A generator of weird files (binary polyglots, near polyglots, polymocks...)

Proof of Concepts (PE, PDF...)

List of XSS Vectors/Payloads

Secure random passwords in Javascript

Collection of malware source code for a variety of platforms in an array of different programming languages.

A collection of android security related resources

Infection Monkey - An open-source adversary emulation platform

docker image with useful network and container tools and SSH

PCI-DSS compliant Debian 10/11/12 hardening

Shellscript to automate installation, update checks and updates of Tomcat

Terraform configuration to build a Burp Private Collaborator Server

JWT brute force cracker written in C

GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems

⬆️ ☠️ 🔥 Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock

A minimalistic tool to help measuring the runtime of regular expressions

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

OWASP CRS (Official Repository)

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

A Docker container for Openvas

JA3 is a standard for creating SSL client fingerprints in an easy to produce and shareable way.

grep rough audit - source code auditing tool

Nimue is a simple Python script for jailbreaking Sony Bravia TVs.

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

Scan .onion hidden services with nmap using Tor, proxychains and dnsmasq in a minimal alpine Docker container.

proxy poc implementation of STARTTLS stripping attacks

German OWASP Day conference site & presentation archive

An observatory for TLS configurations, X509 certificates, and more.