Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

The all-in-one Desktop & Docker AI application with built-in RAG, AI agents, and more.

Pattern recognition for hosts, services, and content

Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face. #nolockdown

A resource containing all the tools each ransomware gangs uses

Bugcrowd’s baseline priority ratings for common security vulnerabilities

Automation tool for Windows Deception Host Burn-In

AIL framework - Analysis Information Leak framework. Project moved to https://github.com/ail-project

Aggregation of lists of malicious IP addresses, to be blocked in the WAN > LAN direction, integrated into firewalls: FortiGate, Palo Alto, pfSense, IPtables

Dark Web OSINT Tool

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

A list of open source web security scanners

Pluggable linting tool to prevent committing credential.

Reconnaissance tool for GitHub code search. Scans for exposed API keys across all of GitHub, not just known repos and orgs.

Protect and discover secrets using Gitleaks 🔑

An enterprise friendly way of detecting and preventing secrets in code.

A suite of secret scanners built in Rust for performance. Based on TruffleHog (https://github.com/dxa4481/truffleHog) which is written in Python.

☕ 🌱 Trudesk is an open-source help desk/ticketing solution.

reNgine-ng is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuo…

Extract credentials from lsass remotely

The Business Email Compromise Guide sets out to describe 10 steps for performing a Business Email Compromise (BEC) investigation in an Office 365 environment. Each step is intended to guide the pro…

A logger for just about everything.

Python logging made (stupidly) simple

Sends your logs to files, sockets, inboxes, databases and various web services

A Onion websites searcher

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

Conference presentation slides

Open Breach and Attack Simulation Platform

Prevents you from committing secrets and credentials into git repositories

Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readines…