A browser automation framework and ecosystem.

A standalone Java Decompiler GUI

Git Server with CI/CD, Kanban, and Packages. Seamless integration. Unparalleled experience.

Official repository of Trino, the distributed SQL query engine for big data, formerly known as PrestoSQL (https://trino.io)

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

Real - time non-invasive AOP framework container based on JVM

BTrace - a safe, dynamic tracing tool for the Java platform

cSploit - The most complete and advanced IT security professional toolkit on Android.

Soot - A Java optimization framework

A free utility to help web developers watch and manipulate network traffic from their AJAX applications.

APIKit：Discovery, Scan and Audit APIs Toolkit All In One.

Ghost Driver is an implementation of the Remote WebDriver Wire protocol, using PhantomJS as back-end

AI on Hadoop

Android validation library which helps developer boil down the tedious work to three easy steps.

Fast Parallel Async HTTP client as a Service to monitor and manage 10,000 web servers. (Java+Akka)

Fast Parallel Async HTTP/SSH/TCP/UDP/Ping Client Java Library. Aggregate 100,000 APIs & send anywhere in 20 lines of code. Ping/HTTP Calls 8000 servers in 12 seconds. (Akka) www.parallec.io

J2EEScan is a plugin for Burp Suite Proxy. The goal of this plugin is to improve the test coverage during web application penetration tests on J2EE applications.

Crawljax

Knapsack plugin is an import/export tool for Elasticsearch

Collection of bypass gadgets to extend and wrap ysoserial payloads

Add headers to all Burp requests to bypass some WAF products

A hobby jvm, just want to know how a java virtual machine works.

YSOSERIAL Integration with burp suite

Owasp Orizon is a source code static analyzer tool designed to spot security issues in Java applications.

An example project that exploits the default typing issue in Jackson-databind via Spring application contexts and expressions

S2-046-PoC

Struts2の脆弱性S2-045, S2-055 および Jackson の脆弱性 CVE-2017-7525, CVE-2017-15095 の調査報告