A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

The modern Java bytecode editor

SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 check list

Decompiler from Java bytecode to Java, used in IntelliJ IDEA.

Simple to use root checking Android library and sample app

JNDI注入测试工具（A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc）

A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅

项目是根据LandGrey/SpringBootVulExploit清单编写，目的hvv期间快速利用漏洞、降低漏洞利用门槛。

SEKIRO is a multi-language, distributed, network topology-independent service publishing platform. By writing handlers in their respective languages, functionalities can be published to the central…

🔓 Disable SSL verification and pinning on Android, system-wide

Burp被动扫描流量转发插件

一款基于BurpSuite的被动式FastJson检测插件

Java RCE 回显测试代码

Android Anti-Emulator

ysoserial修改版，着重修改ysoserial.payloads.util.Gadgets.createTemplatesImpl使其可以通过引入自定义class的形式来执行命令、内存马、反序列化回显。

Because just a dark theme wasn't enough!

Log4j jndi injects the Payload generator

A collection of reverse engineering challenges for learning about the Android operating system and mobile security.

OpenRASP 漏洞测试环境

Vulnerable Java based Web Application

一款快速修改HTTP数据包头的Burp Suite插件

RMI 反序列化环境 一步步

用Java agent实现内存马等功能

XSS Hunter Burp Plugin

哥斯拉源码-v3.03-godzilla

基于ysoserial扩展命令执行结果回显，生成冰蝎内存马

Frida-Android 进阶