OWASP Top 10 for Large Language Model Apps (Part of the GenAI Security Project)

Mobile Edge-Dynamic Unified Security Analysis

Fake Protocol Server

Monitor linux processes without root permissions

Various wordlists for bruteforce

A vulnerable application exposing Spring Boot Actuators

Trac is an enhanced wiki and issue tracking system for software development projects (mirror)

The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.

Nginx configuration static analyzer

A list of interesting payloads, tips and tricks for bug bounty hunters.

Come and join us, we need you!

A modern vulnerable web app

Prototype Pollution and useful Script Gadgets

CTFs as you need them

The Burp extension to check JWT (JSON Web Tokens) for using keys from known from public sources

Framework for blind boolean-based sql injections exploatation. Use it if sqlmap does shit.

DIVA Android - Damn Insecure and vulnerable App for Android

Sonar is a security researcher's Swiss army knife for finding and exploiting vulnerabilities that require out-of-band interactions

Another way to bypass WAF Cheat Sheet (draft)

Exploit for CVE-2019-11043

GraphQL application security testing helper

A collection of android security related resources

Find web directories without bruteforce

Python utility to takeover domains vulnerable to AWS NS Takeover

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Pentest/BugBounty progress control with scanning modules

A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python.

A demo of cross-origin login detection for most major web platforms