Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the …

Fast web fuzzer written in Go

A next-generation crawling and spidering framework.

The API traffic analyzer for Kubernetes providing real-time K8s protocol-level visibility, capturing and monitoring all traffic and payloads going in, out and across containers, pods, nodes and clu…

jq for binary formats - tool, language and decoders for working with binary and text formats

Vulnerability scanner written in Go which uses the data provided by https://osv.dev

Reconnaissance tool for GitHub organizations

A Workflow Engine for Offensive Security

A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests

Chaos testing, network emulation, and stress testing tool for containers

Project Wycheproof tests crypto libraries against known attacks.

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

Automating situational awareness for cloud penetration tests.

A static analysis tool for securing Go code

Gryffin is a large scale web security scanning platform.

Quickly clone or backup an entire org/users repositories into one directory - Supports GitHub, GitLab, Bitbucket, and more 🐇🥚

GitHub App to set and enforce security policies

Fast and configurable TLS grabber focused on TLS based data collection.

Tool for building Kubernetes attack paths

A tool for securing CI/CD workflows with version pinning.

Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets

A tool for auditing endpoints defined in exposed (Swagger/OpenAPI) definition files.

Escalate your SSRF vulnerabilities on Modern Cloud Environments. `surf` allows you to filter a list of hosts, returning a list of viable SSRF candidates.

💀 Don't fear the Reaper 👻

all paths lead to clouds

Semgrep queries developed by Trail of Bits.

Documenting your Threat Models with HCL

Black box fuzzer for web applications

BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets, flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-…