Fast and customizable vulnerability scanner For JIRA written in Python

The AWS Enumerator was created for service enumeration and info dumping for investigations of penetration testers during Black-Box testing. The tool is intended to speed up the process of Cloud rev…

Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.

A collective of different IRs for the Flipper

Vulnerability Static Analysis for Containers

Analysis and management tools for an Open Asset Model database

Source-rer is a tool to save source code from JavaScript sourcemap files.

An automated phishing tool with 30+ templates. This Tool is made for educational purpose only ! Author will not be responsible for any misuse of this toolkit !

Agentic LLM Vulnerability Scanner

Misconfig Mapper is a fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/or bug bounty targets!

The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving to…

Collection of links on bad opsec

Proactive, Open source API security → API discovery, Testing in CI/CD, Test Library with 150+ Tests, Add custom tests, Sensitive data exposure

An Archive of Ransomware Notes Past and Present Collected by Zscaler ThreatLabz

Mantis is a security framework that automates the workflow of discovery, reconnaissance, and vulnerability scanning.

Gram is Klarna's own threat model diagramming tool

🛡️ Awesome Cloud Security Resources ⚔️

A curated list of awesome GraphQL Security frameworks, libraries, software and resources

A reviewed list of useful PHP static analysis tools

Create your own vulnerable by design AWS penetration testing playground

Scanning APK file for URIs, endpoints & secrets.

A tool for auditing endpoints defined in exposed (Swagger/OpenAPI) definition files.

bespoke tooling for offensive security's Windows Usermode Exploit Dev course (OSED)

SessionProbe is a multi-threaded tool designed for penetration testing and bug bounty hunting. It evaluates user privileges in web applications by taking a session token and checking access across …

BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets, flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-…

Can you change the server ?

CISSP Certification Domain 1: Security and Risk Management Video Boot Camp 2019 [Video], published by Packt