Java.md
February 15, 2026 · View on GitHub
Tools Made of Java
| Type | Name | Description | Star | Tags | Badges |
|---|---|---|---|---|---|
| Army-Knife | ZAP | The ZAP core project | mitmproxy live-audit crawl | ![]() ![]() ![]() ![]() ![]() | |
| Army-Knife | BurpSuite | The BurpSuite Project | mitmproxy live-audit crawl | ![]() ![]() ![]() ![]() ![]() | |
| Recon | attack-surface-detector-burp | The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters | endpoint url attack-surface | ![]() ![]() ![]() ![]() ![]() | |
| Recon | attack-surface-detector-zap | The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters | endpoint url attack-surface | ![]() ![]() ![]() ![]() ![]() | |
| Recon | reflected-parameters | param | ![]() ![]() ![]() ![]() ![]() | ||
| Fuzzer | param-miner | Param Miner | param cache-vuln | ![]() ![]() ![]() ![]() ![]() | |
| Scanner | collaborator-everywhere | oast | ![]() ![]() ![]() ![]() ![]() | ||
| Scanner | DeepViolet | Tool for introspection of SSL\TLS sessions | ssl | ![]() ![]() ![]() ![]() | |
| Scanner | http-request-smuggler | smuggle | ![]() ![]() ![]() ![]() ![]() | ||
| Scanner | csp-auditor | csp | ![]() ![]() ![]() ![]() ![]() ![]() | ||
| Scanner | BurpSuiteHTTPSmuggler | smuggle | ![]() ![]() ![]() ![]() ![]() | ||
| Exploit | BaRMIe | Java RMI enumeration and attack tool. | RMI | ![]() ![]() ![]() ![]() | |
| Utils | GadgetProbe | Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths. | deserialize | ![]() ![]() ![]() ![]() | |
| Utils | Web3 Decoder | Burp Extension for Web3 | web3 | ![]() ![]() ![]() ![]() ![]() | |
| Utils | pcap-burp | Pcap importer for Burp | ![]() ![]() ![]() ![]() ![]() | ||
| Utils | safecopy | ![]() ![]() ![]() ![]() ![]() | |||
| utils | Neonmarker | ![]() ![]() ![]() ![]() ![]() | |||
| Utils | AWSSigner | Burp Extension for AWS Signing | ![]() ![]() ![]() ![]() ![]() | ||
| Utils | Map Local | ZAP add-on which allows mapping of responses to content of a chosen local file. | ![]() ![]() ![]() ![]() ![]() | ||
| Utils | BurpSuiteLoggerPlusPlus | ![]() ![]() ![]() ![]() ![]() | |||
| Utils | Stepper | ![]() ![]() ![]() ![]() ![]() | |||
| Utils | http-script-generator | ![]() ![]() ![]() ![]() ![]() ![]() | |||
| Utils | taborator | oast | ![]() ![]() ![]() ![]() ![]() | ||
| Utils | SerializationDumper | A tool to dump Java serialization streams in a more human readable form. | deserialize | ![]() ![]() ![]() ![]() | |
| Utils | BurpCustomizer | Because just a dark theme wasn't enough! | ![]() ![]() ![]() ![]() ![]() | ||
| Utils | Berserko | Burp Suite extension to perform Kerberos authentication | ![]() ![]() ![]() ![]() ![]() | ||
| Utils | Decoder-Improved | Improved decoder for Burp Suite | ![]() ![]() ![]() ![]() ![]() | ||
| Utils | ysoserial | A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. | deserialize | ![]() ![]() ![]() ![]() | |
| Utils | zap-hud | ![]() ![]() ![]() ![]() ![]() | |||
| Utils | knife | A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅 | ![]() ![]() ![]() ![]() | ||
| Utils | AuthMatrix | Automated HTTP Request Repeating With Burp Suite | ![]() ![]() ![]() ![]() ![]() | ||
| Utils | HTTPSignatures | A Burp Suite extension implementing the Signing HTTP Messages draft-ietf-httpbis-message-signatures-01 draft. | ![]() ![]() ![]() ![]() ![]() | ||
| Utils | burp-send-to | ![]() ![]() ![]() ![]() ![]() | |||
| utils | owasp-zap-jwt-addon | jwt | ![]() ![]() ![]() ![]() ![]() |





