Stars
The community's most comprehensive, continuously-updated index of research on Large Language Models for software vulnerability detection — papers across function-level, repository-level, agentic, a…
Resources for Windows exploit development
Reproduce CVEs from ForAllSecure Vulnerabilities Lab
Pre-Built Vulnerable Environments Based on Docker-Compose
A fully automated terminal-native AI shell built for security professionals.
Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submissio…
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container …
blint is a Binary Linter that checks the security properties and capabilities of your executables. It can also generate a Software Bill-of-Materials (SBOM) for supported binaries.
Documenting my security research journey: This repository contains detailed vulnerability write-ups, proof-of-concept (PoC) exploits, and the custom automation tools I use for reconnaissance and sy…
Code at the speed of thought – Zed is a high-performance, multiplayer code editor from the creators of Atom and Tree-sitter.
Awesome Node.js Security resources
🐍 🔍 GuardDog is a CLI tool to Identify malicious PyPI and npm packages
Our objective is to enable open source maintainers, contributors and end-users to understand and make decisions on the provenance of the code they maintain, produce and use.
The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.
CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.
Real-time npm/PyPI supply-chain threat detection. Behavioral chain analysis, AST scanning, IOC feeds, and compound scoring engine.
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
A collection of awesome penetration testing resources, tools and other shiny things
A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.
Secure, Fast, and Extensible Sandbox runtime for AI agents.
An agentic skills framework & software development methodology that works.
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
Open platform for sharing malware distribution sites
Open Source Continuous File Synchronization
Attack Graph Visualizer and Explorer (Active Directory) ...Who's *really* Domain Admin?