Find JNI function signatures in APK and apply to reverse-engineering tools.

Android in docker solution with noVNC supported and video recording

Script to root AVDs running with QEMU Emulator from Android Studio

Research on the internal workings of Google's Play Integrity Protect Virtual Machine (VM) with tools for both disassembling and decompiling the bytecode.

DCC (Dex-to-C Compiler) is method-based aot compiler that can translate DEX code to C code.

Workshop Material on VM-based Deobfuscation

Java decompiler, assembler, and disassembler

Maybe the most detailed analysis of pdd backdoors

Samples and Unpacker of malicious backdoors and exploits developed and used by Pinduoduo

PoC of fighting against force-stop kill process on Android

A Static Dataflow Analysis Framework for iOS Applications.

A library that lets you use reflection without any restriction above Android P

针对 @hanbinglengyue 的FART项目下的Frida脱壳脚本进行最新适配，可在Frida16.1.0 + Android12环境下进行脱壳

微信小程序辅助渗透-自动化

Appshark is a static taint analysis platform to scan vulnerabilities in an Android app.

CTF竞赛权威指南

2018年初整理的一些内网渗透TIPS，后面更新的慢，所以整理出来希望跟小伙伴们一起更新维护~

「Java学习+面试指南」一份涵盖大部分 Java 程序员所需要掌握的核心知识。准备 Java 面试，首选 JavaGuide！

Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本，最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-…

图形化漏洞利用集成工具

The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.

Custom bash scripts used to automate various penetration testing tasks including recon, scanning, enumeration, and malicious payload creation using Metasploit. For use with Kali Linux.

Web path scanner

Pre-Built Vulnerable Environments Based on Docker-Compose

快速搭建各种漏洞环境(Various vulnerability environment)

演示视频https://pan.baidu.com/s/1HH_-TQGca1NLoSqzvOPB3Q 密码：izm3

Automatically identify deserialisation issues in Java and .NET applications by using active and passive scans

Awesome Burp Suite Resources. 400+ open source Burp plugins, 400+ posts and videos.

All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities

《FRIDA操作手册》by @hluwa @r0ysue