Improved decoder for Burp Suite

RmiTaste allows security professionals to detect, enumerate, interact and exploit RMI services by calling remote methods with gadgets from ysoserial.

A PoC Java Stager which can download, compile, and execute a Java file in memory.

An Online Analysis System for Packed Android Malware

A DNS tunnel utilizing the Burp Collaborator

Slides/Demos from the BSides Munich 2019 talk "Attacking Java RMI in 2019"

Burp Suite JS Beautifier

Remote Command Execution Over Spark

simpleIAST- 基于污点追踪的灰盒漏洞扫描工具。

Burplay is a Burp Extension allowing for replaying any number of requests using same modifications definition. Its main purpose is to aid in searching for Privilege Escalation issues.

Blue Pigeon is a Bluetooth-based data exfiltration and proxy tool to enable communication between a remote Command and Control (C2) server and a compromised host.

LDAP Swiss Army Knife

Burp Suite Collaborator HTTP API

A tool to analyse JMX API security level.

JSON JTree viewer for Burp Suite

A brute force program to test weak accounts configured to access a JMX Registry

A Burp Extender plugin, that will make binary soap objects readable and modifiable.

POC for leaking java version through file and ftp protocols

Raspberry pi 小车android客户端程序

DNS Proxy Daemon for filtering DNS requests.