SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 check list

Java web common vulnerabilities and security code which is base on springboot and spring security

spring boot Fat Jar 任意写文件漏洞到稳定 RCE 利用技巧

Common Exploitation Techniques for Java RCE Vulnerabilities in Real-World Scenarios | 实战场景较通用的 Java Rce 相关漏洞的利用方式

一款支持自定义的 Java 回显载荷生成工具｜A customizable Java echo payload generation tool.

😈 Jenkins RCE PoC. From unauthenticated user to remote code execution, it's a hacker's dream!

Weblogic coherence.jar RCE

一个针对防御 log4j2 CVE-2021-44228 漏洞的 RASP 工具。 A Runtime Application Self-Protection module specifically designed for log4j2 RCE (CVE-2021-44228) defense.

Vulnerable Client-Server Application (VuCSA) is made for learning how to perform penetration tests of non-http thick clients. It is written in Java (with JavaFX graphical user interface) and contains multiple challenges including SQL injection, RCE, XML vulnerabilities and more.

A webshell application and interactive shell for pentesting Apache Tomcat servers.

CVE-2022-41852 Proof of Concept (unofficial)

Abuse Log4J CVE-2021-44228 to patch CVE-2021-44228 in vulnerable Minecraft game sessions to prevent exploitation in the session :)

Distributed, workflow-driven integration environment

CVE-2023-38646 Metabase RCE

CVE-2021-2109 && Weblogic Server RCE via JNDI

Log4Shell Zero-Day Exploit Proof of Concept

GUI版向日葵RCE漏洞利用工具 / GUI version of sunlogin exploit tool

weblogic T3 collections java InvokerTransformer Transformer InvokerTransformer weblogic.jndi.WLInitialContextFactory

Selection of ways to remove JndiLookup in now obsolete Minecraft versions, or versions that still have log4j < 2.10 and is unable to use `-Dlog4j2.formatMsgNoLookups=true`

A webshell plugin and interactive shell for pentesting JoGet application.