Stars
Penetration Testing For - Web | Mobile | API | Thick Client | Source Code Review | DevSecOps | Wireless | Network Pentesting, etc...
Archive Alchemist is a tool for creating specially crafted archives to test extraction vulnerabilities.
John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs
A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.
🍯 T-Pot - The All In One Multi Honeypot Platform 🐝
Code Pathfinder, the open-source alternative to GitHub CodeQL built with GoLang. Built for advanced structural search, derive insights, find vulnerabilities in code.
Secure Code Review AI Agent (SeCoRA) - AI SAST
See README.md for link to Discord & YouTube. I will use this repository for my Flipper Zero projects & wiki.
Chat with your current directory's files using a local or API LLM.
aider is AI pair programming in your terminal
A curation of awesome tools, documents and projects about LLM Security.
All the deals for InfoSec related software/tools this Black Friday
The best resource you will ever find for getting started with Obsidian, probably
GitHub Attack Toolkit - Extreme Edition - A static analysis and exploit toolkit for GitHub Actions.
A collection of real-world threat model examples across various technologies, providing practical insights into identifying and mitigating security risks.
RedFlag uses AI to identify high-risk code changes. Run it in batch mode for release candidate testing or in CI pipelines to flag PRs and add reviewers. RedFlag's flexible configuration makes it va…
Octoscan is a static vulnerability scanner for GitHub action workflows.
Simple plug-and-play Github Action to block unauthorized outbound traffic (egress) in your Github workflows
Library and CLI tool for analysing CloudFormation templates and check them for security compliance.
Device Bound Session Credentials: A Protocol for Protecting From Cookie Theft
A collection of learning resources for curious software engineers
Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
A public place for all platform sample projects.
A Software as a Service (SaaS) log collection framework.
GitHub Advanced Security Policy as Code