Explore 43 curated tools and resources
Want your tool featured here?
Get maximum visibility with pinned placement
A security analysis platform that combines SAST, SCA, SBOM generation and AI-assisted remediation to detect and fix vulnerabilities during the software development lifecycle.
A security analysis platform that combines SAST, SCA, SBOM generation and AI-assisted remediation to detect and fix vulnerabilities during the software development lifecycle.
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.
An automated code remediation tool that integrates with source control platforms to automatically fix security vulnerabilities in code through AI-driven analysis and one-click implementations.
An automated code remediation tool that integrates with source control platforms to automatically fix security vulnerabilities in code through AI-driven analysis and one-click implementations.
Octoscan is a static analysis tool that scans GitHub Actions workflows for security vulnerabilities and misconfigurations.
Octoscan is a static analysis tool that scans GitHub Actions workflows for security vulnerabilities and misconfigurations.
A visual guide that maps attack vectors and exploitation techniques for identifying vulnerabilities in GitHub Actions configurations and CI/CD pipelines.
A visual guide that maps attack vectors and exploitation techniques for identifying vulnerabilities in GitHub Actions configurations and CI/CD pipelines.
StepSecurity is a platform that enhances GitHub Actions security by providing network egress control, risk discovery, action replacement, and security best practices orchestration.
StepSecurity is a platform that enhances GitHub Actions security by providing network egress control, risk discovery, action replacement, and security best practices orchestration.
Monitor GitHub for sensitive data
An automated tool for identifying technologies used on websites with mass scanning capabilities, based on the Wappalyzer detection engine.
An automated tool for identifying technologies used on websites with mass scanning capabilities, based on the Wappalyzer detection engine.
A reconnaissance tool for GitHub organizations
Secret Bridge monitors GitHub repositories to detect and alert on leaked secrets and sensitive data exposure.
Secret Bridge monitors GitHub repositories to detect and alert on leaked secrets and sensitive data exposure.
A tool for identifying sensitive secrets in public GitHub repositories
ParamPamPam is an open-source tool that detects and exploits web application vulnerabilities using fuzzing, SQL injection, and XSS techniques.
ParamPamPam is an open-source tool that detects and exploits web application vulnerabilities using fuzzing, SQL injection, and XSS techniques.
A contribution guide that provides guidelines and instructions for developers to contribute custom activities to the Ayehu IT automation platform through GitHub pull requests.
A contribution guide that provides guidelines and instructions for developers to contribute custom activities to the Ayehu IT automation platform through GitHub pull requests.
Allstar is a GitHub App that continuously monitors repositories and organizations for security policy violations, creating alerts when best practices are not followed.
Allstar is a GitHub App that continuously monitors repositories and organizations for security policy violations, creating alerts when best practices are not followed.
A tool for enumerating and attacking GitHub Actions pipelines
A community-driven public malware repository providing access to malware samples, tools, and resources for the cybersecurity community.
A community-driven public malware repository providing access to malware samples, tools, and resources for the cybersecurity community.
Standardized contribution guidelines for maintaining quality cybersecurity tool repositories and community-curated lists.
Standardized contribution guidelines for maintaining quality cybersecurity tool repositories and community-curated lists.
CloudSploit by Aqua is an open-source multi-cloud security scanning tool that detects security risks and compliance issues across AWS, Azure, GCP, OCI, and GitHub platforms.
CloudSploit by Aqua is an open-source multi-cloud security scanning tool that detects security risks and compliance issues across AWS, Azure, GCP, OCI, and GitHub platforms.
A data visualization and statistical analysis tool for measuring the quality and effectiveness of threat intelligence indicator feeds through various analytical tests.
A data visualization and statistical analysis tool for measuring the quality and effectiveness of threat intelligence indicator feeds through various analytical tests.
Scumblr is a web-based security automation platform that performs periodic data source synchronization and security analysis to help organizations proactively identify and track security issues.
Scumblr is a web-based security automation platform that performs periodic data source synchronization and security analysis to help organizations proactively identify and track security issues.
A collection of CLI tools and API utilities for searching and filtering GitHub repositories by various criteria including keywords, users, organizations, and repository attributes.
A collection of CLI tools and API utilities for searching and filtering GitHub repositories by various criteria including keywords, users, organizations, and repository attributes.
A standard README template file that provides basic structure for documenting Ruby applications and software projects.
A standard README template file that provides basic structure for documenting Ruby applications and software projects.
An open-source introductory book about cryptography that provides educational content on fundamental cryptographic concepts and principles.
An open-source introductory book about cryptography that provides educational content on fundamental cryptographic concepts and principles.
A community-maintained archive of CTF write-ups and source files from cybersecurity competitions held in 2013.
A community-maintained archive of CTF write-ups and source files from cybersecurity competitions held in 2013.
A repository providing hourly-updated data dumps of bug bounty platform scopes from major platforms like HackerOne, Bugcrowd, and Intigriti for security researchers.
A repository providing hourly-updated data dumps of bug bounty platform scopes from major platforms like HackerOne, Bugcrowd, and Intigriti for security researchers.
A compilation of suggested tools for each component in a detection and response pipeline, with real-world examples, to design effective threat detection and response pipelines.
A compilation of suggested tools for each component in a detection and response pipeline, with real-world examples, to design effective threat detection and response pipelines.
InvisibilityCloak is a proof-of-concept C# code obfuscation toolkit designed for red teaming and penetration testing to conceal post-exploitation tools from detection.
InvisibilityCloak is a proof-of-concept C# code obfuscation toolkit designed for red teaming and penetration testing to conceal post-exploitation tools from detection.
Darkarmour is an open-source Windows antivirus evasion framework that enables security professionals to bypass antivirus detection through customizable obfuscation and anti-analysis techniques.
Darkarmour is an open-source Windows antivirus evasion framework that enables security professionals to bypass antivirus detection through customizable obfuscation and anti-analysis techniques.
A GitHub action that lints AWS IAM policy documents to identify security issues and misconfigurations with configurable severity levels and custom rules.
A GitHub action that lints AWS IAM policy documents to identify security issues and misconfigurations with configurable severity levels and custom rules.
A command-line tool that scans websites to detect publicly known security vulnerabilities in frontend JavaScript libraries using Snyk's vulnerability database.
A command-line tool that scans websites to detect publicly known security vulnerabilities in frontend JavaScript libraries using Snyk's vulnerability database.
A collaborative repository of CTF write-ups and source files from 2014 competitions that allows community contributions to address scattered documentation issues.
A collaborative repository of CTF write-ups and source files from 2014 competitions that allows community contributions to address scattered documentation issues.
RedGuard is a C2 front flow control tool that helps evade detection by security systems through traffic filtering and redirection capabilities.
RedGuard is a C2 front flow control tool that helps evade detection by security systems through traffic filtering and redirection capabilities.
A collaborative repository containing CTF competition write-ups and source files from 2016, providing accessible solutions and educational resources for cybersecurity challenges.
A collaborative repository containing CTF competition write-ups and source files from 2016, providing accessible solutions and educational resources for cybersecurity challenges.
A repository providing centralized access to presentation slides from major cybersecurity conferences including Black Hat, Offensivecon, and REcon events.
A repository providing centralized access to presentation slides from major cybersecurity conferences including Black Hat, Offensivecon, and REcon events.
Repository of default playbooks and custom functions for Splunk SOAR instances with content migration to Splunk's GitHub.
Repository of default playbooks and custom functions for Splunk SOAR instances with content migration to Splunk's GitHub.
A sophisticated npm attack attributed to North Korean threat actors, targeting technology firms and their employees.
A sophisticated npm attack attributed to North Korean threat actors, targeting technology firms and their employees.
A secrets detection tool that scans GitHub, GitLab, and Bitbucket repositories to identify API keys, access tokens, and other sensitive information in source code.
A secrets detection tool that scans GitHub, GitLab, and Bitbucket repositories to identify API keys, access tokens, and other sensitive information in source code.
GitHub is a web-based platform that provides Git version control hosting and collaborative software development tools for managing code repositories and projects.
GitHub is a web-based platform that provides Git version control hosting and collaborative software development tools for managing code repositories and projects.
A curated list documenting open-source projects that incorporate political protests in their software, ranging from messages to conditional malware.
A curated list documenting open-source projects that incorporate political protests in their software, ranging from messages to conditional malware.
Migrated Splunk SOAR Connectors to new GitHub organization for better organization and management.
Migrated Splunk SOAR Connectors to new GitHub organization for better organization and management.
LunaTrace is an open source supply chain security tool that monitors software dependencies for vulnerabilities and integrates with GitHub to notify developers of security issues before deployment.
LunaTrace is an open source supply chain security tool that monitors software dependencies for vulnerabilities and integrates with GitHub to notify developers of security issues before deployment.