A cross-platform command-line utility that creates projects from cookiecutters (project templates), e.g. Python package projects, C projects.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Discover new target domains using Content Security Policy

Recon MindMap (RMM)

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Go client to communicate with Chaos DB API.

🔭 A modern, async Ruby gem for Shodan.

The Bug Hunters Methodology

A coverage-guided fuzzer for pure Ruby code and Ruby C extensions

Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.

Awesome Ruby Security resources

In-depth attack surface mapping and asset discovery

Fast subdomains enumeration tool for penetration testers

Python scraper based on AI

Collection of cheat sheets useful for pentesting

Device Bound Session Credentials: A Protocol for Protecting From Cookie Theft

Application Security Verification Standard

Collection of cheat sheets useful for pentesting

A curated list of GPT agents for cybersecurity

A deliberately-vulnerable website and exercises for teaching about the OWASP Top 10

Damn Small Vulnerable Web

Damn Vulnerable Python Web App

Bandit is a tool designed to find common security issues in Python code.

A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications

A collection of my Semgrep rules to facilitate vulnerability research.

A OSINT tool to obtain a target's phone number just by having his email address

Find, verify, and analyze leaked credentials

A collection of real world AI/ML exploits for responsibly disclosed vulnerabilities

The Secure Coding Dojo is a platform for delivering secure coding knowledge.