Contributions to the Open Source community.

Cheat sheet

I maintain a technical cheat sheet here.

Projects to which I actively contribute

SecLists

SecLists is the security tester’s companion. It’s a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

• Sources.
• Commits.

Nuclei

Nuclei, from ProjectDiscovery, is a fast and customizable vulnerability scanner based on simple YAML based DSL. I contribute to the templates repository.

• Sources.
• Commits.

Main projects created and maintained

• The complete list of all projects created is here.
• Shared code snippets are here.

Docker toolbox for web pentest

Docker image, updated every weeks, containing several tools and custom scripts useful in the context of the evaluation of the security of a web application.

Sources.

Tool to automate the passive reconnaissance performed on a website prior to an assessment

Automate, when possible, the passive reconnaissance performed on a website prior to an assessment - no direct hit on the target.

Also used to guide a reconnaissance phase by defining all steps (manual or automated) that must be mandatory performed.

Sources.

Collection of code snippets to perform security validations

Provides different utilities methods to apply processing from a security perspective.

Sources.