Cybersecurity (security) includes controlling physical access to hardware as well as protection from attacks that come via network access, data injection, and code injection.
Lockdown your linux install. The simple zero config linux hardening script
Web Based Event Viewer (GUI) for Suricata EVE Events in Elastic Search
Jenkins RCE Proof-of-Concept: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Dec...
:crystal_ball: Visibility Across Space and Time – The network telemetry engine for data-driven security investigations.
NERVE Continuous Vulnerability Scanner
Git plugin that prevents sensitive data from being committed.
A Powershell client for dnscat2, an encrypted DNS command and control tool.
Safer Node.js Buffer API
Credentials catching honeypot
A proof of concept injectable C++ dll, that uses naked inline hooking and direct memory modification to change your TeamViewer permissions.
ROPium is a tool that helps you building ROP exploits by finding and chaining gadgets together
Look-Ahead Java Deserialization Library
[DEPRECATED] password manager thing
Hunter作为中通DevSecOps闭环方案中的一环,扮演着很重要的角色,开源之后希望能帮助到更多企业。
A very aggressive filter-list that consolidates over 370 lists for use in AdGuard Home, Pi-Hole or similar.
Comprehensive Web Based Phishing Suite for Rapid Deployment and Real-Time Alerting!
Web Application Secure Coding Handbook resource.
ATT&CK实操
Demo of a Vue.js app that mixes both clientside templates and serverside templates leading to an XSS vulnerability
A one-time password (HOTP/TOTP) library for Java
Create and validate signed URLs with a limited lifetime
Encrypt and decrypt data using private/public keys
A set of tools to work with the feeds (vulnerabilities, CPE dictionary etc.) distributed by National Vulnerability Database (NVD)
Web Scan Lazy Tools - Python Package
Validate the Strength of a Password in Go
Forward local or remote tcp ports through SMB pipes.
Declarative penetration testing orchestration framework
PHP Security Check List [ EN ] 🌋 ☣️
A REST API security testing framework.
secretz, minimizing the large attack surface of Travis CI
A utility like pkg-audit for Arch Linux. Based on Arch Security Team data.
SSL certificate chain resolver
Security Analysis tool for WebAssembly module (wasm) and Blockchain Smart Contracts (BTC/ETH/NEO/EOS)
Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]
secure interactive password manager with xchacha20poly1305, argon2id, and Go
🚀 A Simple API Gateway for Building Security and Flexible Microservices.
PasscodeView is an Android Library to easily and securely authenticate user with PIN code or using the fingerprint scanner.
Seebug、structs、cve漏洞实时监控推送系统🔦
Secure Password Hashes for Python
JSON Web Token library for C++
Mercure is a tool for security managers who want to train their colleague to phishing.
List of my talks and workshops: security engineering, applied cryptography, secure software development
One-step iOS binary runtime instrumentation for the lazy ones
Tool Analysis Result Sheet
(deprecated) Android application vulnerability analysis and Android pentest tool
Parse and Process AWS IAM Policies, Statements, ARNs, and wildcards.
Linux vulnerability scanner based on Salt Open and Vulners audit API, with Slack notifications and JIRA integration
An Intrusion Detection System library loosely based on PHP IDS
Automated cacert.pem management for PHP projects
Clear all your logs in [linux/windows] servers 🛡️