A simple Go framework for building GitHub Apps

Linux Runtime Security and Forensics using eBPF

Powerful automated tool for reverse engineering Unity IL2CPP binaries

Kotlin parser in pure Python.

Moodle (< 3.6.2, < 3.5.4, < 3.4.7, < 3.1.16) XSS PoC for Privilege Escalation (Student to Admin)

VS Code extension that allows you to record and play back guided tours of codebases, directly within the editor.

Tink is a multi-language, cross-platform, open source library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.

writeup of CVE-2020-1362

Real-time HTTP Intrusion Detection

Semgrep Community Edition rules, maintained by Semgrep and the community. Free to use under the Semgrep Rules License.

Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

Cyber Jawara 2020 Final - Jeopardy CTF problemset

Automatic ROPChain Generation

A collaborative, multi-platform, red teaming framework

CTFs as you need them

Vulncode-DB project

AV/EDR evasion via direct system calls.

Sourcetrail - free and open-source interactive source explorer

Six Degrees of Domain Admin

A quine that plays snake over its own source!

Free and Open Source Reverse Engineering Platform powered by rizin

Ghidra is a software reverse engineering (SRE) framework

Jenkins RCE Proof-of-Concept: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative)

A proof of concept to dump Django website's source code affected by NGINX's off-by-slash alias directive misconfiguration.

A fork of AFL for fuzzing Windows binaries

Set of tools to analyze Windows sandboxes for exposed attack surface.

A static analysis security vulnerability scanner for Ruby on Rails applications

eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee

🐘🕸️ WebAssembly runtime for PHP