The Book Of Secret Knowledge

Decentralized anonymous instant messenger on top of Tor Hidden Services

A laboratory for learning secure web and mobile development in a practical manner.

namebench

My collection of various security tools created mostly in Python and Bash. For CTFs and Bug Bounty.

Linux tutorials and cheatsheets. Minimal examples. Mostly user-land CLI utilities. Linux kernel at: https://github.com/cirosantilli/linux-kernel-module-cheat Linux教程和备忘单。 最少的例子。 主要是用户级CLI实用程序。 Linux内核位于：https://github.com/cirosantilli/linux-kernel-module-cheat

Damn Small Vulnerable Web

DEPRECATED - A prototype SSH configuration and policy scanner (Blog: https://mozilla.github.io/ssh_scan/)

Send notifications when SSL certificates are about to expire.

Damn Vulnerable NodeJS Application

Security Bulletins that relate to Netflix Open Source

Kubernetes security notes and best practices

A conformance testing tool for HTTP/2 implementation.

An archive of low-level CTF challenges developed over the years

a package of Pentest scripts I have made or commonly use

$50 Million CTF from Hackerone - Writeup

Open-source pentesting management and automation platform by Salesforce Product Security

My CTF journey since 2015. Stats, writeups, code snippets, notes, challenges.

A command-line network packet crafting and injection utility

tcpterm is a packet visualizer in TUI.

Moved to https://codeberg.org/DNS-OARC/dnsperf

Play battleships using BGP

HTTP/HTTPS load testing and benchmarking tool

Archived Mozilla SSL Configuration Generator . The code now lives at https://github.com/tlsref/configurator

Dump unix domain socket traffic with bpf

h2t (HTTP Hardening Tool) scans a website and suggests security headers to apply

PacketFu, a mid-level packet manipulation library for Ruby

A highly configurable Framework for easy automated web scanning

Open source tool to help you build a valid SSL certificate chain.

A curated list of all machine learning algorithms and deep learning algorithms grouped by category.

All my Hacking|Pentesting Notes

Host and manage multiple Juice Shop instances for security trainings and Capture The Flags

Ciplerli.st - strong ciphers for NGINX, Apache and Lighttpd

OpenBSD Router Boilerplate

Insert trace-points into the running configuration to observe the path of packets through the iptables chains.

ClusterSSH with tmux -- mirror of https://gitlab.com/peikk0/tmux-cssh

A little book which introduces strace.

OpenDNS application security training program

Bug Bounty writeups, Vulnerability Research, Tutorials, Tips&Tricks

Sample vulnerable code and its exploit code

Linux CLI Ethernet and MPLS Testing Tool

Scoreboard for Capture The Flag competitions.

Faster and more efficient stateless SYN scanner and banner grabber due to userland TCP/IP stack usage.

A simple web app that helps developers understand the ASVS requirements. Now supporting ASVS 5.0

Rootkit Hunter install script

research

Bootstrap Kubernetes the easy way on Google Cloud Platform. No scripts.

a friendly wrapper around ptrace

Bodhi - Client-side Vulnerability Playground

DNSDB API Client, C Version

Coursera Stanford Cryptography 1 - Thought by Prof. Dan Boneh