threedr3am's repositories
learnjavabug
Java安全相关的漏洞和技术demo,原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security Manager绕过、Dubbo-Hessian2安全加固等等实践代码。
JSP-WebShells
Collect JSP webshell of various implementation methods. 收集JSP Webshell的各种姿势
gadgetinspector
一个利用ASM对字节码进行污点传播分析的静态代码审计应用(添加了大量代码注释,适合大家进行源码学习)。也加入了挖掘Fastjson反序列化gadget chains和SQLInject(JdbcTemplate、MyBatis、JPA、Hibernate、原生jdbc等)静态检测功能。并且加入了很多功能以方便进行漏洞自动化挖掘。
wxwork-sdk-utils
企业微信工具包(机器人webhook utils),封装起来,使各种类型的消息构建更加简单,并加入推送工具,一步到位。
jar-compatibility-detector
安全升级jar包时,辅助检测Java Archive (JAR) 包之间兼容性
nacos-with-enc
二开,集成加密页面、jasypt
nuclei-templates
Community curated list of templates for the nuclei engine to find security vulnerabilities.
swagger-hack
自动化爬取并自动测试所有swagger接口
wx-work-robots-docker
瞎写玩玩~~~
algorithm-and-risk-management
风控、大数据、算法。
DongTai
Dongtai IAST is an open-source Interactive Application Security Testing (IAST) tool that enables real-time detection of common vulnerabilities in Java applications and third-party components through passive instrumentation. It is particularly suitable for use in the testing phase of the development pipeline.
Fastjson
Fastjson姿势技巧集合
momo-code-sec-inspector-java
IDEA静态代码安全审计及漏洞一键修复插件
quiltflower
Modern Java decompiler aiming to be as accurate as possible, with an emphasis on output quality. Fork of the Fernflower decompiler.
sslscan
sslscan tests SSL/TLS enabled services to discover supported cipher suites
Tai-e
An easy-to-learn/use static analysis framework for Java
testssl.sh
Testing TLS/SSL encryption anywhere on any port
tsunami-security-scanner-plugins
This project aims to provide a central repository for many useful Tsunami Security Scanner plugins.