Find, verify, and analyze leaked credentials

Chaos Monkey is a resiliency tool that helps applications tolerate random instance failures.

Fast web fuzzer written in Go

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

Vulnerability Static Analysis for Containers

Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark

Reconnaissance tool for GitHub organizations

Modlishka. Reverse Proxy.

Linux Runtime Security and Forensics using eBPF

Write tests against structured configuration data using the Open Policy Agent Rego query language

CLI tool that finds secrets accidentally committed to a git repo, eg passwords, private keys

An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.

Tool to check for dependency confusion vulnerabilities in multiple package management systems

ChopChop is a CLI to help developers scanning endpoints and identifying exposition of sensitive services/files/folders.

Semgrep queries developed by Trail of Bits.

blacksheepwall is a hostname reconnaissance tool

boostsecurityio/poutine

Benchmark tool for MQTT Broker

A simple yet beautiful phishing proxy.

Golang library of the AppSec Pipeline Specification - use this to get started on a Golang implementation of your own AppSec Pipeline