A community trust management system based on explicit vouches to participate.

GitHub Attack Toolkit - Extreme Edition - A static analysis and exploit toolkit for GitHub Actions.

A simple tool to help apply changes across many GitHub repositories simultaneously

All the deals for InfoSec related software/tools this Black Friday

🤖 CLI for OpenAI

yataf extracts secrets and paths from files or urls - its best used against javascript files

mailcow: dockerized - 🐮 + 🐋 = 💕

(Unofficial) Python API for https://crt.sh

Pronounceable Password Generator website

ActiveScan++ Burp Suite Plugin

A collection of GRUB files and scripts that will allow you to create a pendrive capable of booting different ISO files

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

PowerShell script and Java code to decrypt WebLogic passwords

Testing TLS/SSL encryption anywhere on any port

Proof-of-concept codes created as part of security research done by Google Security Team.

Bug Bounty writeups, Vulnerability Research, Tutorials, Tips&Tricks

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Remote agent used for processing distributed jobs

A web front-end for password cracking and analytics

A Tool for Domain Flyovers

A collection of scripts that run on my web server. Mainly for debugging SSRF, blind XSS, and XXE vulnerabilities.

Wiki to collect Red Team infrastructure hardening resources

A collection of various awesome lists for hackers, pentesters and security researchers

A curated list of awesome social engineering resources.

Bull's Eye Wordlist Generator - Does your password rely on predictable patterns of accessible info?

Red Teaming & Pentesting checklists for various engagements

Interactive cli tool for HTTP inspection

Egressbuster is a method to check egress filtering and identify if ports are allowed. If they are, you can automatically spawn a shell.

Patch Binaries via MITM: BackdoorFactory + mitmProxy.