Stars
wtf is a distributed, code-coverage guided, customizable, cross-platform snapshot-based fuzzer designed for attacking user and / or kernel-mode targets running on Microsoft Windows and Linux user-m…
weggli is a fast and robust semantic search tool for C and C++ codebases. It is designed to help security researchers identify interesting functionality in large codebases.
A tool to investigate Dependency Confusion in Artifactory
Chrome-extension implant that turns victim Chrome browsers into fully-functional HTTP proxies, allowing you to browse sites as your victims.
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Fetch all the URLs that the Wayback Machine knows about for a domain
A mini webserver with FTP support for XXE payloads
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…
One rule to crack all passwords. or atleast we hope so.
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
Hook system calls, context switches, page faults and more.
Dlint is a tool for encouraging best coding practices and helping ensure we're writing secure Python code.
A description of the "House of Corrosion" GLIBC heap exploitation technique.
Python tool for testing vulnerabilities in WebSockets / Socket.IO servers
Smart Greybox Fuzzing (https://thuanpv.github.io/publications/TSE19_aflsmart.pdf)
Diaphora, the most advanced Free and Open Source program diffing tool.
A comprehensive test suite for RFC 8259 compliant JSON parsers
Code Pulse is a real-time code coverage tool for penetration testing activities
Maintaining account persistence via XSS and Oauth
🔑 The easiest way to control what npm modules can access