A browser automation framework and ecosystem.

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.

the fastest and most powerful android decompiler(native tool working without Java VM) for the APK, DEX, ODEX, OAT, JAR, AAR, and CLASS file. which supports malicious behavior detection, privacy lea…

Decompiler from Java bytecode to Java, used in IntelliJ IDEA.

Apache Atlas - Open Metadata Management and Governance capabilities across the Hadoop platform and beyond

latest version of scanners for IIS short filename (8.3) disclosure vulnerability

Nuclei plugin for BurpSuite

Code scanner library for Android, based on ZXing

A byte code analyzer for finding deserialization gadget chains in Java applications

80+ Gadgets(30 More than ysoserial). JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and provide background services by starting RMI server,LDAP server and HTTP server.

搜集了市面上绝大部分weblogic解密方式，整理了7种解密weblogic的方法及响应工具。

All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities

Finds unknown classes of injection vulnerabilities

a webshell resides in the memory of java web server

Exploit for the vulnerability CVE-2024-43044 in Jenkins

A Java CorDapp Template.

在spring-aop中新发现的反序列化gadget-chain

Export to GBounty is a Burp Suite extension that enables users to export selected HTTP requests from Burp Suite into a compressed ZIP file. The exported ZIP file can be utilized with the GBounty sc…