cyal1

MMKV

An efficient, small mobile key-value storage framework developed by WeChat. Works on Android, iOS, macOS, Windows, and POSIX.

semgrep

Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

JsBridge

android java and javascript bridge, inspired by wechat webview jsbridge

unicorn

Unicorn CPU emulator framework (ARM, AArch64, M68K, Mips, Sparc, PowerPC, RiscV, S390x, TriCore, X86)

androguard

Reverse engineering and pentesting for Android applications

qiling

A True Instrumentable Binary Emulation Framework

LIEF

LIEF - Library to Instrument Executable Formats (C++, Python, Rust)

obfuscator

AppInfoScanner

一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具，可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如：Title、Domain、CDN、指纹信息、状态信息等。

RMS-Runtime-Mobile-Security

Runtime Mobile Security (RMS) 📱🔥 - is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime

ngx_http_proxy_connect_module

A forward proxy module for CONNECT request handling

reFlutter

Flutter Reverse Engineering Framework

inventory

Asset inventory of over 800 public bug bounty programs.

VHostScan

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

douyin

抖音推荐/搜索页视频列表视频爬虫方案,基于app(虚拟机或真机) 相关技术 golang adb

Wallbreaker

🔨 Break Java Reverse Engineering form Memory World!

grapefruit

(WIP) Runtime Application Instruments for iOS. Previously Passionfruit

secure-mobile-development

A Collection of Secure Mobile Development Best Practices

ApplicationScanner

An open source application scanning tool

extractor-java

CodeQL extractor for java, which don't need to compile java source

macos-openvpn-server

macOS OpenVPN Server and Client Configuration (OpenVPN, Tunnelblick, PF)

sign-saboteur

SignSaboteur is a Burp Suite extension for editing, signing, verifying various signed web tokens

reset-tolkien

Unsecure time-based secret exploitation and Sandwich attack implementation Resources

modjoda

Java Object Deserialization on Android

frida-trick

My own collection of Frida scripts and tricks

redirect-fuzzer

Fuzzing script for redirect URL validator

wordy

Word frequency counter for .epub, .txt and .srt

hot-jar-swapping-urlclassloader

Demo of the URLClassLoader JAR-swapping showing the ability to replace and exploit an already loaded JAR with inner classes

wordfrequencies

Counts frequencies of words using movie and television subtitles.

learn-english-words-from-srt

Gets the most frequent words in a subtitles `srt` file before watching the film/tv show.