32 tools and resources
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
Embeddable Yara library for Java with support for loading rules and scanning data.
Open-source Java application for creating proxies for traffic analysis & modification.
Java decompiler for modern Java features up to Java 14.
A free book providing design and implementation guidelines for writing secure programs in various languages.
Online Java decompiler tool with support for modern Java features.
A tool for identifying and analyzing Java serialized objects in network traffic
Guidelines for secure coding in Java SE to avoid bugs that could weaken security and open holes in Java's security features.
Tools for working with Android .dex and Java .class files, including dex-reader/writer, d2j-dex2jar, and smali/baksmali.
Java MODBUS simulator with scriptable functions and dynamic resource creation.
A minimal library to generate YARA rules from JAVA with maven support.
A vulnerable web application for learning about web application vulnerabilities and writing secure code.
Practical security policy enforcement for Android apps via bytecode rewriting and in-place reference monitor.
Instrumentation-based approach for resolving reflective calls in Android apps.
An open source digital forensic tool for processing and analyzing digital evidence with high performance and multiplatform support.
Bluetooth Honeypot with monitoring capabilities
Dynamic Java code instrumentation kit for Android applications.
A tool for translating Dalvik bytecode to equivalent Java bytecode, allowing Java analysis tools to analyze Android applications.
A cheat sheet for pentesters and researchers about deserialization vulnerabilities in various Java (JVM) serialization libraries.
A tool for translating Dalvik bytecode to Java bytecode for analyzing Android applications.
A honeypot system that allows you to set up a decoy API to detect and analyze potential security threats.
A minimalistic Java library for representing threat model data in a normalized way and automating threat intelligence extraction.
A standalone binary inspection tool for Android developers with support for various formats and dependencies.
A honeypot mimicking Tomcat manager endpoints to log requests and save attacker's WAR files for analysis.
Krakatau provides an assembler and disassembler for Java bytecode, supporting conversion, creation, examination, comparison, and decompilation of Java binaries.
Standalone graphical utility for viewing Java source codes from ".class" files.
nudge4j is a tool to control Java applications from the browser and experiment with live code.
MARA is a Mobile Application Reverse engineering and Analysis Framework with various features for testing mobile applications against OWASP mobile security threats.
Java decompiler GUI tool for Procyon under Apache License.
JAADAS is a powerful tool for static analysis of Android applications, providing features like API misuse analysis and inter-procedure dataflow analysis.
Fernflower is an analytical decompiler for Java with command-line options and support for external classes.
Python wrapper for Android APK decompilation with various converter and decompiler options.
