🇨🇳 GitHub中文排行榜，各语言分设「软件 | 资料」榜单，精准定位中文好项目。各取所需，高效学习。

Ghidra is a software reverse engineering (SRE) framework

Dex to Java decompiler

Termux - a terminal emulator application for Android OS extendible by variety of packages.

FASTJSON 2.0.x has been released, faster and more secure, recommend you upgrade.

The ZAP core project

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 check list

lanproxy是一个将局域网个人电脑、服务器代理到公网的内网穿透工具，支持tcp流量转发，可支持任何tcp上层协议（访问内网网站、本地支付接口调试、ssh访问、远程桌面、http代理、https代理、socks5代理...）。技术交流QQ群 736294209

HaE - Highlighter and Extractor, Empower ethical hacker for efficient operations.

Java安全相关的漏洞和技术demo，原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security Manager绕过、Dubbo-Hessian2安全加固等等实践代码。

JNDI注入测试工具（A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc）

Cknife

红蓝对抗以及护网相关工具和资料，内存shellcode（cs+msf）和内存马查杀工具

一款高性能 HTTP 代理隧道工具 | A high-performance http proxy tunneling tool

domain_hunter的高级版本，SRC挖洞、HW打点之必备！自动化资产收集；快速Title获取；外部工具联动；等等

MDUT - Multiple Database Utilization Tools

A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅

BurpCrypto is a collection of burpsuite encryption plug-ins, support AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite). 支持多种加密算法或直接执行JS代码的用于爆破前端加密的BurpSuite插件

服务端配置错误情况下用于伪造ip地址进行测试的Burp Suite插件

It can be either a JNDIExploit or a ysoserial.

An easy-to-learn/use static analysis framework for Java

☕️ Java Security，安全编码和代码审计

HeapDump敏感信息提取工具

A helpful Java Deserialization exploit framework.

将安卓远控Apk附加进普通的App中，运行新生成的App时，普通App正常运行，远控正常上线。Attach the Android remote control APK to a regular app. When the newly generated app is launched, the regular app operates as normal while the remote …

建议使用新版：https://github.com/jar-analyzer/jar-analyzer

通过jsp脚本扫描java web Filter/Servlet型内存马

搜集了市面上绝大部分weblogic解密方式，整理了7种解密weblogic的方法及响应工具。

A public open sourced tool. Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J inst…