本项目是记录自己在学习Java代码审计过程中遇到的优秀内容，包括Java代码审计技巧以及优秀的代码审计案例。一个不会Java代码审计的师傅不是一个好黑客！一个不会Java代码审计的黑客不是一个好师傅！

- [0x01-Java代码审计资源](https://github.com/0e0w/HackJava#0x01-Java%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1%E8%B5%84%E6%BA%90)

- [0x02-Java漏洞靶场平台](https://github.com/0e0w/HackJava#0x02-Java%E6%BC%8F%E6%B4%9E%E9%9D%B6%E5%9C%BA%E5%B9%B3%E5%8F%B0)

二、待整理

- [ ] https://github.com/MobSF/mobsfscan

- [ ] https://github.com/threedr3am/log-agent

- [ ] https://github.com/welk1n/JNDI-Injection-Exploit

- [ ] https://github.com/March110/javaweb-sec

- [ ] https://github.com/wh1t3p1g/ysomap

- [ ] [攻击Java Web应用](https://appts4jvi.zhishibox.net/b/5d644b6f81cbc9e40460fe7eea3c7925)

- [ ] https://github.com/returntocorp/semgrep

- [ ] https://github.com/mtxiaowangzi/CAFJE