Dex to Java decompiler

Tink is a multi-language, cross-platform, open source library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

BinNavi is a binary analysis IDE that allows to inspect, navigate, edit and annotate control flow graphs and call graphs of disassembled code.

The new bridge between Burp Suite and Frida!

RootTools Library

Remote Administration Tool for Android devices

🔓 Disable SSL verification and pinning on Android, system-wide

Android Vulnerability Test Suite - In the spirit of open data collection, and with the help of the community, let's take a pulse on the state of Android security. NowSecure presents an on-device ap…

Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.

JQF + Zest: Coverage-guided semantic fuzzing for Java.

A robust parser for C/C++ storing abstract syntax trees, control flow graphs and program dependence graphs in a neo4j graph database.

Intercept, modify, repeat and attack Android's Binder transactions using Burp Suite

Black box tool to bypass SSL verification on Android, even when pinning is used.

ZAP/Burp plugin that generate script to reproduce a specific HTTP request (Intended for fuzzing or scripted attacks)

SWF file reverse engineering tools

CSTC is a Burp Suite extension that allows request/response modification using a GUI analogous to CyberChef

eBPF Processor for Ghidra

An openly-licensed corpus of small example files, covering a wide range of formats and creation tools.

A Cloud Security Posture Manager or CSPM with a focus on security analysis for the modern cloud stack and a focus on the emerging threat landscape such as cloud ransomware and supply chain attacks.

Develop Burp extensions in Jython

The Android Agent for the Drozer Security Assessment Framework.

FlowMate, a BurpSuite extension that brings taint analysis to web applications, by tracking all parameters send to a target application and matches their occurrences in the responses.

SignSaboteur is a Burp Suite extension for editing, signing, verifying various signed web tokens

Modern Web Firewall: stop account takeovers, weak passwords, cloud IPs, DoS attacks, disposable emails

Burp Suite extension to perform Kerberos authentication

PESD (Proxy Enriched Sequence Diagrams) Exporter converts Burp Suite's proxy traffic into interactive diagrams

send raw PDU SMS from your computer using a HTC Android phone