JSNinja is a powerful tool designed for security researchers and developers looking to extract sensitive information and Urls from JavaScript files.

📜 A Cheat-Sheet Collection from the WWW

Cloud cost estimates for Terraform in pull requests💰📉 Shift FinOps Left!

Complete Roadmap for Penetration Testing

Burp Plugin to Bypass WAFs through the insertion of Junk Data

Proactive, Open source API security → API discovery, Testing in CI/CD, Test Library with 150+ Tests, Add custom tests, Sensitive data exposure

Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration

Penetration Testing Student version 2 simple condensed NOTES for quick recap

Notes created for preparation of EJPTv2

Simplify your life with leak detection in JavaScript. NipeJS streamlines the use of regex, making it effortless to uncover potential leaks.

Fetches JavaScript files quickly and comprehensively.

SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files

Prowler is an Open Cloud Security tool for AWS, Azure, GCP and Kubernetes. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics…

Multi-Cloud Security Auditing Tool

Cloudlist is a tool for listing Assets from multiple Cloud Providers.

A command line security audit tool for Amazon Web Services

The Clouditor is a tool to support continuous cloud assurance. Developed by Fraunhofer AISEC.

The AWS Enumerator was created for service enumeration and info dumping for investigations of penetration testers during Black-Box testing. The tool is intended to speed up the process of Cloud rev…

🦉🔎 A simple tool to audit your AWS/GCP infrastructure for misconfiguration or potential security issues with plugins integration

AWS bulk tagging tool

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

A comprehensive list of custom filters for Logger++ to identify various vulnerabilities in different API styles

A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me

Writeups for the machines on ethical hacking site Hack the Box

🦀 | RustRedOps is a repository for advanced Red Team techniques and offensive malware, focused on Rust

Bug Bounty Testing Essential Guideline : Startup Bug Hunters

Awesome secure by default libraries to help you eliminate bug classes!