pwntester's Stars
alibaba/arthas
Alibaba Java Diagnostic Tool Arthas/Alibaba Java诊断利器Arthas
budtmo/docker-android
Android in docker solution with noVNC supported and video recording
dstotijn/hetty
An HTTP toolkit for security research.
aquasecurity/kube-hunter
Hunt for security weaknesses in Kubernetes clusters
pwntester/octo.nvim
Edit and review GitHub issues and pull requests from the comfort of your favorite editor
Vineflower/vineflower
Modern Java decompiler aiming to be as accurate as possible, with an emphasis on output quality. Fork of the Fernflower decompiler.
RenwaX23/XSS-Payloads
List of XSS Vectors/Payloads
momosecurity/momo-code-sec-inspector-java
IDEA静态代码安全审计及漏洞一键修复插件
hackerscrolls/SecurityTips
pimps/JNDI-Exploit-Kit
JNDI-Exploitation-Kit(A modified version of the great JNDI-Injection-Exploit created by @welk1n. This tool can be used to start an HTTP Server, RMI Server and LDAP Server to exploit java web apps vulnerable to JNDI Injection)
filedescriptor/untrusted-types
pwnwiki/pwnwiki.github.io
PwnWiki - The notes section of the pentesters mind.
msrkp/PPScan
Client Side Prototype Pollution Scanner
threedr3am/gadgetinspector
一个利用ASM对字节码进行污点传播分析的静态代码审计应用(添加了大量代码注释,适合大家进行源码学习)。也加入了挖掘Fastjson反序列化gadget chains和SQLInject(JdbcTemplate、MyBatis、JPA、Hibernate、原生jdbc等)静态检测功能。并且加入了很多功能以方便进行漏洞自动化挖掘。
noidsirius/SootTutorial
A step-by-step tutorial for Soot (a Java static analysis framework)
pyn3rd/Spring-Boot-Vulnerability
Imanfeng/Apache-Solr-RCE
Apache Solr Exploits 🌟
dschadow/JavaSecurity
Java web and command line applications demonstrating various security topics
dschadow/Java-Web-Security
Java-Web-Security - Sichere Webanwendungen mit Java entwickeln
advanced-security/codeql-queries
[Deprecated] GitHub's Field Team's CodeQL Custom Queries, Suites, and Configurations. See GitHubSecurityLab/CodeQL-Community-Packs instead
whitesquirrell/C0deVari4nt
A variant analysis and visualisation tool that scans codebases for similar vulnerabilities
zbazztian/codeql-debug
planetlevel/jot
Java Observability Toolkit
securingdev/custom-codeql-queries
Custom / Experimental CodeQL queries
nccgroup/shouganaiyo-loader
shouganaiyo-loader is a cross-platform Frida-based Node.js command-line tool that forces Java processes to load a Java/JVMTI agent regardless of whether or not the JVM has disabled the agent attach API.
Marcono1234/serial-builder
Library for manually creating Java serialization data.
pwillworth/galaxyharvester
Galaxy Harvester resource tracking web application for Star Wars Galaxies Emulator servers
advanced-security/custom-codeql-bundle
An example repository that demonstrates how the build custom CodeQL bundles that include query customizations through the `Customizations.qll` library
hakivvi/ObjectPwnStream
a Ruby implementation of Java's ObjectInputStream and ObjectOutputStream.
wesleydekraker/xamarin-security-scanner
A tool to find security vulnerabilities in Xamarin.Android apps.