jar-analyzer

jar-analyzer / jar-analyzer-engine

Public

Java bytecode analysis engine built on ASM, extracts method call graphs, inheritance trees, Spring routes, and string constants from JAR/WAR into SQLite. AI-friendly output for security auditing.

bytecode call-graph code-audit java-asm java-bytecode
14
0
100% credibility
Found Mar 20, 2026 at 14 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Java
AI Summary

A command-line tool that analyzes Java application packages and outputs a structured database for security audits and AI-powered code review.

How It Works

1
🔍 Discover Jar Analyzer

You hear about a handy tool that inspects Java app packages to uncover security secrets.

2
📥 Grab the analyzer

Download the simple program to your computer and get ready to check your apps.

3
📁 Pick your app package

Choose the zipped app file you want to examine for hidden issues.

4
🚀 Launch the scan

Start the analyzer on your file and watch it magically pull out all the inner workings.

5
💾 Get your insights file

Receive a tidy file packed with details like connections, paths, and sensitive strings.

6
Explore the treasures
🤖
AI chat

Ask an AI questions and get instant security insights.

📊
Manual browse

Open the file in a viewer to hunt for risks yourself.

Secure your app

Spot vulnerabilities easily and make your software safer than ever.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 14 to 14 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is jar-analyzer-engine?

This Java tool scans JAR or WAR files to pull out method call graphs, inheritance trees, Spring MVC routes, JavaWeb components, and string constants like SQL or keys, dumping everything into a queryable SQLite database. Built on ASM for bytecode manipulation across Java versions, it runs as a CLI with options like quick mode for fast call graphs or full analysis including polymorphism fixes. The AI-friendly schema lets you feed results directly to tools like Claude for security audits—no more manual bytecode viewer online drudgery.

Why is it gaining traction?

In a world of github java trending analyzers, it stands out with precise invoke tracking (Lambdas too), nested JAR parsing for Spring Boot fat jars, and built-in decompilation via Fernflower. Black/white lists speed up targeted scans, while the DB output enables SQL queries for call chains or sensitive strings—perfect for java github actions pipelines or ai-friendly analysis. Low stars hide its maturity from a 5-year parent project.

Who should use this?

Java security auditors tracing RCE/deserialization chains in enterprise apps, pentesters mapping Spring routes and web components, or backend devs auditing fat JARs for overrides and constants. Ideal for teams using java github copilot or gitlab clients who want structured bytecode data for AI vuln hunting over raw java bytecode instructions dumps.

Verdict

Grab it if you need reliable Java bytecode analysis in SQLite—docs are thorough, CLI is flexible, and AI integration shines, despite 1.0% credibility from 14 stars signaling early stage. Test on small JARs first; pairs well with java github api libraries for automation.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.