cattleguard's Stars
danielmiessler/SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
huginn/huginn
Create agents that monitor and act on your behalf. Your agents are standing by!
slimtoolkit/slim
Slim(toolkit): Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)
infracost/infracost
Cloud cost estimates for Terraform in pull requests💰📉 Shift FinOps Left!
nccgroup/ScoutSuite
Multi-Cloud Security Auditing Tool
anchore/syft
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
mandiant/capa
The FLARE team's open-source tool to identify capabilities in executable files.
airbnb/streamalert
StreamAlert is a serverless, realtime data analysis framework which empowers you to ingest, analyze, and alert on data from any environment, using datasources and alerting logic you define.
ajinabraham/nodejsscan
nodejsscan is a static security code scanner for Node.js applications.
tomnomnom/hacks
A collection of hacks and one-off scripts
hysnsec/awesome-threat-modelling
A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.
tomnomnom/anew
A tool for adding new lines to files, skipping duplicates
jdonsec/AllThingsSSRF
This is a collection of writeups, cheatsheets, videos, books related to SSRF in one single location
andresriancho/enumerate-iam
Enumerate the permissions associated with AWS credential set
honze-net/nmap-bootstrap-xsl
A Nmap XSL implementation with Bootstrap.
duo-labs/cloudtracker
CloudTracker helps you find over-privileged IAM users and roles by comparing CloudTrail logs with current IAM policies.
jstrieb/link-lock
Password-protect URLs using AES in the browser; create hidden bookmarks without a browser extension
mozilla/ssh_scan
DEPRECATED - A prototype SSH configuration and policy scanner (Blog: https://mozilla.github.io/ssh_scan/)
center-for-threat-informed-defense/attack-flow
Attack Flow helps executives, SOC managers, and defenders easily understand how attackers compose ATT&CK techniques into attacks by developing a representation of attack flows, modeling attack flows for a small corpus of incidents, and creating visualization tools to display attack flows.
aws-samples/aws-serverless-security-workshop
In this workshop, you will learn techniques to secure a serverless application built with AWS Lambda, Amazon API Gateway and RDS Aurora. We will cover AWS services and features you can leverage to improve the security of a serverless applications in 5 domains: identity & access management, code, data, infrastructure, logging & monitoring.
aws/http-desync-guardian
Analyze HTTP requests to minimize risks of HTTP Desync attacks (precursor for HTTP request smuggling/splitting).
tprynn/web-methodology
Methodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wiki
nicholasjackson/mtls-go-example
Simple example using mutual TLS authentication with a Golang server
1ndianl33t/urlprobe
Urls status code & content length checker
absoluteappsec/handouts
materials we hand out
center-for-threat-informed-defense/attack_to_veris
🚨ATTENTION🚨 The VERIS mappings have migrated to the Center’s Mappings Explorer project. See README below. This repository is kept here as an archive.
vz-risk/flow
Tools related to work with Attack Flow (https://github.com/center-for-threat-informed-defense/attack-flow)
eonarheim/NES-Sprite-Editor
Simple Sprite Editor for NES Games
eonarheim/nesgame
randorisec/workshops