Open Source Java Software Development Software

The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by a dedicated international team of volunteers. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. It's also a great tool for experienced pentesters to use for manual security testing. ZAP is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. It stands between the tester’s browser and the web application so that it can intercept and inspect messages sent between browser and web application.

Mirrors: * https://bitbucket.org/pxb1988/dex2jar * https://github.com/pxb1988/dex2jar dex2jar contains following compment * dex-reader is designed to read the Dalvik Executable (.dex/.odex) format. It has a light weight API similar with ASM. * dex-translator is designed to do the convert job. It reads the dex instruction to dex-ir format, after some optimize, convert to ASM format. * dex-ir used by dex-translator, is designed to represent the dex instruction dex-tools tools to work with .class files. * d2j-smali disassemble dex to smali files and assemble dex from smali files. different implementation to smali/baksmali, same syntax, but we support escape in type desc "Lcom/dex2jar\t\u1234;" * dex-writer write dex same way as dex-reader.

DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers.

Kafka GUI for Apache Kafka to manage topics, topics data, consumers group, schema registry, connect and more. Enabling your teams to search and explore data in a unified console, while supporting its administration and integration within your ecosystem. Multi-Cluster vision into a central console, available in Multi-Cloud environments. Enabling users to access, search and get insights from your topics, including Live Tail. Allowing to manage your topics, consumer groups, cluster configurations, users and ACLs. Compatibility with LDAP, RBAC, Schema Registry, Kafka Connect and more.

Welcome to the home of the Apereo Central Authentication Service project, more commonly referred to as CAS. CAS is an enterprise multilingual single sign-on solution and identity provider for the web and attempts to be a comprehensive platform for your authentication and authorization needs. CAS is an open and well-documented authentication protocol. The primary implementation of the protocol is an open-source Java server component by the same name hosted here, with support for a plethora of additional authentication protocols and features. Monitor and track application and system behavior, statistics and metrics in real-time. Manage and review audits and logs centrally, and publish data to a variety of downstream systems. Manage and register client applications and services with specific authentication policies. Cross-platform client support (Java, .NET, PHP, Perl, Apache, etc).

Keytool is an Eclipse plugin that maintains keystores and certificates. It allows you to create certificates and put them in a keystore. You can from Eclipse, open and inspect certificates that are stored as .cer, or in a given keystore.

This project now hosts the third-generation of Java SSH API, Maverick Synergy. This API builds on the Maverick Legacy commercial APIs and delivers a new API in a unified client/server framework. This API is available to the community under the LGPL open source license. This update includes ed25519 support, support for the new OpenSSH private key file format and stronger key exchange algorithms. The project continues to host both the original API and legacy applications created around it, however, these are now considered deprecated and we do not recommend their use in anyway.

PLEASE NOTE that we are in the process of moving to GitHub: https://github.com/jasypt/jasypt Jasypt (Java Simplified Encryption) is a java library which allows the developer to add basic encryption capabilities to his/her projects with minimum effort, and without the need of having deep knowledge on how cryptography works. PLEASE NOTE that we are in the process of moving to GitHub: https://github.com/jasypt/jasypt

A Java library for executing, parsing and persisting NMap output.

A library help for signing data with PKCS11 token (certificates with SHA1withRSA Sign Algorithm) and create CMS packages. It uses Bouncy Castle Crypto API and SUNPKCS11. Also it verify the signed data and verify signing certificate's OCSP control.

Publish your junit test report in pdf format. Plug and Play integration. Home page: http://junitpdfreport.sourceforge.net/

silvertunnel.org is a project that provides an end-user browser, a Java library and additional Java security tools to easily access anonymity networks such as the Tor (torproject.org) network. Secure and easy to use. Tor4Java and Tor Browser. Attention: see project status on page https://sourceforge.net/p/silvertunnel/discussion/962278/thread/83dc2d02/#

WAP automatic detects and corrects input validation vulnerabilities in web applications written in PHP Language (version 4.0 or higher) and with a low rate of false positives. WAP detects the following vulnerabilities: - SQL injection using MySQL, PostgreSQL and DB2 DBMS - Reflected cross-site scripting (XSS) - Stored XSS - Remote file inclusion - Local file inclusion - Directory traversal - Source code disclosure - OS command injection - PHP code injection WAP is a static analysis tool that performs taint analysis to detect vulnerabilities, tracking malicious users inputs and checking if they reach calls of sensitive functions. It has a low rate of false positives because has implemented a data mining module to predict false positives when detects vulnerabilities. The output of the tool is: - shows the vulnerabilities found and how they are corrected - new files with the corrections

raw2vmdk is an OS independent Java utility that allows you to mount raw disk images, like images created by "dd", using VMware, VirtualBox or any other virtualization platform supporting the VMDK disk format.

The OWASP Security Shepherd project enables users to learn or to improve upon existing manual penetration testing skills. Utilizing the OWASP top ten as a challenge test bed, common security vulnerabilities can be explored and their impact on a system understood. The by-product of this challenge game is the acquired skill to harden a player's own environment from OWASP top ten security risks. The modules have been crafted to provide not only a challenge for a security novice, but security professionals as well. If you'd like to download the V3.0 VM, you can download it from github: https://github.com/OWASP/SecurityShepherd/releases/tag/v3.0 Try it live: https://owasp.securityshepherd.eu Raise issues here: https://github.com/markdenihan/owaspSecurityShepherd/issues More Info here: https://www.owasp.org/index.php/OWASP_Security_Shepherd

SeaMonster is a security modeling tool for threat models. It supports notations that security experts and analyzers are already familiar with, namely attack trees and misuse cases, and can connect to a repository for model sharing and reuse.

Brought to you by parvesh88 System Requirements 1. A Computer running Windows 7 Service Pack 1 or higher 2. Java Runtime Environment (JRE) 8 or higher if JRE is not installed on your Computer, then download and install from here JRE 8 for Windows x86 -> https://www.azul.com/core-post-download/?endpoint=zulu&uuid=55abea0c-2aa5-4316-aafb-e90847f6ee21 JRE 8 for Windows x64 -> https://www.azul.com/core-post-download/?endpoint=zulu&uuid=5a34da4a-1821-4c79-a57c-7fce38d102c2 JRE 8 for Mac OS -> https://www.azul.com/core-post-download/?endpoint=zulu&uuid=f0851b11-f391-43b0-ae80-4a29f9cc8c9f -> Download ESignPDF jar file -> Double click on downloaded file -> Follow displayed instructions -> Get signed PDF You can request to concerned certificate authority for obtaining Digital Signature Certificate ( DSC ) file despite of USB token if you have any query, then mail me at parvesh.garg@outlook.com

The PKI Framework (PKIF) is a cross-platform library for performing PKIX-compliant certificate processing. It includes support for SCVP, OCSP, CMS and Timestamps. It uses Windows CAPI, NSS or Crypto++ for cryptographic services and hardware support.

JSecurity is a powerful and flexible open-source Java security framework that cleanly handles authentication, authorization, enterprise session management, and cryptography services.

NetworkTools has 2 components: A protocol analyzer which plays a TCP client or server or pipeline, which sits between a client and server and shows how they communicate. A port scanner can scan a range of IP addresses and ports. See screenshots.

WSFuzzer is a fuzzing penetration testing tool used against HTTP SOAP based web services. It tests numerous aspects (input validation, XML Parser, etc) of the SOAP target. It is only to be used against targets that have granted permission to be teste

The java-sandbox allows you to securely execute untrusted code (for example, user generated scripts in scripting languages such as groovy or rhino) from within your application. It allows you to specify resources and classes that may be used by the code, thus, separating the execution from the application's execution environment. It allows to wrap execution environments in threads or even execute them remotely on different jvms.

This project provides an implementation of the NTRU public-key cryptosystem: NTRUEncrypt and NTRUSign.

Adobe Flash SWF editor which can read and edit bytecode.

A 100% pure Java Swing ASN.1 analysis utility for inspecting arbitrary BER-encoded data files. It allows inspection of data with unknown structure, can drill down to any nesting level and allows to interpret embedded OCTET STRING data recursively.