SugarP1g's Stars
fxsjy/jieba
结巴中文分词
Pythagora-io/gpt-pilot
The first real AI developer
sunface/rust-course
“连续八年成为全世界最受喜爱的语言,无 GC 也无需手动内存管理、极高的性能和安全性、过程/OO/函数式编程、优秀的包管理、JS 未来基石" — 工作之余的第二语言来试试 Rust 吧。本书拥有全面且深入的讲解、生动贴切的示例、德芙般丝滑的内容,这可能是目前最用心的 Rust 中文学习教程 / Book
Hannibal046/Awesome-LLM
Awesome-LLM: a curated list of Large Language Model
mvdan/sh
A shell parser, formatter, and interpreter with bash support; includes shfmt
google/osv-scanner
Vulnerability scanner written in Go which uses the data provided by https://osv.dev
knownsec/KCon
KCon is a famous Hacker Con powered by Knownsec Team.
microsoft/restler-fuzzer
RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services.
welk1n/JNDI-Injection-Exploit
JNDI注入测试工具(A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc)
Checkmarx/kics
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
casbin/pycasbin
An authorization library that supports access control models like ACL, RBAC, ABAC in Python
momosecurity/rhizobia_J
JAVA安全SDK及编码规范
souffle-lang/souffle
Soufflé is a variant of Datalog for tool designers crafting analyses in Horn clauses. Soufflé synthesizes a native parallel C++ program from a logic specification.
Metarget/cloud-native-security-book
《云原生安全:攻防实践与体系构建》资料仓库
OWASP-Benchmark/BenchmarkJava
OWASP Benchmark is a test suite designed to verify the speed and accuracy of software vulnerability detection tools. A fully runnable web app written in Java, it supports analysis by Static (SAST), Dynamic (DAST), and Runtime (IAST) tools that support Java. The idea is that since it is fully runnable and all the vulnerabilities are actually exploitable, it’s a fair test for any kind of vulnerability detection tool. For more details on this project, please see the OWASP Benchmark Project home page.
tldrsec/awesome-secure-defaults
Awesome secure by default libraries to help you eliminate bug classes!
WebFuzzing/EvoMaster
The first open-source AI-driven tool for automatically generating system-level test cases (also known as fuzzing) for web/enterprise applications. Currently targeting whitebox and blackbox testing of Web APIs, like REST, GraphQL and RPC (e.g., gRPC and Thrift).
alipay/ant-application-security-testing-benchmark
xAST评价体系,让安全工具不再“黑盒”. The xAST evaluation benchmark makes security tools no longer a "black box".
makenowjust-labs/recheck
The trustworthy ReDoS checker
luelueking/Deserial_Sink_With_JDBC
Some ReadObject Sink With JDBC
hysnsec/awesome-policy-as-code
A curated list of policy-as-code resources like blogs, videos, and tools to practice on for learning Policy-as-Code.
plast-lab/doop
The official repo of Doop, the declarative pointer analysis framework.
Er1cccc/ACAF
Auto Code Audit Framework for Java
SecTheBit/Windows-Internals
Learnings about windows Internals
Fraunhofer-AISEC/codyze
Codyze is a static analyzer for Java, C, C++ based on code property graphs
PL-Ninja/MySootScript
oh my soot !
IndustriousSnail/javassist-learn
Javassist官方文档中文翻译
luelueking/jvm-sandbox-rasp
一个基于jvm-sandbox高度定制化rasp
bluesadi/Tai-e-solutions
My solutions to NJU Static Program Analysis assignments: https://tai-e.pascal-lab.net/en/intro/overview.html
sdgdsffdsfff/JavaMethodCallGraph
基于JavaParser的代码调用链分析,可以用于分析Java代码的方法调用链,进行代码质量管理、监控。欢迎Fork、Star