#java

jadx
jadx

Dex to Java decompiler.

infer
infer

A static analyzer for Java, C, C++, and Objective-C.

pmd
pmd

An extensible multilanguage static code analyzer.

codeql
codeql

Power security researchers around the world as well as code scanning.

JNDI-Injection-Exploit
JNDI-Injection-Exploit

Generates JNDI links can start several servers to exploit JNDI Injection vulnerabilities.

BaRMIe
BaRMIe

Enumerating and attacking Java Remote Method Invocation services.

Freddy Deserialization Bug Finder
Freddy Deserialization Bug Finder

A Burp Suite extension to aid in detecting and exploiting serialisation libraries/APIs.

Java Deserialization Scanner
Java Deserialization Scanner

All-in-one plugin for the detection and exploitation of Java deserialization vulnerabilities.

GadgetProbe
GadgetProbe

Probe endpoints consuming Java serialized objects for fingerprinting.

ysoserial
ysoserial

Generates payloads that exploit unsafe Java object deserialization.

jSQL Injection
jSQL Injection

Java application for automatic SQL database injection.