An extremely fast Python type checker and language server, written in Rust.

Nosey Parker is a command-line tool that finds secrets and sensitive information in textual data and Git history.

The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 350 common, vulnerable components (openssl, libpng, libxml2, expat and others),…

Diablo 1 for web browsers

Open-source code analysis platform for C/C++/Java/Binary/Javascript/Python/Kotlin based on code property graphs. Discord https://discord.gg/vv4MH284Hc

A security layer for Git repositories

Searches through git repositories for high entropy strings and secrets, digging deep into commit history

Open Source Cloud Native Application Protection Platform (CNAPP)

A list of apps that work with the League of Legends Client & In-Game API.

macOS Security Compliance Project

Multi-threaded AWS inventory collection tool with a focus on security-relevant resources and metadata.

Substation is a toolkit for routing, normalizing, and enriching security event and audit logs.

IAMbic is Version-Control for IAM. It centralizes and simplifies cloud access and permissions. It maintains an eventually consistent, human-readable, bi-directional representation of IAM in Git.

Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS

Find, verify, and analyze leaked credentials

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

Slack Enumeration and Extraction Tool - extract sensitive information from a Slack Workspace

A collection of fascinating and bizarre Censys Search Queries

Bare minimum AWS Security Alerting and Secure by default Configuration

A curated list of awesome Microsoft Azure Security tools, guides, blogs, and other resources.

Convert cloudtrail data to MITRE ATT&CK Sightings

Comet is an alert distribution framework which allows you to distribute alerts all the way to the resource owner with customizable owner lookup, de-duplication, alert formatting as well as automate…

IAM-Deescalate helps mitigate privilege escalation risk in AWS identity and access management (IAM)

Open-Source Unified Vulnerability Management, DevSecOps & ASPM

A project to collate IAM actions, AWS APIs and managed policies from various public sources.

The home of the CUE language! Validate and define text-based and dynamic configuration

A reading list for software supply-chain security.

Infra provides authentication and access management to servers and Kubernetes clusters.

Helping allocate resources to secure the critical open source projects we all depend on.

Open Source Package Analysis