397 Open source projects that are alternatives of or similar to Damn-Vulnerable-Bank

Some good resources for getting started with application security

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

An open source Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners.

A big list of Android Hackerone disclosed reports and other resources.

🌒 Shell command obfuscation to avoid detection systems

Biometric factors allow for secure authentication on the Android platform.

Community modules for FAME

a useful utility for android app security testing

A collection of resources I'm using while working toward the OSCP

Android process memory dump tool without ndk.

Communicate with Fortify Software Security Center through REST API in java, a swagger generated client

Python Tutorial - || Advanced Keylogger || Code Walk-through || Hacking/Info-Sec ||

Get GTFOBins info about a given exploit from the command line

The Open Security Summit 2020 is focused on the collaboration between, Developers and Application Security

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.

An introduction to security for developers.

DDTTX Tabletop Trainings

Security challenges and CTFs created by the Penultimate team.

sub domain wild card filtering tool

Bucket Flaws ( S3 Bucket Mass Scanner ): A Simple Lightweight Script to Check for Common S3 Bucket Misconfigurations

GZip HTTP Bombing in Python for everyone

Intentionally vulnerable Android application.

Tool for breaking into web applications.

Subcert is an subdomain enumeration tool, that finds all the subdomains from certificate transparency logs.

Full Nuclei automation script with logic explanation.

A support library for Ronin. Like activesupport, but for hacking!

A WebAuthn Authenticator for Android leveraging hardware-backed key storage and biometric user verification.

Validate all your Customer IAM Policies against AWS Access Analyzer - Policy Validation

Astra is a tool to find URLs and secrets inside a webpage/files

Threat Hunting queries for various attacks

A Heroku-based web honeypot that can be used to create and monitor fake HTTP endpoints (i.e. honeytokens).

🦁 Juumla is a python tool created to identify Joomla version, scan for vulnerabilities and search for config or backup files.

Totally Insecure Web Application Project (TIWAP)

A Deliberately Insecure Web Application

goverview - Get an overview of the list of URLs

No description or website provided.

An inventory of tools and resources about CyberSecurity that aims to help people to find everything related to CyberSecurity.

Python bindings for Yeti's API

Little Bug Bounty & Hacking Tools⚔️

Nozzlr is a bruteforce framework, trully modular and script-friendly

Find exposed API keys based on RegEx and get exploitation methods for some of keys that are found

Feature-rich Post Exploitation Framework with Network Pivoting capabilities.

Collection of several DDos tools.

An integrated tool and a collection of snippets which helps in the various aspects of the terminal.

Scan installed EDRs and AVs on Windows

SEC分布式资产扫描系统

Pass in a list of URLs with query strings, get back a unique list of URLs and query string combinations

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

Django application that performs SAST and Malware Analysis for Android APKs

The initial conversation slides and menu of scenarios

Exploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)

This script will automatically set up an OSINT workstation starting from a Ubuntu OS.

Sandboxed Wrapper for Node.js File System API

unix wildcard attacks

🔑 Hash type identifier (CLI & lib)

One stop place for exploiting Jira instances in your proximity

Swiss army knife for identifying and fingerprinting Android devices.

This document proposes a way of standardising the structure, language, and grammar used in security policies.

A concise, directive, specific, flexible, and free incident response plan template

Vulnerability assessment and penetration testing automation and reporting platform for teams.