chroth's Stars
shadcn-ui/ui
Beautifully designed components that you can copy and paste into your apps. Accessible. Customizable. Open Source.
danielmiessler/SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
jesseduffield/lazygit
simple terminal UI for git commands
rxhanson/Rectangle
Move and resize windows on macOS with keyboard shortcuts and snap areas
danielmiessler/fabric
fabric is an open-source framework for augmenting humans using AI. It provides a modular framework for solving specific problems using a crowdsourced set of AI prompts that can be used anywhere.
magic-wormhole/magic-wormhole
get things from one computer to another, safely
jarun/nnn
n³ The unorthodox terminal file manager
ProseMirror/prosemirror
The ProseMirror WYSIWYM editor
pemistahl/grex
A command-line tool and Rust library with Python bindings for generating regular expressions from user-provided test cases
lc/gau
Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.
guelfoweb/knock
Knock Subdomain Scan
flipkart-incubator/Astra
Automated Security Testing For REST API's
bigH/git-fuzzy
interactive `git` with the help of `fzf`
wireghoul/graudit
grep rough audit - source code auditing tool
BlackFan/client-side-prototype-pollution
Prototype Pollution and useful Script Gadgets
swisskyrepo/GraphQLmap
GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. - Do not use for illegal testing ;)
nikitastupin/clairvoyance
Obtain GraphQL API schema even if the introspection is disabled
semgrep/semgrep-rules
Semgrep rules registry
thesp0nge/dawnscanner
Dawn is a static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.
w3c/trusted-types
A browser API to prevent DOM-Based Cross Site Scripting in modern web applications.
BlackFan/content-type-research
Content-Type Research
NodeSecure/js-x-ray
JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.
synacktiv/octoscan
Octoscan is a static vulnerability scanner for GitHub action workflows.
nxenon/h2spacex
HTTP/2 Single Packet Attack low Level Library / Tool based on Scapy + Exploit Timing Attacks
yeswehack/xsstools
xss development frameworks, with the goal of making payload writing easier.
tjnull/TJ-OPT
This repo contains my pentesting template that I have used in PWK and for current assessments. The template has been formatted to be used in Obsidian
kacakb/jsfinder
Fetches JavaScript files quickly and comprehensively.
jacobbednarz/go-csp-collector
A CSP collector written in Golang
prjblk/wordpress-audit-automation
Scripts to download every Wordpress plugin (updated in the last 2 years) and run Semgrep over the lot of it while storing output in a database.
Automattic/wpscan-vulnerability-test-bench
Standardised setup for researching WordPress plugin- and theme vulnerabilities.