Cryin / Javaid
java source code static code analysis and danger function identify prog
Stars: ✭ 327
Programming Languages
python
139335 projects - #7 most used programming language
Labels
Projects that are alternatives of or similar to Javaid
How-to-Hack-Websites
開源的正體中文 Web Hacking 學習資源 - 程式安全 2021 Fall
Stars: ✭ 291 (-11.01%)
Mutual labels: web-security
Raven-Storm
Raven-Storm is a powerful DDoS toolkit for penetration tests, including attacks for several protocols written in python. Takedown many connections using several exotic and classic protocols.
Stars: ✭ 235 (-28.13%)
Mutual labels: web-security
Find-PHP-Vulnerabilities
🐛 A plug-in of sublime 2/3 which is able to find PHP vulnerabilities
Stars: ✭ 57 (-82.57%)
Mutual labels: web-security
sqlinjection-training-app
A simple PHP application to learn SQL Injection detection and exploitation techniques.
Stars: ✭ 56 (-82.87%)
Mutual labels: web-security
cyber-gym
Deliberately vulnerable scripts for Web Security training
Stars: ✭ 19 (-94.19%)
Mutual labels: web-security
UltimateCMSWordlists
📚 An ultimate collection wordlists of the best-known CMS
Stars: ✭ 54 (-83.49%)
Mutual labels: web-security
firecracker
Stop half-done API specifications! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by validating your API specifications.
Stars: ✭ 438 (+33.94%)
Mutual labels: web-security
PIL-RCE-Ghostscript-CVE-2018-16509
PoC + Docker Environment for Python PIL/Pillow Remote Shell Command Execution via Ghostscript CVE-2018-16509
Stars: ✭ 44 (-86.54%)
Mutual labels: web-security
shellsum
A defense tool - detect web shells in local directories via md5sum
Stars: ✭ 30 (-90.83%)
Mutual labels: web-security
Virtual-Host
Modified Nuclei Templates Version to FUZZ Host Header
Stars: ✭ 38 (-88.38%)
Mutual labels: web-security
WDIR
Good resources about web security that I have read.
Stars: ✭ 14 (-95.72%)
Mutual labels: web-security
CJ2018-Final-CTF
Cyber Jawara 2018 Final - Attack & Defense CTF services environments based on Docker.
Stars: ✭ 58 (-82.26%)
Mutual labels: web-security
Learning-Node.js-Security
A Collection of articles, videos, blogs, talks and other materials on Node.js Security
Stars: ✭ 25 (-92.35%)
Mutual labels: web-security
Awesome Web Hacking
A list of web application security
Stars: ✭ 3,760 (+1049.85%)
Mutual labels: web-security
Shell Backdoor List
🎯 PHP / ASP - Shell Backdoor List 🎯
Stars: ✭ 288 (-11.93%)
Mutual labels: web-security
Sherlock
This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)
Stars: ✭ 36 (-88.99%)
Mutual labels: web-security
JavaID
java source code danger function identify prog
How does it work?
JavaID identify some dangerous functions in java source code by way of regular matching.
For further details, check out the source code on the main site, github.com/Cryin/JavaID.
What does it identify?
XXE:
"SAXReader",
"DocumentBuilder",
"XMLStreamReader",
"SAXBuilder",
"SAXParser",
"XMLReader",
"SAXSource",
"TransformerFactory",
"SAXTransformerFactory",
"SchemaFactory",
"Unmarshaller",
"XPathExpression"
JavaObjectDeserialization:
"readObject",
"readUnshared",
"Yaml.load",
"fromXML",
"ObjectMapper.readValue",
"JSON.parseObject"
SSRF:
"HttpClient",
"Socket",
"URL",
"ImageIO",
"HttpURLConnection",
"OkHttpClient"
"SimpleDriverDataSource.getConnection"
"DriverManager.getConnection"
FILE:
"MultipartFile",
"createNewFile",
"FileInputStream"
SPelInjection:
"SpelExpressionParser",
"getValue"
Autobinding:
"@SessionAttributes",
"@ModelAttribute"
URL-Redirect:
"sendRedirect",
"forward",
"setHeader"
EXEC:
"getRuntime.exec",
"ProcessBuilder.start",
"GroovyShell.evaluate"
and so on...
Also you can add function id with regexp.xml!
How do I use it?
Usage: python javaid.py -d dir
Questions?
contact me :)
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].