changxia3
Follow
Stars
SpringBoot 相关漏洞学习资料,利用方法和技巧合集,黑盒安全评估 check list
Java安全相关的漏洞和技术demo,原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security Manager绕过、Dubbo-Hessian2安全加固等等实践代码。
a rep for documenting my study, may be from 0 to 0.1
SEKIRO is a multi-language, distributed, network topology-independent service publishing platform. By writing handlers in their respective languages, functionalities can be published to the central…
一款支持自定义的 Java 内存马生成工具|A customizable Java in-memory webshell generation tool.
Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules thro…
The new bridge between Burp Suite and Frida!
Vulnerable Android application for developers and security enthusiasts to learn about Android insecurities
A malicious LDAP server for JNDI injection attacks
Burp插件,根据自定义来达到对数据包的处理(适用于加解密、爆破等),类似mitmproxy,不同点在于经过了burp中转,在自动加解密的基础上,不影响APP、网站加解密正常逻辑等。
A byte code analyzer for finding deserialization gadget chains in Java applications
A tool to dump Java serialization streams in a more human readable form.
一个想让你测试加密流量像测试明文一样简单高效的 Burp 插件。 A Burp plugin that makes testing encrypted traffic as simple and efficient as testing plaintext.
Log4j2 RCE Passive Scanner plugin for BurpSuite
spring boot Fat Jar 任意写文件漏洞到稳定 RCE 利用技巧
JavaWeb MemoryShell Inject/Scan/Killer/Protect Research & Exploring
Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.
(周瑜)Java - SpringBoot 持久化 WebShell 学习demo(不仅仅是SpringBoot,适合任何符合JavaEE规范的服务)
给woodpecker框架量身定制的ysoserial
Collection of bypass gadgets to extend and wrap ysoserial payloads