Paolo del Mundo's starred repositories
DeepFaceLive
Real-time face swap for PC streaming or video calls
security-guide-for-developers
Security Guide for Developers (实用性开发人员安全须知)
my-arsenal-of-aws-security-tools
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
bounty-targets-data
This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports
github-dorks
Find leaked secrets via github search
APISecurityBestPractices
Resources to help you keep secrets (API keys, database credentials, certificates, ...) out of source code and remediate the issue in case of a leaked API key. Made available by GitGuardian.
awesome-threat-modelling
A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.
wrongsecrets
Vulnerable app with examples showing how to not use secrets
JSFScan.sh
Automation for javascript recon in bug bounty.
OWASP-VWAD
The OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.
python-libnmap
libnmap is a python library to run nmap scans, parse and diff scan results. It supports python 2.7 up to 3.8. It's wonderful.
plaid-postman
Postman collection for the Plaid API
bad-asn-list
An open source list of ASNs known to belong to cloud, managed hosting, and colo facilities.
e-commerce-microservices-sample
A fictitious cloud-native e-commerce application using microservices architecture powered by polyglot languages & databases, deployable to Kubernetes & AWS
alfred-outlook
Alfred outlook mail/contact search
pst-digger
Program to analyze mails stored into a Microsoft Outlook PST file and find one based on search keywords.
slacksecrets
Scans Slack for API tokens, credentials, passwords, and more using YARA rules
awesome-cloud-osint
This repository will host resources for collecting information about cloud providers - SaaS, IaaS, PaaS, DaaS etc.
snyk-scm-refresh
Keeps Snyk projects in sync with their associated Github repos
aws-macie-pii-confidential-regexes
AWS Macie personally identifiable information and confidential data regex list compiled out of AWS Macie.
openshift-probable-vulnerabilities
This repository contains all the code, models, scripts and reports for flagging probable vulnerabilities for the gokube-openshift eco-system
ant-design-blazor
🌈A set of enterprise-class UI components based on Ant Design and Blazor WebAssembly.