security

Cloud-native authorization for modern applications and APIs

Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.

Home Assistant integration to manage Eufy Security devices as cameras, home base stations, doorbells, motion and contact sensors.

UAC is a powerful and extensible incident response tool designed for forensic investigators, security analysts, and IT professionals. It automates the...

Awesome-Jailbreak-on-LLMs is a collection of state-of-the-art, novel, exciting jailbreak methods on LLMs. It contains papers, codes, datasets, evaluat...

A Slack bot for GitHub organization management -- and other things too

Linting tool for CloudFormation templates

PacBot (Policy as Code Bot)

RSA public/private key encryption in Swift

😎 🐣 A starter boilerplate for a universal web app with the best development experience and a focus on performance and best practices.

K8Ladon大型内网渗透自定义插件化扫描神器，包含信息收集、网络资产、漏洞扫描、密码爆破、漏洞利用，程序采用多线程批量扫描大型内网多个IP段C段主机，目前插件...

A GitHub Action for authenticating to Google Cloud.

Runs Trivy as GitHub action to scan your Docker container image for vulnerabilities

Advanced Honeypot framework.

Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 20...

WordPress static site generator for security, performance and cost benefits

Environment variables meet macOS Keychain and gnome-keyring <3

A Tox-based instant messaging and video chat client.

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

a collection about Windows 11

Simple extension that provides Basic, Digest and Token HTTP authentication for Flask routes

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dyn...

This book on heap exploitation is a guide to understanding the internals of glibc's heap and various attacks possible on the heap structure.

Captfencoder is opensource a rapid cross platform network security tool suite, providing network security related code conversion, classical cryptogra...

log4j-scanner is a project derived from other members of the open-source community by CISA to help organizations identify potentially vulnerable web s...

Testing, simplified. || An inclusive, accessibility-first GUI for generating clean, semantic Javascript tests in only a few clicks of a button.

Some public notes

Firewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies for that domain...

☕ Latte: the safest & truly intuitive templates for PHP. Engine for those who want the most secure PHP sites.

The fastest dork scanner written in Go.

Your MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS, LLMNR and NetBIOS-NS spoofing.

The StackRox Kubernetes Security Platform performs a risk analysis of the container environment, delivers visibility and runtime alerts, and provides...

spring-boot 项目实践总结

Plugin for sudo that requires another human to approve and monitor privileged sudo sessions

A coding agent hook that acts as a safety net, catching destructive git and filesystem commands before they execute.

Suricata IDS rules 用来检测红队渗透/恶意行为等，支持检测CobaltStrike/MSF/Empire/DNS隧道/Weevely/菜刀/冰蝎/挖矿/反弹shell/ICMP隧道等

PowerShell framework to assess Azure security

Watcher - Open Source AI-powered Cyber Threat Intelligence & Hunting Platform. Developed with Django & React JS.

Audits Python environments, requirements files and dependency trees for known security vulnerabilities, and can automatically fix them

secator - the pentester's swiss knife

Monkey365 provides a tool for security consultants to easily conduct not only Microsoft 365, but also Azure subscriptions and Microsoft Entra ID secur...

专为CTF设计的Jinja2 SSTI全自动绕WAF脚本 | A Jinja2 SSTI cracker for bypassing WAF, designed for CTF

Discover Your Attack Surface!

:zap: Worlds fastest steghide cracker, chewing through millions of passwords per second :zap:

The repo contains a series of challenges for learning Frida for Android Exploitation.

Modern camera app focused on privacy and security with QR & barcode scanning.

Community-driven baseline to accelerate Intune adoption and learning.

A curated list of awesome tips and tricks, resources, videos and articles in .net, software architecture, microservice and cloud-native.

Useful Google Dorks for WebSecurity and Bug Bounty

FIDO2 Conformant WebAuthn and Passkey backend library for golang