eBPF-based Security Observability and Runtime Enforcement

A tool to uncover undocumented APIs from the AWS Console.

A highly unorganized repo with PowerShell (and more) scripts, diagrams and other stuff for Azure enumeration and exploitation

Find, verify, and analyze leaked credentials

🔑 Keychain Access for React Native

The modern Java bytecode editor

Burp Suite extension to perform Kerberos authentication

BChecks collection for Burp Suite Professional and Burp Suite DAST

SSH server & client security auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)

Proof-of-concept code for Android APEX key reuse vulnerability

♾️ Collection and Roadmap for everyone who wants DevSecOps. Hope your DevOps are more safe 😎

🔥Open source RASP solution

An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

An automation script for Ergani check-in/check-out "roufianos" system.

list of organizations offering vulnerability research/reverse engineering jobs

The backend of HTTP Toolkit

The Magic Mask for Android

Automated HTTP Request Repeating With Burp Suite

Extracts Key Values from .keytab files

Binder Trace is a tool for intercepting and parsing Android Binder messages. Think of it as "Wireshark for Binder".

RFC 8259 compliant JSON validator in Rust.

DOM fuzzer

A list of bizarre crackmes

Repository for information about 0-days exploited in-the-wild.

Ghidra is a software reverse engineering (SRE) framework

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

An advanced tool for working with access tokens and Windows security policy.

The Senior Solidity Engineer's Book is a resource meant to transform you into a Senior Solidity Engineer.

Parsing Android Security Bulletins

Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.