Crack WPA/WPA2 Wi-Fi Routers with Airodump-ng and Aircrack-ng/Hashcat

🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.

The easiest, most secure way to use WireGuard and 2FA.

⏰ 🔥 A TCP proxy to simulate network and system conditions for chaos and resiliency testing

Audits Python environments, requirements files and dependency trees for known security vulnerabilities, and can automatically fix them

Program Analisys and Transformation survey and links (particular focus on SSA)

A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.

A unit test-like interface for fuzzing and symbolic execution

Prowler is the world’s most widely used open-source cloud security platform that automates security and compliance across any cloud environment.

Advisory database for Python packages published on pypi.org

OpenSSF Security Tooling Working Group

Helping allocate resources to secure the critical open source projects we all depend on.

A fork and successor of the Sulley Fuzzing Framework

😱 A curated list of amazingly awesome OSINT

GTFOBins is a curated list of Unix-like executables that can be used to bypass local security restrictions in misconfigured systems.

Collection of cryptography-related traits

Mundane is a Rust cryptography library backed by BoringSSL that is difficult to misuse, ergonomic, and performant (in that order).

Printer Exploitation Toolkit - The tool that made dumpster diving obsolete.

How to improve NGINX performance, security, and other important things.

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

Collection of malware source code for a variety of platforms in an array of different programming languages.

Community guide to securing and improving privacy on macOS.

The Illustrated TLS 1.2 Connection: Every byte explained

A binary authorization and monitoring system for macOS

John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs

This is the data that drives the whynohttps.com website

Community guide to using YubiKey for GnuPG and SSH - protect secrets with hardware crypto.

in-toto is a framework to protect supply chain integrity.

syzkaller is an unsupervised coverage-guided kernel fuzzer