Various *nix tools built as statically-linked binaries

An HTTP proxy library for Go

BLint is a Binary Linter to check the security properties, and capabilities in your executables. Since v2, blint is also an SBOM generator for binaries.

General-purpose programming language and toolchain for maintaining robust, optimal, and reusable software.

Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities.

BlackLotus UEFI Windows Bootkit

Vulnerability scanner written in Go which uses the data provided by https://osv.dev

#supply #chain #attack #detection

The financial transactions database designed for mission critical safety and performance.

The S2C2F Project is a group working within the OpenSSF's Supply Chain Integrity Working Group formed to further develop and continuously improve the S2C2F guide which outlines and defines how to s…

Collection of Event ID ressources useful for Digital Forensics and Incident Response

Shadow is a discrete-event network simulator that directly executes real application code, enabling you to simulate distributed systems with thousands of network-connected processes in realistic an…

Generate a score for your sbom to understand if it will actually be useful.

"How to Do Great Research" Course for Ph.D. Students

E-mails, subdomains and names Harvester - OSINT

A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.

The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.

📗🌐 🚢 Comprehensive and exhaustive JavaScript & Node.js testing best practices (July 2023)

Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

A collection of hacks and one-off scripts

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

WhiteWinterWolf's PHP web shell

tools for sandboxing your dependency graph

Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

A Jekyll theme for minimal editions 📖

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more