Ghidra is a software reverse engineering (SRE) framework

The ZAP by Checkmarx Core project

Multi-platform transparent client-side encryption of your files in the cloud

jsoup: the Java HTML parser, built for HTML editing, cleaning, scraping, and XSS safety.

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

Java web common vulnerabilities and security code which is base on springboot and spring security

domain_hunter的高级版本，SRC挖洞、HW打点之必备！自动化资产收集；快速Title获取；外部工具联动；等等

APIKit：Discovery, Scan and Audit APIs Toolkit All In One.

BinAbsInspector: Vulnerability Scanner for Binaries

jSQL Injection is a Java application for automatic SQL database injection.

log4j-scanner is a project derived from other members of the open-source community by CISA to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities.

RiskScanner 是开源的多云安全合规扫描平台，基于 Cloud Custodian 和 Nuclei 引擎，实现对主流公(私)有云资源的安全合规扫描和漏洞扫描。

Proactive, Open source API security → API discovery, Testing in CI/CD, Test Library with 150+ Tests, Add custom tests, Sensitive data exposure

🔐 A CLI tool to extract server certificates

80+ Gadgets(30 More than ysoserial). JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and provide background services by starting RMI server,LDAP server and HTTP server.

JADX-gui scripting plugin for dynamic decompiler manipulation

Source code for Uyuni

JMX enumeration and attacking tool.

Collection of bypass gadgets to extend and wrap ysoserial payloads

Code Coverage Exploration Plugin for Ghidra

JavaWeb漏洞审计工具，构建方法调用链并模拟栈帧进行分析

Cryptomator Command-Line Interface

A static byte code analyzer for Java deserialization gadget research

A collection of Semgrep rules derived from the OWASP MASTG specifically for Android applications.

This Burp Suite extension allows for the automatic creation and deletion of an upstream SOCKS5 proxy on popular cloud services.

Java Decompiler GUI

PETEP (PEnetration TEsting Proxy) is an open-source Java application for traffic analysis & modification using TCP/UDP proxies. PETEP is a useful tool for performing penetration tests of applicatio…

Industrial IR-based static analysis framework for Java bytecode

Der Spam-Filter für die Fritz!Box