security

For auditing what collaborators, hooks, and deploy keys you have added on all your GitHub repositories.

本项目内容近期将会迁入到 https://github.com/dunwu/java-tutorial 项目中，以后不再维护

A lightweight python code protector, makes your python project harder to reverse engineer

:book: [译] Web Hacking 101 中文版

Parse: A Static Security Scanner

My personal hacklab, create your own.

A Vault client, but for containers and servers.

Lockdown your linux install. The simple zero config linux hardening script

😈Scripts or demo projects on iOS development or reverse engineering

Web Based Event Viewer (GUI) for Suricata EVE Events in Elastic Search

:crystal_ball: Visibility Across Space and Time – The network telemetry engine for data-driven security investigations.

NERVE Continuous Vulnerability Scanner

Jenkins RCE Proof-of-Concept: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Dec...

Git plugin that prevents sensitive data from being committed.

A Powershell client for dnscat2, an encrypted DNS command and control tool.

Safer Node.js Buffer API

A proof of concept injectable C++ dll, that uses naked inline hooking and direct memory modification to change your TeamViewer permissions.

Credentials catching honeypot

ROPium is a tool that helps you building ROP exploits by finding and chaining gadgets together

Look-Ahead Java Deserialization Library

[DEPRECATED] password manager thing

Hunter作为中通DevSecOps闭环方案中的一环，扮演着很重要的角色，开源之后希望能帮助到更多企业。

A very aggressive filter-list that consolidates over 370 lists for use in AdGuard Home, Pi-Hole or similar.

Comprehensive Web Based Phishing Suite for Rapid Deployment and Real-Time Alerting!

Web Application Secure Coding Handbook resource.

Demo of a Vue.js app that mixes both clientside templates and serverside templates leading to an XSS vulnerability

ATT&CK实操

A one-time password (HOTP/TOTP) library for Java

Create and validate signed URLs with a limited lifetime

Encrypt and decrypt data using private/public keys

A set of tools to work with the feeds (vulnerabilities, CPE dictionary etc.) distributed by National Vulnerability Database (NVD)

Web Scan Lazy Tools - Python Package

Validate the Strength of a Password in Go

Forward local or remote tcp ports through SMB pipes.

Declarative penetration testing orchestration framework

PHP Security Check List [ EN ] 🌋 ☣️

A REST API security testing framework.

secretz, minimizing the large attack surface of Travis CI

A utility like pkg-audit for Arch Linux. Based on Arch Security Team data.

SSL certificate chain resolver

secure interactive password manager with xchacha20poly1305, argon2id, and Go

Security Analysis tool for WebAssembly module (wasm) and Blockchain Smart Contracts (BTC/ETH/NEO/EOS)

Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]

🚀 A Simple API Gateway for Building Security and Flexible Microservices.

PasscodeView is an Android Library to easily and securely authenticate user with PIN code or using the fingerprint scanner.

Seebug、structs、cve漏洞实时监控推送系统🔦

Secure Password Hashes for Python

JSON Web Token library for C++

Mercure is a tool for security managers who want to train their colleague to phishing.

List of my talks and workshops: security engineering, applied cryptography, secure software development