Ghidra is a software reverse engineering (SRE) framework

RxJava – Reactive Extensions for the JVM – a library for composing asynchronous and event-based programs using observable sequences for the Java VM.

Free universal database tool and SQL client

Dex to Java decompiler

Apollo is a reliable configuration management system suitable for microservice configuration management scenarios.

A tool for reverse engineering Android apk files

Ip2region is an offline IP address manager framework and locator with both IPv4 and IPv6 supported, supporting billions of data segments, ten microsecond searching performance, xdb search client fo…

A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)

Tools to work with android .dex and java .class files

Free implementation of Play Services

Spring Security

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

An xposed module that disables SSL certificate checking for the purposes of auditing an app with cert pinning

SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.

Java HTTP Request Library

JNDI注入测试工具（A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc）

Java安全相关的漏洞和技术demo，原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security Manager绕过、Dubbo-Hessian2安全加固等等实践代码。

Java web common vulnerabilities and security code which is base on springboot and spring security

Cknife

The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

shiro反序列化漏洞综合利用,包含（回显执行命令/注入内存马）修复原版中NoCC的问题 https://github.com/j1anFen/shiro_attack

A Burp Suite extension that integrates OpenAI's GPT to perform an additional passive scan for discovering highly bespoke vulnerabilities and enables running traffic-based analysis of any type.

domain_hunter的高级版本，SRC挖洞、HW打点之必备！自动化资产收集；快速Title获取；外部工具联动；等等

Share Things Related to Java - Java安全漫谈笔记相关内容

The new bridge between Burp Suite and Frida!

Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules thro…

TCP/UDP Non-HTTP Proxy Extension (NoPE) for Burp Suite.

Burp extension to evade TLS fingerprinting. Bypass WAF, spoof any browser.