Stars
📙 Amazon Web Services — a practical guide
Grafana Unauthorized arbitrary file reading vulnerability
PoC for PwnKit: Local Privilege Escalation Vulnerability in polkit’s pkexec (CVE-2021-4034)
Hunt for security weaknesses in Kubernetes clusters
vulnerable OAuth 2.0 applications: understand the security implications of your OAuth 2.0 decisions.
Ultimate Plumber is a tool for writing Linux pipes with instant live preview
My experiments in weaponizing Nim (https://nim-lang.org/)
Arsenal is just a quick inventory and launcher for hacking programs
Mastering Ethereum, by Andreas M. Antonopoulos, Gavin Wood
The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production.
Quark Agent - Your AI-powered Android APK Analyst
Threat Modelling Assets (STRIDE, DREAD, etc. cheat sheets)
GO Simple Tunnel - a simple tunnel written in golang
Runtime Mobile Security (RMS) 📱🔥 - is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime
Network Infrastructure Penetration Testing Tool
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
Prototype Pollution and useful Script Gadgets
iOS gamed exploit (fixed in 15.0.2)
Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.
Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to…
mobsfscan is a static analysis tool that can find insecure code patterns in your Android and iOS source code. Supports Java, Kotlin, Swift, and Objective C Code. mobsfscan uses MobSF static analysi…
📡 PoC auto collect from GitHub.
Small and highly portable detection tests based on MITRE's ATT&CK.