Api Security ChecklistChecklist of the most important security countermeasures when designing, testing, and releasing your API
Setup Ipsec VpnScripts to build your own IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2
MatomoLiberating Web Analytics. Star us on Github? +1. Matomo is the leading open alternative to Google Analytics that gives you full control over your data. Matomo lets you easily collect data from websites & apps and visualise this data and extract insights. Privacy is built-in. We love Pull Requests!
Retire.jsscanner detecting the use of JavaScript libraries with known vulnerabilities
RbacHierarchical Role-Based Access Control for Node.js
DsiemSecurity event correlation engine for ELK stack
KeyfinderKeyfinder🔑 is a tool that let you find keys while surfing the web!
NtlmreconEnumerate information from NTLM authentication enabled web endpoints 🔎
WebauthndemoAn example Java Relying Party implementation of the WebAuthn specification
RspetRSPET (Reverse Shell and Post Exploitation Tool) is a Python based reverse shell equipped with functionalities that assist in a post exploitation scenario.
IsthislegitDashboard to collect, analyze, and respond to reported phishing emails.
Log KillerClear all your logs in [linux/windows] servers 🛡️
ElkarbackupOpen source backup solution for your network
NvdtoolsA set of tools to work with the feeds (vulnerabilities, CPE dictionary etc.) distributed by National Vulnerability Database (NVD)
TwofactorauthList of sites with two factor auth support which includes SMS, email, phone calls, hardware, and software.
Physmem2profitPhysmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely
SpacesirenA honey token manager and alert system for AWS.
Raptor wafRaptor - WAF - Web application firewall using DFA [ Current version ] - Beta
BouncerEloquent roles and abilities.
Talksschedule and materials about my presentations
Simonsays💂 Simple, declarative, role-based access control system for Rails and Ruby
Yolo😈Scripts or demo projects on iOS development or reverse engineering
Sh00tSecurity Testing is not as simple as right click > Scan. It's messy, a tough game. What if you had missed to test just that one thing and had to regret later? Sh00t is a highly customizable, intelligent platform that understands the life of bug hunters and emphasizes on manual security testing.
ScumblrWeb framework that allows performing periodic syncs of data sources and performing analysis on the identified results
OmnibusThe OSINT Omnibus (beta release)
Scout🔭 Lightweight URL fuzzer and spider: Discover a web server's undisclosed files, directories and VHOSTs
SafetynethelperSafetyNet Helper wraps the Google Play Services SafetyNet.API and verifies Safety Net API response with the Android Device Verification API.
SecurityexploitsThis repo has been migrated to https://github.com/github/security-lab/tree/master/SecurityExploits
Api FuzzerAPI Fuzzer which allows to fuzz request attributes using common pentesting techniques and lists vulnerabilities
Hackchrome⛄️ Get the User:Password from Chrome(include version < 80 and version > 80)
Sagan** README ** This repo has MOVED to https://github.com/quadrantsec/sagan
Voicebook🗣️ A book and repo to get you started programming voice computing applications in Python (10 chapters and 200+ scripts).
BlessRepository for BLESS, an SSH Certificate Authority that runs as a AWS Lambda function
Ssosso, aka S.S.Octopus, aka octoboi, is a single sign-on solution for securing internal services
Puppet Os HardeningThis puppet module provides numerous security-related configurations, providing all-round base protection.
GrizzlyA cross-platform browser fuzzing framework
Android Pin BruteforceUnlock an Android phone (or device) by bruteforcing the lockscreen PIN. Turn your Kali Nethunter phone into a bruteforce PIN cracker for Android devices! (no root, no adb)
Spring Security Pac4jpac4j security library for Spring Security: OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...
Insecureprogrammingmirror of gera's insecure programming examples | http://community.coresecurity.com/~gera/InsecureProgramming/
Rhel7 StigAnsible role for Red Hat 7 STIG Baseline
Awesome He✨ Awesome - A curated list of amazing Homomorphic Encryption libraries, software and resources
ChopchopChopChop is a CLI to help developers scanning endpoints and identifying exposition of sensitive services/files/folders.
Webrtcchat🔏 Pure Browser To Browser Chat (STUN & ICE Servers optional)
BettercapDEPRECATED, bettercap developement moved here: https://github.com/bettercap/bettercap
WwdcYou don't have the time to watch all the WWDC session videos yourself? No problem me and many contributors extracted the gist for you 🥳
KubestrikerA Blazing fast Security Auditing tool for Kubernetes
KicomavKicomAV is an open source (GPL v2) antivirus engine designed for detecting malware and disinfecting it.