VSAQ is an interactive questionnaire application to assess the security programs of third parties.

A comprehensive, systematic and actionable way to understand attacker behaviors and techniques with respect to the software supply chain

GeoIntel using Google's Gemini API to uncover the location where photos were taken through AI-powered geo-location analysis.

Scan MCP Servers for vulnerabilities

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug b…

Fabric is an open-source framework for augmenting humans using AI. It provides a modular system for solving specific problems using a crowdsourced set of AI prompts that can be used anywhere.

The Security Champion Framework provides both a measuring stick and a roadmap generator for Champion Programs.

A play place to test https://arxiv.org/pdf/2508.21669

Protect against malicious open source packages 🤖

AI agent for autonomous cyber operations

AI-VAPT is an autonomous AI-driven Vulnerability Assessment & Penetration Testing framework combining traditional VAPT with neural intelligence. It automates recon, scanning, and reporting using AI…

A curated list of tools officially presented at Black Hat events

Google Maps for AWS IAM

Open Source Static Scanning tool to detect data flows in your code, find data security vulnerabilities & generate accurate Play Store Data Safety Report.

Burp Automator - A Burp Suite Automation Tool. It provides a high level CLI and Python interfaces to Burp Suite scanner and can be used to setup Dynamic Application Security Testing (DAST).

The repository has collected about 10,000 malicious pypi packages. This dataset is the work of the ASE 2023 paper "An Empirical Study of Malicious Code In PyPI Ecosystem". Of course, we will contin…

A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerability (OSV) format.

An open-source dataset of malicious software packages found in the wild, 100% vetted by humans.

This repo contains the code for my secure code review challenges. People used this as the primary resource to pass FAANG AppSec interviews 😉

Protect against malicious code installed via npm, yarn, pnpm, npx, and pnpx with Aikido Safe Chain. Free to use, no tokens required.

Appollo is an open-source tool for continuous attack surface monitoring, helping organizations identify, analyze, and mitigate security risks in real time.

gpt-oss-120b and gpt-oss-20b are two open-weight language models by OpenAI

This repository contains Cursor Security Rules designed to improve the security of both development workflows and AI agent usage within the Cursor environment. These rules aim to enforce safe codin…

Scan for secrets in dangling commits on GitHub using GH Archive data.

Kingfisher is a blazingly fast and highly accurate tool for secret detection and live validation across files, Git repos, GitHub, GitLab, Azure DevOps, BitBucket, Gitea, AWS S3, Docker images, Jira…