Stars
Example solutions demonstrating how to implement patterns within the AWS Security Reference Architecture guide using CloudFormation (including Customizations for AWS Control Tower) and Terraform.
dvershinin / gixy
Forked from yandex/gixyNGINX configuration static analyzer
The Correlated CVE Vulnerability And Threat Intelligence Database API
Collection of Proof of Concepts and Potential Targets for #ShellShocker
Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
GitHub Actions Pipeline Enumeration and Attack Tool
graphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology is behind a given GraphQL endpoint.
A collection of fuzzers in a harness for testing the SpiderMonkey JavaScript engine.
Protection against Model Serialization Attacks
Simple Python library/structure to ablate features in LLMs which are supported by TransformerLens
ASH is an extensible, open source SAST, SCA, and IaC security scanner orchestration engine.
Machine learning driven web application firewall to detect malicious queries with high accuracy.
Automated web vulnerability scanning with LLM agents
A command line tool that validates AWS IAM Policies in a Terraform template against AWS IAM best practices
GraphQL automated security testing toolkit
Halberd : Multi-Cloud Agentic Attack Tool
Nord Stream is a tool that allows you to extract secrets stored inside CI/CD environments by deploying malicious pipelines. It currently supports Azure DevOps, GitHub and GitLab.
Find authentication (authn) and authorization (authz) security bugs in web application routes.
Python API security testing tool from OpenStack Security Group
Python implementation of GhostPack's Seatbelt situational awareness tool
Unauthenticated enumeration of AWS, Azure, and GCP Principals
Dropbox LLM Security research code and results
A tool to surface security issues in python code