Repositories list

• osv-scalibr

  Public
  Go

  •

  Apache License 2.0

  •94•0•0•0•Updated Nov 28, 2025Nov 28, 2025

• inql

  Public
  InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.

  graphqlsecurity-auditpenetration-testing+ 8bugbountysecurity-scannerburpsuitesecurity-toolsburp-extensionsgraphql-securityapi-documentation-tool+ 1

  Kotlin

  •

  Apache License 2.0

  •176•1.7k•33•2•Updated Nov 27, 2025Nov 27, 2025

• tsunami-security-scanner-plugins

  Public
  This project aims to provide a central repository for many useful Tsunami Security Scanner plugins.

  Java

  •

  Apache License 2.0

  •213•0•0•1•Updated Nov 26, 2025Nov 26, 2025

• security-testbeds

  Public
  Tcl

  •

  Apache License 2.0

  •43•0•0•1•Updated Nov 26, 2025Nov 26, 2025

• KSMBD-CVE-2025-37947

  Public
  Blog Post: https://blog.doyensec.com/2025/10/08/ksmbd-3.html

  linuxexploitksmbd

  C

  •6•19•0•0•Updated Oct 8, 2025Oct 8, 2025

• tsunami-security-scanner

  Public
  Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.

  Java

  •

  Apache License 2.0

  •920•0•0•0•Updated Sep 9, 2025Sep 9, 2025

• electronegativity

  Public

  doyensec/electronegativity’s past year of commit activity
  Electronegativity is a tool to identify misconfigurations and security anti-patterns in Electron applications.

  electronnodejssecurity+ 1electron-app

  JavaScript

  •

  Apache License 2.0

  •70•1k•13•1•Updated Aug 23, 2025Aug 23, 2025

• csharp_rand_py

  Public
  Optimized C# `Random` for security testing

  Python

  •0•2•1•0•Updated Aug 7, 2025Aug 7, 2025

• vibecoding-djinn

  Public
  Python

  •

  MIT License

  •0•4•0•0•Updated Aug 5, 2025Aug 5, 2025

• outline

  Public
  The fastest knowledge base for growing teams. Beautiful, realtime collaborative, feature packed, and markdown compatible.

  TypeScript

  •

  Other

  •3k•1•0•0•Updated Jul 14, 2025Jul 14, 2025

• burp-rest-api

  Public
  REST/JSON API to the Burp Suite security tool.

  Java

  •

  BSD 2-Clause "Simplified" License

  •116•11•0•0•Updated Jul 14, 2025Jul 14, 2025

• safeurl

  Public
  A Server Side Request Forgery (SSRF) protection library. Made with 🖤 by Doyensec LLC.

  appsecssrfgosec

  Go

  •

  Apache License 2.0

  •10•107•1•0•Updated Jun 4, 2025Jun 4, 2025

• awesome-electronjs-hacking

  Public
  A curated list of awesome resources about Electron.js (in)security

  64•652•0•0•Updated May 14, 2025May 14, 2025

• CSPTPlayground

  Public
  CSPTPlayground is an open-source playground to find and exploit Client-Side Path Traversal (CSPT).

  csrfwebsecuritywebsec+ 2appsec-testingcspt

  JavaScript

  •

  Apache License 2.0

  •13•147•1•0•Updated Mar 31, 2025Mar 31, 2025

• malicious-devfile-registry

  Public
  Exploit for CVE-2024-0402 in Gitlab

  Dockerfile

  •5•14•0•0•Updated Mar 18, 2025Mar 18, 2025

• GQLSpection

  Public
  GQLSpection - parses GraphQL introspection schema and generates possible queries

  Python

  •

  Apache License 2.0

  •14•96•7•3•Updated Mar 6, 2025Mar 6, 2025

• SSHNuke_info

  Public
  SSH Nuke Info

  exploitsshdvulnerability+ 1exploit-development

  C

  •0•12•0•0•Updated Mar 4, 2025Mar 4, 2025

• ComfyUI-tsunami-payload

  Public
  Python

  •0•0•0•0•Updated Mar 3, 2025Mar 3, 2025

• exploitable-IoT-solution

  Public
  !Exploitable IoT Exploit

  iotexploitappsec+ 2iot-securitytenda

  C

  •0•3•0•0•Updated Feb 10, 2025Feb 10, 2025

• PESD-Exporter-Extension

  Public
  PESD (Proxy Enriched Sequence Diagrams) Exporter converts Burp Suite's proxy traffic into interactive diagrams

  Java

  •

  Apache License 2.0

  •8•106•2•0•Updated Jan 30, 2025Jan 30, 2025

• Unsafe-Unpacking

  Public
  Unsafe Unpacking Vulnerability: Lab Code, Semgrep Rules and Secure Implementation Guide

  HTML

  •3•42•0•0•Updated Dec 16, 2024Dec 16, 2024

• ruby-unsafe-deserialization

  Public
  Proof of Concepts for unsafe deserialization in Ruby

  Ruby

  •

  MIT License

  •3•0•0•0•Updated Oct 17, 2024Oct 17, 2024

• libajp13

  Public
  AJPv1.3 Java Library

  ajpapache-jserv-protocolajp13

  Java

  •

  Apache License 2.0

  •2•4•0•0•Updated Aug 22, 2024Aug 22, 2024

• wsrepl

  Public
  WebSocket REPL for pentesters

  Python

  •15•229•1•1•Updated Jul 24, 2024Jul 24, 2024

• db-race-conditions-playground

  Public
  Database Race Condition Playground. Made with 🧡 by Doyensec LLC.

  mysqlpostgresdatabase+ 3mariadbtransactionsrace-conditions

  JavaScript

  •0•8•0•0•Updated Jul 11, 2024Jul 11, 2024

• CSPTBurpExtension

  Public
  CSPT is an open-source Burp Suite extension to find and exploit Client-Side Path Traversal.

  burpsuiteburp-extensionscspt+ 1doyensec

  Java

  •

  Apache License 2.0

  •8•156•1•0•Updated Jul 2, 2024Jul 2, 2024

• Prototype-Pollution-Gadgets-Finder

  Public
  Python

  •3•89•1•0•Updated Apr 29, 2024Apr 29, 2024

• Session-Hijacking-Visual-Exploitation

  Public
  Session Hijacking Visual Exploitation

  xssappsecxss-exploitation+ 1session-hijacking

  JavaScript

  •17•210•3•0•Updated Mar 7, 2024Mar 7, 2024

• regexploit

  Public
  Find regular expressions which are vulnerable to ReDoS (Regular Expression Denial of Service)

  Python

  •

  Apache License 2.0

  •60•839•15•1•Updated Feb 9, 2024Feb 9, 2024

• PoiEx

  Public
  🌐 Visualize and explore IaC ✒️ Create and share notes in VS Code 🤝 Sync notes and findings in real-time with friends

  securityvscodeiac+ 4vscode-extensioncollaborative-editingsecurity-toolssemgrep

  TypeScript

  •2•73•0•0•Updated Feb 2, 2024Feb 2, 2024