高危漏洞利用工具

The new bridge between Burp Suite and Frida!

Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules thro…

jSQL Injection is a Java application for automatic SQL database injection.

TCP/UDP Non-HTTP Proxy Extension (NoPE) for Burp Suite.

BurpCrypto is a collection of burpsuite encryption plug-ins, support AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite). 支持多种加密算法或直接执行JS代码的用于爆破前端加密的BurpSuite插件

HeapDump敏感信息提取工具

CLOSE ACCESS DENIAL.

HummerRisk 是云原生安全平台，包括混合云安全治理和云原生安全检测。

Fiora：漏洞PoC框架Nuclei的图形版。快捷搜索PoC、一键运行Nuclei。即可作为独立程序运行，也可作为burp插件使用。

RiskScanner 是开源的多云安全合规扫描平台，基于 Cloud Custodian 和 Nuclei 引擎，实现对主流公(私)有云资源的安全合规扫描和漏洞扫描。

A byte code analyzer for finding deserialization gadget chains in Java applications

JNDI-Exploitation-Kit（A modified version of the great JNDI-Injection-Exploit created by @welk1n. This tool can be used to start an HTTP Server, RMI Server and LDAP Server to exploit java web apps v…

Automated HTTP Request Repeating With Burp Suite

Vulnerability scanner based on vulners.com search API

Apache Metron

80+ Gadgets(30 More than ysoserial). JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and provide background services by starting RMI server,LDAP server and HTTP server.

搜集了市面上绝大部分weblogic解密方式，整理了7种解密weblogic的方法及响应工具。

All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities

Android dynamic instrumentation framework

Java RMI enumeration and attack tool.

👁️ (s)AINT is a Spyware Generator for Windows systems written in Java. [Discontinued]

J2EEScan is a plugin for Burp Suite Proxy. The goal of this plugin is to improve the test coverage during web application penetration tests on J2EE applications.

Sample codes written for the Hackers to Hackers Conference magazine 2017 (H2HC).

Java Message Exploitation Tool

Java反序列化漏洞利用工具V1.0 Java反序列化相关漏洞的检查工具，采用JDK 1.8+NetBeans8.2开发，软件运行必须安装JDK 1.8或者以上版本。 支持：weblogic xml反序列化漏洞 CVE-2017-10271/CNVD-C-2019-48814/CVE-2019-2725检查。

Advanced Graphical User Interface for NMap

A simple SMTP Server for Testing purposes. Emails are stored in an in-memory database and rendered in a Web UI

Some payloads of JNDI Injection in JDK 1.8.0_191+