Free and Open Source, Distributed, RESTful Search Engine

Ghidra is a software reverse engineering (SRE) framework

Free universal database tool and SQL client

Dex to Java decompiler

A tool for reverse engineering Android apk files

A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)

The ZAP by Checkmarx Core project

Tools to work with android .dex and java .class files

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

Tools for keeping your cloud operating in top form. Chaos Monkey is a resiliency tool that helps applications tolerate random instance failures.

Gnirehtet provides reverse tethering for Android

Catch common Java mistakes as compile-time errors

The modern Java bytecode editor

smali/baksmali

Open source version of Google Authenticator (except the Android app)

ProGuard, Java optimizer and obfuscator

A cli tool that helps signing and zip aligning single or multiple Android application packages (APKs) with either debug or provided release certificates. It supports v1, v2 and v3 Android signing s…

The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

A Burp Suite extension that integrates OpenAI's GPT to perform an additional passive scan for discovering highly bespoke vulnerabilities and enables running traffic-based analysis of any type.

jSQL Injection is a Java application for automatic SQL database injection.

HackBar plugin for Burpsuite

Web and mobile application security training platform

Batfish is a network configuration analysis tool that can find bugs and guarantee the correctness of (planned or current) network configurations. It enables network engineers to rapidly and safely …

DIVA Android - Damn Insecure and vulnerable App for Android

TLS-Attacker is a Java-based framework for analyzing TLS libraries. It can be used to manually test TLS clients and servers or as as a software library for more advanced tools.

Log4j2 RCE Passive Scanner plugin for BurpSuite

Damn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to assess your android application security hacking skills.

A wrapper to get de-optimized dex from odex/oat/vdex.