Vulnerable app with examples showing how to not use secrets

Heimdall Enterprise Server 2 lets you view, store, and compare automated security control scan results.

Reconmap is a collaboration-first security operations platform for infosec teams and MSSPs, enabling end‑to‑end engagement management, from reconnaissance through execution and reporting. With buil…

Arkime is an open source, large scale, full packet capturing, indexing, and database system.

🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.

Machine Learning Systems

Open Cyber Threat Intelligence Platform

Fast, developer-friendly JS/TS dependency vulnerability scanner with local lockfile scanning, OSV matching, direct vs transitive visibility, --fix, JSON output, and practical remediation guidance.

Automated Adversary Emulation Platform

Shannon Lite is an autonomous, white-box AI pentester for web applications and APIs. It analyzes your source code, identifies attack vectors, and executes real exploits to prove vulnerabilities bef…

A powerful and user-friendly binary analysis platform!

Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, detections…

Malicious Extension Database

CyberStrikeAI is an AI-native security testing platform built in Go. It integrates 100+ security tools, an intelligent orchestration engine, role-based testing with predefined security roles, a ski…

Automatically assess and score software repositories for supply chain risk.

Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis

A Bash script to automate the initial configuration and security hardening of Debian and Ubuntu servers.

KeyLeak Detector – Scan websites for exposed API keys and secrets

freeCodeCamp.org's open-source codebase and curriculum. Learn math, programming, and computer science for free.

12 Lessons to Get Started Building AI Agents

A simple application that extracts your IoCs from garbage input and checks their reputation using multiple CTI services.

KQL Queries. Microsoft Defender, Microsoft Sentinel

A one-of-a-kind resume builder that keeps your privacy in mind. Completely secure, customizable, portable, open-source and free forever. Try it out today!

AI-powered bug bounty hunting from your terminal - recon, 20 vuln classes, autonomous hunting, and report generation. All inside Claude Code.

BCP documents and website of GCVE

FULL Augment Code, Claude Code, Cluely, CodeBuddy, Comet, Cursor, Devin AI, Junie, Kiro, Leap.new, Lovable, Manus, NotionAI, Orchids.app, Perplexity, Poke, Qoder, Replit, Same.dev, Trae, Traycer AI…

A curated toolkit for Open-Source Intelligence (OSINT) investigations. This repository contains a collection of scripts, resources, and methodologies to aid in gathering and analyzing publicly avai…

This repository will contain many mindmaps for cyber security technologies, methodologies, courses, and certifications in a tree structure to give brief details about them