A list of useful payloads and bypass for Web Application Security and Pentest/CTF

The Swift Programming Language

A command-line benchmarking tool

The Swiss Army knife for 802.11, BLE, HID, CAN-bus, IPv4 and IPv6 networks reconnaissance and MITM attacks.

Evals is a framework for evaluating LLMs and LLM systems, and an open-source registry of benchmarks.

Atmosphère is a work-in-progress customized firmware for the Nintendo Switch.

Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. commandovm@mandiant.com

A static analysis security vulnerability scanner for Ruby on Rails applications

Reconnaissance tool for GitHub organizations

The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!

Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

Graph database optimized for fast analysis and real-time data processing. It is provided as an extension to PostgreSQL.

Keep track of internships for Summer 2020 for undergraduates interested in tech./SWE/related fields

Fast GitHub recon tool. Scans for leaked secrets across all of GitHub, not just known repos and orgs. Support for GitHub dorks.

Fast DNS Lookup Library and CLI Tool

🎄Visualization and annotation of phylogenetic trees

Train Tesseract LSTM with make

A command-line utility designed to discover URLs for a given domain in a simple, efficient way. It works by gathering information from a variety of passive sources, meaning it doesn't interact dire…

A set of Zeek scripts to detect ATT&CK techniques.

A suite of secret scanners built in Rust for performance. Based on TruffleHog (https://github.com/dxa4481/truffleHog) which is written in Python.

A fast Go Avro codec

An automated approach to performing recon for bug bounty hunting and penetration testing.

Brosec - An interactive reference tool to help security professionals utilize useful payloads and commands.

An up-to-date export of cloud provider IP address ranges

Collection of Meta's DNS Libraries

Student submissions for the WWDC 2019 Scholarship

Poor (rich?) man's bug bounty pipeline https://dubell.io

Visualization tool for Graph Neural Networks

This is an intentionally vulnerable smart contract truffle deployment aimed at allowing those interested in smart contract security to exploit a wide variety of issues in a safe environment.