Stars
A coding-agent skill for multi-phase security audits with independently verified, machine-readable findings
High-performance open-source security scanner combining SAST, SCA, Secret Detection, and IaC analysis, built for developers and CI/CD pipelines, using AI for recommendation!
claude-red is a curated library of offensive security skills designed for the Claude skills system. Each skill is a structured SKILL.md file that primes Claude with expert-level methodology for a s…
Open-Source Unified Vulnerability Management, DevSecOps & ASPM
Open source templates you can use to bootstrap your security programs
The open document intelligence platform for builders and hackers - DMS for the agentic world
Streamline vulnerability patching with CVSS, EPSS, and CISA's Known Exploited Vulnerabilities. Prioritize actions based on real-time threat information, gain a competitive advantage, and stay infor…
OXO is a security scanning orchestrator for the modern age.
Burp Automator - A Burp Suite Automation Tool. It provides a high level CLI and Python interfaces to Burp Suite scanner and can be used to setup Dynamic Application Security Testing (DAST).
Gather and update all available and newest CVEs with their PoC.
A utility to (re-)import findings and language data into DefectDojo
VoxEngine scenarios that provide phone network connectivity connecting to Jitsi Jigasi
Jitsi Meet - Secure, Simple and Scalable Video Conferences that you use as a standalone app or embed in your web application.
An installable desktop variant of OWASP Threat Dragon
A list of public penetration test reports published by several consulting firms and academic security groups.
A Burp plugin to export findings to DefectDojo
This repo is meant to be a list of companies that hire security people full remote.
Slack Enumeration and Extraction Tool - extract sensitive information from a Slack Workspace
Find, verify, and analyze leaked credentials
Sample scan files for testing DefectDojo imports
A set of high-level abstractions for Django forms