Ghidra is a software reverse engineering (SRE) framework

Open Source Identity and Access Management For Modern Applications and Services

Telegram for Android source

The ZAP by Checkmarx Core project

Virtual Engine for Android(Support 14.0 in business version)

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.

Elder driver Xposed Framework.

Open source version of Google Authenticator (except the Android app)

Hackpad is a web-based realtime wiki.

Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It can be used by law enforcement, military, and corporate examiners to invest…

Android Package Inspector - dynamic analysis with api hooks, start unexported activities and more. (Xposed Module)

BinNavi is a binary analysis IDE that allows to inspect, navigate, edit and annotate control flow graphs and call graphs of disassembled code.

Simple to use root checking Android library and sample app

Cknife

A Burp Suite extension that integrates OpenAI's GPT to perform an additional passive scan for discovering highly bespoke vulnerabilities and enables running traffic-based analysis of any type.

XPrivacy - The ultimate, yet easy to use, privacy manager

The new bridge between Burp Suite and Frida!

RootTools Library

Open source fork of the Google Authenticator Android app

TCP/UDP Non-HTTP Proxy Extension (NoPE) for Burp Suite.

OAExploit一款基于产品的一键扫描工具。

Web and mobile application security training platform

log4j-scanner is a project derived from other members of the open-source community by CISA to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities.

A collection of usage examples for Camunda Platform intended to get you started quickly

This project aims to provide a central repository for many useful Tsunami Security Scanner plugins.

Android Xposed Module to bypass SSL certificate validation (Certificate Pinning).

IA's public Wayback Machine (moved from SourceForge)