CyberStrikeAI is an AI-native security testing platform built in Go. It integrates 100+ security tools, an intelligent orchestration engine, role-based testing with predefined security roles, a ski…

CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security

Gather and update all available and newest CVEs with their PoC.

一款综合性网络安全检测和运维工具，旨在快速资产发现、识别、检测，构建基础资产信息库，协助甲方安全团队或者安全运维人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the …

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug b…

Open-source AI hackers to find and fix your app’s vulnerabilities.

Jar Analyzer - 一个 JAR 包 GUI 分析工具，方法调用关系搜索，方法调用链 DFS 算法分析，模拟 JVM 的污点分析验证 DFS 结果，字符串搜索，Java Web 组件入口分析，CFG 程序分析，JVM 栈帧分析，自定义表达式搜索，紧跟 AI 技术发展，支持 MCP 调用，支持 n8n 工作流

Automated Penetration Testing Agentic Framework Powered by Large Language Models

"chanzi" is a simple and user-friendly JAVA SAST tool that utilizes taint analysis technology, includes built-in common vulnerability rules, supports decompile, custom rule, and is compatible with …

A CAT called tabby ( Code Analysis Tool )

一款用于网页敏感信息检测，指纹识别的chrome插件

jetbrains 编辑器代码审计插件，适配：phpStorm，webStorm，rider，IntelliJ IDEA，pyCharm

Fenrir 是一个基于 MCP 协议与 AST 技术的代码审计工具，旨在解决安全研究与自动化代码审计领域中，面对大规模、结构复杂甚至反编译代码时，传统代码搜索与分析手段效率低、准确性差的问题。

记录一下 Java 安全学习历程，也算是半条学习路线了

IDEA代码审计辅助插件（深信服深蓝实验室天威战队强力驱动）

CodeQLpy是一款基于CodeQL实现的半自动化代码审计工具，目前仅支持java语言。实现从源码反编译，数据库生成，脆弱性发现的全过程，可以辅助代码审计人员快速定位源码可能存在的漏洞。

自己学习java安全的一些总结，主要是安全审计相关

A byte code analyzer for finding deserialization gadget chains in Java applications