2 个仓库
Frameworks for automating the discovery and testing of security vulnerabilities in Java applications.
Distinct from Java Frameworks: Distinct from general Java frameworks: specifically focuses on security research and payload automation.
Explore 2 awesome GitHub repositories matching security & cryptography · Java Security Research Frameworks. Refine with filters or upvote what's useful.
ysoserial is a security research tool and payload generator designed to identify and exploit insecure Java deserialization. It functions as a framework for creating malicious serialized objects that can trigger remote code execution on Java virtual machines. The project provides a library of known gadget chains, which are sequences of vulnerable class calls that achieve arbitrary command execution during the deserialization process. It automates the generation of these payloads by leveraging common third-party libraries. The tool covers capabilities for security penetration testing, Java app
Provides a framework for testing Java applications against deserialization vulnerabilities by automating payload generation.
SpringBootVulExploit is a collection of scanning and auditing tools designed to identify vulnerabilities, information leaks, and execution vectors within Java-based application frameworks, specifically targeting Spring Boot applications. It provides a suite of exploit techniques, payloads, and security checklists for performing vulnerability analysis. The project features capabilities for triggering remote code execution through injection vectors, deserialization payloads, and malicious configuration files. It includes a scanner for detecting exposed environment variables and internal routing
Provides a structured framework and checklist for performing security audits and dependency mapping on Java frameworks.