Security

SuperTokens Table of Contents 🚀 What is SuperTokens? Philosophy Features + Demo app Documentation 🏗️ Architecture ☕ Why Java? 🔥 SuperTokens vs Othe

GHIDRA plugin to parse, disassemble and decompile NodeJS Bytenode (JSC) binaries

目前已集成——登录验证、权限验证、Session会话、踢人下线、分布式会话、单点登录、OAuth2.0、模拟他人账号、临时身份切换、集成Redis、多账号认证体系、前后台分离模式、注解式鉴权、路由拦截式鉴权、花式token生成

CTFCrackTools 's BurpSuite Plugin - Decode and Encode

Java web common vulnerabilities and security code which is base on springboot and spring security

this project is a checker for virus's and token loggers in java apps

A Multiplayer Plugin for Burp. Sync's in-scope requests/responses, comments, and highlights in realtime.

最近写了一个BurpSuite Extensions用来标记请求包中的一些敏感信息、JS接口和一些特殊字段，防止我们疏忽了一些数据包，我将它命名为“Unexpected information”，使用它可能会有意外的收获信息。

A simple and efficient open-source security framework that focus on protection of restful api.

BurpCrypto is a collection of burpsuite encryption plug-ins, support AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite).

Weblogic CVE-2020-14645 UniversalExtractor JNDI injection getDatabaseMetaData()

Cafecompare is a GUI application for analysis and comparison of java archives and class files.

Spring Social Login is a demo application of how to build authentication and authorization into your Spring Boot application based on OAuth2 identity providers, such as Facebook, GitHub, Google, and others.

This project aims to provide a central repository for many useful Tsunami Security Scanner plugins.

CVE-2020-5902 BIG-IP RCE

Burpsuite Plugin For AES Crack

Apache Tomcat + MongoDB Remote Code Execution

CVE-2020-5410 Spring Cloud Config directory traversal vulnerability

OptimizedJCAlgs Collection of open-source JavaCard crypto algorithms. Optimized for memory and speed with unified interface (where possible). See each algorithm's own readme file for more details. Featured al

SSL/TLS Exercises These exercises are associated with my course on Transport Layer Security (TLS). This course is delivered via O'Reilly Live Training. When not teaching online I am a lecturer at the University of Notti

Scala-Hashing Overview Fast non-cryptographic hash functions for Scala. This library provides APIs for computing 32-bit and 64-bit hashes. Currently implemented hash functions MurmurHash3 (32-bit)

Open-source vulnerability assessment tool Discover, assess and mitigate known vulnerabilities in your Java and Python projects. The open-source vulnerability assessment tool supports software development org

Burp Suite HTTP Smuggler A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques. This extension has been developed by Soroush Dalili (@irsdl) from NCC Group. T

Java JWT A Java implementation of JSON Web Tokens (draft-ietf-oauth-json-web-token-08). If you're looking for an Android version of the JWT Decoder take a look at our JWTDecode.Android library.

jcasbin-springboot-plugin jcasbin-springboot-plugin is an authorization middleware for Spring Boot, it's based on https://github.com/casbin/jcasbin. It is developed under the latest Spring Boot 2.0.1 and Java 8.

Spring Boot Starter ACME A Spring Boot module that is meant to ease the pain of generating a valid SSL Certificate using the Automatic Certificate Management Environment (ACME) protocol. This project depends on the acm

What is this project about? The ReverseCrypter can extract jar archives crypted by various java-crypters. The extractors (and their keys!) are hard-coded and may not work for newer versions. Supported Crypter

jCasbin News: still worry about how to write the correct jCasbin policy? Casbin online editor is coming to help! Try it at: http://casbin.org/editor/ jCasbin is a powerful and efficient open-source access cont

OpenRASP Introduction Unlike perimeter control solutions like WAF, OpenRASP directly integrates its protection engine into the application server by instrumentation. It can monitor various events including

Bisq What is Bisq? Bisq is a safe, private and decentralized way to exchange bitcoin for national currencies and other digital assets. Bisq uses peer-to-peer networking and multi-signature escrow to facilit

Tink A multi-language, cross-platform library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse. Ubuntu macOS In

seawaf-agent An open source web application firewall component why Applications should not be delegating most of their runtime protection to the external devices. Applica-tions should be capable of self-

Project Wycheproof https://github.com/google/wycheproof Project Wycheproof is named after Mount Wycheproof, the smallest mountain in the world. The main motivation for the project is to have a goal that is achievable.