Open source alternative to Auth0 / Firebase Auth / AWS Cognito

Access your entire server infrastructure from your local desktop

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

A simple way to block access to the internet per app

A robust native library loader for Android.

Sidekick is no longer in service

latest version of scanners for IIS short filename (8.3) disclosure vulnerability

First open-source data discovery and observability platform. We make a life for data practitioners easy so you can focus on your business.

CATS is a REST API Fuzzer and negative testing tool for OpenAPI endpoints. CATS automatically generates, runs and reports tests with minimum configuration and no coding effort. Tests are self-heali…

Batfish is a network configuration analysis tool that can find bugs and guarantee the correctness of (planned or current) network configurations. It enables network engineers to rapidly and safely …

Nuclei plugin for BurpSuite

God's actual programming language.

Android keyboard for secure E2EE communication through the signal protocol in any messenger. Communicate securely and independent, regardless of the legal situation or whether messengers use E2EE

HopLa Burp Suite Extender plugin - Brings AI capabilities, autocompletion support, and a set of useful payloads to Burp Suite

JADX-gui scripting plugin for dynamic decompiler manipulation

Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.

Material for the training "Developing Burp Suite Extensions – From Manual Testing to Security Automation"

SecHub provides a central API to test software with different security tools.

Exploit for CVE-2022-20452, privilege escalation on Android from installed app to system app (or another app) via LazyValue using Parcel after recycle()

A collection of Semgrep rules derived from the OWASP MASTG specifically for Android applications.

JIT Groups is an open source application that lets you implement secure, self-service access management for Google Cloud using groups.

psychoPATH - an advanced path traversal tool. Features: evasive techniques, dynamic web root list generation, output encoding, site map-searching payload generator, LFI mode, nix & windows support,…

A static byte code analyzer for Java deserialization gadget research

ActiveScan++ Burp Suite Plugin

Burp Suite extension that offers a toolkit for testing GraphQL endpoints.

A natural evolution of Burp Suite's Repeater tool

CloudRec is an open source multi-cloud security posture management (CSPM) platform designed to help organizations improve the security of their cloud environments.

FlowMate, a BurpSuite extension that brings taint analysis to web applications, by tracking all parameters send to a target application and matches their occurrences in the responses.

SignSaboteur is a Burp Suite extension for editing, signing, verifying various signed web tokens