Stars
EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.
Damn Vulnerable Restaurant is an intentionally vulnerable Web API game for learning and training purposes dedicated to developers, ethical hackers and security engineers.
A collection of real-world threat model examples across various technologies, providing practical insights into identifying and mitigating security risks.
Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.
Leveraging UART, SPI and JTAG for firmware extraction
🐍 A toolkit for testing, tweaking and cracking JSON Web Tokens
Stalker, the Extensible Attack Surface Management tool.
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…
A collection of Active Directory, phishing, mobile technology, system, service, web application, and wireless technology weaknesses that may be discovered during a penetration test.
Sparty - MS Sharepoint and Frontpage Auditing Tool
Sparty - MS Sharepoint and Frontpage Auditing Tool [Unofficial]
An MS Sharepoint and Frontpage Auditing Tool
SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.
Community curated list of templates for the nuclei engine to find security vulnerabilities.
Simple playbook to create a lab for learning ansible based in containers
ansible-kali-everlearning rebase
Command-line client for WebSockets, like netcat (or curl) for ws:// with advanced socat-like functions
Awesome information for WebSockets security research
Jumpstart multiple WebSocket servers quickly