Professional email templates and landing pages for employee security awareness phishing simulations using GoPhish. Ready-to-deploy campaigns with realistic scenarios, educational content, and customizable branding for enterprise security training programs.

A Python tool that seamlessly integrates reNgine and reNgine-ng reconnaissance data with Burp Suite Professional for enhanced web application security testing workflows.

Python CLI tool to use the requests library and pyCookieSteal to impersonate your GitHub session and export your dependency insights in a text format.

Honest comparison of open-source and commercial attack surface management tools.

Official API and MCP server documentation for HailBytes ASM (Attack Surface Management) and HailBytes SAT (Security Awareness Training). OpenAPI 3.1 specs, integration guides, and SDK examples.

Parses and normalizes attack surface scope definitions: IP ranges, CIDR, domains, wildcards, and exclusions. Framework-agnostic, zero-dependency.

Open-source dashboards and scripts for measuring phishing simulation program effectiveness.

A practical 30-day MSSP client onboarding checklist with templates and tooling guidance.

Zero-dependency web component for calculating security awareness training ROI. Works in Hugo, React, Vue, or plain HTML.

Diff two CycloneDX or SPDX SBOMs and produce human-readable change reports. Highlights added, removed, upgraded dependencies and new CVEs.

Zero-dependency web component for sizing vulnerability scanning infrastructure. Port of the PHP calculation engine to vanilla JS.

Official Terraform modules for deploying HailBytes ASM and SAT on AWS and Azure. Single VM, HA hot-hot, and auto-scaling tiers. Requires active HailBytes Marketplace subscription.

Lints GoPhish-format email templates for deliverability, tracking, merge tags, and spam triggers. Companion to HailBytes SAT and gophish-training-templates.

How HailBytes SAT and ASM map to LatAm compliance frameworks: LGPD, BACEN 4893, LFPDPPP, and more.

Scans Model Context Protocol (MCP) server configurations for common security issues: overprivileged tools, missing auth, prompt injection surface, unsafe defaults.

Programmatic schema and validator for the CSA CAIQ-Lite vendor security questionnaire. Author, validate, and diff CAIQ responses as code.

Opinionated TypeScript scaffold for production MCP servers with built-in auth, rate limiting, audit logging, and observability. npx @hailbytes/create-mcp-server.

Zero-dependency web component for scoping and estimating penetration testing engagements. Works in Hugo, React, Vue, or plain HTML.

Zero-dependency web component for password strength analysis. Works in Hugo, React, Vue, or plain HTML.

Zero-dependency CVSS v3.1 and v4.0 calculator. Parse and score vulnerability vectors as a library or web component.