Java
Explore 32 curated tools and resources
LATEST ADDITIONS
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
Embeddable Yara library for Java with support for loading rules and scanning data.
Open-source Java application for creating proxies for traffic analysis & modification.
A free book providing design and implementation guidelines for writing secure programs in various languages.
Online Java decompiler tool with support for modern Java features.
A tool for identifying and analyzing Java serialized objects in network traffic
Guidelines for secure coding in Java SE to avoid bugs that could weaken security and open holes in Java's security features.
Tools for working with Android .dex and Java .class files, including dex-reader/writer, d2j-dex2jar, and smali/baksmali.
A minimal library to generate YARA rules from JAVA with maven support.
A vulnerable web application for learning about web application vulnerabilities and writing secure code.
Practical security policy enforcement for Android apps via bytecode rewriting and in-place reference monitor.
Instrumentation-based approach for resolving reflective calls in Android apps.
An open source digital forensic tool for processing and analyzing digital evidence with high performance and multiplatform support.
Dynamic Java code instrumentation kit for Android applications.
A tool for translating Dalvik bytecode to equivalent Java bytecode, allowing Java analysis tools to analyze Android applications.
A cheat sheet for pentesters and researchers about deserialization vulnerabilities in various Java (JVM) serialization libraries.
A tool for translating Dalvik bytecode to Java bytecode for analyzing Android applications.
A minimalistic Java library for representing threat model data in a normalized way and automating threat intelligence extraction.
A standalone binary inspection tool for Android developers with support for various formats and dependencies.
A honeypot mimicking Tomcat manager endpoints to log requests and save attacker's WAR files for analysis.
Krakatau provides an assembler and disassembler for Java bytecode, supporting conversion, creation, examination, comparison, and decompilation of Java binaries.
Standalone graphical utility for viewing Java source codes from ".class" files.
nudge4j is a tool to control Java applications from the browser and experiment with live code.
MARA is a Mobile Application Reverse engineering and Analysis Framework with various features for testing mobile applications against OWASP mobile security threats.
Java decompiler GUI tool for Procyon under Apache License.
JAADAS is a powerful tool for static analysis of Android applications, providing features like API misuse analysis and inter-procedure dataflow analysis.
Fernflower is an analytical decompiler for Java with command-line options and support for external classes.
Python wrapper for Android APK decompilation with various converter and decompiler options.
PINNED
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Free
Security Operations
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Free
Blogs and News
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Commercial
Cloud Security
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.
Commercial
AI Security