manoelt
Follow
Stars
A browser automation framework and ecosystem.
A tool for reverse engineering Android apk files
A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)
Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
the fastest and most powerful android decompiler(native tool working without Java VM) for the APK, DEX, ODEX, OAT, JAR, AAR, and CLASS file. which supports malicious behavior detection, privacy lea…
Java安全相关的漏洞和技术demo,原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security Manager绕过、Dubbo-Hessian2安全加固等等实践代码。
The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules thro…
jSQL Injection is a Java application for automatic SQL database injection.
Burp extension to evade TLS fingerprinting. Bypass WAF, spoof any browser.
Burp plugin able to find reflected XSS on page in real-time while browsing on site
A tool to dump Java serialization streams in a more human readable form.
JNDI-Exploitation-Kit(A modified version of the great JNDI-Injection-Exploit created by @welk1n. This tool can be used to start an HTTP Server, RMI Server and LDAP Server to exploit java web apps v…
This project aims to provide a central repository for many useful Tsunami Security Scanner plugins.
This repository will serve as the "master" repo containing all trainings and tutorials done in preperation for OSWE in conjunction with the AWAE course. This repo will likely contain custom code by…
TLS-Attacker is a Java-based framework for analyzing TLS libraries. It can be used to manually test TLS clients and servers or as as a software library for more advanced tools.
All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities
JQF + Zest: Coverage-guided semantic fuzzing for Java.
Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.
REST/JSON API to the Burp Suite security tool.
Research on GraphQL from an AppSec point of view.
Collection of bypass gadgets to extend and wrap ysoserial payloads
Material for the training "Developing Burp Suite Extensions – From Manual Testing to Security Automation"