Reconmap is a collaboration-first security operations platform for infosec teams and MSSPs, enabling end‑to‑end engagement management, from reconnaissance through execution and reporting. With buil…

A versatile and portable proxy for capturing, manipulating, and replaying HTTP/HTTPS traffic on the go.

Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...

Executes commands in a container on a kubelet endpoint that allows anonymous authentication (default)

CATS is a REST API Fuzzer and negative testing tool for OpenAPI endpoints. CATS automatically generates, runs and reports tests with minimum configuration and no coding effort. Tests are self-heali…

Wi-Fi Exploitation Framework

OpenSSF Scorecard - Security health metrics for Open Source

Common User Passwords Profiler (CUPP)

Open source compliance tool for development platforms.

Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user

An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses

Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!

Never ever ever use pixelation as a redaction technique

Search exposed EBS volumes for secrets

Tools for auditing WAFS

The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!

A utility to generate SPDX-compliant Bill of Materials manifests

Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.

Community curated list of public bug bounty and responsible disclosure programs.

Private key usage verification

A system to flag anomalous source code expressions by learning typical expressions from training data

A security focused static analysis tool for Android and Java applications.

Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.

Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing offensive toolkits.

CLI tool and library for generating a Software Bill of Materials from container images and filesystems

CodeQL snippets for ZeroNights 2021 "Company wide SAST" presentation.

threatspec - continuous threat modeling, through code

Write tests against structured configuration data using the Open Policy Agent Rego query language

A static analysis tool for securing Go code

GitLab CI security tools runner