Stars
Ghidra is a software reverse engineering (SRE) framework
Open source alternative to Auth0 / Firebase Auth / AWS Cognito
Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.
Graphical SFTP client and terminal emulator with helpful utilities
The new bridge between Burp Suite and Frida!
BinAbsInspector: Vulnerability Scanner for Binaries
Open Adversarial Exposure Validation Platform
IPED Digital Forensic Tool. It is an open source software that can be used to process and analyze digital evidence, often seized at crime scenes by law enforcement or in a corporate investigation b…
Web and mobile application security training platform
Vulnerable app with examples showing how to not use secrets
DIVA Android - Damn Insecure and vulnerable App for Android
This project aims to provide a central repository for many useful Tsunami Security Scanner plugins.
JNDI-Exploitation-Kit(A modified version of the great JNDI-Injection-Exploit created by @welk1n. This tool can be used to start an HTTP Server, RMI Server and LDAP Server to exploit java web apps v…
This repository will serve as the "master" repo containing all trainings and tutorials done in preperation for OSWE in conjunction with the AWAE course. This repo will likely contain custom code by…
Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.
A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques
Damn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to assess your android application security hacking skills.
A Burp Suite Extension that try to find all sub-domain, similar-domain and related-domain of an organization automatically! 基于流量自动收集整个企业或组织的子域名、相似域名、相关域名的burp插件
A public open sourced tool. Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J inst…
REST/JSON API to the Burp Suite security tool.
Log4j jndi injects the Payload generator
RMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities
Research on GraphQL from an AppSec point of view.
Material for the training "Developing Burp Suite Extensions – From Manual Testing to Security Automation"
The BodgeIt Store is a vulnerable web application which is currently aimed at people who are new to pen testing.