Skip to content

Commit 3a551e7

Browse files
0e0w0e0w
committed
Update README.md
1 parent 95acec2 commit 3a551e7

1 file changed

Lines changed: 38 additions & 33 deletions

File tree

README.md

Lines changed: 38 additions & 33 deletions
Original file line numberDiff line numberDiff line change
@@ -21,27 +21,18 @@
2121
- [ ] [《Java安全漫谈笔记相关》](https://github.com/phith0n/JavaThings)@phith0n
2222

2323
二、审计案例
24-
- [ ] https://github.com/proudwind/javasec_study
25-
- [ ] https://github.com/threedr3am/learnjavabug
26-
- [ ] https://github.com/SummerSec/JavaLearnVulnerability
27-
- [ ] https://github.com/cn-panda/JavaCodeAudit
28-
- [ ] https://github.com/Maskhe/javasec
29-
- [ ] https://github.com/anbai-inc/javaweb-sec
30-
- [ ] https://github.com/feihong-cs/Java-Rce-Echo
31-
- [ ] https://github.com/Y4er/WebLogic-Shiro-shell
32-
- [ ] https://github.com/feihong-cs/Java-Rce-Echo
33-
- [ ] https://github.com/feihong-cs/JNDIExploit
34-
- [ ] https://github.com/welk1n/JNDI-Injection-Exploit
35-
- [ ] https://github.com/March110/javaweb-sec
36-
- [ ] https://github.com/wh1t3p1g/ysomap
37-
- [ ] https://github.com/returntocorp/semgrep
38-
- [ ] https://github.com/MobSF/mobsfscan
39-
- [ ] https://github.com/huyuanzhi2/CodeReview
40-
- [ ] https://github.com/su18/JDBC-Attack
41-
- [ ] https://github.com/7hang/--Java
42-
- [ ] https://github.com/5huai/POC-Test
43-
- [ ] https://github.com/iiiusky/javaweb-codereview
44-
- [ ] https://github.com/Firebasky/Java
24+
- [ ] [《Java代码审计学习笔记》](https://github.com/proudwind/javasec_study)@proudwind
25+
- [ ] [《Java漏洞学习笔记》](https://github.com/SummerSec/JavaLearnVulnerability)@SummerSec
26+
- [ ] [《代码审计入门小项目》](https://github.com/cn-panda/JavaCodeAudit)@cn-panda
27+
- [ ] [《自学Java安全总结》](https://github.com/Maskhe/javasec)@Maskhe
28+
- [ ] [《攻击Java Web应用》](https://github.com/March110/javaweb-sec)@安百科技
29+
- [ ] [《Java RCE 回显测试代码》](https://github.com/feihong-cs/Java-Rce-Echo)@feihong
30+
- [ ] [《Java反序列化技术分享》](https://github.com/Y4er/WebLogic-Shiro-shell)@Y4er
31+
- [ ] [《Java代码审计总结》](https://github.com/huyuanzhi2/CodeReview)@huyuanzhi2
32+
- [ ] [《代码审计知识点整理-Java》](https://github.com/7hang/--Java)@7hang
33+
- [ ] [《Java代码审计案例》](https://github.com/5huai/POC-Test)@5huai
34+
- [ ] [《java安全和java框架漏洞》](https://github.com/Firebasky/Java)@Firebasky
35+
- [ ] [《Java安全相关的漏洞和技术demo》](https://github.com/threedr3am/learnjavabug)@threedr3am
4536

4637
三、视频教程
4738
- [ ] [《MS08067安全实验室》](https://space.bilibili.com/396298765?spm_id_from=333.788.b_765f7570696e666f.2)
@@ -50,9 +41,11 @@
5041

5142
五、审计报告
5243

53-
五、其他资源
54-
- [ ] [《攻击Java Web应用》](https://appts4jvi.zhishibox.net/b/5d644b6f81cbc9e40460fe7eea3c7925)
44+
六、其他资源
45+
- [ ] [《攻击Java Web应用》](https://zhishihezi.net/b/5d644b6f81cbc9e40460fe7eea3c7925)@javasec
46+
- [ ] [《J2EE 渗透测试与安全开发》](https://zhishihezi.net/b/98ae566719b21536dff0c4febaa697d2)@路人甲
5547
- [ ] [《静态程序分析入门教程》](https://github.com/RangerNJU/Static-Program-Analysis-Book)
48+
- [ ] https://github.com/su18/JDBC-Attack
5649

5750
## 02-Java代码审计工具
5851

@@ -64,16 +57,30 @@
6457

6558
二、IDEA
6659
- [ ] https://github.com/XianYanTechnology/RocB
60+
- [ ] https://github.com/momosecurity/momo-code-sec-inspector-java
6761

68-
三、其他
62+
三、JNDI工具
63+
- [ ] https://github.com/su18/JNDI
64+
- [ ] https://github.com/welk1n/JNDI-Injection-Exploit
65+
- [ ] https://github.com/feihong-cs/JNDIExploit
66+
- [ ] https://github.com/welk1n/JNDI-Injection-Exploit
67+
68+
四、反序列化工具
69+
- [ ] https://github.com/wh1t3p1g/ysomap
70+
- [ ] https://github.com/frohoff/ysoserial
71+
- [ ] https://github.com/KpLi0rn/ysoserial
72+
- [ ] https://github.com/0range228/Gadgets
73+
- [ ] https://github.com/JackOfMostTrades/gadgetinspector
74+
75+
五、其他
6976
- [ ] https://github.com/MobSF/mobsfscan
7077
- [ ] https://github.com/threedr3am/log-agent
7178
- [ ] https://github.com/wh1t3p1g/tabby
72-
- [ ] https://github.com/KpLi0rn/ysoserial
7379
- [ ] https://github.com/EmYiQing/XVulnFinder
7480
- [ ] https://github.com/EmYiQing/CodeInspector
7581
- [ ] https://github.com/mtxiaowangzi/CAFJE
7682
- [ ] https://github.com/FeeiCN/Cobra
83+
- [ ] https://github.com/returntocorp/semgrep
7784

7885
## 03-Java漏洞靶场平台
7986

@@ -83,7 +90,6 @@
8390
- [ ] https://github.com/novysodope/mytestvul
8491
- [ ] https://github.com/langligelang/maobugs
8592
- [ ] https://github.com/ityouknow/spring-boot-examples
86-
- [ ] https://github.com/kevinsawicki/http-request
8793
- [ ] https://github.com/NanoHttpd/nanohttpd
8894
- [ ] https://github.com/TheKingOfDuck/MySQLMonitor
8995
- [ ] https://github.com/tangxiaofeng7/SecExample
@@ -98,6 +104,10 @@
98104
- [ ] https://github.com/bit4woo/Java_deserialize_vuln_lab
99105
- [ ] https://github.com/mtxiaowangzi/Java-EE-VulnWeb
100106
- [ ] https://github.com/j3ers3/Hello-Java-Sec
107+
- [ ] https://github.com/iiiusky/javaweb-codereview
108+
- [ ] https://github.com/yhy0/sqlilab-Jsp
109+
110+
- [ ] https://github.com/pmiaowu/DeserializationTest
101111

102112
## 04-Java安全Web漏洞
103113

@@ -106,19 +116,13 @@
106116
- 程序安装问题
107117
- 业务逻辑漏洞
108118
- SQL注入漏洞
109-
- https://github.com/yhy0/sqlilab-Jsp
110119
- 变量覆盖漏洞
111120
- 任意文件上传漏洞
112121
- 任意文件写入漏洞
113122
- 任意文件删除漏洞
114123
- 任意文件包含漏洞
115124
- 任意命令执行漏洞
116125
- Java反序列化漏洞
117-
- https://github.com/frohoff/ysoserial
118-
- https://github.com/wh1t3p1g/ysomap
119-
- https://github.com/JackOfMostTrades/gadgetinspector
120-
- https://github.com/0range228/Gadgets
121-
- https://github.com/pmiaowu/DeserializationTest
122126
- XSS跨站脚本攻击
123127
- XML外部实体攻击
124128
- CSRF跨站请求伪造
@@ -129,9 +133,10 @@
129133
## 06-Java安全编码规范
130134

131135
- 腾讯-Java安全编码规范
132-
- 奇安信-Java安全编码规范
136+
- 绿盟-Java安全编码规范
133137
- [陌陌-Java安全编码规范](https://github.com/momosecurity/rhizobia_J)
134138
- 华为-Java安全编码规范
139+
- 奇安信-Java安全编码规范
135140
- 软通动力-Java-Web安全开发规范
136141

137142
## 07-Java代码审计老师

0 commit comments

Comments
 (0)