dragon040

static-analysis

⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.

kubesploit

Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang, focused on containerized environments.

Awesome-Hacking

A collection of various awesome lists for hackers, pentesters and security researchers

dvka

Damn Vulnerable Kubernetes App (DVKA) is a series of apps deployed on Kubernetes that are damn vulnerable.

aws-secrets-manager-rotation-lambdas

Contains Lambda functions to be used for automatic rotation of secrets stored in AWS Secrets Manager

www-project-ai-security-and-privacy-guide

OWASP Foundation Web Respository

tag-security

🔐CNCF Security Technical Advisory Group -- secure access, policy control, privacy, auditing, explainability and more!

langkit

🔍 LangKit: An open-source toolkit for monitoring Large Language Models (LLMs). 📚 Extracts signals from prompts & responses, ensuring safety & security. 🛡️ Features include text quality, relevance metrics, & sentiment analysis. 📊 A comprehensive tool for LLM observability. 👀

scorecard

OpenSSF Scorecard - Security health metrics for Open Source

vmclarity

VMClarity is a tool for agentless detection and management of Virtual Machine Software Bill Of Materials (SBOM) and vulnerabilities

secureCodeBox

secureCodeBox (SCB) - continuous secure delivery out of the box

trufflehog

Find, verify, and analyze leaked credentials

AppleJuice

Apple BLE proximity pairing message spoofing

publications

This repository contains examples of information security policies, GDPR protocols and an operational security guide with examples of best practices.

lucha

A CLI that scans for sensitive data in source code

shs

A command line application that calculates the security health of an application, system, or code base and returns a single score.

top-10-cicd-security-risks

ci-integrations

Example scripts to run Tinfoil Security via your CI

ctf-katana

This repository aims to hold suggestions (and hopefully/eventually code) for CTF challenges. The "project" is nicknamed Katana.

vapi

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.

shipfast-api-protection

Learn practical Mobile and API security techniques: API Key, Static and Dynamic HMAC, Dynamic Certificate Pinning, and Mobile App Attestation.

Key-Checker

Go scripts for checking API key / access token validity

bugbounty-cheatsheet

A list of interesting payloads, tips and tricks for bug bounty hunters.

APAC-Conferences

A community contributed consolidated list of InfoSec meetups in the Asia Pacific region.

github-search

Tools to perform basic search on GitHub.

bugbounty-cheatsheet

A list of interesting payloads, tips and tricks for bug bounty hunters.

hacks

Small snippets and scripts which I use

keyhacks

Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.

SecLists

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

vulnado

Purposely vulnerable Java application to help lead secure coding workshops