Stars
Use Cloudflare to create HTTP pass-through proxies for unique IP rotation, similar to fireprox
Kingfisher is a blazingly fast and highly accurate tool for secret detection and live validation across files, Git repos, GitHub, GitLab, Azure DevOps, BitBucket, Gitea, AWS S3, Docker images, Jira…
Repository for the Microsoft Identity Tools PowerShell module which provides various tools for performing enhanced Identity administration activities.
YES3 Scanner: S3 Security Scanner for Access and Ransomware Protection
Buttercup finds and patches software vulnerabilities
A deliberately vulnerable Microsoft Entra ID environment. Learn identity security through hands-on, realistic attack challenges.
Proof of Concepts for malicious maintainers: How to Tamper with Releases built with GitHub Actions Worfklows, presented at fwd:cloudsec Europe 2025
Adobe Experience Manager (AEM) hacking toolkit
A Burp Suite extension for Lightning/Aura framework security testing with advanced action management, context editing, and comprehensive audit capabilities.
Detect common NFS server misconfigurations
asyncio support for botocore library using aiohttp
Docker Enumeration, Escalation of Privileges and Container Escapes (DEEPCE)
📦 Make security testing of K8s, Docker, and Containerd easier.
match command-line arguments to their help text
A small utility to modify the dynamic linker and RPATH of ELF executables
Open-source AI agents for penetration testing
Cybersecurity AI (CAI), the framework for AI Security
A lightweight PowerShell tool for assessing the security posture of Microsoft Entra ID environments. It helps identify privileged objects, risky assignments, and potential misconfigurations.
Nginxpwner is a simple tool to look for common Nginx misconfigurations and vulnerabilities.
A tool to discover and exploit Nginx alias traversal misconfiguration, the tool can bruteforce the URL path recursively to find out hidden files and directories.
Archive Alchemist is a tool for creating specially crafted archives to test extraction vulnerabilities.
AI Red Teaming playground labs to run AI Red Teaming trainings including infrastructure.
This script automates SQL injection testing using SQLMap with AI-powered decision making.
This repository contains all the examples related to a series of tutorials that demonstrate how to use the new Montoya API of Burp Suite to create extensions that will greatly simplify our penteste…
An intentionally vulnerable NGINX setup
PyBurp is a Burp Suite extension that provides predefined Python functions for HTTP/WebSocket traffic modification, context menu registration, Intruder payload processing, passive/active scanning, …