Highlights
Lists (32)
Sort Name ascending (A-Z)
AppSec π‘οΈ
Application Security relating directly to the (development of) codeArchitecture/Design
Cheatsheet ποΈ
A collection of various cheatsheetsCourses π
CTF π΄
DevOps βΈοΈ
DevSecOps π‘οΈ
Application Security not relating directly to the development of codeDevUtils π§°
go
GOLANGIaC ποΈ
Infrastructure as CodeInfra
k8s
MiniMoon π
MobileDev π±
OSINT ποΈ
Open Source IntelligencePracticalDevSec
Practical resources for security during development of softwarePrivacy π₯·
PyProj π
Tools and resources for Python projetcsRE/MA β£οΈ
Reverse Engineering / Malware AnalysisRice π
Rust π¦
Scanning πΊοΈ
Tools and resources for [security] scanning and enumerationSEC/blue π¦
Security tools and resources for the blue team [defensive]SEC/k8s
SEC/red π₯
Security tools and resources for the red team [offensive]SecOps#infra
Security relating to infrastructureSecWorkshop
SRE
ReliabilitySysAdmin
Resources and tools for system administration// TODO
vita
WebDev πΈοΈ
Tools and resources for web development- All languages
- AGS Script
- ASP
- Assembly
- Astro
- Batchfile
- Bikeshed
- Boo
- C
- C#
- C++
- CSS
- Clojure
- Common Lisp
- Crystal
- Cython
- D
- DIGITAL Command Language
- Dart
- Dockerfile
- Elixir
- Erlang
- F#
- FreeMarker
- Go
- Groovy
- HCL
- HTML
- Haskell
- Java
- JavaScript
- Jinja
- Jupyter Notebook
- Kotlin
- Lua
- Makefile
- Markdown
- NASL
- Nim
- OCaml
- Objective-C
- Open Policy Agent
- PHP
- Pascal
- Perl
- PowerShell
- Python
- Raku
- Ruby
- Rust
- SCSS
- Scala
- Shell
- Smarty
- SourcePawn
- Starlark
- Tcl
- TeX
- TypeScript
- VBA
- Vala
- Verilog
- Vim Script
- Vue
- XSLT
- YARA
Starred repositories
Vulnerable app with examples showing how to not use secrets
The OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.
intentionally vuln web Application Security in django
The CRDT Yjs WebSocket backend for conflict-free real-time collaboration in your app.
Ebitengine - A dead simple 2D game engine for Go
Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths
MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way β¦
Web and mobile application security training platform
Extremely fast Vite-compatible web build tool written in Rust
Docker Enumeration, Escalation of Privileges and Container Escapes (DEEPCE)
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground π
π Consolidating and extending hosts files from several well-curated sources. Optionally pick extensions for porn, social media, and other categories.
π JavaScript diagramming library that uses SVG and HTML for rendering.
A very vulnerable web site written in NodeJS with the purpose of have a project with identified vulnerabilities to test the quality of security analyzers tools tools
An open source threat modeling tool from OWASP
My useful files for penetration tests, security assessments, bug bounty and other security related stuff
A fuzzer for detecting open redirect vulnerabilities
The OWASP DevSecOps Guideline can help us to embedding security as a part of the development pipeline.
πΆ Kubernetes CLI To Manage Your Clusters In Style!
Fully open source, End to End Encrypted alternative to Google Photos and Apple Photos
XSS payloads designed to turn alert(1) into P1
GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. - Do not use for illegal testing ;)
JavaScript library for audio visualization. π
TypeScript implementation of TypeIDs: type-safe, K-sortable, and globally unique identifiers inspired by Stripe IDs
A fancy, easy-to-use and reactive self-hosted docker compose.yaml stack-oriented manager
yq is a portable command-line YAML, JSON, XML, CSV, TOML and properties processor