Explore 39 curated tools and resources
Want your tool featured here?
Get maximum visibility with pinned placement
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
Insider is an open-source CLI tool that performs static source code analysis to detect OWASP Top 10 vulnerabilities across multiple programming languages including Java, Kotlin, Swift, .NET, C#, and JavaScript.
Insider is an open-source CLI tool that performs static source code analysis to detect OWASP Top 10 vulnerabilities across multiple programming languages including Java, Kotlin, Swift, .NET, C#, and JavaScript.
Embeddable Yara library for Java with support for loading rules and scanning data.
Embeddable Yara library for Java with support for loading rules and scanning data.
Open-source Java application for creating proxies for traffic analysis & modification.
Open-source Java application for creating proxies for traffic analysis & modification.
Java decompiler for modern Java features up to Java 14.
A free book providing design and implementation guidelines for writing secure programs in various languages.
A free book providing design and implementation guidelines for writing secure programs in various languages.
Online Java decompiler tool with support for modern Java features.
Online Java decompiler tool with support for modern Java features.
A tool for identifying and analyzing Java serialized objects in network traffic
A tool for identifying and analyzing Java serialized objects in network traffic
Ghidra is an NSA-developed software reverse engineering framework that provides disassembly, decompilation, and analysis tools for examining compiled code across multiple platforms and processor architectures.
Ghidra is an NSA-developed software reverse engineering framework that provides disassembly, decompilation, and analysis tools for examining compiled code across multiple platforms and processor architectures.
Guidelines for secure coding in Java SE to avoid bugs that could weaken security and open holes in Java's security features.
Guidelines for secure coding in Java SE to avoid bugs that could weaken security and open holes in Java's security features.
Tools for working with Android .dex and Java .class files, including dex-reader/writer, d2j-dex2jar, and smali/baksmali.
A minimal library to generate YARA rules from JAVA with maven support.
A minimal library to generate YARA rules from JAVA with maven support.
A deliberately vulnerable Java web application designed for educational purposes to teach web application security concepts and common vulnerabilities.
A deliberately vulnerable Java web application designed for educational purposes to teach web application security concepts and common vulnerabilities.
AutoYara is a Java tool that automatically generates YARA rules from malware samples using biclustering algorithms to help analysts create detection rules for malware families.
AutoYara is a Java tool that automatically generates YARA rules from malware samples using biclustering algorithms to help analysts create detection rules for malware families.
DroidRA is an instrumentation-based Android security analysis tool that improves the accuracy of reflective call analysis through composite constant propagation techniques.
DroidRA is an instrumentation-based Android security analysis tool that improves the accuracy of reflective call analysis through composite constant propagation techniques.
An open source digital forensic tool for processing and analyzing digital evidence with high performance and multiplatform support.
An open source digital forensic tool for processing and analyzing digital evidence with high performance and multiplatform support.
A Java-based Bluetooth honeypot that captures and analyzes malware and attacks targeting Bluetooth-enabled devices.
FSquaDRA detects repackaged Android applications by computing Jaccard similarity over file digests within APK packages using pre-computed signing digests for improved performance.
FSquaDRA detects repackaged Android applications by computing Jaccard similarity over file digests within APK packages using pre-computed signing digests for improved performance.
Dynamic Java code instrumentation kit for Android applications.
A tool for translating Dalvik bytecode to equivalent Java bytecode, allowing Java analysis tools to analyze Android applications.
A tool for translating Dalvik bytecode to equivalent Java bytecode, allowing Java analysis tools to analyze Android applications.
A cheat sheet for pentesters and researchers about deserialization vulnerabilities in various Java (JVM) serialization libraries.
A cheat sheet for pentesters and researchers about deserialization vulnerabilities in various Java (JVM) serialization libraries.
A dependency security scanner that identifies potential supply chain vulnerabilities by checking for available package namespace registrations across Python, JavaScript, PHP, and Maven repositories.
A dependency security scanner that identifies potential supply chain vulnerabilities by checking for available package namespace registrations across Python, JavaScript, PHP, and Maven repositories.
A tool for translating Dalvik bytecode to Java bytecode for analyzing Android applications.
A tool for translating Dalvik bytecode to Java bytecode for analyzing Android applications.
A minimalistic Java library for representing threat model data in a normalized way and automating threat intelligence extraction.
A minimalistic Java library for representing threat model data in a normalized way and automating threat intelligence extraction.
A standalone binary inspection tool for Android developers with support for various formats and dependencies.
A standalone binary inspection tool for Android developers with support for various formats and dependencies.
CFGScanDroid is a Java utility that compares control flow graph signatures to Android method control flow graphs for malicious application detection.
CFGScanDroid is a Java utility that compares control flow graph signatures to Android method control flow graphs for malicious application detection.
A honeypot mimicking Tomcat manager endpoints to log requests and save attacker's WAR files for analysis.
A honeypot mimicking Tomcat manager endpoints to log requests and save attacker's WAR files for analysis.
Developer documentation providing REST API and SDK resources for ThreatConnect platform integration across Python, Java, and JavaScript environments.
A Java-based API tool for programmatically searching and downloading Android applications from Google Play Store with Galaxy S3 device compatibility.
A Java-based API tool for programmatically searching and downloading Android applications from Google Play Store with Galaxy S3 device compatibility.
A Java bytecode assembler and disassembler toolkit that converts classfiles to human-readable format and provides decompilation capabilities for reverse engineering Java applications.
A Java bytecode assembler and disassembler toolkit that converts classfiles to human-readable format and provides decompilation capabilities for reverse engineering Java applications.
JD-GUI is a graphical Java decompiler that reconstructs and displays source code from compiled ".class" files for reverse engineering and code analysis purposes.
JD-GUI is a graphical Java decompiler that reconstructs and displays source code from compiled ".class" files for reverse engineering and code analysis purposes.
nudge4j is a tool to control Java applications from the browser and experiment with live code.
nudge4j is a tool to control Java applications from the browser and experiment with live code.
MARA is a Mobile Application Reverse engineering and Analysis Framework with various features for testing mobile applications against OWASP mobile security threats.
MARA is a Mobile Application Reverse engineering and Analysis Framework with various features for testing mobile applications against OWASP mobile security threats.
Java decompiler GUI tool for Procyon under Apache License.
JAADAS is a powerful tool for static analysis of Android applications, providing features like API misuse analysis and inter-procedure dataflow analysis.
JAADAS is a powerful tool for static analysis of Android applications, providing features like API misuse analysis and inter-procedure dataflow analysis.
Fernflower is an analytical decompiler for Java with command-line options and support for external classes.
Fernflower is an analytical decompiler for Java with command-line options and support for external classes.
Python wrapper for Android APK decompilation with various converter and decompiler options.