The Book Of Secret Knowledge

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

⚙️ NGINX config generator on steroids 💉

UNIX-like reverse engineering framework and command-line toolset

SQL powered operating system instrumentation, monitoring, and analytics.

Checklist of the most important security countermeasures when designing, testing, and releasing your API

Community guide to securing and improving privacy on macOS.

🤖 The Modern Port Scanner 🤖

How to improve NGINX performance, security, and other important things.

Exploitation Framework for Embedded Devices

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

This is a collection of tutorials for learning how to use Docker with various tools. Contributions welcome.

🛡️ Open-source and cloud-native Web Application Firewall (WAF)

This guide details creating a secure Linux production system. OpenSCAP (C2S/CIS, STIG).

Automated penetration testing & attack surface management platform. Recon, scan, exploit, report — 600+ exploits, 90+ integrations, 10K+ detections.

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.

Malicious traffic detection system

The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!

A Modern Orchestration Engine for Security

Top 100 Hacking & Security E-Books (Free Download)

syzkaller is an unsupervised coverage-guided kernel fuzzer

A Tool for Domain Flyovers

Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet

Automated Mass Exploiter

Free Security and Hacking eBooks

Open-Source Unified Vulnerability Management, DevSecOps & ASPM

Security Monkey monitors AWS, GCP, OpenStack, and GitHub orgs for assets and their changes over time.

A collected list of awesome security talks

Knock Subdomain Scan

Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories.

Fast and powerful SSL/TLS scanning library.

PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.

Kubernetes Security - Best Practice Guide

A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

Find web directories without bruteforce

Resources to help you keep secrets (API keys, database credentials, certificates, ...) out of source code and remediate the issue in case of a leaked API key. Made available by GitGuardian.

Reverse proxies cheatsheet

A Game of Hackers (CTF Scoreboard & Game Manager)

Automated System Hardening Framework

Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.

A laboratory for learning secure web and mobile development in a practical manner.

Damn Vulnerable NodeJS Application

Security Bulletins that relate to Netflix Open Source

Kubernetes security notes and best practices

h2t (HTTP Hardening Tool) scans a website and suggests security headers to apply

Host and manage multiple Juice Shop instances for security trainings and Capture The Flags