Semgrep rules for smart contracts based on DeFi exploits

Quickly open your favorite Web IDE to review the selected smart contract codebase

Hardhat is a development environment to compile, deploy, test, and debug your Ethereum software.

BDD Automated Security Tests for Web Applications

Collection of tools for analyzing open source packages.

A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.

This project is about creating and publishing threat model examples.

PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.

Checklist of the most important security countermeasures when designing, creating, testing your web/mobile application

⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.

Top 100 Hacking & Security E-Books (Free Download)

This cheatsheet is built for the Bug Bounty Hunters and penetration testers in order to help them hunt the vulnerabilities from P4 to P1 solely and completely with "BurpSuite".

Deliberately vulnerable AWS resources for security assessment demos

My personal notes and exercises for my GIAC-GWEB certification exam.

nodejsscan is a static security code scanner for Node.js applications.

Azure Security Resources and Notes

The ultimate WinRM shell for hacking/pentesting

💻🛡️ A curated collection of awesome resources, tools, and other shiny things for cybersecurity blue teams.

This tool can be used to brute discover GET and POST parameters

TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.

An automation framework for running multiple open sourced subdomain bruteforcing tools (in parallel) using your own wordlists via Docker Compose

J2EEScan is a plugin for Burp Suite Proxy. The goal of this plugin is to improve the test coverage during web application penetration tests on J2EE applications.

Repo for all the OWASP-SKF Docker lab examples

This repository is about @harshbothra_'s 365 days of Learning Tweets & Mindmaps collection.

SSH spreading made easy for red teams in a hurry

Advanced Burp Suite Logging Extension

A collection of various awesome lists for hackers, pentesters and security researchers

A collection of hacking / penetration testing resources to make you better!