Stars
Protection against Model Serialization Attacks
CodeQL extractor for java, which don't need to compile java source
An easy-to-learn/use static analysis framework for Java
Basic vulnerability scanning to see if web servers may be vulnerable to CVE-2023-44487
基于无障碍,高级选择器,订阅规则的自定义屏幕点击 Android 应用 | An Android APP with custom screen tapping based on Accessibility, Advanced Selectors, and Subscription Rules
CVE 2023 25690 Proof of concept - mod_proxy vulnerable configuration on Apache HTTP Server versions 2.4.0 - 2.4.55 leads to HTTP Request Smuggling vulnerability.
Open-source code analysis platform for C/C++/Java/Binary/Javascript/Python/Kotlin based on code property graphs. Discord https://discord.gg/vv4MH284Hc
Java安全相关的漏洞和技术demo,原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security Manager绕过、Dubbo-Hessian2安全加固等等实践代码。
BlazeHTTP 是一款简单易用的 WAF 防护效果测试工具。BlazeHTTP stands as a user-friendly WAF protection efficacy evaluation tool.
SpringBoot 相关漏洞学习资料,利用方法和技巧合集,黑盒安全评估 check list
A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me
serve as a reverse proxy to protect your web services from attacks and exploits.
Burp extension to evade TLS fingerprinting. Bypass WAF, spoof any browser.
A fuzzing tool for email sender spoofing attack. 👻
Java web common vulnerabilities and security code which is base on springboot and spring security
DOM Clobbering Wiki, Browser Testing, and Payload Generation
Grammar-based HTTP/2 fuzzer with mutation ability
Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64.