Safety checks Python dependencies for known security vulnerabilities and suggests the proper remediations for vulnerabilities detected.

A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling, books, articles and a plethora of learning resources from the web.

Detect npm packages compromised in the Shai-Hulud 2.0 supply chain attack (Nov 2025). Scans for 790+ malicious packages, suspicious scripts, TruffleHog activity, SHA1HULUD runners, and secrets exfiltration. GitHub Action with SARIF support.

Our mission is to catalyze sustainable improvements to critical open source software projects and ecosystems.

Curated collection of cybersecurity tools featured in Black Hat Arsenal events.

[ISSTA 2024] PatchFinder: A Two-Phase Approach to Security Patch Tracing for Disclosed Vulnerabilities in Open Source Software

Secure your code in seconds. VibeSafe is an AI-native DevSecOps CLI tool that detects vulnerabilities, secrets, insecure configs, and hallucinated dependencies before they ship.

TuxCare SecureChain enhances Java supply chain security through vetted libraries, vulnerability fixes, and extended support. Ideal for enterprise-level compliance and secure development.

Apache OfBiz Auth Bypass Scanner for CVE-2023-51467

Comprehensive taxonomy of AI security vulnerabilities, LLM adversarial attacks, prompt injection techniques, and machine learning security research. Covers 71+ attack vectors including model poisoning, agentic AI exploits, and privacy breaches.

InvisioVault is My daily learning sandbox for mastering steganography. Hide any files from documents and photos to videos and full folders inside ordinary images that look perfectly normal. Built with curiosity, crafted with passion.

How to secure your development pipeline with static application security test (SAST) / Dynamic application security test (DAST), software composition analysis (SCA) using Sonarqube.

This repository provides comprehensive guides, configurations, rules, and practical examples for Snort, the open-source intrusion detection system (IDS). Ideal for cybersecurity professionals and enthusiasts looking to enhance their network security skills.

Comprehensive Exploit Chain for Multiple Vulnerabilities in VinChin Backup & Recovery <= 7.2

Autonomous “Shai-Hulud” engine that ingests malicious NPM package advisories from OSV, tracks versions and metadata, and maintains a continuously updated threat intelligence database.

A pure client side CycloneDX SBOM Generator for node/npm projects

This CLI Program is an antivirus tool designed to scan directories, files, or entire drives for malicious content using YARA rules. It features options for manual or periodic scans, with quarantine capabilities for detected threats. The script utilizes OS-specific paths and interfaces.

ASTRA (Architecture and Security Threat Review and Analysis) is a collaborative, business-driven methodology for security architecture review and threat modeling. NOT an audit.

AIDEFEND MCP is a local-first AI Security Defensive Assistant that brings the full AIDEFEND countermeasure library into your environment and turns static knowledge into actionable protection for LLMs and agentic AI systems — privately, securely, and on-device.

⚡ Next-gen cybersecurity platform with AI-powered Qsecbit | Threat analysis & automated Kali Linux response | Stops XSS/SQL/memory attacks in real-time | 7-POD secure architecture with N8N & Velociraptor extension | MIT-licensed, 100% GPL-free | Perfect for SBCs, home labs & SMBs | Built-in WAF, Zero Trust, monitoring stack | Mitigate risk NOW !