A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

A cross-platform GUI and CLI app for automatically saving SHSH blobs

TLS-Attacker is a Java-based framework for analyzing TLS libraries. It can be used to manually test TLS clients and servers or as as a software library for more advanced tools.

Java RMI enumeration and attack tool.

WS-Attacker is a modular framework for web services penetration testing. It is developed by the Chair of Network and Data Security, Ruhr University Bochum (https://nds.rub.de/ ) and the Hackmanit G…

RMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities

Sign.jar automatically signs an apk with the Android test certificate.

PowerShell script and Java code to decrypt WebLogic passwords

JNDI Attacking Tool

Burp Suite Logger++: Log activities of all the tools in Burp Suite

Burplay is a Burp Extension allowing for replaying any number of requests using same modifications definition. Its main purpose is to aid in searching for Privilege Escalation issues.

Native Java-based deserialization exploit for WebLogic T3 (and T3S) listeners.

This changes the style of Burp Suite's Repeater tabs to help the testers

JNDI discovery made easy

https://github.com/CaledoniaProject/AxisInvoker

{903} password decoder - used in oc4j configuration files