Ghidra is a software reverse engineering (SRE) framework

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.

JPEXS Free Flash Decompiler

A large-scale entity and relation database supporting aggregation of properties

The real deal

TCP/UDP Non-HTTP Proxy Extension (NoPE) for Burp Suite.

CLOSE ACCESS DENIAL.

Smiley's HTTP Proxy implemented as a Java servlet

Open Adversarial Exposure Validation Platform

Open source platform for X.509 certificate based service authentication and fine grained access control in dynamic infrastructures. Athenz supports provisioning and configuration (centralized autho…

Java bytecode editor

Fast and reliable message broker built on top of Kafka.

Damn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to assess your android application security hacking skills.

ActiveScan++ Burp Suite Plugin

Stroom is a highly scalable data storage, processing and analysis platform.

SHELLING - a comprehensive OS command injection payload generator

First IDE for Nmap Script (NSE) Development.

psychoPATH - an advanced path traversal tool. Features: evasive techniques, dynamic web root list generation, output encoding, site map-searching payload generator, LFI mode, nix & windows support,…

Advanced yet easy to use escaping library for Java

A Cloud Security Posture Manager or CSPM with a focus on security analysis for the modern cloud stack and a focus on the emerging threat landscape such as cloud ransomware and supply chain attacks.

A Java tool for generating json strings

Phantom is a high performance proxy for accessing distributed services. It is an RPC system with support for different transports and protocols. Phantom is inspired by Twitter Finagle clients and b…

Tiny event emitter library for Java

Athenz is a role-based authorization (RBAC) system for provisioning and configuration (centralized authorization) use cases as well as serving/runtime (decentralized authorization) use cases.

Simple and secure synchronisation of MISP instances with mobile phones

OWASP Benchmark is a test suite designed to verify the speed and accuracy of software vulnerability detection tools.

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

This repository will serve as the "master" repo containing all trainings and tutorials done in preperation for OSWE in conjunction with the AWAE course. This repo will likely contain custom code by…