eBPF-based Security Observability and Runtime Enforcement

The backend of HTTP Toolkit

Find, verify, and analyze leaked credentials

Binary instrumentation framework based on FRIDA

An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

The modern Java bytecode editor

Open eClass

Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.

EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.

FastAPI framework, high performance, easy to learn, fast to code, ready for production

The Magic Mask for Android

A security focused static analysis tool for Android and Java applications.

Ghidra is a software reverse engineering (SRE) framework

One second to read GitHub code with VS Code.

📱 objection - runtime mobile exploration

📚 A collection of useful resources for building RESTful HTTP+JSON APIs.

This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), ar…

BChecks collection for Burp Suite Professional and Burp Suite DAST

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

The Internet services of the IT department of Alexander Technological Education Institute of Thessaloniki

An advanced tool for working with access tokens and Windows security policy.

IoTGoat is a deliberately insecure firmware created to educate software developers and security professionals with testing commonly found vulnerabilities in IoT devices.

🔥Open source RASP solution

A list of public penetration test reports published by several consulting firms and academic security groups.

Runtime Mobile Security (RMS) 📱🔥 - is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime

🍯 T-Pot - The All In One Multi Honeypot Platform 🐝

cve-search - a tool to perform local searches for known vulnerabilities

Repository for information about 0-days exploited in-the-wild.

Binder Trace is a tool for intercepting and parsing Android Binder messages. Think of it as "Wireshark for Binder".

list of organizations offering vulnerability research/reverse engineering jobs