Stars
✨ Recognize all contributors, not just the ones who push code ✨
🖤 Create and share beautiful images of your source code
HTML5 Security Cheatsheet - A collection of HTML5 related XSS attack vectors
Tamper Dev is an extension that allows you to intercept and edit HTTP/HTTPS requests and responses as they happen without the need of a proxy. Works across all operating systems (including Chrome OS).
VSAQ is an interactive questionnaire application to assess the security programs of third parties.
OSS-Fuzz - continuous fuzzing for open source software.
Security oriented software fuzzer. Supports evolutionary, feedback-driven fuzzing based on code coverage (SW and HW based)
Effective June 1, 2021: Phabricator is no longer actively maintained.
UNIX-like reverse engineering framework and command-line toolset
Fetch many paths for many hosts - without killing the hosts
Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]
Source code for Hacker101.com - a free online web and mobile security class.
Node.js Ecosystem Security Working Group
DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
A script to set up a quick Ubuntu 17.10 x64 box with tools I use.
Simplenote for Web, Windows, and Linux
A collection of the solutions people wrote for the H1-212 Capture The Flag event
Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature
AutoTriageBot automatically verifies, deduplicates, and suggests payouts for incoming HackerOne reports.
A list of useful payloads and bypass for Web Application Security and Pentest/CTF