JMX enumeration and attacking tool.

An Android app that lets you use your access control card cloning devices in the field.

一款Jenkins的综合漏洞利用工具

Collection of bypass gadgets to extend and wrap ysoserial payloads

一款用于JNDI注入利用的工具，大量参考/引用了Rogue JNDI项目的代码，支持直接植入内存shell，并集成了常见的bypass 高版本JDK的方式，适用于与自动化工具配合使用。

A malicious LDAP server for JNDI injection attacks

图形化Java反序列化利用工具，集成Ysoserial

rmi、jndi、ldap、jrmp、jmx、jms一些demo测试

Tomcat漏洞利用工具

😈 Jenkins RCE PoC. From unauthenticated user to remote code execution, it's a hacker's dream!

一个LDAP请求监听器，摆脱dnslog平台

Mallet is an intercepting proxy for arbitrary protocols

The TLS-Scanner Module from TLS-Attacker

psychoPATH - an advanced path traversal tool. Features: evasive techniques, dynamic web root list generation, output encoding, site map-searching payload generator, LFI mode, nix & windows support,…

FuzzDomain

基于spark streaming和kafka，hbase的日志统计分析系统

WSDL Parser extension for Burp

JRE8u20_RCE_Gadget

一款Java内存马生成、测试工具，搭配@ax1sX的MemShell食用。

Java deserialization exploitation lab.

解密weblogic AES或DES加密方法

Burp Extender plugin that generates a sitemap of a website using Wayback Machine

Burp extension to perform Java Deserialization Attacks

Malicious Shortcut(.lnk) Generator

QAQ Just study unserialize vulnerabilities in Java :)

Mogwai Java Management Extensions (JMX) Exploitation Toolkit

An auditing tool for Wi-Fi or wired Ethernet connections

Tool for introspection of SSL\TLS sessions

Burp and ZAP plugin to analyse Content-Security-Policy headers or generate template CSP configuration from crawling a Website