Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

A vulnerability scanner for container images and filesystems

CLI tool and library for generating a Software Bill of Materials from container images and filesystems

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

🔥🔒 Awesome MCP (Model Context Protocol) Security 🖥️

An open-source AI agent that brings the power of Gemini directly into your terminal.

GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grep

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing

The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.

CTF challenges designed and implemented in machine learning applications

A curated list of Awesome Security Challenges.

Collection of extracted System Prompts from popular chatbots like ChatGPT, Claude & Gemini

a security scanner for custom LLM applications

Tips and Tutorials for Bug Bounty and also Penetration Tests.

A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

A list of resources for those interested in getting started in bug bounties

Automatic syncronization from Notion to Github

Web and mobile application security training platform

WebGoat is a deliberately insecure application

A collection of awesome software, libraries, documents, books, resources and cools stuffs about security.

Pre-Built Vulnerable Environments Based on Docker-Compose

Vulnerable Java based Web Application

📚 技术面试必备基础知识、Leetcode、计算机操作系统、计算机网络、系统设计

PoC Lab for Spring4shell vulnerability

a rep for documenting my study, may be from 0 to 0.1

Java web common vulnerabilities and security code which is base on springboot and spring security

The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

Notebooks and Exercises for my Machine Learning courses aimed at cybesecurity students

JNDI注入测试工具（A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc）