Ghidra is a software reverse engineering (SRE) framework

Free universal database tool and SQL client

A browser automation framework and ecosystem.

A tool for reverse engineering Android apk files

A simple app to use Xposed without root, unlock the bootloader or modify system image, etc.

The ZAP by Checkmarx Core project

A barebones WebSocket client and server implementation written in 100% Java.

Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.

零反射全动态Android插件框架

SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 check list

Apache Hive

An extensible multilanguage static code analyzer.

No-root network monitor, firewall and PCAP dumper for Android

SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.

Android Package Inspector - dynamic analysis with api hooks, start unexported activities and more. (Xposed Module)

JNDI注入测试工具（A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc）

The new bridge between Burp Suite and Frida!

jSQL Injection is a Java application for automatic SQL database injection.

TCP/UDP Non-HTTP Proxy Extension (NoPE) for Burp Suite.

Fastjson vulnerability quickly exploits the framework（fastjson漏洞快速利用框架）

Automated Canary Service

FlowDroid Static Data Flow Tracker

Spring Boot web application vulnerable to Log4Shell (CVE-2021-44228).

This project aims to provide a central repository for many useful Tsunami Security Scanner plugins.

This repository will serve as the "master" repo containing all trainings and tutorials done in preperation for OSWE in conjunction with the AWAE course. This repo will likely contain custom code by…

Automated HTTP Request Repeating With Burp Suite

All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities

sqlmap4burp++是一款兼容Windows，mac，linux多个系统平台的Burp与sqlmap联动插件