6mile

firezone

WireGuard®-based zero-trust access platform with OIDC auth, identity sync, and NAT traversal.

bug-bounty-reference

Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature

bounty-targets-data

This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports

awesome-api-security

A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.

Astra

Automated Security Testing For REST API's

cloudfox

Automating situational awareness for cloud penetration tests.

cloud_enum

Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.

waymore

Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan & VirusTotal!

HostHunter

HostHunter a recon tool for discovering hostnames using OSINT techniques.

saas-attacks

Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face. #nolockdown

github-subdomains

Find subdomains on GitHub.

wig

WebApp Information Gatherer

gato

GitHub Actions Pipeline Enumeration and Attack Tool

simplehttpserver

Go alternative of python SimpleHTTPServer

hakip2host

hakip2host takes a list of IP addresses via stdin, then does a series of checks to return associated domain names.

GraphCrawler

GraphQL automated security testing toolkit

awsScrape

A tool to scrape the AWS ranges looking for a keyword in SSL certificate data.

BypassFuzzer

Fuzz 401/403/404 pages for bypasses

Valid8Proxy

Tool designed for fetching, validating, and storing working proxies.

ASA

WebSecurity-Academy-with-Python

Scripts for solving WebSecurity Academy labs of PortSwigger using Python

actions-secrets

Adding this GitHub Action will scan your repository for sensitive data in your source code. We find things like passwords, server host strings, API keys, .env and config files and more

actions-sbom

A GitHub Action that creates a SBOM from your application so you can meet compliance and security requirements. Add this to your dev, staging and prod steps and SecureStack will make sure that what you've just deployed is secure and meets your requirements, and has the SBOM to show it!

gh-node-module-generatebom

GitHub action to generate a CycloneDX SBOM for Node.js

ghast

GHAST (GitHub Actions Static Analysis Tool) is a tool to analyze the security posture of your GitHub Actions and its surrounding environment for common security vulnerabilities or missing security configuration.

actions-abom

SecureStack Application Bill of Materials (ABOM/SBOM)

waf_tester

Web Application Firewall Test Script

commit-audit

Shell script that checks if git commits are signed

evilgit

PoC for config-based git backdoor

graphql-security-labs

GraphQL security hands-on workshop