cloudmapper
CloudMapper helps you analyze your Amazon Web Services (AWS) environments.webauthn
WebAuthn (FIDO2) server library written in Goparliament
AWS IAM linting librarycloudtracker
CloudTracker helps you find over-privileged IAM users and roles by comparing CloudTrail logs with current IAM policies.py_webauthn
Pythonic WebAuthnwebauthn.io
The source code for webauthn.io, a demonstration of WebAuthn.EFIgy
A small client application that uses the Duo Labs EFIgy API to inform you about the state of your Mac EFI firmwaredlint
Dlint is a tool for encouraging best coding practices and helping ensure we're writing secure Python code.markdown-to-confluence
Syncs Markdown files to Confluenceisthislegit
Dashboard to collect, analyze, and respond to reported phishing emails.idapython
A collection of IDAPython modules made with π by Duo Labschrome-extension-boilerplate
Boilerplate code for a Chrome extension using TypeScript, React, and Webpack.secret-bridge
Monitors Github for leaked secretsapple-t2-xpc
Tools to explore the XPC interface of Apple's T2 chiptwitterbots
The code used in the "Don't @ Me: Hunting Twitter Bots at Scale" Black Hat presentationcloudtrail-partitioner
phish-collect
Python script to hunt phishing kitsphinn
A toolkit to generate an offline Chrome extension to detect phishing attacks using a bespoke convolutional neural network.xray
X-Ray allows you to scan your Android device for security vulnerabilities that put your device at risk.android-webauthn-authenticator
A WebAuthn Authenticator for Android leveraging hardware-backed key storage and biometric user verification.appsec-education
Presentations, training modules, and other education materials from Duo Security's Application Security team.mysslstrip
CVE-2015-3152 PoCEFIgy-GUI
A Mac app that uses the Duo Labs EFIgy API to inform you about the state of your EFI firmware.lookalike-domains
generate lookalike domains using a few simple techniques (homoglyphs, alt TLDs, prefix/suffix)srtgen
Automatic '.srt' subtitle generatorapk2java
Automatically decompile APK's using Dockerjournal
The boilerplate for a new Journal siteneustar2mmdb
Tool to convert Neustar's GeoPoint data to Maxmind's GeoIP database format for ease of use.markflow
Make your Markdown sparkle!narrow
Low-effort reachability analysis for third-party code vulnerabilities.tutorials
datasci-ctf
A capture-the-flag exercise based on data analysis challengessharedsignals
Python tools for using OpenID's Shared Signals Framework (including CAEP)duo-blog-going-passwordless-with-py-webauthn
chain-of-fools
A set of tools that allow researchers to experiment with certificate chain validation issuesjournal-cli
The command-line client for Journalunmasking_data_leaks
The code from the talk "Unmasking Data Leaks: A Guide to Finding, Fixing, and Prevention" given at BSides SATX 2019.journal-theme
The Hugo theme that powers Journalgolang-workshop
Source files for a Golang Workshopjournal-docs
The documentation for Journaldlint-plugin-example
An example plugin for dlintvimes
A local DNS proxy based on CoreDNS.twitterbots-wallpapers
Wallpapers created from the crawlers in our "Don't @ Me" technical research paperholidayhack-2019
Scripts and artifacts used to solve the 2019 SANS Holiday Hack ChallengeLove Open Source and this site? Check out how you can help us