CyberStrikeus
CyberStrikeCyberStrike is an open-source AI-powered offensive security agent that automates penetration testing by integrating with LLMs (Claude, GPT, etc.) to...
29 repositories found
CyberStrikeus
CyberStrikeCyberStrike is an open-source AI-powered offensive security agent that automates penetration testing by integrating with LLMs (Claude, GPT, etc.) to...
microsoft
agent-governance-toolkitThe Agent Governance Toolkit is a Python library providing policy enforcement, zero-trust identity, execution sandboxing, and reliability engineering...
corazawaf
corazaCoraza is an open-source Web Application Firewall library written in Go that provides ModSecurity-compatible rule processing and 100% compatibility...
OWASP
NettackerOWASP Nettacker is a Python-based automated penetration testing and vulnerability scanning framework that helps security professionals conduct...
MobSF
Mobile-Security-Framework-MobSFMobile Security Framework (MobSF) is a specialized automated platform for static and dynamic analysis of mobile applications across Android, iOS, and...
DefectDojo
django-DefectDojoDefectDojo is a comprehensive DevSecOps and vulnerability management platform that orchestrates security testing, deduplication, remediation, and...
cdxgen
cdxgencdxgen is a CLI tool and library that generates software bills of materials (SBOMs) in CycloneDX and SPDX formats, supporting multiple languages,...
DependencyTrack
dependency-trackDependency-Track is an OWASP-maintained Component Analysis platform that ingests Software Bill of Materials (SBOMs) to identify and mitigate supply...
daveshanley
vacuumvacuum is a high-performance linter and validator for OpenAPI, AsyncAPI, and JSON Schema specifications, written in Go. It specializes in fast API...
coreruleset
corerulesetOWASP CRS is a specialized ruleset for web application firewalls (ModSecurity, Coraza, and compatible WAFs) that detects and blocks common web...
OWASP
threat-dragonOWASP Threat Dragon is a free, open-source threat modeling application that enables users to draw data flow diagrams and document threats with...
Bearer
bearerBearer is an open-source static application security testing (SAST) tool that scans source code to identify security vulnerabilities and privacy...
OWASP
CheatSheetSeriesThe OWASP Cheat Sheet Series is a curated collection of concise, high-value security guidance organized by application security topic, designed to...
webpwnized
mutillidaeOWASP Mutillidae II is a deliberately vulnerable web application designed as a training target for learning web security through hands-on practice....
vitalysim
Awesome-Hacking-ResourcesAwesome Hacking Resources is a curated index repository collecting links to learning materials, tools, and references for penetration testing,...
Safe3
uusec-wafUUSEC WAF is an industrial-grade, free web application firewall and API security gateway that combines traditional WAF capabilities with AI-based...
OWASP
wstgThe OWASP Web Security Testing Guide (WSTG) is a comprehensive, open-source framework for testing web application security, actively maintained as a...
juice-shop
juice-shopOWASP Juice Shop is an intentionally vulnerable web application designed for security training, CTF competitions, and penetration testing practice....
yeswehack
vulnerable-code-snippetsA curated collection of vulnerable PHP code snippets with Docker environments for practicing security code analysis and identifying common web...
infoslack
awesome-web-hackingA curated list of resources for web application security education and penetration testing, including books, documentation, tools, cheat sheets,...
OWASP
crAPIcrAPI is a deliberately vulnerable microservices-based API application designed for security education and training, specifically to teach the OWASP...
OWASP
wrongsecretsOWASP WrongSecrets is a deliberately vulnerable Java web application designed as a training tool for learning secrets management security. It...
OWASP
DevSecOpsGuidelineThe OWASP DevSecOps Guideline is a reference framework and documentation project that helps organizations embed security practices into their CI/CD...
phongnguyend
Practical.CleanArchitectureA comprehensive educational and reference repository demonstrating full-stack .NET clean architecture patterns across multiple deployment topologies...
urbanadventurer
WhatWebWhatWeb is a web scanner that identifies websites and their underlying technologies—CMS platforms, web servers, JavaScript libraries, version...
owasp-amass
amassOWASP Amass is a specialized attack surface mapping and external asset discovery tool that performs network reconnaissance through open source...
madhuakula
kubernetes-goatKubernetes Goat is a deliberately vulnerable Kubernetes cluster environment designed for hands-on security training and penetration testing practice....
find-sec-bugs
find-sec-bugsFind Security Bugs is a SpotBugs plugin that performs static security analysis on Java, Kotlin, Groovy, and Scala codebases, detecting common...
openappsec
openappsecopen-appsec is a machine learning-powered Web Application Firewall (WAF) that detects and prevents threats against web applications and APIs by...
Weekly newsletter
Every Monday: the repos worth your attention, anomaly signals and deep AI analysis. No fluff, unsubscribe any time.