An opensource incident management platform integrating with Slack.

dnsReaper - subdomain takeover tool for attackers, bug bounty hunters and the blue team!

The recursive internet scanner for hackers. 🧡

🕵️‍♂️ All-in-one OSINT tool for analysing any website

RedFlag uses AI to identify high-risk code changes. Run it in batch mode for release candidate testing or in CI pipelines to flag PRs and add reviewers. RedFlag's flexible configuration makes it va…

OWASP Domain Protect - prevent subdomain takeover

TerminalTextEffects (TTE) is a terminal visual effects engine, application, and Python library.

AWS Security Analytics Bootstrap enables customers to perform security investigations on AWS service logs by providing an Amazon Athena analysis environment that's quick to deploy, ready to use, an…

Assisted Log Enabler for AWS - Find AWS resources that are not logging, and turn them on.

This repository provides sample templates for security playbooks against various scenarios when using Amazon Web Services.

Deobfuscate Javascript code using ChatGPT

An extension to use Semgrep inside Burp Suite.

🎓 Path to a free self-taught education in Computer Science!

A KeePass/Password Safe Client for iOS and OS X

The API traffic analyzer for Kubernetes providing real-time K8s protocol-level visibility, capturing and monitoring all traffic and payloads going in, out and across containers, pods, nodes and clu…

FirebaseExploiter is a vulnerability discovery tool that discovers Firebase Database which are open and can be exploitable. Primarily built for mass hunting bug bounties and for penetration testing.

A next-generation crawling and spidering framework.

Find subdomains and takeovers.

oauth security guidelines

My cheatsheet notes to pentest AWS infrastructure

MerLoc is a live AWS Lambda function development and debugging tool. MerLoc allows you to run AWS Lambda functions on your local while they are still part of a flow in the AWS cloud remote.

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

Local file inclusion exploitation tool

Tool to bypass 403/40X response codes.

An XSS exploitation command-line interface and payload generator.

tool for generating wordlists or extending an existing one using mutations.

Zero-ETL, infinite possibilities. Live query APIs, code & more with SQL. No DB required.

Local File Inclusion discovery and exploitation tool

Keyscope is a key and secret workflow (validation, invalidation, etc.) tool built in Rust

Distribute ordinary bash commands over many systems