Xyntax

ecapture

Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64.

swagger-hack

自动化爬取并自动测试所有swagger接口

reverse-interview-zh

技术面试最后反问面试官的话

Hades

Hades is a Host-Based Intrusion Detection System based on eBPF(mainly)

RuleCat

GO开发而成，用于NIDS HIDS 分析的规则引擎，使用WorkerPool 高性能检测，支持多字段 "和" "或" 检测， 支持频率检测

public-apis

A collective list of free APIs

OpenSCA-cli

OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.

secguide

面向开发人员梳理的代码安全指南

swagger-codegen

swagger-codegen contains a template-driven engine to generate documentation, API clients and server stubs in different languages by parsing your OpenAPI / Swagger definition.

APIFuzzer

Fuzz test your application using your OpenAPI or Swagger API definition without coding

Juggler

A system that may trick hackers. 针对黑客的拟态欺骗系统。

APIKit

APIKit：Discovery, Scan and Audit APIs Toolkit All In One.

tcpcopy

An online request replication tool, also a tcp stream replay tool, fit for real testing, performance testing, stability testing, stress testing, load testing, smoke testing, etc

snowcat

a tool to audit the istio service mesh

python-fire

Python Fire is a library for automatically generating command line interfaces (CLIs) from absolutely any Python object.

Caesar

一个全新的敏感文件发现工具

ModSecurity

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.

linglong

一款甲方资产巡航扫描系统。系统定位是发现资产，进行端口爆破。帮助企业更快发现弱口令问题。主要功能包括: 资产探测、端口爆破、定时任务、管理后台识别、报表展示

qnsm

QNSM is network security monitoring framework based on DPDK.

engineer_competency_framework

软件工程师职级胜任力框架(engineer level & competency framework)

protofuzz

Google Protocol Buffers message generator

restler-fuzzer

RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services.

TnT-Fuzzer

OpenAPI 2.0 (Swagger) fuzzer written in python. Basically TnT for your API.

protobuf_decoder

faker

Faker is a Python package that generates fake data for you.

Faker

Faker is a PHP library that generates fake data for you

GraphQLmap

GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. - Do not use for illegal testing ;)

MindAPI

Organize your API security assessment by using MindAPI. It's free and open for community collaboration.

kong

🦍 The Cloud-Native API Gateway and AI Gateway.

sleighcraft

sleigh craft!