Collection of malware source code for a variety of platforms in an array of different programming languages.

Automation to assess the state of your M365 tenant against CISA's baselines

The Python Risk Identification Tool for generative AI (PyRIT) is an open source framework built to empower security professionals and engineers to proactively identify risks in generative AI systems.

Malware samples for analysis, researchers, anti-virus and system protection testing (1600+ Malware-samples!).

MiniAGI is a simple general-purpose autonomous agent based on the OpenAI API.

A collection of essential and foundational cybersecurity knowledge, thoughtfully organized for easy comprehension.

dnsReaper - subdomain takeover tool for attackers, bug bounty hunters and the blue team!

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228

Fast and customizable vulnerability scanner For JIRA written in Python

Subdomain finder

Password Hunter in Active Directory

Terraform module to set up your AWS account with the secure baseline configuration based on CIS Amazon Web Services Foundations and AWS Foundational Security Best Practices.

AWS CIS Controls module for terraform

Automation and remediation bots for Dome9's (Continuous) Compliance Engine

Free Templates for AWS CloudFormation

GOAL: Incident Response Playbooks Mapped to MITRE Attack Tactics and Techniques. [Contributors Friendly]

TheHive: a Scalable, Open Source and Free Security Incident Response Platform

Pre-configured response & remediation playbooks for AWS Security Hub

Secure Shell Bruteforcer — A faster & simpler way to bruteforce SSH server

Collection of scripts and resources for DevSecOps and Automated Incident Response Security

Proof of concept incident response demo using SSM and AWS Fargate.

rpCheckup is an AWS resource policy security checkup tool that identifies public, external account access, intra-org account access, and private resources.

Static security checker for Dockerfiles

A collection of awesome software, libraries, documents, books, resources and cools stuffs about security.

Run individual configuration, compliance and security controls or full compliance benchmarks for CIS for Zoom using Powerpipe and Steampipe.

miscellaneous codes and snippets