https://github.com/j3ers3/Hello-Java-Sec
☕️ Java Security,安全编码和代码审计
https://github.com/j3ers3/Hello-Java-Sec
code-audit java-sec java-vul
Last synced: 4 months ago
JSON representation
☕️ Java Security,安全编码和代码审计
- Host: GitHub
- URL: https://github.com/j3ers3/Hello-Java-Sec
- Owner: j3ers3
- Created: 2021-07-04T05:32:27.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2025-03-07T06:16:56.000Z (8 months ago)
- Last Synced: 2025-05-28T16:26:29.748Z (5 months ago)
- Topics: code-audit, java-sec, java-vul
- Language: Java
- Homepage:
- Size: 9.15 MB
- Stars: 1,555
- Watchers: 11
- Forks: 235
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - j3ers3/Hello-Java-Sec - ☕️ Java Security,安全编码和代码审计 (Java)
README
# ☕️ Hello Java Sec  
> Hello Java Security 通过结合漏洞场景和安全编码,帮助安全和研发团队理解漏洞原理,从而减少漏洞的产生,代码仅供参考 :)
- 默认账号:admin/admin
## Vulnerability
- [x] SQLi
- [x] XSS
- [x] RCE
- [x] Deserialization
- [x] SSTI
- [x] SpEL
- [x] SSRF
- [x] IDOR
- [x] Directory Traversal
- [x] Redirect
- [x] CSRF
- [x] File Upload
- [x] XXE
- [x] Actuator
- [x] Fastjson
- [x] Xstream
- [x] Log4shell
- [x] JNDI
- [x] Dos
- [x] Xpath
- [x] IPForgery
- [x] Jwt
- [x] Password Reset
- [ ] more and more
## Run
### 手工部署
配置数据库
导入数据库文件 `src/main/resources/db.sql`
配置数据库连接 `src/main/application.properties`
```
spring.datasource.url=jdbc:mysql://127.0.0.1:3306/test
spring.datasource.username=root
spring.datasource.password=1234567
```
编译并启动
> 使用JDK 1.8环境,高版本会报错
```
git clone https://github.com/j3ers3/Hello-Java-Sec
cd Hello-Java-Sec
mvn clean package -DskipTests
java -jar target/javasec-x.x.jar
```
### Docker部署
```
git clone https://github.com/j3ers3/Hello-Java-Sec
cd Hello-Java-Sec
mvn clean package -DskipTests
docker-compose up
```
## 技术架构
- Java 1.8
- SpringBoot 2.4.1
- Bootstrap 4.6.0
- Codemirror 5.62.0