated 2 months ago
- GPU virtual machines on DigitalOcean Gradient AI • AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- 建议使用新版:https://github.com/jar-analyzer/jar-analyzer☆899Nov 30, 2023Updated 2 years ago
- 《深入理解CodeQL》Finding vulnerabilities with CodeQL.☆1,768Nov 21, 2023Updated 2 years ago
- Fastjson姿势技巧集合☆1,839Oct 20, 2023Updated 2 years ago
- 纯 Java 实现的 MySQL Fake Server | 支持 GUI 版和命令行版 | 支持反序列化和文件读取的利用方式 | 支持常见的 GADGET 和自定义 GADGET 数据 | 根据目标环境自动生成匹配的 PAYLOAD | 支持 PGSQL 和 DERBY …☆828Sep 18, 2023Updated 2 years ago
- Java Vulnerability Exploitation Platform☆2,036Apr 10, 2026Updated 2 weeks ago
- ysoserial修改版,着重修改ysoserial.payloads.util.Gadgets.createTemplatesImpl使其可以通过引入自定义class的形式来执行命令、内存马、反序列化回显。☆766Jan 11, 2024Updated 2 years ago
- Share Things Related to Java - Java安全漫谈笔记相关内容☆2,009Apr 9, 2025Updated last year
- Java RCE 回显测试代码☆1,015Oct 15, 2020Updated 5 years ago
- a rep for documenting my study, may be from 0 to 0.1☆2,266Mar 25, 2026Updated last month
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- A helpful Java Deserialization exploit framework.☆1,241Feb 17, 2025Updated last year
- Codeql学习笔记☆902Apr 25, 2022Updated 4 years ago
- JNDI在java高版本的利用工具,FUZZ利用链☆602Oct 8, 2022Updated 3 years ago
- 面向红队的, 高性能高度自由可拓展的自动化扫描引擎 | A highly controllable and extensionable automated scanning engine for red teams☆2,050Feb 3, 2026Updated 2 months ago
- java内存对象搜索辅助工具☆823Sep 23, 2022Updated 3 years ago
- JavaWeb漏洞审计工具,构建方法调用链并模拟栈帧进行分析☆337Jun 3, 2023Updated 2 years ago
- Java Js Engine Payloads All in one☆291Aug 21, 2023Updated 2 years ago
- Some ReadObject Sink With JDBC☆245May 8, 2024Updated last year
- 一个高价值漏洞采集与推送服务 | Collect valueable vulnerabilities and push them to various services☆1,830Nov 26, 2025Updated 5 months ago
- Simple, predictable pricing with DigitalOcean hosting • AdAlways know what you'll pay with monthly caps and flat pricing. Enterprise-grade infrastructure trusted by 600k+ customers.
- MySQL Fake Server use to help MySQL Client File Reading and JDBC Client Java Deserialize☆1,367Nov 18, 2021Updated 4 years ago
- Fastjson扫描器,可识别版本、依赖库、autoType状态等。A tool to distinguish fastjson ,version and dependency☆1,055Oct 7, 2022Updated 3 years ago
- Confluence CVE 2021,2022,2023 利用工具,支持命令执行,哥斯拉,冰蝎 内存马注入☆556Feb 1, 2024Updated 2 years ago
- 高危漏洞精准检测与深度利用框架☆1,460Jan 8, 2023Updated 3 years ago
- 80+ Gadgets(30 More than ysoserial). JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and provide background serv…☆874Jun 24, 2024Updated last year
- WebSocket 内存马/Webshell,一种新型内存马/WebShell技术☆1,494Apr 10, 2023Updated 3 years ago
- 闭源系统半自动漏洞挖掘工具,针对 jar/war/zip 进行静态代码分析,输出从source到sink的可达路径。LLM将验证路径可达性,并根据上下文给出该路径可信分数☆510Jan 12, 2026Updated 3 months ago