Automated All-in-One OS Command Injection Exploitation Tool.

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

Metasploit Framework

OSS-Fuzz - continuous fuzzing for open source software.

An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

Incubating project for decoupling responsibilities from Dependency-Track's monolithic API server into separate, scalable services.

😎 Awesome lists about all kinds of interesting topics

SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.

AppSec Ezine Public Repository.

franz-go is a feature complete, pure Go library for Kafka from 0.8.0 through 4.1+. Producing, consuming, transacting, administrating, etc.

Kubernetes audit logging, when you don't control the control plane

Cloud cost estimates for Terraform in pull requests💰📉 Shift FinOps Left!

A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatab…

The help files for the ZAP core

GoRE - Package gore is a library for analyzing Go binaries

CycloneDX SBOM Model and Utils for Creating and Validating BOMs

Free Accounting Software

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

Web3/Solidity based wargame

Creates CycloneDX Software Bill of Materials (SBOM) from Maven projects

📚 Freely available programming books

WebGoat is a deliberately insecure application

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

A tool that bootstraps your dotfiles ⚡️

A tool to create, transform and attest VEX metadata

Config files for my GitHub profile.

A curated list of amazingly awesome PHP libraries, resources and shiny things.

The security workflow engine!