AnthonyHerman

awesome-hacker-search-engines

A list of search engines useful during Penetration testing, vulnerability assessments, red team operations, bug bounty and more

juice-shop

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

AnthonyHerman

awesome-api-security

A collection of awesome API Security tools and resources.

awesome-malware-development

Organized list of my malware development resources

blueprint-securesoftwarepipeline

For engineers and security teams driving fast and secure software supply chains

checkov-action

A Github Action to run Checkov against an Infrastructure-as-Code repository. Checkov does static security analysis of Terraform, CloudFormation, Kubernetes, serverless framework and ARM templates

CSharp-Alt-Shellcode-Callbacks

A collection of (even more) alternative shellcode callback methods in CSharp

github-pages-with-jekyll

golangtest

gungnir

CT Log Scanner

httpx

httpx is a fast and multi-purpose HTTP toolkit allows to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads.

JNDI-Exploit-Kit

JNDI-Exploitation-Kit（A modified version of the great JNDI-Injection-Exploit created by @welk1n. This tool can be used to start an HTTP Server, RMI Server and LDAP Server to exploit java web apps vulnerable to JNDI Injection）

JNDIExploit

A malicious LDAP server for JNDI injection attacks

log4j-scan

A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228

log4j-scanner

log4j-scanner is a project derived from other members of the open-source community by CISA to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities.

Open-Source-Security-Guide

Open Source Security Guide

open-source-web-scanners

A list of open source web security scanners

papers-we-love

Papers from the computer science community to read and discuss.

Prompt_Engineering

setup-terraform

Sets up Terraform CLI in your GitHub Actions workflow.

test-mkdocs

the_cyber_plumbers_handbook

Free copy of The Cyber Plumber's Handbook

threat-modeling-training

Segment's Threat Modeling training for our engineers

tipjar

TymSpecial

SysWhispers integrated shellcode loader w/ ETW patching & anti-sandboxing

vault

A tool for secrets management, encryption as a service, and privileged access management

warcannon

High speed/Low cost CommonCrawl RegExp in Node.js

Web-Attack-Cheat-Sheet

Web Attack Cheat Sheet

wstg

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.