cn-panda / Javacodeaudit
Licence: mit
Getting started with java code auditing 代码审计入门的小项目
Stars: ✭ 289
Programming Languages
javascript
184084 projects - #8 most used programming language
java
68154 projects - #9 most used programming language
Projects that are alternatives of or similar to Javacodeaudit
Jsontokotlinclass
🚀 Plugin for Android Studio And IntelliJ Idea to generate Kotlin data class code from JSON text ( Json to Kotlin )
Stars: ✭ 2,438 (+743.6%)
Mutual labels: jackson, fastjson
Godnslog
An exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability
Stars: ✭ 172 (-40.48%)
Mutual labels: xss, rce
Penetration testing poc
渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
Stars: ✭ 3,858 (+1234.95%)
Mutual labels: xss, rce
Blackwidow
A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
Stars: ✭ 887 (+206.92%)
Mutual labels: xss, rce
Easyjson
Provides an unified JSON access API, you can adapter any JSON library to Gson, Jackson, FastJson with easyjson。 提供了一个JSON门面库,就像slf4j一样。easyjson本身不做json的操作,完全依赖于底层实现库。可以直接使用Easyjson的API,底层的JSON库随时可切换。也可以使用其中某个json的API,然后通过easyjson适配给其他的json库
Stars: ✭ 54 (-81.31%)
Mutual labels: jackson, fastjson
Medusa
🐈Medusa是一个红队武器库平台,目前包括扫描功能(200+个漏洞)、XSS平台、协同平台、CVE监控等功能,持续开发中 http://medusa.ascotbe.com
Stars: ✭ 796 (+175.43%)
Mutual labels: fastjson, xss
SerializedNameGen
Auto add or remove json annotation plugin, such as gson SerializedName, fastjson JSONField, jackson JsonProperty. It also support java and kotlin file.
Stars: ✭ 19 (-93.43%)
Mutual labels: jackson, fastjson
Java Sec Code
Java web common vulnerabilities and security code which is base on springboot and spring security
Stars: ✭ 1,033 (+257.44%)
Mutual labels: rce, code
SecExample
JAVA 漏洞靶场 (Vulnerability Environment For Java)
Stars: ✭ 228 (-21.11%)
Mutual labels: rce, fastjson
Commodity Injection Signatures
Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT
Stars: ✭ 267 (-7.61%)
Mutual labels: xss, rce
About
The articles in this series are aimed at people who have a basic knowledge of Java's basic syntax. The contents of this series of articles mainly include:
- Introduction to audit environment
- SQL vulnerability principle and actual case introduction
- XSS vulnerability principle and actual case introduction
- SSRF vulnerability principle and actual case introduction
- RCE vulnerability principle and actual case introduction
- Includes vulnerability principles and actual case introductions
- Serialization vulnerability principle and actual case introduction
- S2 series classic vulnerability analysis
- WebLogic series of classic vulnerability analysis
- fastjson series classic vulnerability analysis
- Jackson series classic vulnerability analysis, etc.
The content order may be slightly adjusted, but the overall content will not change. Finally, I hope that this series of articles can bring you a little gain.
This project contains the source code needed based on the above article
Have fun
关于
本系列的文章面向人群主要是拥有 Java 基本语法基础的朋友,系列文章的内容主要包括:
- 审计环境介绍
- SQL 漏洞原理与实际案例介绍
- XSS 漏洞原理与实际案例介绍
- SSRF 漏洞原理与实际案例介绍
- RCE 漏洞原理与实际案例介绍
- 包含漏洞原理与实际案例介绍
- 序列化漏洞原理与实际案例介绍
- S2系列经典漏洞分析
- WebLogic 系列经典漏洞分析
- fastjson系列经典漏洞分析
- jackson系列经典漏洞分析等
可能内容顺序会略有调整,但是总体内容不会改变,最后希望这系列的文章能够给你带来一点收获。
本项目包含了基于上述文章中需要的源码
玩的开心
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].