grauwolf32

radare2

UNIX-like reverse engineering framework and command-line toolset

API-Security-Checklist

Checklist of the most important security countermeasures when designing, testing, and releasing your API

osquery

SQL powered operating system instrumentation, monitoring, and analytics.

CheatSheetSeries

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

mitmproxy

An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

PayloadsAllTheThings

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

android-coq-model

Coq model of Android permission system

jwt_tool

:snake: A toolkit for testing, tweaking and cracking JSON Web Tokens

honggfuzz

Security oriented software fuzzer. Supports evolutionary, feedback-driven fuzzing based on code coverage (SW and HW based)

weird_proxies

Reverse proxies cheatsheet

param-miner-doc

Unofficial documentation for the great tool Param Miner

git-hound

Reconnaissance tool for GitHub code search. Scans for exposed API keys across all of GitHub, not just known repos and orgs.

Log4jAttackSurface

HackBar

HackBar plugin for Burpsuite

RsaCtfTool

RSA attack tool (mainly for ctf) - retrieve private key from weak public key and/or uncipher data

keto

The most scalable and customizable permission server on the market. Fix your slow or broken permission system with Google's proven "Zanzibar" approach. Supports ACL, RBAC, and more. Written in Go, cloud native, headless, API-first. Available as a service on Ory Network and for self-hosters.

ProVerif-ATP

ProVerif-ATP - Combining ProVerif and Automated Theorem Provers for Security Protocol Verification

meg

Fetch many paths for many hosts - without killing the hosts

Mobile-Security-Framework-MobSF

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

cdxgen

Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server. Discord: https://discord.gg/DP657ACYEZ

untrusted-types

cheat

cheat allows you to create and view interactive cheatsheets on the command-line. It was designed to help remind *nix system administrators of options for commands that they use frequently, but not frequently enough to remember.

31-days-of-API-Security-Tips

This challenge is Inon Shkedy's 31 days API Security Tips.

ApplicationInspector

A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.

ezXSS

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

thc-hydra

hydra

grammars-v4

Grammars written for ANTLR v4; expectation that the grammars are free of actions.

ParamPamPam

napkin

An Infinitely Large Napkin

SuperGo

A student implementation of Alpha Go Zero