Java Security

关于Java安全的一些东西（漏洞、开发、JVM、IAST、RASP、SAST blabla），此处多为探索各种Idea做各种实验，用于为孵化更成熟的Java安全产品做技术支撑

Pinned Repositories

access-control-list-based-on-ip
基于ip的访问控制（ip黑名单、ip白名单）
Language:Java4 1 42
class-version-tracker
类版本追踪
Language:Go4 1 00
JavaRce
实战场景较通用的 Java Rce 相关漏洞的利用方式 | Common Exploitation Techniques for Java RCE Vulnerabilities in Real-World Scenarios
Language:Java1 0 00
jvm-tools
Small set of tools for JVM troublshooting, monitoring and profiling.
Language:Java1 0 00
LearnJavaMemshellFromZero
【三万字原创】完全零基础从0到1掌握Java内存马，公众号：追梦信安
2 0 00
log-agent-code-reading
利用agent hook指定的class，在jar运行周期内，用于跟踪被执行的方法，辅助做一些事情，比如挖洞啊
Language:Java2 0 00
router-router
Java web路由内存分析工具
Language:Java1 0 00
SimpleRasp-code-reading
Simple Java Rasp
Language:Java3 0 01
tomcat-spi-backdoor
Tomcat的SPI后门
Language:Java8 1 02
xjar-code-reading
Spring Boot JAR 安全加密运行工具，支持的原生JAR。
Language:Java1 0 00

Java Security's Repositories

java-sec/tomcat-spi-backdoor
Tomcat的SPI后门
Language:Java8 1 02
java-sec/class-version-tracker
类版本追踪
Language:Go4 1 00
java-sec/jtrace
代码监控及跟踪工具
Language:Java1 0 00
java-sec/jvm-sandbox-code-reading
此仓库仅用于源码阅读学习
Language:Java1 0 00
java-sec/Apache-Dubbo-CVE-2023-23638-exp
Apache Dubbo (CVE-2023-23638)漏洞利用的工程化实践
java-sec/AttackTomcat-code-reading
Tomcat常见漏洞GUI利用工具。CVE-2017-12615 PUT文件上传漏洞、tomcat-pass-getshell 弱认证部署war包、弱口令爆破、CVE-2020-1938 Tomcat AJP文件读取/包含
Language:Java0 0
java-sec/bistoury-code-reading
Bistoury是去哪儿网的java应用生产问题诊断工具，提供了一站式的问题诊断方案
Language:Java0 0
java-sec/btrace-code-reading
此仓库仅用于源码阅读学习
java-sec/com.h2database-h2-vuls
com.h2database:h2漏洞分析
Language:Java
java-sec/crackmes.one
crackmes.one 网站上的一些crackme练习
Language:Java
java-sec/deserialization-bomb
反序列化炸弹
Language:Java1 0
java-sec/dumpclass-code-reading
Dump classes from running JVM process.
Language:Java0 0
java-sec/evil-calc-server
邪恶计算器！
Language:Java1 0
java-sec/FastjsonExploit
Fastjson vulnerability quickly exploits the framework（fastjson漏洞快速利用框架）
java-sec/greys-anatomy-code-reading
此仓库仅用于源码阅读学习
Language:Java0 0
java-sec/jar-finder
在Maven仓库中搜索jar包
Language:Go1 1
java-sec/jattach-code-reading
JVM Dynamic Attach utility
Language:C0 0
java-sec/java-object-searcher
java内存对象搜索辅助工具
java-sec/javaweb-rasp-rasp-code-reading
java-sec/jmx_exporter-code-reading
A process for exposing JMX Beans via HTTP for Prometheus consumption
Language:Java0 0
java-sec/jvm-rasp-code-reading
基于JVM-Sandbox实现RASP安全监控防护
java-sec/jvm-tools-code-reading
Small set of tools for JVM troublshooting, monitoring and profiling.
Language:Java0 0
java-sec/LueRasp-code-reading
A Java Rasp , Keeping Studying & Developing!
java-sec/MyPerf4J-code-reading
High performance Java APM. Powered by ASM. Try it. Test it. If you feel its better, use it.
Language:Java0 0
java-sec/range-all
Language:Shell0 0
java-sec/simpleIAST-code-reading
此仓库仅用于源码阅读学习
Language:Java0 0
java-sec/SnakeYaml-vuls
Snake Yaml 的漏洞学习
Language:Java
java-sec/SpringBootExploit
项目是根据LandGrey/SpringBootVulExploit清单编写，目的hvv期间快速利用漏洞、降低漏洞利用门槛。
java-sec/URLDNS-gadget
URLDNS 利用链
Language:Java
java-sec/vjtools-code-reading
The vip.com's java coding standard, libraries and tools