Ghidra is a software reverse engineering (SRE) framework

LSPosed Framework

Continuous Inspection

SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 check list

HaE - Highlighter and Extractor, Empower ethical hacker for efficient operations.

MPush开源实时消息推送系统

JNDI注入测试工具（A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc）

Java web common vulnerabilities and security code which is base on springboot and spring security

The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

A Burp Suite extension that integrates OpenAI's GPT to perform an additional passive scan for discovering highly bespoke vulnerabilities and enables running traffic-based analysis of any type.

a rep for documenting my study, may be from 0 to 0.1

一款支持自定义的 Java 内存马生成工具｜A customizable Java in-memory webshell generation tool.

☕ 老司机在 Java 技术领域的十年积累。

An easy-to-learn/use static analysis framework for Java

☕️ Java Security，安全编码和代码审计

HeapDump敏感信息提取工具

A CAT called tabby ( Code Analysis Tool )

Jdk1.8源码解析

Collect JSP webshell of various implementation methods. 梳理和发现的JSP Webshell各种姿势

Nuclei plugin for BurpSuite

xia SQL (瞎注) burp 插件 ，在每个参数后面填加一个单引号，两个单引号，一个简单的判断注入小插件。

一款基于BurpSuite的被动式FastJson检测插件

Tai-e assignments for static program analysis

RiskScanner 是开源的多云安全合规扫描平台，基于 Cloud Custodian 和 Nuclei 引擎，实现对主流公(私)有云资源的安全合规扫描和漏洞扫描。

对Auth/Waf 自动化bypass的burpsuite插件

JAVA安全SDK及编码规范

IDEA静态代码安全审计及漏洞一键修复插件

Java RCE 回显测试代码

分享几个直接可用的内存马，记录一下学习过程中看过的文章