security

:video_camera: Complete HomeKit integration for all UniFi Protect device types with full support for most features including HomeKit Secure Video, and...

The best way to build Electron apps with security in mind.

Symfony Security Component - HTTP Integration

Python reference implementation of The Update Framework (TUF)

网络信息安全从业者面试指南

AWESOME-Azure-Architecture - https://aka.ms/AwesomeAzureArchitecture

Hardening Ubuntu. Systemd edition.

An email spoofing testing tool that aims to bypass SPF/DKIM/DMARC and forge DKIM signatures.🍻

grep rough audit - source code auditing tool

KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom D...

a recon tool that allows searching on URLs that are exposed via shortener services

Damn Vulnerable GraphQL Application is an intentionally vulnerable GraphQL service implementation designed for learning about and practising GraphQL S...

Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS

BinAbsInspector: Vulnerability Scanner for Binaries

Interactive CTF Exploration Tool

Database anonymization, synthetic data generation and logical dump

The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 350 common, vulnerable component...

OpenVPN server installer for Ubuntu, Debian, AlmaLinux, Rocky Linux, CentOS, Fedora, openSUSE, Amazon Linux 2 and Raspberry Pi OS. Includes interactiv...

Linux eBPF backdoor over TCP. Spawn reverse shells, RCE, on prior privileged access. Less Honkin, More Tonkin.

A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography;...

veinmind-tools 是由长亭科技自研，基于 veinmind-sdk 打造的容器安全工具集

OSX and iOS related security tools

🔗 Don't know what type of hash it is? Name That Hash will name that hash type! 🤖 Identify MD5, SHA256 and 300+ other hashes ☄ Comes with a neat web...

各种安全相关思维导图整理收集。渗透步骤，web安全，CTF，业务安全，人工智能，区块链安全，数据安全，安全开发，无线安全，社会工程学，二进制安全，移动安全，...

Sandbox your local AI agents so they can read/write only what they need

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Industry-leading free, high-performance, AI and semantic technology Web Application Firewall and API Security Gateway (WAAP) - UUSEC WAF.

开源、轻量、快速、跨平台 的网站漏洞扫描工具，帮助您快速检测网站安全隐患。功能 端口扫描(port scan) 指纹识别(fingerprint) 漏洞检测(nday check) 智能爆破...

Secure Boot & Measured Boot for NixOS [maintainers=@blitz @raitobezarius @nikstur]

Uses Empire's (https://github.com/BC-SECURITY/Empire) RESTful API to automate gaining Domain and/or Enterprise Admin rights in Active Directory enviro...

Checklist for container security - devsecops practices

Agent skills for solving CTF challenges - web exploitation, binary pwn, crypto, reverse engineering, forensics, OSINT, and more

safely install npm packages by auditing them pre-install stage

🧵 CLI tool for directly patching container images!

A chronological and (hopefully) complete list of reentrancy attacks to date.

The most flexible and standards-compliant OpenID Connect and OAuth 2.x framework for ASP.NET Core

🚫 Advanced tool for security researchers to bypass 403/40X restrictions through smart techniques and adaptive request manipulation. Fast. Precise. Ef...

A Suricata based NDR distribution

Extract one time password (OTP) secrets from QR codes exported by two-factor authentication (2FA) apps such as "Google Authenticator". The exported QR...

A service that analyzes docker images and scans for vulnerabilities

DarkFlare Firewall Piercing (TCP over CDN)

A next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for security professi...

A Anti-DDoS script to protect Nginx web servers using Lua with a HTML Javascript based authentication puzzle inspired by Cloudflare I am under attack...

A curated list of awesome resources related to executable packing

A curation of awesome tools, documents and projects about LLM Security.

Miscellaneous exploit code

Scripts to make password spraying attacks against Lync/S4B, OWA & O365 a lot quicker, less painful and more efficient

一款信息泄漏利用工具，适用于.git/.svn/.DS_Store泄漏和目录列出

GnuPG symmetric secrets manager using Bash.