Contributions to the Open Source community.

Cheat sheet

I maintain a technical cheat sheet here.

Projects to which I actively contribute

SecLists

SecLists is the security tester’s companion. It’s a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

• Sources.
• Commits.

Nuclei

Nuclei, from ProjectDiscovery, is a fast and customizable vulnerability scanner based on simple YAML based DSL. I contribute to the templates repository.

• Sources.
• Commits.

Main projects created and maintained

• The complete list of all projects created is here.
• Shared code snippets are here.

Docker toolbox for web pentest

Docker image, updated every day, containing several useful tools during the evaluation of the security of a web application.

Sources.

Tool to automate the passive reconnaissance performed on a website prior to an assessment

Automate, when possible, the passive reconnaissance performed on a website prior to an assessment - no direct hit on the target.

Also used to guide a reconnaissance phase by defining all steps (manual or automated) that must be mandatory performed.

Sources.

PowerShell Android module

Utility PowerShell module when manipulating APK on Windows.

Sources.