Stars
Ghidra is a software reverse engineering (SRE) framework
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
An xposed module that disables SSL certificate checking for the purposes of auditing an app with cert pinning
The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
The new bridge between Burp Suite and Frida!
TCP/UDP Non-HTTP Proxy Extension (NoPE) for Burp Suite.
latest version of scanners for IIS short filename (8.3) disclosure vulnerability
Web and mobile application security training platform
DIVA Android - Damn Insecure and vulnerable App for Android
Automated HTTP Request Repeating With Burp Suite
All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities
OWASP Benchmark is a test suite designed to verify the speed and accuracy of software vulnerability detection tools. A fully runnable web app written in Java, it supports analysis by Static (SAST),…
A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques
Bypass SSL certificate pinning for most applications
Finds unknown classes of injection vulnerabilities
J2EEScan is a plugin for Burp Suite Proxy. The goal of this plugin is to improve the test coverage during web application penetration tests on J2EE applications.
A standalone library project for certificate pinning on Android.
Automatically identify deserialisation issues in Java and .NET applications by using active and passive scans
WS-Attacker is a modular framework for web services penetration testing. It is developed by the Chair of Network and Data Security, Ruhr University Bochum (https://nds.rub.de/ ) and the Hackmanit G…
Security profiling for blackbox Android