An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

nodejsscan is a static security code scanner for Node.js applications.

repository for JuliaMono, a monospaced font with reasonable Unicode support.

fully automated pentesting tool

Pentesting Reporting Tool

Vajra is a UI-based tool with multiple techniques for attacking and enumerating in the target's Azure and AWS environment. It features an intuitive web-based user interface built with the Python Fl…

A new approach to Browser In The Browser (BITB) without the use of iframes, allowing the bypass of traditional framebusters implemented by login pages like Microsoft and the use with Evilginx.

A built-to-be-vulnerable API application based on the OWASP top 10 API vulnerabilities. Use c{api}tal to learn, train and exploit API Security vulnerabilities within your own API Security CTF.

A quick handy script to harvest credentials off of a user during a Red Team and get execution of a file from the user

LogSnare: A playground for testing, preventing, and logging IDOR vulnerabilities.