OWASP Foundation Web Respository

AI Powered Terminal Based Ethical Hacking Assistant

AI-powered penetration testing assistant for automating recon, note-taking, and vulnerability analysis.

⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.

Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang, focused on containerized environments.

A collection of various awesome lists for hackers, pentesters and security researchers

Damn Vulnerable Kubernetes App (DVKA) is a series of apps deployed on Kubernetes that are damn vulnerable.

Contains Lambda functions to be used for automatic rotation of secrets stored in AWS Secrets Manager

OWASP Foundation Web Respository

🔐CNCF Security Technical Advisory Group -- secure access, policy control, privacy, auditing, explainability and more!

🔍 LangKit: An open-source toolkit for monitoring Large Language Models (LLMs). 📚 Extracts signals from prompts & responses, ensuring safety & security. 🛡️ Features include text quality, relevance m…

OpenSSF Scorecard - Security health metrics for Open Source

VMClarity is a tool for agentless detection and management of Virtual Machine Software Bill Of Materials (SBOM) and vulnerabilities

secureCodeBox (SCB) - continuous secure delivery out of the box

Find, verify, and analyze leaked credentials

Apple BLE proximity pairing message spoofing

This repository contains examples of information security policies, GDPR protocols and an operational security guide with examples of best practices.

A CLI that scans for sensitive data in source code

A command line application that calculates the security health of an application, system, or code base and returns a single score.

Example scripts to run Tinfoil Security via your CI

This repository aims to hold suggestions (and hopefully/eventually code) for CTF challenges. The "project" is nicknamed Katana.

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.

Learn practical Mobile and API security techniques: API Key, Static and Dynamic HMAC, Dynamic Certificate Pinning, and Mobile App Attestation.

Go scripts for checking API key / access token validity

A list of interesting payloads, tips and tricks for bug bounty hunters.

A community contributed consolidated list of InfoSec meetups in the Asia Pacific region.

Tools to perform basic search on GitHub.

A list of interesting payloads, tips and tricks for bug bounty hunters.

Small snippets and scripts which I use