The tiniest PaaS you've ever seen. Piku allows you to do git push deployments to your own servers.

A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.

Embed files within JPG images using this steganography-like privacy tool. Post images on Mastodon, Reddit and other hosting sites.

PHP RCE PoC for CVE-2024-4577 written in bash, go, python and a nuclei template

The EXCLUSIVE Collection of 38,000+ Nuclei templates based on Wordfence intel. Daily updates for bulletproof WordPress security.

A community-powered collection of all known bug bounty platforms, vulnerability disclosure platforms, and crowdsourced security platforms currently active on the Internet.

Generate JPG/XSS polyglot using this simple script

Misconfig Mapper is a fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/or bug bounty targets!

Methodology and accompanying scripts to identify novel CVEs using information from existing CVEs. Based on the talk "Stalking Known Open Source Offenders for Novel CVEs" from BSidesCT and BSidesDay…

WordPress membership plugin to restrict access to content and charge recurring subscriptions using Stripe, PayPal, and more. Fully open source. 100% GPL.

Damn Small Vulnerable Web

List of Magento extensions with known security issues.

Quickly find core modifications in open source code bases

Scanner, signatures and the largest collection of Magento malware

rtMedia (formerly Buddypress Media) adds advanced multimedia functionality to WordPress, BuddyPress and bbPress

🛠️ Workflows created by the community

Fast, modern and advanced photo management suite. Runs as a Nextcloud app.

REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications

Color, ASCII-only Git prompt for zsh, bash, ksh93, mksh, pdksh, oksh, dash, yash, busybox ash, and osh

container image to single executable compiler

Gentoo overlay for security tools as well as the heart of the Pentoo Livecd

An ArchLinux based distribution for penetration testers and security researchers.

Fast web fuzzer written in Go

This project contains the source code for the CERT Basic Fuzzing Framework (BFF) and the CERT Failure Observation Engine (FOE).

Grammar-based HTTP/1 fuzzer with mutation ability

A modular vulnerability scanner with automatic report generation capabilities.

A proof-of-concept WordPress plugin fuzzer

The Roundcube Webmail suite