Dex to Java decompiler

a fast, scalable, multi-language and extensible build system

LSPosed Framework

Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.

MCP Server for Ghidra

An xposed module that disables SSL certificate checking for the purposes of auditing an app with cert pinning

the fastest and most powerful android decompiler(native tool working without Java VM) for the APK, DEX, ODEX, OAT, JAR, AAR, and CLASS file. which supports malicious behavior detection, privacy lea…

Android virtual machine and deobfuscator

Decompiler from Java bytecode to Java, used in IntelliJ IDEA.

Android Package Inspector - dynamic analysis with api hooks, start unexported activities and more. (Xposed Module)

Quickly find differences and similarities in disassembled code

Simple to use root checking Android library and sample app

Java安全相关的漏洞和技术demo，原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security Manager绕过、Dubbo-Hessian2安全加固等等实践代码。

iOS and macOS Decompiler

Android backup extractor

A cli tool that helps signing and zip aligning single or multiple Android application packages (APKs) with either debug or provided release certificates. It supports v1, v2 and v3 Android signing s…

APIKit：Discovery, Scan and Audit APIs Toolkit All In One.

一款支持自定义的 Java 内存马生成工具｜A customizable Java in-memory webshell generation tool.

A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅

The new bridge between Burp Suite and Frida!

一款基于BurpSuite的被动式shiro检测插件

Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules thro…

Burp extension to evade TLS fingerprinting. Bypass WAF, spoof any browser.

jSQL Injection is a Java application for automatic SQL database injection.

The real deal

TCP/UDP Non-HTTP Proxy Extension (NoPE) for Burp Suite.

latest version of scanners for IIS short filename (8.3) disclosure vulnerability

Proactive, Open source API security → API discovery, API Security Posture, Testing in CI/CD, Test Library with 1000+ Tests, Add custom tests, Sensitive data exposure

completely ridiculous API (crAPI)

Collect JSP webshell of various implementation methods. 梳理和发现的JSP Webshell各种姿势