Pinned Repositories
analyze
NaiveSystems Analyze is a static analysis tool for code security and compliance.
antSword
**蚁剑是一款跨平台的开源网站管理工具。AntSword is a cross-platform website management toolkit.
As-Exploits
**蚁剑后渗透框架
Auto-GPT
An experimental open-source attempt to make GPT-4 fully autonomous.
BinAbsInspector
BinAbsInspector: Vulnerability Scanner for Binaries
bochspwn
A Bochs-based instrumentation project designed to log kernel memory references, to identify "double fetches" and other OS vulnerabilities
CodeInspector
基于Java ASM技术和GadgetInspector的原理,尝试实现一个自动Java代码审计工具。目前做到了可控参数分析和数据流跟踪分析
codeql
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
Elkeid
Elkeid is a Cloud-Native Host-Based Intrusion Detection solution project to provide next-generation Threat Detection and Behavior Audition with modern architecture.
gadgetinspector-1
一个利用ASM对字节码进行污点传播分析的静态代码审计应用(添加了大量代码注释,适合大家进行源码学习)。也加入了挖掘Fastjson反序列化gadget chains和SQLInject(JdbcTemplate、MyBatis、JPA、Hibernate、原生jdbc等)静态检测功能。并且加入了很多功能以方便进行漏洞自动化挖掘。
garymao's Repositories
garymao/analyze
NaiveSystems Analyze is a static analysis tool for code security and compliance.
garymao/antSword
**蚁剑是一款跨平台的开源网站管理工具。AntSword is a cross-platform website management toolkit.
garymao/As-Exploits
**蚁剑后渗透框架
garymao/Auto-GPT
An experimental open-source attempt to make GPT-4 fully autonomous.
garymao/BinAbsInspector
BinAbsInspector: Vulnerability Scanner for Binaries
garymao/codeql
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
garymao/Elkeid
Elkeid is a Cloud-Native Host-Based Intrusion Detection solution project to provide next-generation Threat Detection and Behavior Audition with modern architecture.
garymao/gadgetinspector-1
一个利用ASM对字节码进行污点传播分析的静态代码审计应用(添加了大量代码注释,适合大家进行源码学习)。也加入了挖掘Fastjson反序列化gadget chains和SQLInject(JdbcTemplate、MyBatis、JPA、Hibernate、原生jdbc等)静态检测功能。并且加入了很多功能以方便进行漏洞自动化挖掘。
garymao/HackJava
《Java安全-只有Java安全才能拯救宇宙》Only Java Security Can Save The Universe.
garymao/HyperDbg
State-of-the-art native debugging tool
garymao/jar-analyzer
A Java GUI Tool for Analyzing Jar
garymao/java-sec-code
漏洞测试集:Java web common vulnerabilities and security code which is base on springboot and spring security
garymao/JavaThings
Share Things Related to Java - Java安全漫谈笔记相关内容
garymao/learnjavabug
Java安全相关的漏洞和技术demo,原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security Manager绕过、Dubbo-Hessian2安全加固等等实践代码。
garymao/OpenChatKit
garymao/PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
garymao/Practical-Cryptography-for-Developers-Book
Practical Cryptography for Developers: Hashes, MAC, Key Derivation, DHKE, Symmetric and Asymmetric Ciphers, Public Key Cryptosystems, RSA, Elliptic Curves, ECC, secp256k1, ECDH, ECIES, Digital Signatures, ECDSA, EdDSA
garymao/privateGPT
Interact with your documents using the power of GPT, 100% privately, no data leaks
garymao/Safety-Project-Collection
收集一些比较优秀的开源安全项目,以帮助甲方安全从业人员构建企业安全能力。
garymao/SpringInspector
针对于Spring框架的自动Java代码审计工具
garymao/Tai-e
An easy-to-learn/use static analysis framework for Java
garymao/Tai-e-assignments
Tai-e assignments for static program analysis
garymao/tika
The Apache Tika toolkit detects and extracts metadata and text from over a thousand different file types (such as PPT, XLS, and PDF).
garymao/tree-sitter-c-sharp
C# Grammar for tree-sitter
garymao/tryhackme-ctf
TryHackMe CTFs writeups, notes, drafts, scrabbles, files and solutions.
garymao/vmprotect-3.5.1
garymao/VMProtect-devirtualization
Playing with the VMProtect software protection. Automatic deobfuscation of pure functions using symbolic execution and LLVM.
garymao/vulhub
Pre-Built Vulnerable Environments Based on Docker-Compose
garymao/xray
一款完善的安全评估工具,支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档
garymao/ysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.