pwntester

pwntester's Stars

• wuyouzhuguli/SpringAll

  循序渐进，学习Spring Boot、Spring Boot & Shiro、Spring Batch、Spring Cloud、Spring Cloud Alibaba、Spring Security & Spring Security OAuth2，博客Spring系列源码：https://mrbird.cc

  Language:Java28.4k859488.1k

• frohoff/ysoserial

  A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

  Language:Java7.8k2131061.8k

• github/codeql

  CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security

  Language:CodeQL7.7k2392.3k1.6k

• Col-E/Recaf

  The modern Java bytecode editor

  Language:Java6.1k164614467

• javaparser/javaparser

  Java 1-21 Parser and Abstract Syntax Tree for Java with advanced analysis functionalities.

  Language:Java5.5k1432.3k1.2k

• CHYbeta/Web-Security-Learning

  Web-Security-Learning

  Language:HTML4.2k219111k

• mbechler/marshalsec

  Language:Java3.4k6732680

• dunwu/javacore

  ☕ JavaCore 是对 Java 核心技术的经验总结。

  Language:Java3.3k6417546

• fofapro/vulfocus

  🚀Vulfocus 是一个漏洞集成平台，将漏洞环境 docker 镜像，放入即可使用，开箱即用。

  Language:Vue3.2k54202514

• GrrrDog/Java-Deserialization-Cheat-Sheet

  The cheat sheet about Java Deserialization vulnerabilities

  3k1389599

• soot-oss/soot

  Soot - A Java optimization framework

  Language:Java2.9k1011.2k710

• baidu/openrasp

  🔥Open source RASP solution

  Language:C++2.8k109189602

• orangetw/My-CTF-Web-Challenges

  Collection of CTF Web challenges I made

  Language:PHP2.7k1424477

• threedr3am/learnjavabug

  Java安全相关的漏洞和技术demo，原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security Manager绕过、Dubbo-Hessian2安全加固等等实践代码。

  Language:Java2.6k756495

• inonshk/31-days-of-API-Security-Tips

  This challenge is Inon Shkedy's 31 days API Security Tips.

  2.1k632332

• fnmsd/MySQL_Fake_Server

  MySQL Fake Server use to help MySQL Client File Reading and JDBC Client Java Deserialize

  Language:Python1.2k713151

• JackOfMostTrades/gadgetinspector

  A byte code analyzer for finding deserialization gadget chains in Java applications

  Language:Java997266220

• cn-panda/JavaCodeAudit

  Getting started with java code auditing 代码审计入门的小项目

  Language:JavaScript896181120

• LeadroyaL/fastjson-blacklist

  Language:Java79230695

• c0ny1/java-object-searcher

  java内存对象搜索辅助工具

  Language:Java78311685

• longofo/rmi-jndi-ldap-jrmp-jmx-jms

  rmi、jndi、ldap、jrmp、jmx、jms一些demo测试

  Language:Java3063149

• 5up3rc/weblogic_cmd

  weblogic t3 deserialization rce

  Language:Java2647096

• 0Kee-Team/JavaProbe

  A Java runtime information-gathering tool which uses the Java Attach API for information acquisition

  Language:Java2045023

• Y4er/CVE-2020-2555

  Weblogic com.tangosol.util.extractor.ReflectionExtractor RCE

  Language:Java1764856

• codeplutos/java-security-manager-bypass

  Language:Java1424214

• Lonely-night/fastjson_gadgets_scanner

  Language:Python1313018

• lightless233/geye

  🚀Faster Github Monitor🚀

  Language:Python1042210

• Ruil1n/after-deserialization-attack

  Java After-Deserialization Attack

  Language:Java793011

• Afant1/RemoteObjectInvocationHandler

  bypass JEP290 RaspHook code

  Language:Java62209

• cdaller/security_taint_propagation

  Java taint propagation for java. Define tainted sources, sanitizer methods and sinks via aspects.

  Language:Java275410