A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 check list

Java 1-25 Parser and Abstract Syntax Tree for Java with advanced analysis functionalities.

Decompiler from Java bytecode to Java, used in IntelliJ IDEA.

HaE - Highlighter and Extractor, Empower ethical hacker for efficient operations.

JNDI注入测试工具（A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc）

a rep for documenting my study, may be from 0 to 0.1

MDUT - Multiple Database Utilization Tools

一款支持自定义的 Java 内存马生成工具｜A customizable Java in-memory webshell generation tool.

Jar Analyzer - 一个 JAR 包 GUI 分析工具，方法调用关系搜索，方法调用链 DFS 算法分析，模拟 JVM 的污点分析验证 DFS 结果，字符串搜索，Java Web 组件入口分析，CFG 程序分析，JVM 栈帧分析，自定义表达式搜索，紧跟 AI 技术发展，支持 MCP 调用，支持 n8n 工作流

JNDIExploit or a ysoserial.

☕️ Java Security，安全编码和代码审计

A CAT called tabby ( Code Analysis Tool )

HummerRisk 是云原生安全平台，包括混合云安全治理和云原生安全检测。

一款专注于 Java 主流 Web 中间件的内存马快速生成工具，致力于简化安全研究人员和红队成员的工作流程，提升攻防效率

Nuclei plugin for BurpSuite

A helpful Java Deserialization exploit framework.

Java RCE 回显测试代码

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

A java obfuscator (GUI)

❄️冰蝎客户端源码-V4.0.6🔞

80+ Gadgets(30 More than ysoserial). JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and provide background services by starting RMI server,LDAP server and HTTP server.

Programs for producing static and dynamic (runtime) call graphs for Java programs

java内存对象搜索辅助工具

a spider on the apps

Bypass SSL certificate pinning for most applications