Ghidra is a software reverse engineering (SRE) framework

Tink is a multi-language, cross-platform, open source library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.

The ZAP core project

A configuration as code language with rich validation and tooling.

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

Your go-to microservice framework for any situation, from the creator of Netty et al. You can build any type of microservice leveraging your favorite technologies, including gRPC, Thrift, Kotlin, R…

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅

TCP/UDP Non-HTTP Proxy Extension (NoPE) for Burp Suite.

Cloudburst Nukkit - Nuclear-Powered Minecraft: Bedrock Edition Server Software

Vulnerable app with examples showing how to not use secrets

Nuclei plugin for BurpSuite

completely ridiculous API (crAPI)

A tool to dump Java serialization streams in a more human readable form.

ZAP Add-ons

TLS-Attacker is a Java-based framework for analyzing TLS libraries. It can be used to manually test TLS clients and servers or as as a software library for more advanced tools.

Java RMI enumeration and attack tool.

A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques

Advanced Burp Suite Logging Extension

HopLa Burp Suite Extender plugin - Adds autocompletion support and useful payloads in Burp Suite

Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.

Because just a dark theme wasn't enough!

ZAP/Burp plugin that generate script to reproduce a specific HTTP request (Intended for fuzzing or scripted attacks)

The ZAP Heads Up Display (HUD)

A static byte code analyzer for Java deserialization gadget research

A natural evolution of Burp Suite's Repeater tool

Burp Suite Extension useful to verify OAUTHv2 and OpenID security