JNDIExploit or a ysoserial.

Web漏洞扫描工具XRAY的GUI启动器

纯 Java 实现的 MySQL Fake Server | 支持 GUI 版和命令行版 | 支持反序列化和文件读取的利用方式 | 支持常见的 GADGET 和自定义 GADGET 数据 | 根据目标环境自动生成匹配的 PAYLOAD | 支持 PGSQL 和 DERBY 的利用

DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers.

A Router WiFi key recovery/cracking tool with a twist.

AIHTTPAnalyzer revolutionizes web application security testing by bringing artificial intelligence capabilities to Burp Suite. This innovative extension harnesses the power of AI to automate vulnerability detection, provide intelligent analysis, and assist security professionals in identifying complex security issues.

Integrated Security Testing Environment for Web Applications as Burp Extension.

JWTLens - Burp Suite extension for automated JWT security testing. 62 checks: passive scanning, algorithm confusion, signature bypass, KID injection, weak secret brute force, and a built-in JWT Forge tab. Works automatically as you browse.

A ZAPROXY Add-on that allows testing of web application vulnerabilities by recording complex multi-step sequences. You can test applications that need to access pages in a specific order, such as shopping carts or registration of member information.

a ZAPROXY Addon ActiveScan for detecting SQL injection with more better way.

🎯 VISTA — AI-Powered Security Testing Assistant for Burp Suite. Real-time traffic analysis, 12 expert vulnerability templates, 80+ payloads, WAF detection & bypass. Supports OpenAI, Azure, and OpenRouter (FREE). Zero dependencies.

All-in-one Burp Suite attack framework — 16 active scanners, 4 passive analyzers, SQL exploitation engine (OmniMap), AI-powered fuzzing, prerequisite chain automation (Stepper), built-in OOB server (HTTP+DNS). Single JAR, Montoya API.

SpringJWT is a simple project designed to help users understand JWT implementation with Spring Security, including the use of bearer tokens for secure authentication.

ILAY - authorization for Vaadin

Demo of a webapp with flawed security, for training purposes.

Burp Suite extension for passive GraphQL reconnaissance. Catalogs operations from proxy traffic, tracks variable shapes with sample values, stores original requests per signature, and sends to Intruder with auto-marked payload positions. Supports status triage, export/import for session persistence, and batched mutation detection.

Add a local REST API to Burp Suite Pro for instant, scriptable control of proxy, scanning, and scope.

🛡️ Burp Suite extension for automated access control bypass, path traversal & Web Cache Deception testing. Header spoofing, URL encoding, cache deception pipelines – all in one tool.

A highly-efficient, dynamic, and secure REST API backend for a web forum application. Built with Java and Spring Boot, it supports user registration and authentication, category management, thread creation, post management, and search functionality. The backend is fully dockerized, enabling rapid deployment and scalability in any environment.