Muraena is an almost-transparent reverse proxy aimed at automating phishing and post-phishing activities.

nodejsscan is a static security code scanner for Node.js applications.

Sphinx-based Password Storage low-level library

A vault for securely storing and accessing AWS credentials in development environments

Tink is a multi-language, cross-platform, open source library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.

domain name/brand infringement detector. pulls newly registered domains daily, searches variations of your company domain names and alerts on typo squatters/phishing domains.

Transparent file encryption in git

Headunit for Android Auto

Attack and defend active directory using modern post exploitation adversary tradecraft activity

VirtualBox E1000 Guest-to-Host Escape

cracke-dit ("Cracked It") makes it easier to perform regular password audits against Active Directory environments.

Find, verify, and analyze leaked credentials

Removes large or troublesome blobs like git-filter-branch does, but faster. And written in Scala

A byte code analyzer for finding deserialization gadget chains in Java applications

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

A collaborative, multi-platform, red teaming framework

OpenVPN road warrior installer for Ubuntu, Debian, AlmaLinux, Rocky Linux, CentOS and Fedora

Make your Raspberry act as a Keyboard

Collecting ideas and code for a secure HID proxy between a USB device and a possibly compromised computer.

Run CoreOs Clair standalone

DevSec Examples

This Ansible collection provides battle tested hardening for Linux, SSH, nginx, MySQL

Streisand sets up a new server running your choice of WireGuard, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, sslh, Stunnel, or a Tor bridge. It also generates custom instructions for all of these s…

HElib is an open-source software library that implements homomorphic encryption. It supports the BGV scheme with bootstrapping and the Approximate Number CKKS scheme. HElib also includes optimizati…

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

🔥🔥🔥 Out of the Browser into the Fire - Cross platform XSS worm framework 🔥🔥🔥

A collection of AWS penetration testing junk

A default credential scanner.

Utility to strip Docker images to their bare minimum size.