Explore 32 curated tools and resources
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
A cloud-native web application and API security solution that uses contextual AI to protect against known and zero-day threats without signature-based detection.
A cloud-native web application and API security solution that uses contextual AI to protect against known and zero-day threats without signature-based detection.
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
Embeddable Yara library for Java with support for loading rules and scanning data.
Embeddable Yara library for Java with support for loading rules and scanning data.
Open-source Java application for creating proxies for traffic analysis & modification.
Open-source Java application for creating proxies for traffic analysis & modification.
Java decompiler for modern Java features up to Java 14.
A free book providing design and implementation guidelines for writing secure programs in various languages.
A free book providing design and implementation guidelines for writing secure programs in various languages.
Online Java decompiler tool with support for modern Java features.
Online Java decompiler tool with support for modern Java features.
A tool for identifying and analyzing Java serialized objects in network traffic
A tool for identifying and analyzing Java serialized objects in network traffic
Guidelines for secure coding in Java SE to avoid bugs that could weaken security and open holes in Java's security features.
Guidelines for secure coding in Java SE to avoid bugs that could weaken security and open holes in Java's security features.
Tools for working with Android .dex and Java .class files, including dex-reader/writer, d2j-dex2jar, and smali/baksmali.
A minimal library to generate YARA rules from JAVA with maven support.
A minimal library to generate YARA rules from JAVA with maven support.
A vulnerable web application for learning about web application vulnerabilities and writing secure code.
A vulnerable web application for learning about web application vulnerabilities and writing secure code.
Practical security policy enforcement for Android apps via bytecode rewriting and in-place reference monitor.
Instrumentation-based approach for resolving reflective calls in Android apps.
Instrumentation-based approach for resolving reflective calls in Android apps.
An open source digital forensic tool for processing and analyzing digital evidence with high performance and multiplatform support.
An open source digital forensic tool for processing and analyzing digital evidence with high performance and multiplatform support.
Dynamic Java code instrumentation kit for Android applications.
A tool for translating Dalvik bytecode to equivalent Java bytecode, allowing Java analysis tools to analyze Android applications.
A tool for translating Dalvik bytecode to equivalent Java bytecode, allowing Java analysis tools to analyze Android applications.
A cheat sheet for pentesters and researchers about deserialization vulnerabilities in various Java (JVM) serialization libraries.
A cheat sheet for pentesters and researchers about deserialization vulnerabilities in various Java (JVM) serialization libraries.
A tool for translating Dalvik bytecode to Java bytecode for analyzing Android applications.
A tool for translating Dalvik bytecode to Java bytecode for analyzing Android applications.
A minimalistic Java library for representing threat model data in a normalized way and automating threat intelligence extraction.
A minimalistic Java library for representing threat model data in a normalized way and automating threat intelligence extraction.
A standalone binary inspection tool for Android developers with support for various formats and dependencies.
A standalone binary inspection tool for Android developers with support for various formats and dependencies.
A honeypot mimicking Tomcat manager endpoints to log requests and save attacker's WAR files for analysis.
A honeypot mimicking Tomcat manager endpoints to log requests and save attacker's WAR files for analysis.
Krakatau provides an assembler and disassembler for Java bytecode, supporting conversion, creation, examination, comparison, and decompilation of Java binaries.
Krakatau provides an assembler and disassembler for Java bytecode, supporting conversion, creation, examination, comparison, and decompilation of Java binaries.
Standalone graphical utility for viewing Java source codes from ".class" files.
Standalone graphical utility for viewing Java source codes from ".class" files.
nudge4j is a tool to control Java applications from the browser and experiment with live code.
nudge4j is a tool to control Java applications from the browser and experiment with live code.
MARA is a Mobile Application Reverse engineering and Analysis Framework with various features for testing mobile applications against OWASP mobile security threats.
MARA is a Mobile Application Reverse engineering and Analysis Framework with various features for testing mobile applications against OWASP mobile security threats.
Java decompiler GUI tool for Procyon under Apache License.
JAADAS is a powerful tool for static analysis of Android applications, providing features like API misuse analysis and inter-procedure dataflow analysis.
JAADAS is a powerful tool for static analysis of Android applications, providing features like API misuse analysis and inter-procedure dataflow analysis.
Fernflower is an analytical decompiler for Java with command-line options and support for external classes.
Fernflower is an analytical decompiler for Java with command-line options and support for external classes.
Python wrapper for Android APK decompilation with various converter and decompiler options.