Design patterns implemented in Java

China's first CTFTools framework.中国国内首个CTF工具框架,旨在帮助CTFer快速攻克难关

Burp suite 分块传输辅助插件

Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules thro…

HackBar plugin for Burpsuite

A tool to dump Java serialization streams in a more human readable form.

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

HopLa Burp Suite Extender plugin - Brings AI capabilities, autocompletion support, and a set of useful payloads to Burp Suite

Automatically identify deserialisation issues in Java and .NET applications by using active and passive scans

Java Message Exploitation Tool

Bambdas collection for Burp Suite Professional and Community.

Nessus中文报告自动化脚本

😈 Jenkins RCE PoC. From unauthenticated user to remote code execution, it's a hacker's dream!

Repository to store exploits created by Assetnotes Security Research team

Weblogic com.tangosol.util.extractor.ReflectionExtractor RCE

Weblogic coherence.jar RCE

Adds a customizable "Send to..."-context-menu to your BurpSuite.

CVE-2023-0669 GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object.

Rodan Exploitation Framework

Automatic XSS filter bypass

Burp Notes Extension is a plugin for Burp Suite that adds a Notes tab. The tool aims to better organize external files that are created during penetration testing.

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

Spring-Kafka-Deserialization-Remote-Code-Execution

Control LED from android using Bluetooth module and Arduino board

Because just a dark theme wasn't enough!

This is the app we will work on during the workshop.