DSPy: The framework for programming—not prompting—language models

An open-source RAG-based tool for chatting with your documents.

Deobfuscate obfuscator.io, unminify and unpack bundled javascript

A MIT-licensed, deployable starter kit for building and customizing your own version of AI town - a virtual town where AI characters live, chat and socialize.

The most advanced AI retrieval system. Containerized, Retrieval-Augmented Generation (RAG) with a RESTful API.

A community wiki for all things AI/ML bill of materials (MLBOM, AIBOM) and transparency into AI/ML models.

Repository for on-going work as part of the AIBOM Tiger Team effort.

Weaponized Browser-in-the-Middle (BitM) for Penetration Testers

Periodic cyber security newsletters that capture the latest news, summaries of conference talks, research, best practices, tools, events, vulnerabilities, and analysis of trending threats and attacks

WhereToGo - is a list of popular services that might be used in organizations. By having an account of the user - you can try to find entry points to the organization data.

🚀 HTTPie Desktop — cross-platform API testing client for humans. Painlessly test REST, GraphQL, and HTTP APIs.

OWASP based Web Application Security Testing Checklist is an Excel based checklist which helps you to track the status of completed and pending test cases.

🔐 Run frida-server on boot with Magisk, always up-to-date

A collection of browser-based side channel attack vectors.

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Repositório criado com intuito de reunir informações, fontes(websites/portais) e tricks de OSINT dentro do contexto Brasil.

This script grab public report from hacker one and make some folders with poc videos

Checklist of the most important security countermeasures when designing, testing, and releasing your API

Rockyou for web fuzzing

An actively maintained, Self curated notes related to android application security for security professionals, bugbounty hunters, pentesters, reverse engineer, and redteamers.

A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.

Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.

Advanced external automation on bug bounty programs by running the best set of tools to perform scanning and finding out vulnerabilities.

it is very good

Burp Extension for easily creating Wordlists

OSINT from your favorite services in a friendly terminal user interface - integrations for Virustotal, Shodan, and Censys

My cheatsheet notes to pentest AWS infrastructure

Bringing infosec community, group and leaders together that solve community challenges, problems, create cultural and provide value to Infosec community.