This is a collection of threat detection rules / rules engines that I have come across.

The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.

A Vault swiss-army knife: A CLI tool to init, unseal and configure Vault (auth methods, secret engines).

🧰 A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc.

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

Nikto web server scanner

Pull Request-like Review/Approval flow for database queries. For compliant but smooth Engineering access to production.

An AWS Pentesting tool that lets you use one-liner commands to backdoor an AWS account's resources with a rogue AWS account - or share the resources with the entire internet 😈

A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.

Cloud Security Posture Management (CSPM)

A turnkey OAuth & authentication system, designed for both Cloudflare Workers and Node.js

Arkime is an open source, large scale, full packet capturing, indexing, and database system.

This repository can be used to generate and evaluate findings detected by Amazon GuardDuty