JavaSec

Java Security Coding Memory by Boogpop

Templates
Pocs
SerializeUtils
GUI (developing)
CLI (developing)

0、aspectjweaver

任意文件写入

1、Hessian

内涵Hessian反序列化所有利用链

Xbean
Resin
LazyValue*N
Jackson/Fastjson
springaop
ProxyLazyValue*N

2、CommonCollections

CommonCollections1-11+几条野链+二次

CC1-11
CCD1
RMI二次反序列化

3、CommonBeantuils

CB1
CB2

4、Fastjson/Jackson

蕴含fastjson/jackson的所有getter chain

Ldap JNDI
Templates
Signobject二次
Tostring 所有起点

5、Rhino

Rhino1
Rhino2

6、Rome

Rome反序列化所有反序列化链及其变种、总共七条。

7、Hibernate

Hibernate1
Hibernate2

8、JDBC-Attack

所有类型的JDBC漏洞

Mysql
postgresql
IBM DB2
Derby
Modeshape
Sqlite (unfinished)
H2

9、CTF Java Writeup

有一些CTF比赛中的Java题解在里面

10、Serialize&&Reflection Utils

蕴含一些轮子

11、Memshell

暂时还未完全覆盖。

Tomcat(servlet、filter)
Spring(controller、interceptor)
Nacos
Http

Name		Name	Last commit message	Last commit date
Latest commit History 14 Commits
.idea		.idea
AbstractActionAgent		AbstractActionAgent
com/fasterxml/jackson/databind/node		com/fasterxml/jackson/databind/node
dbname		dbname
src		src
target		target
weblogic		weblogic
AbstractActionAgent.jar		AbstractActionAgent.jar
README.md		README.md
derby.log		derby.log
poc.ser		poc.ser
pom.xml		pom.xml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

JavaSec

0、aspectjweaver

1、Hessian

2、CommonCollections

3、CommonBeantuils

4、Fastjson/Jackson

5、Rhino

6、Rome

7、Hibernate

8、JDBC-Attack

9、CTF Java Writeup

10、Serialize&&Reflection Utils

11、Memshell

About

Releases

Packages

Languages

Boogipop/JavaSec

Folders and files

Latest commit

History

Repository files navigation

JavaSec

0、aspectjweaver

1、Hessian

2、CommonCollections

3、CommonBeantuils

4、Fastjson/Jackson

5、Rhino

6、Rome

7、Hibernate

8、JDBC-Attack

9、CTF Java Writeup

10、Serialize&&Reflection Utils

11、Memshell

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages