Ghidra is a software reverse engineering (SRE) framework

Dex to Java decompiler

A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)

A standalone Java Decompiler GUI

The ZAP by Checkmarx Core project

Continuous Inspection

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.

Free and open log management

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

smali/baksmali

An xposed module that disables SSL certificate checking for the purposes of auditing an app with cert pinning

Android virtual machine and deobfuscator

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

Android Package Inspector - dynamic analysis with api hooks, start unexported activities and more. (Xposed Module)

BinNavi is a binary analysis IDE that allows to inspect, navigate, edit and annotate control flow graphs and call graphs of disassembled code.

A system for distributing and managing secrets

A cli tool that helps signing and zip aligning single or multiple Android application packages (APKs) with either debug or provided release certificates. It supports v1, v2 and v3 Android signing s…

Android backup extractor

I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network i…

The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

completely ridiculous API (crAPI)

☕ SonarSource Static Analyzer for Java Code Quality and Security

Alibaba-Nacos-Unauthorized/ApacheDruid-RCE_CVE-2021-25646/MS-Exchange-SSRF-CVE-2021-26885/Oracle-WebLogic-CVE-2021-2109_RCE/RG-CNVD-2021-14536/RJ-SSL-VPN-UltraVires/Redis-Unauthorized-RCE/TDOA-V11.…

Provides situational awareness of Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) networks in support of network security assessments. #nsacyber

Open-source android spyware

Android Xposed Module to bypass SSL certificate validation (Certificate Pinning).

APKinspector is a powerful GUI tool for analysts to analyze the Android applications.

All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities