Fast and powerful SSL/TLS scanning library.

The ZAP by Checkmarx Core project

The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the contr…

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Official OWASP Top 10 Document Repository

OWASP API Security Project

Ansible role for generating SSL certificates using certbot

A knowledge base of actionable Incident Response techniques

A binary authorization and monitoring system for macOS

This automation protect against subdomain takeover on AWS env which also send alerts on slack.

An encyclopedia for offensive and defensive security knowledge in cloud native technologies.

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

Context aware, pluggable and customizable data protection and de-identification SDK for text and images

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

TFLint ruleset for terraform-provider-aws

Tfsec is now part of Trivy

SSH server & client security auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the …

Cloud cost estimates for Terraform in pull requests💰📉 Shift FinOps Left!

The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis

In-depth attack surface mapping and asset discovery

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys.

Find, verify, and analyze leaked credentials

Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readines…

eBPF Python runtime sandbox with seccomp (Blocks RCE).

Comfortably monitor your Internet traffic 🕵️‍♂️

PostgreSQL database anonymization and synthetic data generation tool

Cartography is a Python tool that consolidates infrastructure assets and the relationships between them in an intuitive graph view powered by a Neo4j database.