Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

Fast and customizable subdomain wordlist generator using DSL

⚡ Hugo Blox: Markdown sites in minutes. Academic/resume/lab/portfolio for AI researchers & startups. Premium templates. Deploy to GitHub Pages now in 1-click 👇

Vulnerable app with examples showing how to not use secrets

Scan for misconfigured S3 buckets across S3-compatible APIs!

Find secrets with Gitleaks 🔑

A static analysis security vulnerability scanner for Ruby on Rails applications

DNS Enumeration Script

Misconfiguration Manager is a central knowledge base for all known Microsoft Configuration Manager tradecraft and associated defensive and hardening guidance.

OSCP Cheat Sheet

A next-generation crawling and spidering framework.

A fast, clean, responsive Hugo theme.

The security workflow engine!

Some files for bruteforcing certain things.

A summary and solutions for 200+ CTF blockchain challenges

A fast tool to scan CRLF vulnerability written in Go

Simplifying SSL/TLS traffic analysis for researchers by making SSL decryption effortless.

Anatole is a minimalistic two-column theme for Hugo.

Potentially dangerous files

Stuff that doesn't deserves its own repository.

Takeover subdomains using AWS dangling elastic ips and have a working POC for Subdomain Takeover.

Collection of methodology and test case for various web vulnerabilities.

Cardano Stakepool on Raspberry Pi

Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.

This repository will serve as the "master" repo containing all trainings and tutorials done in preperation for OSWE in conjunction with the AWAE course. This repo will likely contain custom code by…

Nuclei AI - Browser Extension for Rapid Nuclei Template Generation

Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.

An attempt to answer the age old interview question "What happens when you type google.com into your browser and press enter?"