Ghidra is a software reverse engineering (SRE) framework

Apollo is a reliable configuration management system suitable for microservice configuration management scenarios.

Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.

Apache Shiro

JNDI注入测试工具（A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc）

Java bindings for Skia

Java web common vulnerabilities and security code which is base on springboot and spring security

Burp suite 分块传输辅助插件

一款基于BurpSuite的被动式shiro检测插件

服务端配置错误情况下用于伪造ip地址进行测试的Burp Suite插件

Apache Struts is a free, open-source, MVC framework for creating elegant, modern Java web applications

一款基于BurpSuite的被动式FastJson检测插件

A malicious LDAP server for JNDI injection attacks

一个简单的Fastjson反序列化检测burp插件

This project aims to provide a central repository for many useful Tsunami Security Scanner plugins.

Shiro RememberMe 1.2.4 反序列化漏洞图形化检测工具(Shiro-550)

从wooyun中提取的payload，以及burp插件

Burp Plugin to decrypt AES encrypted traffic on the fly

RMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities

Fastjson <= 1.2.47 远程命令执行漏洞利用工具及方法

SecHub provides a central API to test software with different security tools.

Weblogic IIOP CVE-2020-2551

Shiro反序列化回显利用、内存shell、检查 Burp插件

Weblogic coherence.jar RCE

Apache Tomcat + MongoDB Remote Code Execution

This project tries to provide additional Ghidra Version Tracking Correlators suitable for patch diffing.

Small example repo for looking into log4j CVE-2021-44228

Apache Dubbo Hessian2 CVE-2021-43297 demo