本项目是记录自己在学习Java语言的过程中遇到的一些优秀内容,包括优秀的学习资源或优秀的项目代码等。尽可能得理解Java漏洞原理,尽可能得挖掘Java程序漏洞。学习Java语言,面向对象编程!作者:0e0w
关于Java语言的学习教程,可以参考《365天深入理解Java语言》。Jia is Java.
本项目创建于2020年9月10日。最近一次更新时间为2021年7月14日。本项目会持续更新,直到海枯石烂。
- https://github.com/0e0w/LearnJava
- https://github.com/Snailclimb/awesome-java
- https://github.com/jobbole/awesome-java-cn
一、基础书籍
- 《27天成为Java大神》
- 《Java学习-面试指南》
- 《互联网 Java工程师进阶知识完全扫盲》
- 《Java工程师成神之路》@hollischuang
- 《IntelliJ IDEA 简体中文专题教程》
- 《成为一个更好的Java程序员》
- 《On Java 8》
- 《JavaFamily》
- 《Java编程**》
- 《Java技术栈》
- 《从零开始学习JavaSE》
- 《Java代码审计入门篇》@徐焱等
二、视频教程
三、算法学习
- 《The Algorithms - Java》
- 《用Java简化数据结构和算法》
- https://github.com/MisterBooo/LeetCodeAnimation
- https://github.com/chefyuan/algorithm-base
四、Web开发
五、英文资源
六、论坛版块
七、面试资料
八、其它资源
- awesome-java-books
- technology-talk
- https://github.com/doocs/jvm
- https://github.com/singgel/JAVA_LINE
- https://github.com/CL0610/Java-concurrency
- https://github.com/Han-YLun/jianZhiOffer
- https://github.com/dunwu/javacore
- https://github.com/doocs/source-code-hunter
- https://github.com/dromara/hutool
- https://github.com/MrZhousf/OkHttp3
- https://github.com/soot-oss/soot
- https://github.com/INRIA/spoon
- https://www.javassist.org
- https://github.com/trending/Java
- https://github.com/topics/tool?l=Java
- https://github.com/trending/Java?since=daily
- https://github.com/trending/Java?since=weekly
- https://github.com/trending/Java?since=monthly
- https://github.com/dbeaver/dbeaver
- https://github.com/google/firing-range
- https://github.com/ewilded/shelling
- https://github.com/jflyfox/jfinal_cms
- https://github.com/looly/hutool
- https://github.com/ravenxrz/RubberTranslator
- https://github.com/o2oa/o2oa
- https://github.com/Meituan-Dianping/walle
- https://github.com/networknt/light-4j
- https://github.com/xuxueli/xxl-crawler
- https://github.com/virjar/echo
- https://github.com/kennycason/kumo
- https://github.com/tn5250j/tn5250j
- https://github.com/riskscanner/riskscanner
- https://github.com/lucee/Lucee
- https://github.com/alipay/SoloPi
- https://github.com/black-ant/case
- https://github.com/TheKingOfDuck/evilzip
- https://github.com/polyglot-compiler/JLang
- https://github.com/metersphere/metersphere
本部分详解Java漏洞内容。包括Java的常规漏洞,以及Java代码审计等相关内容。
一、Java漏洞靶场
- https://github.com/Mysticbinary/WebBug
- https://github.com/dschadow/JavaSecurity
- https://github.com/dschadow/Java-Web-Security
- https://github.com/novysodope/mytestvul
- https://github.com/langligelang/maobugs
- https://github.com/ityouknow/spring-boot-examples
- https://github.com/kevinsawicki/http-request
- https://github.com/NanoHttpd/nanohttpd
- https://github.com/TheKingOfDuck/MySQLMonitor
- https://github.com/tangxiaofeng7/SecExample
- https://github.com/JoyChou93/java-sec-code
- https://github.com/Zhangyao-zzyy/JavaVulnerableLab-circle
- https://github.com/oversecured/ovaa
- https://github.com/appsecco/dvja
- https://github.com/jaiswalakshansh/Vuldroid
二、代码审计工具
三、代码审计案例
- https://github.com/j3ers3/Hello-Java-Sec
- https://github.com/proudwind/javasec_study
- https://github.com/threedr3am/learnjavabug
- https://github.com/SummerSec/JavaLearnVulnerability
- https://github.com/cn-panda/JavaCodeAudit
- https://github.com/Maskhe/javasec
- https://github.com/phith0n/JavaThings
- https://github.com/anbai-inc/javaweb-sec
- https://github.com/momosecurity/rhizobia_J
- https://github.com/feihong-cs/Java-Rce-Echo
- https://github.com/Y4er/WebLogic-Shiro-shell
- https://github.com/feihong-cs/Java-Rce-Echo
- https://github.com/feihong-cs/JNDIExploit
- https://github.com/welk1n/JNDI-Injection-Exploit
- https://github.com/March110/javaweb-sec
- https://github.com/wh1t3p1g/ysomap
- https://github.com/wh1t3p1g/tabby
- 攻击Java Web应用
- https://github.com/returntocorp/semgrep
- https://github.com/mtxiaowangzi/CAFJE
- https://github.com/MobSF/mobsfscan
四、常规Web漏洞
本部分详细列举常见的Java安全漏洞内容。
- 程序安装问题
- 业务逻辑漏洞
- SQL注入漏洞
- 变量覆盖漏洞
- 任意文件上传漏洞
- 任意文件写入漏洞
- 任意文件删除漏洞
- 任意文件包含漏洞
- 任意命令执行漏洞
- Java反序列化漏洞
- XSS跨站脚本攻击
- XML外部实体攻击
- CSRF跨站请求伪造
- SSRF服务端请求伪造
五、安全编码规范
六、代码审计培训
一、移动安全
- https://github.com/CodingGay/BlackDex
- https://github.com/ElderDrivers/EdXposed
- https://github.com/asLody/AndHook
- https://github.com/MobSF/mobsfscan
- https://github.com/charles2gan/GDA-android-reversing-Tool
- https://github.com/FlyingYu-Z/ApkEncryptor
- https://github.com/wyzxxz/aksk_tool
- https://github.com/deathmarine/Luyten
- https://github.com/Fuzion24/JustTrustMe
- https://github.com/JZ-Darkal/AndroidHttpCapture
- https://github.com/DingProg/NetworkCaptureSelf
二、端口扫描
三、资产扫描
四、漏洞扫描
- https://github.com/kuiguansec/rcetool
- https://github.com/redtimmy/Richsploit
- https://github.com/21superman/weblogic_exploit
- https://github.com/er10yi/MagiCude
- https://github.com/fupinglee/JavaTools
- https://github.com/Lucifaer/Joker
- https://github.com/colodoo/lanb-wvs
- https://github.com/usualwyy/PowerScanner
- https://github.com/google/tsunami-security-scanner
- https://github.com/tangxiaofeng7/VulnFind
- https://github.com/tangxiaofeng7/TSLab-Exploit
- https://github.com/yhy0/ExpDemo-JavaFX | 图形化漏洞利用工具 | 94
- https://github.com/MrMeizhi/DriedMango
五、密码破解
六、路径扫描
七、Web安全
八、Webshell
- https://github.com/rebeyond/Behinder
- https://github.com/BeichenDream/Godzilla
- https://github.com/threedr3am/JSP-Webshells
- https://github.com/Ramos-dev/OSSTunnel
- https://github.com/thatcherclough/BetterBackdoor
九、病毒免杀
十、逆向工程
- https://github.com/cmu-sei/kaiju
- https://github.com/lqs1848/AllatoriCrack
- https://github.com/NationalSecurityAgency/ghidra
十一、隧道代理
- https://github.com/ffay/lanproxy
- https://github.com/Ramos-dev/OSSTunnel
- https://github.com/CreditTone/mitmproxy-java
十二、内网渗透
十三、蜜罐钓鱼
十四、应急响应
十五、域名扫描
十六、漏洞赏金
十七、Burp插件
- https://github.com/bit4woo/burp-api-drops
- https://github.com/synacktiv/HopLa
- https://github.com/ggg4566/BurpBountyPlus
- https://github.com/bit4woo/domain_hunter_pro
十八、其他项目
- https://github.com/Ramos-dev/R9000
- https://github.com/Ramos-dev/graph4code
- https://github.com/Efaker/FakerAndroid
- https://github.com/skylot/jadx
- https://github.com/SPuerBRead/Bridge
- https://github.com/tangxiaofeng7/Fofa-collect
- https://github.com/Cool-Coding/remote-desktop-control
- https://github.com/coodyer/Coody-Framework
- https://github.com/iBotPeaches/Apktool
- https://github.com/oracle/graal
- https://github.com/TheKingOfDuck/Loki
- https://github.com/LSPosed/LSPosed
- https://github.com/f1tz/BCELCodeman
- https://github.com/guardrailsio/awesome-java-security
- https://github.com/sulanmehmetsirin/Raptor
- https://github.com/oschina/kooder
- https://github.com/huoxianclub/LingZhi
- https://github.com/Wker666/Demo
- https://github.com/Ppsoft1991/CodeReviewTools
- https://github.com/r00t4dm/aLIEz
- https://github.com/bihe0832/Android-GetAPKInfo
- https://github.com/HXSecurity/DongTai-agent-java
- https://github.com/threedr3am/marshalsec
- https://github.com/Yang0615777/sendMail
- https://github.com/wuppp/releaseBehinderShell
- https://github.com/cdel-mobile/AndroidHttpCapture
- https://github.com/virjar/SpiderProxyHa
- https://github.com/0linlin0/CyberBox
- https://github.com/amosshi/freeinternals
- https://github.com/KeepSafe/ReLinker
- https://github.com/nnjun/BlackBox
- https://github.com/haidragon/study_Android_Mchange
- https://github.com/ffffffff0x/BerylEnigma
- https://github.com/Hypdncy/Hburp
- https://github.com/5wimming/gadgetinspector
- https://github.com/woodpecker-appstore/EchoToFileConverter
- https://github.com/ScriptKid-Beta/WebBatchRequest
- https://github.com/SafeGroceryStore/MDUT
- https://github.com/Maskhe/FastjsonScan
- https://github.com/safe6Sec/ThinkPHPLogScan
- https://github.com/c0ny1/FastjsonExploit
- https://github.com/jenkinsci/nuclei-plugin
- https://github.com/darvincisec/DetectMagiskHide
- https://github.com/T00lsNet/T00lsAndroidClient
- https://github.com/Astartgo/easy-for-webscan
- https://github.com/woodpecker-appstore/weblogic-infodetector
- https://github.com/waderwu/attackRmi
此处排名不分先后,向自己在学习Java语言过程中遇到的每一位优秀老师致敬。感谢感谢!
一、Java教程资源
- 王剑威
二、Java语言参考