Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.

Damn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to assess your android application security hacking skills.

Grab’n Run, a simple and effective Java Library for Android projects to secure dynamic code loading.

Burp Extension for testing authorization issues. Automated request repeating and parameter value extraction on the fly.

A burp suite extension that reviews backup, old, temporary and unreferenced files on web server for sensitive information (OWASP WSTG-CONF-04, OTG-CONFIG-004)

Here you will find various Azure Demos & Tutorials that I've put together for Azure Cloud using DevOps, Container Services and other PaaS offerings.

A burp suite extension that enumerates infrastructure and application admin interfaces (OTG-CONFIG-005)

Vulnerable Client-Server Application (VuCSA) is made for learning how to perform penetration tests of non-http thick clients. It is written in Java (with JavaFX graphical user interface) and contains multiple challenges including SQL injection, RCE, XML vulnerabilities and more.

VyAPI - A cloud based vulnerable hybrid Android App

Easy-to-use Threat modeling-as-a-Code (TaaC) solution following DevSecOps principles. Simple CI/CD integration as well as console usage. Sugar-Free and Secure: no any external dependencies except for chart plotting are used

Vuldroid is a Vulnerable Android Application made with security issues in order to demonstrate how they can occur in code

AIHTTPAnalyzer revolutionizes web application security testing by bringing artificial intelligence capabilities to Burp Suite. This innovative extension harnesses the power of AI to automate vulnerability detection, provide intelligent analysis, and assist security professionals in identifying complex security issues.

Damn Vulnerable SCA Application

A BurpSuite extension for vulnerability Scanning

An android project implementing magisk, frida and debugger detection using native library

Cucumber/BDD security tests example for Java (Spring Boot API).

Optimize your web vulnerability assessments with PassiveDigger, a comprehensive Burp Suite extension that specializes in passive traffic analysis. Detect potential vulnerabilities, get actionable insights, and supercharge your security audits.

CVSS Calculator - a burp suite extension for calculating CVSS v2 and v3.1 scores of vulnerabilities.

A Cordova plugin to determine whether the device has a secure lock mechanism configured, such as a PIN, pattern, password, fingerprint, or Face ID. Compatible with both iOS & Android.

Analysis of vulnerabilities from security audit | CVEs