A utility package to help implement stateless CSRF protection using the Double Submit Cookie Pattern in express.

Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report.

Various wordlists FR & EN - Cracking French passwords

A collection of real world AI/ML exploits for responsibly disclosed vulnerabilities

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

Fast and powerful SSL/TLS scanning library.

SSH server & client security auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)

TREVORspray is a modular password sprayer with threading, clever proxying, loot modules, and more!

Truly independent web browser

🖼️ A command-line system information tool written in bash 3.2+

Simple Directmedia Layer

A modular vulnerability scanner with automatic report generation capabilities.

The OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.

The IKE Scanner

Fast DNS Lookup Library and CLI Tool

Sasori is a dynamic web crawler powered by Puppeteer, designed for lightning-fast endpoint discovery.

An easy-to-setup version of XSS Hunter. Sets up in five minutes and requires no maintenance!

OWASP Foundation Web Respository

A small python module for wake on lan.

Moonbounce is a Kotlin VPN service library for use in Android applications

A deliberately insecure Java web application

A GitHub Security Lab initiative, providing an in-repo learning experience, where learners secure intentionally vulnerable code.

A privacy-first, self-hosted, fully open source personal knowledge management software, written in typescript and golang.

oneliner commands for bug bounties

A flexible distributed key-value datastore that supports both caching and beyond caching workloads.

An automated SSRF finder. Just give the domain name and your server and chill! ;) Also has options to find XSS and open redirects

binary releases of VS Code without MS branding/telemetry/licensing

A fancy self-hosted monitoring tool

This project aims to maintain Wappalyzer technologies