Security Innovation

  • Pretty Good Privacy for Python

    Python 67 12 Updated Feb 17, 2017
  • AuthMatrix is a Burp Suite extension that provides a simple way to test authorization in web applications and web services.

    Python 150 35 Updated Feb 15, 2017
  • 49 8 Updated Feb 18, 2016
  • A Security and Privacy Guide for non-technical users

    18 6 Updated Oct 5, 2015
  • Holodeck is a Fault Injection tool for testing Windows binaries and .NET applications. Holodeck utilizes fault-injection techniques to introduce the application to simulated scenarios that arise as the result of "broken" environments, such as out of memory conditions, corrupt files, bad registry data, or corrupted network packets.

    C# 12 4 Updated Aug 12, 2014
  • C++ Updated Jul 9, 2014
  • JavaScript 1 Updated Jul 10, 2014
  • Simple REST client that supports session cookies and BASIC authentication

    Python 2 Updated Jun 20, 2014
  • A very basic fuzzer to replicate the "sniper" functionality in Burp. WhatTheFuzz needs a source of invalid values. You can create one by adding a bunch of test cases to a text file (one per line) or I suggest you use FuzzDB, a great resource for that kind of thing. BSD License

    C# 11 2 Updated Mar 19, 2014
  • This is an ultra basic websockets demo that builds chatroom-like functionality for demo in ILT. It includes no security features (such as AuthN/AuthZ) and some of the basic security features have been commented out for demonstration purposes (more secure lines are just above) originally forked from: https://github.com/heroku-examples/ruby-websoc…

    JavaScript Updated Mar 8, 2014
  • My IDA scripts, tips and testing techniques for Thick Client applications.

    Python 4 Updated Nov 19, 2013
  • Static Code Analysis Tool for analyzing C# and ASP.NET applications without relying on binary analysis.

    C# 3 Updated Oct 20, 2013
  • Itertools extension for generating large and complex datasets using generators.

    Python 2 3 Updated Oct 11, 2013
  • A collection of all the lists, scripts and techniques I use while doing web application penetration tests.

    Python 6 32 Updated Aug 23, 2013
  • A vulnerable demo site for people to learn about Web Application Security

    C# 20 11 Updated Aug 15, 2013
  • Checks trace and ssl security

    Python 6 3 Updated Aug 9, 2013
  • Automatic hash detector and cracking plugin for Fiddler2

    2 Updated Jun 26, 2013
  • YASAT (Yet Another Static Analysis Tool) is a very basic static analysis tool, really it's less about static analysis and more about running a group of regular expressions on a code base and generating a report on the resulting matches.

    C# 14 4 Updated Jun 25, 2013
  • This is a Fiddler2 Plugin that implements an Inspector for Protobuf.

    C# 18 11 Updated Jun 19, 2013
  • A simple, easy to use .NET library for mitigating risk from SQL injection (SQLi) attacks

    C# 2 Updated May 13, 2013
  • tide editor

    C++ 1 Updated Apr 30, 2013
  • Repo to track changes to the burp2xml script from Paul Haas of Redspin

    Python 4 3 Updated Jun 28, 2012
  • Blackmamba is a new concurrent networking library for Python. Blackmamba was built from the ground up leveraging the power of epoll and coroutines.

    Python 2 13 Updated Jul 19, 2011
  • Transform is an easy to use encoder/decoder written in C#. It leverages the AntiXss library to make it easy to see how values are being encoded.

    C# 3 1 Updated Mar 11, 2011
  • A simple Regular Expression Matcher for .NET easy to use

    C# 2 1 Updated Mar 4, 2011
  • 4 1 Updated Jan 25, 2011