Portable file server with accelerated resumable uploads, dedup, WebDAV, FTP, TFTP, zeroconf, media indexer, thumbnails++ all in one file, no deps

Adobe Experience Manager (AEM) hacking toolkit

Main MineMeld documentation repo

MCP for Security: A collection of Model Context Protocol servers for popular security tools like SQLMap, FFUF, NMAP, Masscan and more. Integrate security testing and penetration testing into AI wor…

Misconfiguration Manager is a central knowledge base for all known Microsoft Configuration Manager tradecraft and associated defensive and hardening guidance.

Linux running inside a PDF file via a RISC-V emulator

Nosey Parker is a command-line tool that finds secrets and sensitive information in textual data and Git history.

Security tool against dependency typosquatting attacks

The web app running howsmyssl.com

Bjorn is a powerful network scanning and offensive security tool for the Raspberry Pi with a 2.13-inch e-Paper HAT. It discovers network targets, identifies open ports, exposed services, and potent…

DEPRECATED - A prototype SSH configuration and policy scanner (Blog: https://mozilla.github.io/ssh_scan/)

Self-hosted bug bounty programs that are "scammy" or unethical

R package to specify relational specified data tables

The Network Execution Tool

An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws

Ostorlab KEV: One-command to detect most remotely known exploitable vulnerabilities. Sourced from CISA KEV, Google's Tsunami, Ostorlab's Asteroid and Bug Bounty programs.

This project aims to compare and evaluate the telemetry of various EDR products.

The Google Cloud Developer's Cheat Sheet

A tool to dump the login password from the current linux user

VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities across different attack scenarios

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face. #nolockdown

A Python package and CLI for parsing aggregate and forensic DMARC reports

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous …

The last commit of Wappalyzer before it went private

Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.

Execute Trickest workflows right from your terminal

Open Source Vulnerability Management Platform

Community curated list of templates for the nuclei engine to find security vulnerabilities.