A feature-rich command-line audio/video downloader

A library for detecting known secrets across many web frameworks

GCPGoat : A Damn Vulnerable GCP Infrastructure

AzureGoat : A Damn Vulnerable Azure Infrastructure

The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool

RSC/Next.js RCE Vulnerability Detector & PoC Chrome Extension – CVE-2025-55182 & CVE-2025-66478

The React Framework

High Fidelity Detection Mechanism for RSC/Next.js RCE (CVE-2025-55182 & CVE-2025-66478)

Original Proof-of-Concepts for React2Shell CVE-2025-55182

The library for web and native user interfaces.

Scapy: the Python-based interactive packet manipulation program & library.

Command-line tool that allows searching and downloading app packages (known as ipa files) from the iOS App Store

Eclipse Jetty® - Web Container & Clients - supports HTTP/3, HTTP/2, HTTP/1, websocket, servlets, and more

A smarter web fuzzing tool that combines local LLM models and ffuf to optimize directory and file discovery

A huge chunk of my personal notes since I started playing CTFs and working as a Red Teamer.

The Magic Mask for Android

Yet another tool to dump a git repository from a website, focused on as-complete-as-possible dumps and handling weird edge-cases.

Buttercup finds and patches software vulnerabilities

The Swiss Army knife for 802.11, BLE, HID, CAN-bus, IPv4 and IPv6 networks reconnaissance and MITM attacks.

The Simple Agent Development Kit.

the TCPdump network dissector

nghttp2 - HTTP/2 C Library and tools

A conformance testing tool for HTTP/2 implementation.

A fork and successor of the Sulley Fuzzing Framework

A pure-python fully automated and unattended fuzzing framework.

HTTP/2 fuzzer written in Golang

Fuzz 401/403/404 pages for bypasses

Damn Vulnerable Web Application (DVWA)