IoTGoat is a deliberately insecure firmware created to educate software developers and security professionals with testing commonly found vulnerabilities in IoT devices.

Enterprise-Grade Continuous Delivery & DevOps Automation Open Source Platform

Domain name parser for Go based on the Public Suffix List.

DNS library in Go

A tool for parsing breached passwords

OWASP Web Application Security Testing Checklist

😱 A curated list of amazingly awesome OSINT

A tool to link a domain with registered organisation names and emails, to other domains.

Remote Code Execution Exploit for Citrix Application Delivery Controller and Citrix Gateway [ CVE-2019-19781 ]

This is a tool published for the Citrix ADC (NetScaler) vulnerability. We are only disclosing this due to others publishing the exploit code first.

SSRF testing tool

Automatic tool for DNS rebinding-based SSRF attacks

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

Web Component extending IFrame to bypass X-Frame-Options: deny/sameorigin

Find domains and subdomains related to a given domain

Certificate Transparency Log Monitor

A pretty sweet vulnerability scanner

SAML2 Burp Extension

🐍 A toolkit for testing, tweaking and cracking JSON Web Tokens

Find secrets with Gitleaks 🔑

Scans packages in npm and pypi for secrets

Fetch all the URLs that the Wayback Machine knows about for a domain

Pull out bits of URLs provided on stdin

Take a list of domains and probe for working HTTP and HTTPS servers

Fast web fuzzer written in Go

Web path scanner

HTML5 Security Cheatsheet - A collection of HTML5 related XSS attack vectors

A little tool to play with Windows security

This is a collection of writeups, cheatsheets, videos, books related to SSRF in one single location