Ghidra is a software reverse engineering (SRE) framework

Alibaba Java Diagnostic Tool Arthas/Alibaba Java诊断利器Arthas

🚀一个用来深入学习并实战 Spring Boot 的项目。

Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

lanproxy是一个将局域网个人电脑、服务器代理到公网的内网穿透工具，支持tcp流量转发，可支持任何tcp上层协议（访问内网网站、本地支付接口调试、ssh访问、远程桌面、http代理、https代理、socks5代理...）。技术交流QQ群 736294209

JNDI注入测试工具（A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc）

Java安全相关的漏洞和技术demo，原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security Manager绕过、Dubbo-Hessian2安全加固等等实践代码。

比 MySQL 和 MongoDB 快10倍的 OLTP 关系数据库和文档数据库

一款高性能 HTTP 代理隧道工具 | A high-performance http proxy tunneling tool

A Burp Suite extension that integrates OpenAI's GPT to perform an additional passive scan for discovering highly bespoke vulnerabilities and enables running traffic-based analysis of any type.

The new bridge between Burp Suite and Frida!

Burp被动扫描流量转发插件

A CAT called tabby ( Code Analysis Tool )

Collect JSP webshell of various implementation methods. 收集JSP Webshell的各种姿势

ApkToolPlus 是一个 apk 逆向分析工具（a apk analysis tools）。

RiskScanner 是开源的多云安全合规扫描平台，基于 Cloud Custodian 和 Nuclei 引擎，实现对主流公(私)有云资源的安全合规扫描和漏洞扫描。

A malicious LDAP server for JNDI injection attacks

分享几个直接可用的内存马，记录一下学习过程中看过的文章

This project aims to provide a central repository for many useful Tsunami Security Scanner plugins.

Vulnerability scanner based on vulners.com search API

Shiro RememberMe 1.2.4 反序列化漏洞图形化检测工具(Shiro-550)

Nacos JRaft Hessian 反序列化 RCE 加载字节码 注入内存马 不出网利用

轻量级JAVA实时业务风控系统框架

Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.

Bypass SSL certificate pinning for most applications

Oversecured Vulnerable Android App