JavaCodeAudit
Getting started with java code auditing 代码审计入门的小项目
Install / Use
/learn @cn-panda/JavaCodeAuditREADME
About
The articles in this series are aimed at people who have a basic knowledge of Java's basic syntax. The contents of this series of articles mainly include:
- Introduction to audit environment
- SQL vulnerability principle and actual case introduction
- XSS vulnerability principle and actual case introduction
- SSRF vulnerability principle and actual case introduction
- RCE vulnerability principle and actual case introduction
- Includes vulnerability principles and actual case introductions
- Serialization vulnerability principle and actual case introduction
- S2 series classic vulnerability analysis
- WebLogic series of classic vulnerability analysis
- fastjson series classic vulnerability analysis
- Jackson series classic vulnerability analysis, etc.
The content order may be slightly adjusted, but the overall content will not change. Finally, I hope that this series of articles can bring you a little gain.
This project contains the source code needed based on the above article
Have fun
关于
本系列的文章面向人群主要是拥有 Java 基本语法基础的朋友,系列文章的内容主要包括:
- 审计环境介绍
- SQL 漏洞原理与实际案例介绍
- XSS 漏洞原理与实际案例介绍
- SSRF 漏洞原理与实际案例介绍
- RCE 漏洞原理与实际案例介绍
- 包含漏洞原理与实际案例介绍
- 序列化漏洞原理与实际案例介绍
- S2系列经典漏洞分析
- WebLogic 系列经典漏洞分析
- fastjson系列经典漏洞分析
- jackson系列经典漏洞分析等
可能内容顺序会略有调整,但是总体内容不会改变,最后希望这系列的文章能够给你带来一点收获。
本项目包含了基于上述文章中需要的源码
玩的开心
Related Skills
oracle
344.4kBest practices for using the oracle CLI (prompt + file bundling, engines, sessions, and file attachment patterns).
prose
344.4kOpenProse VM skill pack. Activate on any `prose` command, .prose files, or OpenProse mentions; orchestrates multi-agent workflows.
Command Development
99.2kThis skill should be used when the user asks to "create a slash command", "add a command", "write a custom command", "define command arguments", "use command frontmatter", "organize commands", "create command with file references", "interactive command", "use AskUserQuestion in command", or needs guidance on slash command structure, YAML frontmatter fields, dynamic arguments, bash execution in commands, user interaction patterns, or command development best practices for Claude Code.
Plugin Structure
99.2kThis skill should be used when the user asks to "create a plugin", "scaffold a plugin", "understand plugin structure", "organize plugin components", "set up plugin.json", "use ${CLAUDE_PLUGIN_ROOT}", "add commands/agents/skills/hooks", "configure auto-discovery", or needs guidance on plugin directory layout, manifest configuration, component organization, file naming conventions, or Claude Code plugin architecture best practices.
