A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
-
Updated
Mar 31, 2024 - Java
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
SpringBoot 相关漏洞学习资料,利用方法和技巧合集,黑盒安全评估 check list
溯光 (TrackRay) 3 beta⚡渗透测试框架(资产扫描|指纹识别|暴力破解|网页爬虫|端口扫描|漏洞扫描|代码审计|AWVS|NMAP|Metasploit|SQLMap)
OWASP VulnerableApp Project: For Security Enthusiasts by Security Enthusiasts.
项目是根据LandGrey/SpringBootVulExploit清单编写,目的hvv期间快速利用漏洞、降低漏洞利用门槛。
HummerRisk 是云原生安全平台,包括混合云安全治理和云原生安全检测。
Sample codes written for the Hackers to Hackers Conference magazine 2017 (H2HC).
Joint Advanced Defect assEsment for android applications
spring boot Fat Jar 任意写文件漏洞到稳定 RCE 利用技巧
MySQL Fake Server (纯Java实现,支持GUI版和命令行版,提供Dockerfile,支持多种常见JDBC利用)
Jar Analyzer - 一个JAR包分析工具,批量分析搜索,方法调用关系搜索,字符串搜索,Spring分析,CFG分析,JVM Stack Frame分析,远程分析Tomcat,进阶表达式搜索,自定义SQL查询,字节码查看,字节码指令级的动态调试,命令行分析,反编译JAR包一键导出,集成简易RASP
JFrog IntelliJ IDEA plugin
Vulnerable Client-Server Application (VuCSA) is made for learning how to perform penetration tests of non-http thick clients. It is written in Java (with JavaFX graphical user interface) and contains multiple challenges including SQL injection, RCE, XML vulnerabilities and more.
The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters
一个针对防御 log4j2 CVE-2021-44228 漏洞的 RASP 工具。 A Runtime Application Self-Protection module specifically designed for log4j2 RCE (CVE-2021-44228) defense.
CVE-2022-41852 Proof of Concept (unofficial)
The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters
Java Object Deserialization on Android
Safelog4j is an instrumentation-based security tool to help teams discover, verify, and solve log4shell vulnerabilities without scanning or upgrading
This is a Java program that exploits Spring Break vulnerability (CVE-2017-8046).
Add a description, image, and links to the vulnerability topic page so that developers can more easily learn about it.
To associate your repository with the vulnerability topic, visit your repo's landing page and select "manage topics."