sescandor

lynis

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

h2o

H2O - the optimized HTTP/1, HTTP/2, HTTP/3 server

GTFOBins.github.io

GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems

nuclei-templates

Community curated list of templates for the nuclei engine to find security vulnerabilities.

cve

Gather and update all available and newest CVEs with their PoC.

cloudquery

The open source high performance ELT framework powered by Apache Arrow

FiercePhish

FiercePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns, schedule sending of emails, and much more.

enarx

Enarx: Confidential Computing with WebAssembly

afl-training

Exercises to learn how to fuzz with American Fuzzy Lop

mms

Modern Memory Safety in C/C++

certigo

A utility to examine and validate certificates in a variety of formats

safeside

Understand and mitigate software-observable side-channels

vulnrichment

A repo to conduct vulnerability enrichment.

http-desync-guardian

Analyze HTTP requests to minimize risks of HTTP Desync attacks (precursor for HTTP request smuggling/splitting).

Litmus_Test

Detecting ATT&CK techniques & tactics for Linux

out-of-tree

out-of-tree kernel {module, exploit} development tool

afl

american fuzzy lop for network fuzzing (unofficial) -- official afl site is http://lcamtuf.coredump.cx/afl/

transientfail

Website and PoC collection for transient execution attacks

sudosh

Shell wrapper to run a login shell with `sudo` as the current user for the purpose of audit logging

wasm_runtimes_fuzzing

Improving security and resilience of WebAssembly VMs/runtimes/parsers using fuzzing

onecmdb

muscular-ruby

The Ruby Programming Language