Automagically reverse-engineer REST APIs via capturing traffic

Extract URLs, paths, secrets, and other interesting bits from JavaScript

A tool for auditing endpoints defined in exposed (Swagger/OpenAPI) definition files.

A resources for who want to learn and get deep into client-side bugs

Audit your GitHub Actions workflow runs to see exactly which Actions were downloaded

tool designed for identifying vulnerabilities in open source codebases at scale. It can gather and filter on key repository metrics such as popularity and project size

Deobfuscate Javascript code using ChatGPT

Mapping from bug bounty and vulnerability disclosure programs to respective GitHub organizations

Static analysis for GitHub Actions

RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services.

An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

Integrates Semgrep static analysis with AI-powered recommendations to enhance code security and automate remediation.

Available for legacy purposes. New users please see Jalangi2 https://github.com/Samsung/jalangi2

Dynamic analysis framework for JavaScript

A Node.js vulnerability finding tool.

Burp Suite extension for testing Passkey systems.

🧪 Correlate Semgrep scans with Python test coverage to prioritize SAST findings and get bug fix suggestions via a self-hosted LLM.

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

Awesome secure by default libraries to help you eliminate bug classes!

Treat EventEmitter-like object using Async/Await, Async Iterator.

GitHub Actions Goat: Deliberately Vulnerable GitHub Actions CI/CD Environment

Static checker for GitHub Actions workflow files

Quick SQL Scanner, Dorker, Webshell injector PHP

RIPS - A static source code analyser for vulnerabilities in PHP scripts

Some personal stuff that I observed help frustrated and talented art students over 10+ years making, learning and teaching art professionally for no reason.

Set of icons representing programming languages, designing & development tools

Secure OpenVPN installer for Debian, Ubuntu and CentOS

Former GUI client for gRPC services. No longer maintained.

This project hosts security advisories and their accompanying proof-of-concepts related to research conducted at Google which impact non-Google owned code.