Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.

Bandit is a tool designed to find common security issues in Python code.

A static analysis security vulnerability scanner for Ruby on Rails applications

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

A Python-based simulator for analyzing the security of quantum communication systems. Currently focuses on the BB84 protocol. Designed for educational and research purposes.

Source code that accompanies the book API Security in Action

Resources to help you keep secrets (API keys, database credentials, certificates, ...) out of source code and remediate the issue in case of a leaked API key. Made available by GitGuardian.

A secuity checklist for anyone who's developing and deploying APIs

API-Pentesting-Checklist

🚀 Join us for 30days of daily API security tests. #30days30tests We've spent last 120days building amazing API security tests for the community. Next 30 days we will post test tutorials here.

A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.

Anomaly Detection in James Webb Space Telescope (JWST) Data using Machine Learning, focusing on identifying maliciously manipulated or falsified data to ensure reliable analysis.

Server-Side Template Injection and Code Injection Detection and Exploitation Tool

List DTDs and generate XXE payloads using those local DTDs.

Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.

BruteXSS is a tool written in python simply to find XSS vulnerabilities in web application. This tool was originally developed by Shawar Khan in CLI. I just redesigned it and made it GUI for more c…

Monitor linux processes without root permissions

GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems

Top disclosed reports from HackerOne

A fast tool to scan CRLF vulnerability written in Go

Contextual Content Discovery Tool

The fastest and complete solution for domain recognition. Supports screenshoting, port scan, HTTP check, data import from other tools, subdomain monitoring, alerts via Discord, Slack and Telegram, …

CORS Misconfiguration Scanner

Web path scanner

A simple script just made for self use for bypassing 403

Gospider - Fast web spider written in Go

「🔑」A tool used to hunt down API key leaks in JS files and pages

🎯 Open Redirect Payload List

Small tool to Grab subdomains using Shodan api.

This repository contains a roadmap for preparing for the EJPTv2 exam.