welk1n

JNDI-Injection-Exploit

JNDI注入测试工具（A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc）

JNDI-Injection-Bypass

Some payloads of JNDI Injection in JDK 1.8.0_191+

FastjsonPocs

一些结合第三方组件的Fastjson POC，在1.2.48以后版本中陆续被添加至黑名单。

ReverseShell-Java

Generating payloads to reverse shell in different contexts of java.

exploiting-groovy-in-Java

Some payloads of exploiting groovy in java.

BaRMIe

Java RMI enumeration and attack tool.

jvm-sandbox

Real - time non-invasive AOP framework container based on JVM

SpringBootVulExploit

SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 checklist

CobaltStrike

CobaltStrike's source code

ipdb-java

IPIP.net officially supported IP database ipdb format parsing library

find-sec-bugs

The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

gadgetinspector

A byte code analyzer for finding deserialization gadget chains in Java applications

homebrew-core

🍻 Default formulae for the missing package manager for macOS

jailbreak

Jailbreak

marshalsec

nps

一款轻量级、功能强大的内网穿透代理服务器。支持tcp、udp流量转发，支持内网http代理、内网socks5代理，同时支持snappy压缩、站点保护、加密传输、多路复用、header修改等。支持web图形化管理，集成多用户模式。

OSfooler-ng

OSfooler-ng prevents remote active/passive OS fingerprinting by tools like nmap or p0f

Potatso

Potatso is an iOS client that implements Shadowsocks proxy with the leverage of NetworkExtension framework. ***This project is unmaintained, try taking a look at this fork https://github.com/shadowcoel/shadowcoel instead.

TheHunter

ysoserial

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.