Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the …

Vulnerable server used for learning software exploitation

eBPF-based Security Observability and Runtime Enforcement

A working example of multi targets compilation for Rust using Github Actions. Supports Windows, MacOSX, x86_64, ARM and Raspberry PI Linux.

Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories.

Rust Starter Project

Utility to download and extract document metadata from an organization. This technique can be used to identify: domains, usernames, software/version numbers and naming conventions.

Docker implemented in around 100 lines of bash

A good looking terminal emulator which mimics the old cathode display...

A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. …

Automated System Hardening Framework

Owasp Orizon is a source code static analyzer tool designed to spot security issues in Java applications.

Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex

A SDK for access control policies: authorization for the microservice and IoT age. Inspired by AWS IAM policies. Written for Go.

Terminal bandwidth utilization tool

Microservice native message and event store for Postgres

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Note: Going through a full re-write of the tooling so the current versions in the repo do not work!

A collection of simple graphics made with D3.js

Internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.

Go implementation of htpasswd

A command-line based markdown presentation tool.

An authorization library that supports access control models like ACL, RBAC, ABAC in Golang: https://discord.gg/S5UjpzGZjN

Questions to ask the company during your interview

Google's Engineering Practices documentation

Hunt down social media accounts by username across social networks

Pop shells like a master.

Secure software enclave for storage of sensitive information in memory.

A modern load testing tool, using Go and JavaScript - https://k6.io

Open-source JavaScript charting library behind Plotly and Dash