Production-Grade Container Scheduling and Management

Connect, secure, control, and observe services.

A tool for secrets management, encryption as a service, and privileged access management

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the …

A process for automating Docker container base image updates.

The easiest, most secure way to use WireGuard and 2FA.

Chaos Monkey is a resiliency tool that helps applications tolerate random instance failures.

Information gathering framework for phone numbers

Fast web fuzzer written in Go

A next-generation crawling and spidering framework.

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

Fast passive subdomain enumeration tool.

Vulnerability Static Analysis for Containers

Kubescape is an open-source Kubernetes security platform for your IDE, CI/CD pipelines, and clusters. It includes risk analysis, security, compliance, and misconfiguration scanning, saving Kubernet…

A vulnerability scanner for container images and filesystems

Adversary Emulation Framework

httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.

⬆️ ☠️ 🔥 Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock

An HTTP toolkit for security research.

Command-line tool that allows searching and downloading app packages (known as ipa files) from the iOS App Store

A Tool for Domain Flyovers

Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...

A Workflow Engine for Offensive Security

Monitor linux processes without root permissions

A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

Monitor a process and trigger a notification.

Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wis…

📦 Make security testing of K8s, Docker, and Containerd easier.