SSH based reverse shell

An open source tool focused on software supply chain security. 墨菲安全专注于软件供应链安全，具备专业的软件成分分析（SCA）、漏洞检测、专业漏洞库。

JNDI 注入利用工具, 支持 RMI, LDAP 和 LDAPS 协议, 包含多种高版本 JDK 绕过方式 | A JNDI injection exploit tool that supports RMI, LDAP and LDAPS protocols, including a variety of methods to bypass higher-version JDK

MySQL Fake Server (纯Java实现，支持GUI版和命令行版，提供Dockerfile，支持多种常见JDBC利用)

这个项目是一个基于 Cloudflare Workers 的 Docker 镜像代理工具。它能够中转对 Docker 官方镜像仓库的请求，解决一些访问限制和加速访问的问题。

The open-source Java obfuscation tool working with Ant and Gradle by yWorks - the diagramming experts

A java obfuscator (GUI)

A list of open source web security scanners

The tool that bypasses the firewall's Application Based Rules and lets you connect to anywhere, ANY IP, ANY PORT and ANY APPLICATION.

Shikata ga nai (仕方がない) encoder ported into go with several improvements

Example exploitable scenarios for CVE-2024-22243 affecting the Spring framework (open redirect & SSRF).

MDUT-Extend(扩展版本)

多功能 java agent 内存马

旨在以攻促防，针对Docker TCP socket的开源利用工具

A malicious LDAP server for JNDI injection attacks

Java Js Engine Payloads All in one

clash-for-linux

一款支持自定义的 Java 内存马生成工具｜A customizable Java in-memory webshell generation tool.

Real-time face swap for PC streaming or video calls

Neo-reGeorg is a project that seeks to aggressively refactor reGeorg

（周瑜）Java - SpringBoot 持久化 WebShell 学习demo（不仅仅是SpringBoot，适合任何符合JavaEE规范的服务）

A comprehensive test suite for RFC 8259 compliant JSON parsers

Java安全相关的漏洞和技术demo，原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security Manager绕过、Dubbo-Hessian2安全加固等等实践代码。

OSS-Fuzz - continuous fuzzing for open source software.

java内存对象搜索辅助工具

Companion labs to "An Exploration of JSON Interoperability Vulnerabilities"

Burp extension to evade TLS fingerprinting. Bypass WAF, spoof any browser.