Agentic AI Infrastructure for magnifying HUMAN capabilities.

Reusable OpenTofu/Terraform module for deploying Go Lambda functions on AWS

A fast approximate nearest neighbor search library for Go

EvenBetter is a frontend Caido plugin that makes the Caido experience even better 😎

Unleash the power of cloud

CoWitness is a powerful web application testing tool that enhances the accuracy and efficiency of your testing efforts. It allows you to mimic an HTTP server and a DNS server, providing complete re…

Independently deploy customized honeyservices in AWS to trigger alerts on unauthorized access. It utilizes a dedicated CloudTrail for precise detection and notification specifically for honeyservic…

Burp Plugin to Bypass WAFs through the insertion of Junk Data

Fabric is an open-source framework for augmenting humans using AI. It provides a modular system for solving specific problems using a crowdsourced set of AI prompts that can be used anywhere.

Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀

Weekly updated list of missing CVEs in nuclei templates official repository. Mainly built for bug bounty, but useful for penetration tests and vulnerability assessments too.

Burp Suite Certified Practitioner Exam Study

httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.

Rockyou for web fuzzing

Check which CDN providers an IP list belongs to

Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.

dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers.

Curated resources for malware dev, reverse engineering, and defensive security research.

Google Compute Engine (GCE) VM takeover via DHCP flood - gain root access by getting SSH keys added by google_guest_agent

🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙‍♀️

IOCTLpus can be used to make DeviceIoControl requests with arbitrary inputs (with functionality somewhat similar to Burp Repeater).

🪂 A Github Action to deploy the Jekyll site conveniently for GitHub Pages.

grep rough audit - source code auditing tool

EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.

Fast, multi-protocol credential brute-forcer. Parses Nmap, Nessus, and Nexpose output to automatically test default and custom credentials across 30+ protocols.

Content discovery wordlists generated using BigQuery

Directory/File, DNS and VHost busting tool written in Go

A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)