Stars
Prompt-injection guardrail for LLM applications. Compact model that outperforms larger open-source guards. No regex, no signatures. Demo: anton.securelayer7.net
DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
A small collection of potentially useful contract templates
rewrite constructor arguments, call DOMPurify, profit
Use DOMPurify on server and client in the same way
A toolset for reverse engineering and fuzzing Protobuf-based apps
SSH server auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)
TCP/UDP Non-HTTP Proxy Extension (NoPE) for Burp Suite.
Write any JavaScript with 6 Characters: []()!+
Rip web accessible (distributed) version control systems: SVN/GIT/HG...
Smallest possible syntactically valid files of different types
A weekly selection of the relevant Chromium and Firefox intents
A Firefox extension for whitelist driven safe JavaScript execution.
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…
Automated penetration testing & attack surface management platform. Recon, scan, exploit, report — 600+ exploits, 90+ integrations, 10K+ detections.
XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security.
user.js -- Firefox configuration hardening
WS-Attacker is a modular framework for web services penetration testing. It is developed by the Chair of Network and Data Security, Ruhr University Bochum (https://nds.rub.de/ ) and the Hackmanit G…
RIPS - A static source code analyser for vulnerabilities in PHP scripts
scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.