wh1t3p1g / tabby-vul-finder
A vul-finder for loading CPG and automated finding vul-call-chains
☆33Updated last month
Related projects: ⓘ
- A IntelliJ Plugin for Tabby to Find Vulnerabilities Easily☆26Updated 2 months ago
- 如果反序列化过程中使用resolveClass拉黑了TemplatesImpl如何绕过☆44Updated last year
- Spel-research☆24Updated 2 years ago
- 用来将Tai-e改造为开箱即用的静态代码安全分析框架的一些demo☆32Updated 5 months ago
- ☆12Updated last year
- Java 内存马生成插件☆48Updated last year
- nativeRasp that can hook native methods☆25Updated last year
- 一个简单的批量反编译jar包的小脚本☆30Updated 2 years ago
- [fastjson 1.2.80] CVE-2022-25845 aspectj fileread & groovy remote classload☆90Updated 2 years ago
- ☆28Updated 7 months ago
- 一个高价值漏洞采集与推送服务 | A valueable vulnerability collection and push service☆31Updated 2 months ago
- ☆51Updated this week
- 《Spring漏洞研究》☆44Updated 2 years ago
- ☆134Updated last year
- ☆51Updated last year
- 多组件客户端☆66Updated last week
- A Java Route Collection Tool☆75Updated last month
- 收录go语言编写的项目、框架和组件出现的cve,或者一些相关的利用方式的文章☆36Updated last year
- 抽离出 utf-8-overlong-encoding 的序列化逻辑,实现 2 3 字节加密序列化数组☆105Updated 6 months ago
- The purpose of this script is to bypass disablefund, provide some useful information, and dig the hook function of PHP extension.☆14Updated 3 years ago
- Apache Dubbo漏洞测试Demo及其POC☆62Updated last year
- ☆4Updated last year
- 如何将Java反序列化Payload极致缩小☆15Updated 2 years ago
- Web Cache Poisoning Vulnerability Scanner☆31Updated last week
- 本工具的定位是快速生成Java安全相关的Payload,如内存马、反序列化链、JNDI url、Fastjson等,动态生成相关Payload,并附带相应的文档。☆88Updated last year
- CVE-2015-4852、CVE-2016-0638、CVE-2016-3510、CVE-2019-2890漏洞POC☆17Updated 4 years ago
- 在原有yso基础上实现依赖分离,内存马注入等功能。A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.☆68Updated 3 years ago
- Java 代码审计-存在风险的函数汇总。方便我们日常代码审计过程中快速定位漏洞点,配合静态代码分析工具做到事半功倍。Java code audit - summary of risky functions. It is convenient for us to quickl…☆26Updated 2 months ago
- java☆54Updated last year
- Lessons for syntaxflow zero to hero☆36Updated this week