Security researcher, exploit developer, pentester.
SerializationDumper. A tool to dump Java serialization streams in a more human readable form.
1.1kBaRMIe. Java RMI enumeration and attack tool.
748patch-apk. Wrapper to inject an Objection/Frida gadget into an APK, with support for app bundles/split APKs.
417DeserLab. Java deserialization exploitation lab.
237SerialBrute. Java serialization brute force attack tool.
125PoC. Repo for proof of concept exploits and tools.
56xamarin-decompress. Decompress Xamarin .NET compressed binaries so they can be decompiled.
48ysoserial. A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
5mobileappvm. VM build script for mobile app pentesting/reversing.
4CachePlz. Burp Suite extension to fix caching of large static resources returned by badly configured servers/apps.
2Middleware-Vulnerability-detection. CVE、CMS、中间件漏洞检测利用合集 Since 2019-9-15
2top10webseclist. Top Ten Web Hacking Techniques List
2aws-security-cert-service-notes. Security aspects of AWS products for the Security Specialist certification
2lynis. Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
1rmiscout. RMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities
1objection. 📱 objection - runtime mobile exploration
1freddy. Automatically identify deserialisation issues in Java and .NET applications by using active and passive scans
1fuzzdb. Automatically exported from code.google.com/p/fuzzdb
1