psychoPATH - an advanced path traversal tool. Features: evasive techniques, dynamic web root list generation, output encoding, site map-searching payload generator, LFI mode, nix & windows support,…

WARNING: This app contains security vulnerabilities. AltoroJ is a sample banking J2EE web application. It shows what happens when web applications are written with consideration of app functionalit…

Vulnerable Java based Web Application

An open-source, real-time Security Information & Event Management tool based on big data technologies, providing a scalable, advanced security analytics framework.

A natural evolution of Burp Suite's Repeater tool

Purposely vulnerable Java application to help lead secure coding workshops

vulnerable single sign on

An Open Sound Control (OSC) implementation for Java and Processing

Real Time Threat Monitoring Tool

RmiTaste allows security professionals to detect, enumerate, interact and exploit RMI services by calling remote methods with gadgets from ysoserial.

The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters

Burp Suite's extension to scan and crawl Single Page Applications

Vulnerable Client-Server Application (VuCSA) is made for learning how to perform penetration tests of non-http thick clients. It is written in Java (with JavaFX graphical user interface) and contai…

A malicious LDAP server for JNDI injection attacks