s0rcy's Stars
HackTricks-wiki/hacktricks
Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
1N3/Sn1per
Attack Surface Management Platform
microsoft/ApplicationInspector
A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.
AloneMonkey/frida-ios-dump
pull decrypted ipa from jailbreak device
ambionics/phpggc
PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.
B3nac/Android-Reports-and-Resources
A big list of Android Hackerone disclosed reports and other resources.
google/atheris
zhlynn/zsign
Maybe it is the most quickly codesign alternative for iOS12+, cross-platform ( macOS, Linux , Windows ), more features.
ClaudiuGeorgiu/PlaystoreDownloader
A command line tool to download Android applications directly from the Google Play Store by specifying their package name (an initial one-time configuration is required)
ptoomey3/evilarc
Create tar/zip archives that can exploit directory traversal vulnerabilities
doyensec/electronegativity
Electronegativity is a tool to identify misconfigurations and security anti-patterns in Electron applications.
ChiChou/grapefruit
(WIP) Runtime Application Instruments for iOS. Previously Passionfruit
semgrep/semgrep-rules
Semgrep rules registry
snoopysecurity/Vulnerable-Code-Snippets
A small collection of vulnerable code snippets
CoderMJLee/MJCodeObfuscation
一个用于代码混淆和字符串加密的Mac小Demo
nccgroup/blackboxprotobuf
Blackbox Protobuf is a set of tools for working with encoded Protocol Buffers (protobuf) without the matching protobuf definition.
insidersec/insider
Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).
dustyfresh/PHP-vulnerability-audit-cheatsheet
This will assist you in the finding of potentially vulnerable PHP code. Each type of grep command is categorized in the type of vulnerabilities you generally find with that function.
alsmith/multicast-relay
Relay multicast and broadcast packets between interfaces.
mindedsecurity/semgrep-rules-android-security
A collection of Semgrep rules derived from the OWASP MASTG specifically for Android applications.
anantshri/Android_Security
This repository is a suplimentary material for Android Training's done by Anant Shrivastava from 2012-2017
oleavr/ios-inject-custom
Example showing how to use Frida for standalone injection of a custom payload
lucapiccolboni/crylogger
CRYLOGGER: Detecting Crypto Misuses for Android and Java Apps Dynamically
LewisArdern/metasecjs
MetaSec.js combines all the free open-source security tools to identify issues with JavaScript and automates the boring parts
iosifache/semgrep-rules-manager
Manager of third-party sources of Semgrep rules 🗂
linuxhw/LsUSB
Collect lsusb reports and find most popular USB devices
jimmybish/qnap-docker-compose
Docker Compose config for the home QNAP NAS
Marcono1234/codeql-java-queries
Personal CodeQL queries
gagliardetto/codebox
Generate CodeQL taint-tracking models for Go (along with tests) in a graphical UI
leocov-dev/tadpoles-backup
Download images of your kids from Tadpoles and Bright Horizons via CLI, Docker, or Kubernetes