🔎 Static code analysis engine to find security issues in code.

command line management for Google Workspace

Collection of BADUSB scripts for the flipperzero

Crtsh Subdomain Enumeration | This bash script makes it easy to quickly save and parse the output from https://crt.sh website.

A collection of handy Bash One-Liners and terminal tricks for data processing and Linux system maintenance.

Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.

The only web-scale, fully customizable OpenID Certified™ OpenID Connect and OAuth2 Provider in the world. Become an OpenID Connect and OAuth2 Provider over night. Written in Go, cloud native, headl…

NVD, Ubuntu, Alpine

Community Cryptography Specification Project

Vulnerability database and package search for sources such as Linux, OSV, NVD, GitHub and npm. Powered by sqlite, CVE 5.1, purl, and vers.

Awesome secure by default libraries to help you eliminate bug classes!

Gram is Klarna's own threat model diagramming tool

http-wasm middleware based on Coraza WAF

OWASP Coraza WAF is a golang modsecurity compatible web application firewall library

Scan PostgreSQL Instance for potential problems. pg_gather is a SQL-only script leveraging the built-in features of psql.

Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submissio…

A Nmap XSL implementation with Bootstrap.

OpenClarity is an open source tool built to enhance security and observability of cloud native applications and infrastructure

SSH server & client security auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)

Scan repositories on GitHub and GitLab for sensitive data such as secrets, credentials, PII, and PCI.

DNS monitoring system built with Python.

Eliminate dangling elastic IPs by performing analysis on your resources within all your AWS accounts.

Streamline vulnerability patching with CVSS, EPSS, and CISA's Known Exploited Vulnerabilities. Prioritize actions based on real-time threat information, gain a competitive advantage, and stay infor…

Sends a report of Github security alerts to Slack

💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh

Frida scripts to directly MitM all HTTPS traffic from a target mobile application

Open source DocuSign alternative. Create, fill, and sign digital documents ✍️

rtl88x2bu driver updated for current kernels.

Traefik plugin to proxy requests to owasp/modsecurity-crs:apache container

The first open-source DDoS protection system