Proactive, Open source API security → API discovery, Testing in CI/CD, Test Library with 150+ Tests, Add custom tests, Sensitive data exposure

Infra provides authentication and access management to servers and Kubernetes clusters.

Configure and deploy complete EKS clusters.

Kubescape is an open-source Kubernetes security platform for your IDE, CI/CD pipelines, and clusters. It includes risk analysis, security, compliance, and misconfiguration scanning, saving Kubernet…

Ultimate DevSecOps library

Boundary enables identity-based access management for dynamic infrastructure.

Multi-Cloud Security Auditing Tool

the fastest and most powerful android decompiler(native tool working without Java VM) for the APK, DEX, ODEX, OAT, JAR, AAR, and CLASS file. which supports malicious behavior detection, privacy lea…

At LinkedIn, we are using this curriculum for onboarding our entry-level talents into the SRE role.

🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.

The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!

Fast web fuzzer written in Go

Scripts to help with different ffuf tasks and workflows

Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.

Burp plugin able to find reflected XSS on page in real-time while browsing on site

Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.

A collection of tools to perform searches on GitHub.

MassDNS wrapper written in go to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard filtering and easy input-output support.

A collection of hacks and one-off scripts

Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.

TCP/UDP Non-HTTP Proxy Extension (NoPE) for Burp Suite.

Example pwnable challenge hosted with docker

Writeup for HackerOne H1-415 2020 CTF

Unofficial frida extension for VSCode

A collection of pwn/CTF related utilities for Ghidra

🐛 A list of writeups from the Google VRP Bug Bounty program