# [![](/media/202605/0118913532754689b176fa0703eff06c3744.png)](https://github.com/whgojp/JavaSecLab/blob/main/pic/logo.png)JavaSecLab 一款综合Java漏洞平台

[](https://github.com/whgojp/JavaSecLab/blob/main/README_ZH.md#javaseclab-%E4%B8%80%E6%AC%BE%E7%BB%BC%E5%90%88java%E6%BC%8F%E6%B4%9E%E5%B9%B3%E5%8F%B0)
项目地址：https://github.com/whgojp/JavaSecLab
[![License](https://camo.githubusercontent.com/ea1579ab027413cfc3d405245bd8e0a2a6470d6473e8b8e7e2ac616252625c68/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c6963656e73652f616c69626162612f7472616e736d69747461626c652d7468726561642d6c6f63616c3f636f6c6f723d626c756576696f6c6574266c6f676f3d617061636865)](https://www.apache.org/licenses/LICENSE-2.0.html) [![Release](https://camo.githubusercontent.com/6ca62e7c7bddae453c3340c52575865027f5dace0d6a85b26858edcfad7ca731/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4a6176612d382d6666393930303f6c6f676f3d6a617661)](https://github.com/whgojp/JavaSecLab) [![Version](https://camo.githubusercontent.com/37ac2ea54d75fcfbf22feaa45980e54f39c67bfcf9a51d4138208d1e2d58669f/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f56657273696f6e2d312e332d7265642e737667)](https://github.com/whgojp/JavaSecLab) [![Developed by whgojp](https://camo.githubusercontent.com/fe979ca5adaaa58efe5bbed6db77efa564a90e29987cb67f6007645a6c80b15a/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f446576656c6f70656425323062792d7768676f6a702d707572706c652e737667)](https://blog.csdn.net/weixin_53009585) [![GitHub Repo stars](https://camo.githubusercontent.com/82f0de61792b36346d99c95e558e7b632f802631f4d7713c60d889502f986624/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7768676f6a702f4a6176615365634c61623f636f6c6f723d627269676874677265656e267374796c653d666c61742d737175617265)](https://camo.githubusercontent.com/82f0de61792b36346d99c95e558e7b632f802631f4d7713c60d889502f986624/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7768676f6a702f4a6176615365634c61623f636f6c6f723d627269676874677265656e267374796c653d666c61742d737175617265) [![GitHub forks](https://camo.githubusercontent.com/8b91fd52d58710c542de91f2fd82da0f1a0e85147128b2fc15b47a354fea9ec8/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f7768676f6a702f4a6176615365634c61623f7374796c653d626c7565)](https://camo.githubusercontent.com/8b91fd52d58710c542de91f2fd82da0f1a0e85147128b2fc15b47a354fea9ec8/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f7768676f6a702f4a6176615365634c61623f7374796c653d626c7565)

* * *

## 项目介绍

[](https://github.com/whgojp/JavaSecLab/blob/main/README_ZH.md#%E9%A1%B9%E7%9B%AE%E4%BB%8B%E7%BB%8D)

JavaSecLab是**一款综合型Java漏洞平台**，提供相关漏洞缺陷代码、修复代码、漏洞场景、审计SINK点、安全编码规范、漏洞流量分析，覆盖多种漏洞场景，友好用户交互UI……

[![image-20241020143155383](/media/202605/899ccb98faf7468ca2d565c88e0f3c484247.png)](https://github.com/whgojp/JavaSecLab/blob/main/pic/home.png)

[![show](/media/202605/1f94478fd92441aa967952dc5930be075986.png)](https://github.com/whgojp/JavaSecLab/blob/main/pic/show.png)

## 面向人群

[](https://github.com/whgojp/JavaSecLab/blob/main/README_ZH.md#%E9%9D%A2%E5%90%91%E4%BA%BA%E7%BE%A4)

*   安全服务方面：帮助安全服务人员理解漏洞原理(产生、修复、审计)，以及对应漏洞流量分析
    
*   甲方安全方面：可作为开发安全培训演示，友好的交互方式，帮助研发同学更容易理解漏洞
    
*   安全研究方面：各种漏洞的不同触发场景，可用于xAST等安全工具测试

## 支持漏洞模块

[](https://github.com/whgojp/JavaSecLab/blob/main/README_ZH.md#%E6%94%AF%E6%8C%81%E6%BC%8F%E6%B4%9E%E6%A8%A1%E5%9D%97)

*   跨站脚本攻击、跨站请求伪造、CORS、JSONP、URL重定向、XFF伪造、拒绝服务、XPATH注入
    
*   SQL注入、任意文件系列、跨服务端请求伪造、XML实体注入、RCE
    
*   逻辑漏洞(IDOR、验证码安全、支付安全、并发安全)、敏感信息泄漏系列、登录对抗系列
    
*   SPEL注入、SSTI注入、反序列化、组件漏洞

## 在线环境体验

[](https://github.com/whgojp/JavaSecLab/blob/main/README_ZH.md#%E5%9C%A8%E7%BA%BF%E7%8E%AF%E5%A2%83%E4%BD%93%E9%AA%8C)

[http://whgojp.top/](http://whgojp.top/)

账号密码：admin/admin

综合Java漏洞学习平台