Ghidra is a software reverse engineering (SRE) framework

The ZAP by Checkmarx Core project

Continuous Inspection

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

Yet another unofficial (and ugly) cross-platform MEGA downloader/uploader/streaming suite.

JNDI注入测试工具（A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc）

Aircrack, Airodump, Aireplay, MDK3 and Reaver GUI Application for Android

Awoo Installer and GoldLeaf uploader of the NSPs (and other files), RCM payload injector, application for split/merge files.

log4j-scanner is a project derived from other members of the open-source community by CISA to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities.

The BodgeIt Store is a vulnerable web application which is currently aimed at people who are new to pen testing.

The ZAP Heads Up Display (HUD)

PETEP (PEnetration TEsting Proxy) is an open-source Java application for traffic analysis & modification using TCP/UDP proxies. PETEP is a useful tool for performing penetration tests of applicatio…

End to End testing of Web, API, Cloud, Events and Security

Graphical interface for PortEx, a Portable Executable and Malware Analysis Library

A burp suite extension that enumerates infrastructure and application admin interfaces (OTG-CONFIG-005)

RmiTaste allows security professionals to detect, enumerate, interact and exploit RMI services by calling remote methods with gadgets from ysoserial.

Burp Suite's extension to scan and crawl Single Page Applications

Vulnerable Client-Server Application (VuCSA) is made for learning how to perform penetration tests of non-http thick clients. It is written in Java (with JavaFX graphical user interface) and contai…

Low Interaction Mobile Honeypot

A more useful CSRF PoC generator on Burp Suite