本项目记录自己在学习Java的过程中遇到的一些优秀内容,包括Java的相关学习资源以及Java的优秀项目代码等。尽可能去理解Java漏洞原理,尽可能去挖掘Java程序漏洞。作者:0e0w
关于Java的学习教程,可以参考《365天深入理解Java》。面向对象编程!
本项目创建于2020年9月10日。最近一次更新时间为2021年3月23日。
一、基础入门
- 《27天成为Java大神》
- 《Java学习-面试指南》
- 《互联网 Java工程师进阶知识完全扫盲》
- 《Java工程师成神之路》@hollischuang
- 《IntelliJ IDEA 简体中文专题教程》
- 《成为一个更好的Java程序员》
- 《On Java 8》
- 《JavaFamily》
- 《Java编程**》
- 《Java技术栈》
- 《从零开始学习JavaSE》
二、高手进阶
- github.com
三、算法学习
四、Web编程
五、实体书籍
六、视频教程
七、杂七杂八
- awesome-java-books
- technology-talk
- awesome-java-cn
- awesome-java
- https://github.com/doocs/jvm
- 代码审计小组相关内容
- awesome-java
- https://github.com/dbeaver/dbeaver
- https://github.com/google/firing-range
- https://github.com/ewilded/shelling
- https://github.com/jflyfox/jfinal_cms
- https://github.com/looly/hutool
- https://github.com/ravenxrz/RubberTranslator
- https://github.com/o2oa/o2oa
- https://github.com/Meituan-Dianping/walle
- https://github.com/networknt/light-4j
- https://github.com/xuxueli/xxl-crawler
- https://github.com/virjar/echo
- https://github.com/Mysticbinary/WebBug
- https://github.com/dschadow/JavaSecurity
- https://github.com/dschadow/Java-Web-Security
- https://github.com/Zhangyao-zzyy/JavaVulnerableLab-circle
- https://github.com/novysodope/mytestvul
- https://github.com/langligelang/maobugs
〇、代码审计
- javasec_study
- Fortify
- learnjavabug
- JavaLearnVulnerability
- JavaCodeAudit
- javasec
- JavaThings
- javaweb-sec
- https://github.com/momosecurity/rhizobia_J
- https://github.com/feihong-cs/Java-Rce-Echo
- https://github.com/Y4er/WebLogic-Shiro-shell
- https://github.com/frohoff/ysoserial
- https://github.com/feihong-cs/Java-Rce-Echo
- https://github.com/feihong-cs/JNDIExploit
- https://github.com/welk1n/JNDI-Injection-Exploit
- https://github.com/March110/javaweb-sec
- 攻击Java Web应用
- https://github.com/wh1t3p1g/ysomap
一、程序安装问题
二、业务逻辑漏洞
三、SQL注入漏洞
四、变量覆盖漏洞
五、任意文件上传漏洞
六、任意文件写入漏洞
七、任意文件删除漏洞
八、任意文件包含漏洞
九、任意命令执行漏洞
十、Java反序列化漏洞
- https://github.com/frohoff/ysoserial
- https://github.com/wh1t3p1g/ysomap
- https://github.com/JackOfMostTrades/gadgetinspector
十一、XSS跨站脚本攻击
十二、XML外部实体攻击
十三、CSRF跨站请求伪造
十四、SSRF服务端请求伪造
- https://github.com/ityouknow/spring-boot-examples
- https://github.com/kevinsawicki/http-request
- https://github.com/NanoHttpd/nanohttpd
〇、HackWithJava
一、Webshell
- https://github.com/rebeyond/Behinder
- https://github.com/BeichenDream/Godzilla
- https://github.com/threedr3am/JSP-Webshells
- https://github.com/Ramos-dev/OSSTunnel
- https://github.com/thatcherclough/BetterBackdoor
二、域名扫描
三、路径扫描
四、端口扫描
五、密码爆破
六、Web安全
七、漏洞扫描
- https://github.com/kuiguansec/rcetool
- https://github.com/redtimmy/Richsploit
- https://github.com/21superman/weblogic_exploit
- https://github.com/er10yi/MagiCude
- https://github.com/fupinglee/JavaTools
- https://github.com/Lucifaer/Joker
- https://github.com/colodoo/lanb-wvs
- https://github.com/usualwyy/PowerScanner
- https://github.com/google/tsunami-security-scanner
- https://github.com/tangxiaofeng7/VulnFind
- https://github.com/tangxiaofeng7/TSLab-Exploit
八、隧道代理
- https://github.com/ffay/lanproxy
- https://github.com/Ramos-dev/OSSTunnel
- https://github.com/CreditTone/mitmproxy-java
九、病毒免杀
十、代码审计
十一、其他项目
- https://github.com/Ramos-dev/R9000
- https://github.com/Ramos-dev/graph4code
- https://github.com/Efaker/FakerAndroid
- https://github.com/skylot/jadx
- https://github.com/SPuerBRead/Bridge
- https://github.com/tangxiaofeng7/Fofa-collect
- https://github.com/Cool-Coding/remote-desktop-control
- https://github.com/coodyer/Coody-Framework
- https://github.com/iBotPeaches/Apktool
- https://github.com/oracle/graal
- https://github.com/TheKingOfDuck/Loki
- https://github.com/LSPosed/LSPosed
- https://github.com/f1tz/BCELCodeman
- https://github.com/guardrailsio/awesome-java-security
- https://github.com/sulanmehmetsirin/Raptor
- https://github.com/oschina/kooder
- https://github.com/huoxianclub/LingZhi
- https://github.com/Wker666/Demo
- https://github.com/Ppsoft1991/CodeReviewTools
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent