yazzzuk

yazzzuk's Stars

• google/honggfuzz

  Security oriented software fuzzer. Supports evolutionary, feedback-driven fuzzing based on code coverage (SW and HW based)

  Language:C3.1k515

• google/AFL

  american fuzzy lop - a security-oriented fuzzer

  Language:C3.8k651

• Cloud-Architekt/AzureAD-Attack-Defense

  This publication is a collection of various common attack scenarios on Microsoft Entra ID (formerly known as Azure Active Directory) and how they can be mitigated or detected.

  Language:PowerShell2.2k330

• The-XSS-Rat/SecurityTesting

  Language:Python1k273

• tuhin1729/Bug-Bounty-Methodology

  These are my checklists which I use during my hunting.

  Language:HTML58886

• AnLoMinus/Bug-Bounty

  Bug Bounty ~ Awesomes | Books | Cheatsheets | Checklists | Tools | Wordlists | More

  Language:Shell39885

• inonshk/31-days-of-API-Security-Tips

  This challenge is Inon Shkedy's 31 days API Security Tips.

  2.1k332

• 0xmaximus/Galaxy-Bugbounty-Checklist

  Tips and Tutorials for Bug Bounty and also Penetration Tests.

  1.4k349

• NetSPI/MicroBurst

  A collection of scripts for assessing Microsoft Azure security

  Language:PowerShell2.1k314

• cyberark/BlobHunter

  Find exposed data in Azure with this public blob scanner

  Language:Python32153

• Kyuu-Ji/Awesome-Azure-Pentest

  A collection of resources, tools and more for penetration testing and securing Microsofts cloud platform Azure.

  1k190

• BishopFox/cloudfox

  Automating situational awareness for cloud penetration tests.

  Language:Go2k191

• roottusk/vapi

  vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.

  Language:HTML1.2k312

• marmicode/websheep

  🐑 Websheep is an app based on a willingly vulnerable ReSTful APIs.

  Language:TypeScript5335

• snoopysecurity/dvws-node

  Damn Vulnerable Web Services is a vulnerable application with a web service and an API that can be used to learn about webservices/API related vulnerabilities.

  Language:JavaScript461181

• optiv/rest-api-goat

  Language:Python7427

• juice-shop/juice-shop

  OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

  Language:TypeScript10.7k11.5k

• juice-shop/pwning-juice-shop

  Antora/Asciidoc content for Bjoern Kimminich's free eBook "Pwning OWASP Juice Shop"

  Language:Handlebars224136

• abhishekgk/cbbh

  31

• Touexe/CBBH

  Cheat Sheet

  53

• iknowjason/PurpleCloud

  A little tool to play with Azure Identity - Azure and Entra ID lab creation tool. Blog: https://medium.com/@iknowjason/sentinel-for-purple-teaming-183b7df7a2f4

  Language:Python54795

• ine-labs/AzureGoat

  AzureGoat : A Damn Vulnerable Azure Infrastructure

  Language:Python808188

• kyverno/kyverno

  Cloud Native Policy Management

  Language:Go6k918

• ssllabs/research

  2.2k225

• OWASP/KubeLight

  OWASP Kubernetes security and compliance tool [WIP]

  Language:Python10516

• OWASP/wrongsecrets

  Vulnerable app with examples showing how to not use secrets

  Language:Java1.3k380

• owasp-amass/amass

  In-depth attack surface mapping and asset discovery

  Language:Go12.3k1.9k

• OWASP/secure-coding-practices-quick-reference-guide

  The Secure Coding Practices Quick-reference Guide from OWASP

  338

• trustoncloud/threatmodel-for-azure-storage

  ThreatModel for Azure Storage - Library of all the attack scenarios on Azure Storage, and how to mitigate them following a risk-based approach

  575

• OWASP/CheatSheetSeries

  The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

  Language:Python28.6k4k