-
SECFORCE
- https://thelicato.io
- @thelicato
Stars
A utility package to help implement stateless CSRF protection using the Double Submit Cookie Pattern in express.
Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report.
Various wordlists FR & EN - Cracking French passwords
A collection of real world AI/ML exploits for responsibly disclosed vulnerabilities
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
Fast and powerful SSL/TLS scanning library.
SSH server & client security auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)
TREVORspray is a modular password sprayer with threading, clever proxying, loot modules, and more!
πΌοΈ A command-line system information tool written in bash 3.2+
A modular vulnerability scanner with automatic report generation capabilities.
The OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.
Sasori is a dynamic web crawler powered by Puppeteer, designed for lightning-fast endpoint discovery.
An easy-to-setup version of XSS Hunter. Sets up in five minutes and requires no maintenance!
OWASP Foundation Web Respository
A small python module for wake on lan.
Moonbounce is a Kotlin VPN service library for use in Android applications
A GitHub Security Lab initiative, providing an in-repo learning experience, where learners secure intentionally vulnerable code.
A privacy-first, self-hosted, fully open source personal knowledge management software, written in typescript and golang.
A flexible distributed key-value datastore that supports both caching and beyond caching workloads.
An automated SSRF finder. Just give the domain name and your server and chill! ;) Also has options to find XSS and open redirects
binary releases of VS Code without MS branding/telemetry/licensing
A fancy self-hosted monitoring tool
This project aims to maintain Wappalyzer technologies