Find, verify, and analyze leaked credentials

A centralized source of all AWS IAM privilege escalation methods released by Rhino Security Labs.

Tools of The Trade, from Hacker News.

[WIP] Crappy iOS app analyzer

for AWS Security material

Instruments to assist in binary application reversing and augmentation, geared towards walled gardens like iOS and macOS

A simple web app that helps developers understand the ASVS requirements.

A python script that finds endpoints in JavaScript files

Resolve and quickly portscan a list of (sub)domains.

Knock Subdomain Scan

Ephemera and other documentation associated with the 1337list project.

Find CVEs from a list of packages in different formats

A collection of various awesome lists for hackers, pentesters and security researchers

The JavaScript Way book

**DEPRECATED** This project has been replaced by https://github.com/zmap/zgrab2

Materials related to the 2017 BSides Las Vegas presentation

Probe a rendering engine for vulnerabilities and other features

A Burp Suite Pro extension which augments your proxy traffic by injecting non-invasive headers designed to reveal backend systems by causing pingbacks to Burp Collaborator

The new bridge between Burp Suite and Frida!

🖥 Chrome automation made simple. Runs locally or headless on AWS Lambda.

Modern HTML Presentations

Server-Side Template Injection and Code Injection Detection and Exploitation Tool

Vulnerability scanner based on vulners.com search API

A web API written in c# and ASP in order to serve Ultima Online client files.

An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

Security Knowledge Framework (SKF) Python Flask / Angular project

Fuzzapi is a tool used for REST API pentesting and uses API_Fuzzer gem