gorrie's Stars
gitleaks/gitleaks
Protect and discover secrets using Gitleaks 🔑
owasp-amass/amass
In-depth attack surface mapping and asset discovery
SigmaHQ/sigma
Main Sigma Rule Repository
OWASP/wstg
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
EnableSecurity/wafw00f
WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.
OlivierLaflamme/Cheatsheet-God
Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet
OWASP/Top10
Official OWASP Top 10 Document Repository
OTRF/ThreatHunter-Playbook
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
Yelp/detect-secrets
An enterprise friendly way of detecting and preventing secrets in code.
OWASP/ASVS
Application Security Verification Standard
GAM-team/got-your-back
Got Your Back (GYB) is a command line tool for backing up your Gmail messages to your computer using Gmail's API over HTTPS.
OWASP/owasp-masvs
The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.
mitre-attack/attack-navigator
Web app that provides basic navigation and annotation of ATT&CK matrices
strongbox-password-safe/Strongbox
A KeePass/Password Safe Client for iOS and OS X
SerpicoProject/Serpico
SimplE RePort wrIting and COllaboration tool
atc-project/atomic-threat-coverage
Actionable analytics designed to combat threats
OWASP-Benchmark/BenchmarkJava
OWASP Benchmark is a test suite designed to verify the speed and accuracy of software vulnerability detection tools. A fully runnable web app written in Java, it supports analysis by Static (SAST), Dynamic (DAST), and Runtime (IAST) tools that support Java. The idea is that since it is fully runnable and all the vulnerabilities are actually exploitable, it’s a fair test for any kind of vulnerability detection tool. For more details on this project, please see the OWASP Benchmark Project home page.
OWASP/Docker-Security
Getting a handle on container security
OTRF/ATTACK-Python-Client
Python Script to access ATT&CK content available in STIX via a public TAXII server
OWASP/SecureCodingDojo
The Secure Coding Dojo is a platform for delivering secure coding knowledge.
OWASP/glue
Application Security Automation
trustedsec/physical-docs
This is a collection of legal wording and documentation used for physical security assessments. The goal is to hopefully allow this as a template for other companies to use and to protect themselves when conducting physical security assessments.
google/cloud-forensics-utils
Python library to carry out DFIR analysis on the Cloud
OWASP/RiskAssessmentFramework
The Secure Coding Framework
FairwindsOps/k8s-workshop
Fairwinds k8s-workshop
magoo/minimalist-risk-management
A minimalist risk management program!
simplerisk/code
The currently released SimpleRisk source code.
Cyb3rWard0g/CyberWardogLab
A few scripts I put together for testing purposes and to automate a few capabilities while doing IR. These scripts are also part of my blog https://cyberwardog.blogspot.com/
Redguard/csvs
Container Security Verification Standard
OWASP/2020-appseccalifornia