Security

JavaPassDump 背景： 红队实战中，有遇到数据库的配置信息加密的情况，有些甚至在Native层处理加解密，为简化红队流程，产生一个通用的数据库信息提取工具：JavaPassDump。

A Java agent that disables features you don't use, before an attacker uses them against you.

# JNDIExploit JNDIExploit v1.2 JNDIExploit v1.2 here can u downoad direct from this git Direct Download for linux wget https://download1320.mediafire

BurpLog4j2Scan Description BurpLog4j2Scan is a Burp Suite Extension written in JAVA which could be useful as scan log4j2rce. Screenshot start scan pro

Code Quality and Security for Java This SonarSource project is a code analyzer for Java projects. Information about the analysis of Java features is a

Log4j2 RCE Passive Scanner plugin for BurpSuite

Log4j impact manufacturers and components summary from the Internet community. Welcome everyone to submit mr to perfect the possible influence surface.

Spring Boot web application vulnerable to CVE-2021-44228, nicknamed Log4Shell.

Nbvcxz - Password strength estimator - [] nbvcxz is java library (and standalone console program) which is heavily inspired by the work in zxcvbn. Pas

AutoBypass403-BurpSuite A burpsuite plugin help me automatic bypass 403. ChangeLog 2021-12-04 support multi-threaded concurrency 2021-12-02 First publ

Keeps LetsEncrypt certificates up-to-date for your Spring Boot Web application. Pure Java in a single file of library code. An automated embedded alternative to Certbot and docker-sidecars. No JVM restart is needed on certificate

This project aims to deobfuscate most commercially-available obfuscators for Java.

JNDIExploit 一款用于 JNDI注入 利用的工具，大量参考/引用了 Rogue JNDI 项目的代码，支持直接植入内存shell，并集成了常见的bypass 高版本JDK的方式，适用于与自动化工具配合使用。 使用说明 使用 java -jar JNDIExploit.jar -h 查看参数

This is the public repository for the CFR Java decompiler

HopLa 💥 All the power of PayloadsAllTheThings, without the overhead. This extension adds autocompletion support and useful payloads in Burp Suite to

Test-Driven Security Run tests ./gradlew test References Spring Security test support https://docs.spring.io/spring-security/site/docs/current/referen

A simple Anti-Dump to slow down and annoy attackers.

FIDO (Fast IDentity Online) is an open standard for online authentication. It is designed to solve the password problems stemming from a lot of security problems as we are suffering today.

A community-driven project led by the Spring Security team and is focused on delivering Authorization Server support to the Spring community

JavaWeb MemoryShell Inject/Scan/Killer/Protect Research & Exploring

JABS is a blockchain network simulator aimed at researching consensus algorithms for performance and security. it is designed to easily handel simulation of networks as large as normal public blockchain networks (~10000 nodes) in

This is a Java implementation of an Enigma machine, along with code that attempts to break the encryption. This code is associated with an upcoming Computerphile video.

SuperTokens Table of Contents 🚀 What is SuperTokens? Philosophy Features + Demo app Documentation 🏗️ Architecture ☕ Why Java? 🔥 SuperTokens vs Othe

GHIDRA plugin to parse, disassemble and decompile NodeJS Bytenode (JSC) binaries

目前已集成——登录验证、权限验证、Session会话、踢人下线、分布式会话、单点登录、OAuth2.0、模拟他人账号、临时身份切换、集成Redis、多账号认证体系、前后台分离模式、注解式鉴权、路由拦截式鉴权、花式token生成

CTFCrackTools 's BurpSuite Plugin - Decode and Encode

Java web common vulnerabilities and security code which is base on springboot and spring security

this project is a checker for virus's and token loggers in java apps

A Multiplayer Plugin for Burp. Sync's in-scope requests/responses, comments, and highlights in realtime.

最近写了一个BurpSuite Extensions用来标记请求包中的一些敏感信息、JS接口和一些特殊字段，防止我们疏忽了一些数据包，我将它命名为“Unexpected information”，使用它可能会有意外的收获信息。

A simple and efficient open-source security framework that focus on protection of restful api.

BurpCrypto is a collection of burpsuite encryption plug-ins, support AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite).