reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous …

Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀

Automate the creation of a lab environment complete with security tooling and logging best practices

一款基于Shell的小米路由器工具箱，原为Monlor-Tools，A tool box for XiaoMi Router base on Shell.

HTTPLeaks - All possible ways, a website can leak HTTP requests

A plugin-based scanner that aids security researchers in identifying issues with several CMSs, mainly Drupal & Silverstripe.

👶 BabySploit Beginner Pentesting Toolkit/Framework Written in Python 🐍

The Web Security Testing Guide (WSTG) Project produces the premier cybersecurity testing resource for web application developers and security professionals.

Bug Bounty Guide is a launchpad for bug bounty programs and bug bounty hunters.

IPFuscator - A tool to automatically generate alternative IP representations

Stealing CSRF tokens with CSS injection (without iFrames)

Android application fuzzing framework with fuzzers and crash monitor.

Contains a list of Popoto.js examples

Abusing Self-XSS and Clickjacking to trigger XSS

PoC for CVE-2022-28281 a Mozilla Firefox Out of bounds write.

Documentation for The Psalms - my blog about software’s intersection with culture. Not just for the website - for the entire process (correspondence, notetaking, drafting, *revising*, editorializin…

German OWASP Day conference site & presentation archive