3 repositorios
Frameworks for automating the discovery and testing of security vulnerabilities in Java applications.
Distinct from Java Frameworks: Distinct from general Java frameworks: specifically focuses on security research and payload automation.
Explore 3 awesome GitHub repositories matching security & cryptography · Java Security Research Frameworks. Refine with filters or upvote what's useful.
ysoserial is a security research tool and payload generator designed to identify and exploit insecure Java deserialization. It functions as a framework for creating malicious serialized objects that can trigger remote code execution on Java virtual machines. The project provides a library of known gadget chains, which are sequences of vulnerable class calls that achieve arbitrary command execution during the deserialization process. It automates the generation of these payloads by leveraging common third-party libraries. The tool covers capabilities for security penetration testing, Java app
Provides a framework for testing Java applications against deserialization vulnerabilities by automating payload generation.
SpringBootVulExploit es una colección de herramientas de escaneo y auditoría diseñadas para identificar vulnerabilidades, fugas de información y vectores de ejecución dentro de frameworks de aplicaciones basados en Java, específicamente dirigidas a aplicaciones Spring Boot. Proporciona una suite de técnicas de explotación, payloads y listas de verificación de seguridad para realizar análisis de vulnerabilidades. El proyecto cuenta con capacidades para activar la ejecución remota de código a través de vectores de inyección, payloads de deserialización y archivos de configuración maliciosos. Incluye un escáner para detectar variables de entorno expuestas y detalles de enrutamiento interno causados por endpoints mal configurados, así como métodos para extraer datos sensibles y secretos en texto plano mediante el análisis de heap dumps. El conjunto de herramientas soporta evaluaciones de seguridad de caja negra y análisis de vulnerabilidades de frameworks, incluyendo el mapeo de versiones de dependencias para identificar posibles ventanas de vulnerabilidad.
Provides a structured framework and checklist for performing security audits and dependency mapping on Java frameworks.
This project is a command-line utility designed for security research, specifically focused on identifying and verifying deserialization vulnerabilities in PHP applications. It functions as a framework for generating serialized object chains, commonly known as gadget chains, which are used to test how software handles untrusted data during the deserialization process. The tool distinguishes itself through a modular architecture that utilizes language reflection to dynamically instantiate and configure arbitrary class structures. By employing recursive object graph traversal and programmatic h
Tests software frameworks for security flaws by crafting specific payloads to verify deserialization processing.