A small collection of potentially useful contract templates

rewrite constructor arguments, call DOMPurify, profit

Use DOMPurify on server and client in the same way

A manager for your secrets.

Some public notes

A toolset for reverse engineering and fuzzing Protobuf-based apps

Enumerate Typo3 version and extensions

A collection of JavaScript engine CVEs with PoCs

SSH server auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)

TCP/UDP Non-HTTP Proxy Extension (NoPE) for Burp Suite.

Write any JavaScript with 6 Characters: []()!+

Rip web accessible (distributed) version control systems: SVN/GIT/HG...

Smallest possible syntactically valid files of different types

A weekly selection of the relevant Chromium and Firefox intents

A Firefox extension for whitelist driven safe JavaScript execution.

minimalistic secure XMPP client in OCaml

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

Attack Surface Management Platform

XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security.

user.js -- Firefox configuration hardening

WS-Attacker is a modular framework for web services penetration testing. It is developed by the Chair of Network and Data Security, Ruhr University Bochum (https://nds.rub.de/ ) and the Hackmanit G…

RIPS - A static source code analyser for vulnerabilities in PHP scripts

Magic hashes – PHP hash "collisions"

scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

jPurify