A lightweight tool for deploying and managing containerised applications across a network of Docker hosts. Bridging the gap between Docker and Kubernetes ✨

Metis is an open-source, AI-driven tool for deep security code review

SilentButDeadly is a network communication blocker specifically designed to neutralize EDR/AV software by preventing their cloud connectivity using Windows Filtering Platform (WFP). This version fo…

Scan MCP servers for potential threats & security findings.

This JavaScript CLI "undeletes' packages that have been removed from the NPM registry

Multilayered secret detection tool

Tunnel all your traffic over Websocket or HTTP2 - Bypass firewalls/DPI - Static binary available

A tool that supports finding and abusing whitelisted programs to allow arbitrary file writing into the executable folder of Antivirus software

Create honeypots for cloud environments

Real-time, container-based file scanning at enterprise scale

AuditKit - Multi-Cloud Compliance Scanner & Evidence Collection

SSHM is a beautiful command-line tool that transforms how you manage and connect to your SSH hosts. Built with Go and featuring an intuitive TUI interface, it makes SSH connection management effort…

LLM-based automated patch diffing

CredSweeper is a tool to detect credentials in any directories or files. CredSweeper could help users to detect unwanted exposure of credentials (such as token, passwords, api keys etc.) in advance…

A security tool that detects malicious packages from external vulnerability feeds and searches for them in your package registries or artifact repositories.

Weaponize DLL hijacking easily. Backdoor any function in any DLL.

Modern image vulnerability scanning & patching platform with multi-tool integration.

This terraform provider can be used to get remote code execution by injecting a dummy resource in a writeable state file.

Proof of Concepts for malicious maintainers: How to Tamper with Releases built with GitHub Actions Worfklows, presented at fwd:cloudsec Europe 2025

A powerful containerized tool that automatically downloads, extracts, and scans packages from PyPI and npm for embedded secrets, API keys, tokens, and other sensitive information using TruffleHog.

Automated multi-engine framework for unpacking, analyzing, and devirtualizing binaries protected by commercial and custom Virtual Machine based protectors. Combines Dynamic Taint Tracking, Symbolic…

A blazing fast, async-first, undetectable webscraping/web automation framework based on ultrafunkamsterdam/nodriver. Now with Docker support!

Language-agnostic AI auditor that autonomously builds and refines adaptive knowledge graphs for deep, iterative code reasoning.

Scan for leaked secrets during the s1ngularity attack using GitGuardian HasMySecretLeaked

Buttercup finds and patches software vulnerabilities

Pear 🍐 is extension for music player

PixiEditor is a Universal Editor for all your 2D needs

minT(oolkit): Mint awesome, secure and production ready containers just the way you need them! Don't change anything in your container image and minify it by up to 30x (and for compiled languages e…

🛡️ VIPER: Stay ahead of threats with AI-driven vulnerability intelligence. Prioritize CVEs effectively using NVD, EPSS, CISA KEV, and Google Gemini insights, all on an interactive dashboard

PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)