Scan your code for security misconfiguration, search for passwords and secrets. 🔍

Small Node CLI tool to extract active contributors on repos and orgs

🐋 Docker Cheat Sheet 🐋

OWASP Cloud Security - Enabling conversations through threat and control stories

A tool to capture all the git secrets by leveraging multiple open source git searching tools

Cloud Security Posture Management (CSPM)

goSDL

Example code for my book on TDD with Python

The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production.

answering: who are all these users in my GitHub org?

A collection of TDD exercises that are useful as katas

User, contributor and developer friendly vulnerability database

Created by Jin Qian via the GitHub Connector

Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities.

Abusing Self-XSS and Clickjacking to trigger XSS

Manages application of security headers with many safe defaults

Getting a Maven-powered Spring Boot project packaging in Concourse

Compliance automation for cloud.gov

BDD Automated Security Tests for Web Applications

Introduction to Cloud Foundry app deployment and management concepts.

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat…

KeySweeper is a stealthy Arduino-based device, camouflaged as a functioning USB wall charger, that wirelessly and passively sniffs, decrypts, logs and reports back (over GSM) all keystrokes from an…

Post Exploitation Collection

Learn to use https://concourse-ci.org with this linear sequence of tutorials. Learn each concept that builds on the previous concept.

A collection of awesome penetration testing resources, tools and other shiny things

Developer workflow convenience scripts

The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.

a ruggedization framework that embodies the principle "be mean to your code"

Custom bash scripts used to automate various penetration testing tasks including recon, scanning, enumeration, and malicious payload creation using Metasploit. For use with Kali Linux.