the fastest and most powerful android decompiler(native tool working without Java VM) for the APK, DEX, ODEX, OAT, JAR, AAR, and CLASS file. which supports malicious behavior detection, privacy lea…

Java 4,690 561 Updated May 8, 2024

gh0stkey / HaE

HaE - Highlighter and Extractor, Empower ethical hacker for efficient operations.

Java 4,120 300 Updated Mar 19, 2026

SummerSec / ShiroAttack2

shiro反序列化漏洞综合利用,包含（回显执行命令/注入内存马）修复原版中NoCC的问题 https://github.com/j1anFen/shiro_attack

Java 2,404 283 Updated Mar 26, 2026

API-Security / APIKit

APIKit：Discovery, Scan and Audit APIs Toolkit All In One.

Java 2,251 181 Updated Apr 2, 2024

pen4uin / java-memshell-generator

一款支持自定义的 Java 内存马生成工具｜A customizable Java in-memory webshell generation tool.

Java 2,171 234 Updated Aug 21, 2025

bit4woo / domain_hunter_pro

domain_hunter的高级版本，SRC挖洞、HW打点之必备！自动化资产收集；快速Title获取；外部工具联动；等等

Java 2,119 209 Updated Mar 3, 2026

feihong-cs / ShiroExploit-Deprecated

Shiro550/Shiro721 一键化利用工具，支持多种回显方式

Java 1,955 298 Updated Jun 4, 2021

bit4woo / knife

A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅

Java 1,905 209 Updated Mar 11, 2026

0x727 / SpringBootExploit

项目是根据LandGrey/SpringBootVulExploit清单编写，目的hvv期间快速利用漏洞、降低漏洞利用门槛。

Java 1,900 315 Updated Jan 15, 2024

f0ng / captcha-killer-modified

captcha-killer的修改版，支持关键词识别base64编码的图片，添加免费ocr库，用于验证码爆破，适配新版Burpsuite

Java 1,886 178 Updated Aug 26, 2025

wgpsec / fofa_viewer

A simple FOFA client written in JavaFX. Made by WgpSec, Maintained by f1ashine.

Java 1,777 164 Updated Dec 26, 2025

guchengwuyue / yshopmall

yshop基于当前流行技术组合的前后端分离B2C单商户、B2B2C多商户商城系统： SpringBoot3+MybatisPlus+SpringSecurity+jwt+redis+Vue的前后端分离的商城系统，包含商城、sku、运费模板、素材库、拼团、商户管理、秒杀、优惠券、积分、分销、会员、充值、多门店等功能

Java 1,776 550 Updated Dec 23, 2025

ron190 / jsql-injection

jSQL Injection is a Java application for automatic SQL database injection.

Java 1,754 443 Updated Mar 27, 2026

whwlsfb / BurpCrypto

BurpCrypto is a collection of burpsuite encryption plug-ins, support AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite). 支持多种加密算法或直接执行JS代码的用于爆破前端加密的BurpSuite插件

Java 1,622 173 Updated Aug 4, 2023

gh0stkey / CaA

CaA - Collector and Analyzer, Insight into information, exploring with intelligence in a thousand ways.

Java 1,446 82 Updated Mar 19, 2026

codingXiaxw / CustomerManagement

a simple customer management system using MVC model with development ducumentation

Java 1,389 694 Updated Jun 1, 2018

shuanx / BurpAPIFinder

攻防演练过程中，我们通常会用浏览器访问一些资产，但很多未授权/敏感信息/越权隐匿在已访问接口过html、JS文件等，该插件能让我们发现未授权/敏感信息/越权/登陆接口等。

Java 1,383 76 Updated Oct 3, 2024

f0ng / autoDecoder

Burp插件，根据自定义来达到对数据包的处理（适用于加解密、爆破等），类似mitmproxy，不同点在于经过了burp中转，在自动加解密的基础上，不影响APP、网站加解密正常逻辑等。

Java 1,352 98 Updated Mar 20, 2026

sonyxperiadev / ApkAnalyser

Java 1,046 254 Updated Jul 13, 2023

smxiazi / NEW_xp_CAPTCHA

xp_CAPTCHA(瞎跑白嫖版) burp 验证码识别 burp插件

Java 1,037 142 Updated Oct 11, 2024

c0ny1 / captcha-killer

burp验证码识别接口调用插件

Java 916 120 Updated Jun 17, 2022

saoshao / DetSql

Burp插件，快速探测可能存在SQL注入的请求并标记，提高测试效率

Java 771 38 Updated Feb 26, 2026

dqzg12300 / MikRom

ROM逆向工具

Java 658 235 Updated Mar 12, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Ying xue YingxueSec

Achievements

Achievements

Block or report YingxueSec

Stars

skylot / jadx

doocs / leetcode

alibaba / druid

iBotPeaches / Apktool

CoderLeixiaoshuai / java-eight-part

ZhongFuCheng3y / austin

Threekiii / Awesome-POC

charles2gan / GDA-android-reversing-Tool