Supply-Chain Firewall (SCFW) is a tool for preventing the installation of malicious npm and PyPI packages 🔥

A Docker container for Openvas

Community curated list of templates for the nuclei engine to find security vulnerabilities.

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the …

The repository has collected about 10,000 malicious pypi packages. This dataset is the work of the ASE 2023 paper "An Empirical Study of Malicious Code In PyPI Ecosystem". Of course, we will contin…

A curated database of insecure Python packages

A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.

Audits Python environments, requirements files and dependency trees for known security vulnerabilities, and can automatically fix them

Hash collisions and exploitations

Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

An open-source dataset of malicious software packages found in the wild, 100% vetted by humans.

Python implementation of OWASP CycloneDX

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

CycloneDX Software Bill of Materials (SBOM) generator for Python projects and environments

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

An extremely fast Python linter and code formatter, written in Rust.

GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems

🐍 🔍 GuardDog is a CLI tool to Identify malicious PyPI and npm packages

A list of Free and Open Source Software (FOSS) for Android – saving Freedom and Privacy.

Bandit is a tool designed to find common security issues in Python code.

Daemon to ban hosts that cause multiple authentication errors

🔒 A compiled checklist of 300+ tips for protecting digital security and privacy in 2024

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

KeePassXC is a cross-platform community-driven port of the Windows application “KeePass Password Safe”.

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

Cross-platform GUI written in Rust using ADB to debloat non-rooted Android devices. Improve your privacy, the security and battery life of your device.

Automated System Hardening Framework