TerraformGoat is HXSecurity research lab's "Vulnerable by Design" multi cloud deployment tool.

Chrome Extensions Samples

Coverage-guided, in-process fuzzing for the JVM

IDEA静态代码安全审计及漏洞一键修复插件

💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh

CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security

Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀

GreHack 2021 CodeQL for Java workshop

Official source of container configurations, images, and examples for Oracle products and projects

一份通俗易懂、风趣幽默的Java学习指南，内容涵盖Java基础、Java并发编程、Java虚拟机、Java企业级开发、Java面试等核心知识点。学Java，就认准二哥的Java进阶之路😄

Java 1-21 Parser and Abstract Syntax Tree for Java with advanced analysis functionalities.

Jdk1.8源码解析

DNS rebinding toolkit

JDBC Connection URL Attack

Prototype Pollution exploits collection

Prototype Pollution and useful Script Gadgets

Find regular expressions which are vulnerable to ReDoS (Regular Expression Denial of Service)

Fast and customizable vulnerability scanner based on simple YAML based DSL.

Fastjson姿势技巧集合

woodpecker框架weblogic信息探测插件

《白帽子安全开发实战》配套代码

Sreg可对使用者通过输入email、phone、username的返回用户注册的所有互联网护照信息。

一个涵盖六个专栏：Spring Boot 2.X、Spring Cloud、Spring Cloud Alibaba、Dubbo、分布式消息队列、分布式事务的仓库。希望胖友小手一抖，右上角来个 Star，感恩 1024

spring boot Fat Jar 任意写文件漏洞到稳定 RCE 利用技巧

Look-Ahead Java Deserialization Library

清除基于java agent木马

❄️冰蝎客户端源码-V4.0.6🔞

利用agent hock指定的class，在jar运行周期内，用于跟踪被执行的方法，辅助做一些事情，比如挖洞啊

Sample Java web app protected by Java CAS client

Java安全相关的漏洞和技术demo，原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security Manager绕过、Dubbo-Hessian2安全加固等等实践代码。