Repository for the Open Security Reference Architecture

The ZAP by Checkmarx Core project

This repository provides sample templates for security playbooks against various scenarios when using Amazon Web Services.

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

Nikto web server scanner

draft for Japanese translation of OWASP Application Security Verification Standard

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

🦉🔎 A simple tool to audit your AWS/GCP infrastructure for misconfiguration or potential security issues with plugins integration

Detect, track and alert on infrastructure drift

ALL IN ONE Hacking Tool For Hackers

In-depth attack surface mapping and asset discovery

TheHive: a Scalable, Open Source and Free Security Incident Response Platform

A GitHub Action for detecting vulnerable dependencies and invalid licenses in your PRs

SSH server & client security auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)

An OOB interaction gathering server and client library

Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face. #nolockdown

Awesome list of keywords and artifacts for Threat Hunting sessions

Find domains and subdomains related to a given domain

Fast passive subdomain enumeration tool.

A vulnerable version of Rails that follows the OWASP Top 10

The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.

Ruby on Rails application like RailsGoat

Web attack vectors collection

[Deprecated] GitHub's Field Team's CodeQL Custom Queries, Suites, and Configurations. See GitHubSecurityLab/CodeQL-Community-Packs instead

freee株式会社2023年サマーインターンの成果を整理して公開してあります。今後も拡張予定です

Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, and process activity on those runners, detecting threats in re…

Orchestrate GitHub Actions Security

GitHub Actions Goat: Deliberately Vulnerable GitHub Actions CI/CD Environment