Stars
A curated list of smart contracts security audits checklists and resources.
Lets make video diffusion practical!
This Python script automates the process of identifying vulnerabilities in Firebase configurations extracted from APK files.
The only GraphQL wordlist you'll ever need. Operations, field names, type names... Collected on more than 60k distinct GraphQL schemas.
A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk
The Golang Bitfl1p lookup tool for Project Bitfl1p
A proof-of-concept of a self-replicating malware for Maven build environments.
Invoke-ArgFuscator is an open-source, cross-platform PowerShell module that helps generate obfuscated command-lines for common system-native executables.
A curated collection of tools, articles, research, and guides for fuzzing smart contracts on the Ethereum Virtual Machine (EVM).
graphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology is behind a given GraphQL endpoint.
A lightweight Python tool designed to perform SYN port scans, with support for using spoofed source IP addresses as a deception technique.
V2GInjector - Tool to intrude a V2G PowerLine network, but also to capture and inject V2G packets
🕸️ Blazing fast GraphQL endpoints finder using subdomain enumeration, scripts analysis and bruteforce. 🕸️
A curated list of awesome resources about Electron.js (in)security
This Chromium extension scans the page for external iFrames, Scripts, and Styles, logs them to the console, and checks if their domains are resolvable.
EDRaser is a powerful tool for remotely deleting access logs, Windows event logs, databases, and other files on remote machines. It offers two modes of operation: automated and manual.
Javascript security analysis (JSA) is a program for javascript analysis during web application security assessment.
Certainly is a offensive security toolkit to capture large amounts of traffic in various network protocols in bitflip and typosquat scenarios.
A tool that takes over Windows Updates to craft custom downgrades and expose past fixed vulnerabilities
Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
real time face swap and one-click video deepfake with only a single image