m3ssap0's Stars
drwetter/testssl.sh
Testing TLS/SSL encryption anywhere on any port
LouisShark/chatgpt_system_prompt
A collection of GPT system prompts and various prompt injection/leaking knowledge.
bridgecrewio/checkov
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
WebAssembly/wabt
The WebAssembly Binary Toolkit
DefectDojo/django-DefectDojo
DevSecOps, ASPM, Vulnerability Management. All on one platform.
christophetd/CloudFlair
🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.
sa7mon/S3Scanner
Scan for misconfigured S3 buckets across S3-compatible APIs!
pwndoc/pwndoc
Pentest Report Generator
jelmer/dulwich
Pure-Python Git implementation
Checkmarx/kics
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
OWASP/threat-dragon
An open source threat modeling tool from OWASP
allanlw/svg-cheatsheet
A cheatsheet for exploiting server-side SVG processors.
wallarm/jwt-secrets
tldrsec/awesome-secure-defaults
Awesome secure by default libraries to help you eliminate bug classes!
TupleType/awesome-cicd-attacks
Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.
step-security/github-actions-goat
GitHub Actions Goat: Deliberately Vulnerable GitHub Actions CI/CD Environment
xeol-io/xeol
A scanner for end-of-life (EOL) software and dependencies in container images, filesystems, and SBOMs
gwen001/cloudflare-origin-ip
Try to find the origin IP of a webapp protected by Cloudflare.
Escape-Technologies/awesome-graphql-security
A curated list of awesome GraphQL Security frameworks, libraries, software and resources
klarna-incubator/gram
Gram is Klarna's own threat model diagramming tool
synacktiv/nord-stream
Nord Stream is a tool that allows you to extract secrets stored inside CI/CD environments by deploying malicious pipelines. It currently supports Azure DevOps, GitHub and GitLab.
mindedsecurity/semgrep-rules-android-security
A collection of Semgrep rules derived from the OWASP MASTG specifically for Android applications.
boringtools/git-alerts
Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive files
boostsecurityio/poutine
boostsecurityio/poutine
securityelixir/potion_shop
A vulnerable Elixir and Phoenix application for learning web security
neodyme-labs/github-secrets
This tool analyzes a given Github repository and searches for dangling or force-pushed commits containing potential secret or interesting information.
splitline/Pickora
A toy compiler that can convert Python scripts 🐍 to pickle bytecode 🥒
boostsecurityio/lotp
boostsecurityio/lotp
AvalZ/regrets
Use Z3 to generate strings that match multiple regex | "The plural of regex is regrets"
SecPriv/cookiecrumbles
Cookie Crumbles: Breaking and Fixing Web Session Integrity