闭源系统半自动漏洞挖掘工具，针对 jar/war/zip 进行静态代码分析，增加 LLM 大模型能力验证路径可达性，LLM 根据上下文代码环境给出该路径可信分数

Smart Phone Management. Reimplement of atx-server with Python

"chanzi" is a simple and user-friendly JAVA SAST tool that utilizes taint analysis technology, includes built-in common vulnerability rules, supports decompilation, custom rule creation, and is com…

Lessons for syntaxflow zero to hero

The repository has collected about 10,000 malicious pypi packages. This dataset is the work of the ASE 2023 paper "An Empirical Study of Malicious Code In PyPI Ecosystem". Of course, we will contin…

Material UI: Comprehensive React component library that implements Google's Material Design. Free forever.

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container …

🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.

Dependency Parser for Multiple Programming Languages

OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by t…

OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, an…

A vulnerability scanner for container images and filesystems

安全升级jar包时，辅助检测Java Archive (JAR) 包之间兼容性

Sleep Obfuscation

SeImpersonate privilege escalation tool for Windows 8 - 11 and Windows Server 2012 - 2022 with extensive PowerShell and .NET reflection support.

Threadless Module Stomping In Rust with some features (In memory of those murdered in the Nova party massacre)

Extracted Yara rules from Windows Defender mpavbase and mpasbase

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

xp_cmdshell与sp_oacreate执行命令回显和clr加载程序集执行相应操作，上传，job等相应操作。

无Windows API的新型恶意程序：自缺陷程序利用堆栈溢出的隐匿稳定攻击技术研究，A new type of malicious program without Windows API

静态程序分析工具 主要生成方法的CFG和.java文件的AST

SWAT, a dynamic symbolic execution engine for Java Applications that uses ASM for on-the-fly byte code instrumentation.

Spring Boot示例，以及Spring Boot与其他三方框架整合示例。在开发中遇到方便查询

A PoC code for JSON Smuggling technique to smuggle arbitrary files through JSON

JNDI 注入利用工具, 支持 RMI, LDAP 和 LDAPS 协议, 包含多种高版本 JDK 绕过方式 | A JNDI injection exploit tool that supports RMI, LDAP and LDAPS protocols, including a variety of methods to bypass higher-version JDK

FST: fast java serialization drop in-replacement

A blazingly fast multi-language serialization framework powered by JIT and zero-copy.