Rules shared by the community from 100 Days of YARA 2025

WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

Bandit is a tool designed to find common security issues in Python code.

Command line tool designed to set up, start and maintain Clear NDR installation.

This repository hosts a persona based privacy threat modeling solution called Models of Applied Privacy or MAP.

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.

GoldenSAML Attack Libraries and Framework

Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.

Tool for building Kubernetes attack paths

Nuke It From Orbit - remove AV/EDR with physical access

Lightweight modern Python library to add security headers (CSP, HSTS, etc.) to Django, Flask, FastAPI, and more. Secure defaults or fully customizable.

Save toil in security operations with: Detection & Intelligence Analysis for New Alerts (D.I.A.N.A. )

Deployment scripts and a simple reports for CIS benchmarks

COMPLETE OSINT CHEAT-SHEET

Open source templates you can use to bootstrap your security programs

CI/CD Security Analyzer

game of active directory

WolfPack combines the capabilities of Terraform and Packer to streamline the deployment of red team redirectors on a large scale.

This is a RSS feed collection for all the InfoSec Content Creators

The parent project for OpenZiti. Here you will find the executables for a fully zero trust, application embedded, programmable network @OpenZiti

Useful resources for SOC Analyst and SOC Analyst candidates.

A Burp Suite Extension for pentester and bug bounty hunters an to maintain checklist, map flows, write test cases and track vulnerabilities

Active C&C Detector

CSA Guidance

✨ A compilation of suggested tools/services for each component in a detection and response pipeline, along with real-world examples. The purpose is to create a reference hub for designing effective…

Adversarial Robustness Toolbox (ART) - Python Library for Machine Learning Security - Evasion, Poisoning, Extraction, Inference - Red and Blue Teams

AI companions with memory: a lightweight stack to create and host your own AI companions