tool designed for identifying vulnerabilities in open source codebases at scale. It can gather and filter on key repository metrics such as popularity and project size

BadZure orchestrates the setup of Azure AD tenants, populating them with diverse entities while also introducing common security misconfigurations to create vulnerable tenants with multiple attack …

The Python micro framework for building web applications.

Reverse engineering of Virtua Cop 2 PC (1997)

A curated list of engineering blogs

A tool for checking if MFA is enabled on multiple Microsoft Services

Multi-Cloud Security Auditing Tool

A collection of scripts for assessing Microsoft Azure security

Prowler is an Open Cloud Security tool for AWS, Azure, GCP and Kubernetes. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics…

An awesome repository of local AI tools

grep rough audit - source code auditing tool

Get up and running with Llama 3.3, DeepSeek-R1, Phi-4, Gemma 2, and other large language models.

Grep source code and see useful code context about matching lines

Organize your API security assessment by using MindAPI. It's free and open for community collaboration.

Create notes during a security code review in VSCode 📝 Import your favorite SAST tool findings 🛠️ and collaborate with others 🤝

Secrets Patterns DB: The largest open-source Database for detecting secrets, API keys, passwords, tokens, and more.

A built-to-be-vulnerable API application based on the OWASP top 10 API vulnerabilities. Use c{api}tal to learn, train and exploit API Security vulnerabilities within your own API Security CTF.

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

Semgrep rules registry

DevSkim is a set of IDE plugins, language analyzers, and rules that provide security "linting" capabilities.

Banned.h - deprecated C runtime functions

Code samples for No Starch Press Black Hat Go

Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

This code review checklist helps you be a more effective and efficient code reviewer.

AzureGoat : A Damn Vulnerable Azure Infrastructure

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

A stupid game for learning about containers, capabilities, and syscalls.

A collection of my Semgrep rules to facilitate vulnerability research.