depycode / JavaRce Public

forked from Whoopsunix/JavaRce

Notifications You must be signed in to change notification settings
Fork 0
Star 1

Common Exploitation Techniques for Java RCE Vulnerabilities in Real-World Scenarios | 实战场景较通用的 Java Rce 相关漏洞的利用方式

github.com/Whoopsunix/JavaRce

1 star 60 forks Branches Tags Activity

Star

Notifications

depycode/JavaRce

Branches Tags

Folders and files

Name		Name	Last commit message	Last commit date
Latest commit History 87 Commits
SecVulns		SecVulns
Utils		Utils
java-object-searcher		java-object-searcher
joern		joern
JavaClass.http		JavaClass.http
README.md		README.md
pom.xml		pom.xml

Repository files navigation

JavaRce

By. Whoopsunix

0x00 do what?

🚀 对照实战场景梳理较通用的 Java Rce 相关漏洞的利用方式记录在 VulnCore 中

🚩 子目录 VulnCore 给出 Java 利用方式,具体覆盖量见对应 README.md 文件

⛳️ 配套测试靶场 SecVulns 主要针对 DevSecOps 场景构建(IAST、RASP、SAST),采用 httpREST 实现批量测试。大多数 Java 靶场都把注意力集中在 Spring、Tomcat 组件上,之后会引入更多组件丰富 Source 点

🪝 EXP: 反序列化框架 PPPYSO 集成了部分内容

🚧 Protection: PPPRASP 基于 jvm-sandbox 对 VulnCore 中的漏洞实现防护(仅实现关键函数的 HOOK,不作进一步处理)

🛰 Detection: 基于 joern 实现漏洞检测

Stats

Alt

About

Common Exploitation Techniques for Java RCE Vulnerabilities in Real-World Scenarios | 实战场景较通用的 Java Rce 相关漏洞的利用方式

github.com/Whoopsunix/JavaRce

Releases

No releases published

Packages

No packages published

Languages

Java 98.7%
Python 0.6%
PLpgSQL 0.2%
Scala 0.2%
C 0.1%
C++ 0.1%
Other 0.1%

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

depycode/JavaRce

Folders and files

Latest commit

History

Repository files navigation

JavaRce

0x00 do what?

Stats

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages

Languages

depycode/JavaRce

Folders and files

Latest commit

History

Repository files navigation

JavaRce

0x00 do what?

Stats

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages