Pinned Repositories
action-baseline
A GitHub Action for running the OWASP ZAP Baseline scan
Action_Test
AnthonyHerman
anthonyherman.github.io
API-Security-Checklist
Checklist of the most important security countermeasures when designing, testing, and releasing your API
awesome-api-security
A collection of awesome API Security tools and resources.
awesome-hacker-search-engines
A list of search engines useful during Penetration testing, vulnerability assessments, red team operations, bug bounty and more
awesome-malware-development
Organized list of my malware development resources
Azure_DevOps_Vault_Interaction
Azure DevOps extension to interact with HashiCorp Vault.
juice-shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
AnthonyHerman's Repositories
AnthonyHerman/awesome-hacker-search-engines
A list of search engines useful during Penetration testing, vulnerability assessments, red team operations, bug bounty and more
AnthonyHerman/juice-shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
AnthonyHerman/AnthonyHerman
AnthonyHerman/awesome-api-security
A collection of awesome API Security tools and resources.
AnthonyHerman/awesome-malware-development
Organized list of my malware development resources
AnthonyHerman/blueprint-securesoftwarepipeline
For engineers and security teams driving fast and secure software supply chains
AnthonyHerman/checkov-action
A Github Action to run Checkov against an Infrastructure-as-Code repository. Checkov does static security analysis of Terraform, CloudFormation, Kubernetes, serverless framework and ARM templates
AnthonyHerman/CSharp-Alt-Shellcode-Callbacks
A collection of (even more) alternative shellcode callback methods in CSharp
AnthonyHerman/github-pages-with-jekyll
AnthonyHerman/golangtest
AnthonyHerman/gungnir
CT Log Scanner
AnthonyHerman/httpx
httpx is a fast and multi-purpose HTTP toolkit allows to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads.
AnthonyHerman/JNDI-Exploit-Kit
JNDI-Exploitation-Kit(A modified version of the great JNDI-Injection-Exploit created by @welk1n. This tool can be used to start an HTTP Server, RMI Server and LDAP Server to exploit java web apps vulnerable to JNDI Injection)
AnthonyHerman/JNDIExploit
A malicious LDAP server for JNDI injection attacks
AnthonyHerman/log4j-scan
A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228
AnthonyHerman/log4j-scanner
log4j-scanner is a project derived from other members of the open-source community by CISA to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities.
AnthonyHerman/Open-Source-Security-Guide
Open Source Security Guide
AnthonyHerman/open-source-web-scanners
A list of open source web security scanners
AnthonyHerman/papers-we-love
Papers from the computer science community to read and discuss.
AnthonyHerman/Prompt_Engineering
AnthonyHerman/setup-terraform
Sets up Terraform CLI in your GitHub Actions workflow.
AnthonyHerman/test-mkdocs
AnthonyHerman/the_cyber_plumbers_handbook
Free copy of The Cyber Plumber's Handbook
AnthonyHerman/threat-modeling-training
Segment's Threat Modeling training for our engineers
AnthonyHerman/tipjar
AnthonyHerman/TymSpecial
SysWhispers integrated shellcode loader w/ ETW patching & anti-sandboxing
AnthonyHerman/vault
A tool for secrets management, encryption as a service, and privileged access management
AnthonyHerman/warcannon
High speed/Low cost CommonCrawl RegExp in Node.js
AnthonyHerman/Web-Attack-Cheat-Sheet
Web Attack Cheat Sheet
AnthonyHerman/wstg
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.