Termux - a terminal emulator application for Android OS extendible by variety of packages.

Dex to Java decompiler

LSPosed Framework

A standalone Java Decompiler GUI

A free, secure and open source app for Android to manage your 2-step verification tokens.

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 check list

An xposed module that disables SSL certificate checking for the purposes of auditing an app with cert pinning

一个漏洞 PoC 知识库。A knowledge base for vulnerability PoCs(Proof of Concept), with 1k+ vulnerabilities.

HaE - Highlighter and Extractor, Empower ethical hacker for efficient operations.

This is a tool to repackage apk file, then the apk can load any xposed modules installed in the device. It is another way to hook an app without root device.

JNDI注入测试工具（A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc）

Java web common vulnerabilities and security code which is base on springboot and spring security

红蓝对抗以及护网相关工具和资料，内存shellcode（cs+msf）和内存马查杀工具

shiro反序列化漏洞综合利用,包含（回显执行命令/注入内存马）修复原版中NoCC的问题 https://github.com/j1anFen/shiro_attack

a rep for documenting my study, may be from 0 to 0.1

APIKit：Discovery, Scan and Audit APIs Toolkit All In One.

MDUT - Multiple Database Utilization Tools

Shiro550/Shiro721 一键化利用工具，支持多种回显方式

It's a Virtual Machine App for Android Which is Based on QEMU

Jar Analyzer - 一个 JAR 包 GUI 分析工具，方法调用关系搜索，方法调用链 DFS 算法分析，模拟 JVM 的污点分析验证 DFS 结果，字符串搜索，Java Web 组件入口分析，CFG 程序分析，JVM 栈帧分析，自定义表达式搜索，紧跟 AI 技术发展，支持 MCP 调用，支持 n8n 工作流，文档：https://docs.qq.com/doc/DV3pKbG9GS…

一款基于BurpSuite的被动式shiro检测插件

JNDIExploit or a ysoserial.

☕️ Java Security，安全编码和代码审计

HeapDump敏感信息提取工具

Burp被动扫描流量转发插件

一款专注于 Java 主流 Web 中间件的内存马快速生成工具，致力于简化安全研究人员和红队成员的工作流程，提升攻防效率

Burp插件，根据自定义来达到对数据包的处理（适用于加解密、爆破等），类似mitmproxy，不同点在于经过了burp中转，在自动加解密的基础上，不影响APP、网站加解密正常逻辑等。

Burpsuite - Route Vulnerable Scanning 递归式被动检测脆弱路径的burp插件