🔒 Fix insecure YAML deserialization vulnerability (#35)

Replace `YAML.load` with `YAML.safe_load_file` in both `scripts/validate_weapons.rb` and `scripts/erb.rb` to prevent potential Remote Code Execution (RCE) vulnerabilities from parsing untrusted YAML content.

Co-authored-by: hahwul <13212227+hahwul@users.noreply.github.com>

Author: hahwul

README.md

@@ -3,6 +3,6 @@
 
 | Type | Name | Description | Star |
 | --- | --- | --- | --- |
-|Proxy|[proxify](https://github.com/projectdiscovery/proxify)|Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation, and replay on the go.|![](https://img.shields.io/github/stars/projectdiscovery/proxify?label=%20)|
 |Proxy|[hetty](https://github.com/dstotijn/hetty)|Hetty is an HTTP toolkit for security research.|![](https://img.shields.io/github/stars/dstotijn/hetty?label=%20)|
+|Proxy|[proxify](https://github.com/projectdiscovery/proxify)|Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation, and replay on the go.|![](https://img.shields.io/github/stars/projectdiscovery/proxify?label=%20)|
 

categorize/langs/Go.md

@@ -4,15 +4,15 @@
 | Type | Name | Description | Star |
 | --- | --- | --- | --- |
 |Proxy|[zaproxy](https://github.com/zaproxy/zaproxy)|The OWASP ZAP core project|![](https://img.shields.io/github/stars/zaproxy/zaproxy?label=%20)|
-|RE|[ghidra](https://github.com/NationalSecurityAgency/ghidra)|Ghidra is a software reverse engineering (SRE) framework|![](https://img.shields.io/github/stars/NationalSecurityAgency/ghidra?label=%20)|
-|RE|[jd-gui](https://github.com/java-decompiler/jd-gui)|A standalone Java Decompiler GUI|![](https://img.shields.io/github/stars/java-decompiler/jd-gui?label=%20)|
 |RE|[jadx-ai-mcp](https://github.com/zinja-coder/jadx-ai-mcp)|MCP server that provides access to JADX decompiler for AI assistants to analyze Android apps|![](https://img.shields.io/github/stars/zinja-coder/jadx-ai-mcp?label=%20)|
-|RE|[dex2jar](https://github.com/pxb1988/dex2jar)|Tools to work with android .dex and java .class files|![](https://img.shields.io/github/stars/pxb1988/dex2jar?label=%20)|
+|RE|[procyon](https://github.com/mstrobel/procyon)|Procyon is a suite of Java metaprogramming tools, including a rich reflection API, a LINQ-inspired expression tree API for runtime code generation, and a Java decompiler.|![](https://img.shields.io/github/stars/mstrobel/procyon?label=%20)|
+|RE|[jd-gui](https://github.com/java-decompiler/jd-gui)|A standalone Java Decompiler GUI|![](https://img.shields.io/github/stars/java-decompiler/jd-gui?label=%20)|
+|RE|[ghidra](https://github.com/NationalSecurityAgency/ghidra)|Ghidra is a software reverse engineering (SRE) framework|![](https://img.shields.io/github/stars/NationalSecurityAgency/ghidra?label=%20)|
+|RE|[JEB](https://www.pnfsoftware.com/jeb/)|reverse-engineering platform to perform disassembly, decompilation, debugging, and analysis of code and document files, manually or as part of an analysis pipeline.||
+|RE|[Apktool](https://github.com/iBotPeaches/Apktool)|A tool for reverse engineering Android apk files|![](https://img.shields.io/github/stars/iBotPeaches/Apktool?label=%20)|
 |RE|[bytecode-viewer](https://github.com/Konloch/bytecode-viewer/)|A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)|![](https://img.shields.io/github/stars/Konloch/bytecode-viewer/?label=%20)|
 |RE|[jadx](https://github.com/skylot/jadx)|Dex to Java decompiler|![](https://img.shields.io/github/stars/skylot/jadx?label=%20)|
-|RE|[Apktool](https://github.com/iBotPeaches/Apktool)|A tool for reverse engineering Android apk files|![](https://img.shields.io/github/stars/iBotPeaches/Apktool?label=%20)|
-|RE|[JEB](https://www.pnfsoftware.com/jeb/)|reverse-engineering platform to perform disassembly, decompilation, debugging, and analysis of code and document files, manually or as part of an analysis pipeline.||
-|RE|[procyon](https://github.com/mstrobel/procyon)|Procyon is a suite of Java metaprogramming tools, including a rich reflection API, a LINQ-inspired expression tree API for runtime code generation, and a Java decompiler.|![](https://img.shields.io/github/stars/mstrobel/procyon?label=%20)|
+|RE|[dex2jar](https://github.com/pxb1988/dex2jar)|Tools to work with android .dex and java .class files|![](https://img.shields.io/github/stars/pxb1988/dex2jar?label=%20)|
 |Utils|[behe-keyboard](https://github.com/VladThodo/behe-keyboard)|A lightweight hacking & programming keyboard with material design|![](https://img.shields.io/github/stars/VladThodo/behe-keyboard?label=%20)|
 |Utils|[termux-app](https://github.com/termux/termux-app)|Termux - a terminal emulator application for Android OS extendible by variety of packages.|![](https://img.shields.io/github/stars/termux/termux-app?label=%20)|
 ||[Hijacker](https://github.com/chrisk44/Hijacker)|Aircrack, Airodump, Aireplay, MDK3 and Reaver GUI Application for Android|![](https://img.shields.io/github/stars/chrisk44/Hijacker?label=%20)|

categorize/langs/Java.md

@@ -5,7 +5,7 @@
 | --- | --- | --- | --- |
 |Analysis|[RMS-Runtime-Mobile-Security](https://github.com/m0bilesecurity/RMS-Runtime-Mobile-Security)|Runtime Mobile Security (RMS) 📱🔥  - is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime|![](https://img.shields.io/github/stars/m0bilesecurity/RMS-Runtime-Mobile-Security?label=%20)|
 |RE|[frida-ios-dump](https://github.com/AloneMonkey/frida-ios-dump)|pull decrypted ipa from Jailbreak device|![](https://img.shields.io/github/stars/AloneMonkey/frida-ios-dump?label=%20)|
-|Scanner|[Mobile-Security-Framework-MobSF](https://github.com/MobSF/Mobile-Security-Framework-MobSF)|Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.|![](https://img.shields.io/github/stars/MobSF/Mobile-Security-Framework-MobSF?label=%20)|
 |Scanner|[StaCoAn](https://github.com/vincentcox/StaCoAn)|StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.|![](https://img.shields.io/github/stars/vincentcox/StaCoAn?label=%20)|
+|Scanner|[Mobile-Security-Framework-MobSF](https://github.com/MobSF/Mobile-Security-Framework-MobSF)|Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.|![](https://img.shields.io/github/stars/MobSF/Mobile-Security-Framework-MobSF?label=%20)|
 ||[frida-scripts](https://github.com/0xdea/frida-scripts)|A collection of my Frida.re instrumentation scripts to facilitate reverse engineering of mobile apps.|![](https://img.shields.io/github/stars/0xdea/frida-scripts?label=%20)|
 

categorize/langs/JavaScript.md

@@ -3,9 +3,9 @@
 
 | Type | Name | Description | Star |
 | --- | --- | --- | --- |
-|RE|[Clutch](https://github.com/KJCracks/Clutch)|Fast iOS executable dumper|![](https://img.shields.io/github/stars/KJCracks/Clutch?label=%20)|
-|RE|[momdec](https://github.com/atomicbird/momdec)|Core Data Managed Object Model Decompiler|![](https://img.shields.io/github/stars/atomicbird/momdec?label=%20)|
 |RE|[class-dump](https://github.com/nygard/class-dump)|Generate Objective-C headers from Mach-O files.|![](https://img.shields.io/github/stars/nygard/class-dump?label=%20)|
+|RE|[momdec](https://github.com/atomicbird/momdec)|Core Data Managed Object Model Decompiler|![](https://img.shields.io/github/stars/atomicbird/momdec?label=%20)|
+|RE|[Clutch](https://github.com/KJCracks/Clutch)|Fast iOS executable dumper|![](https://img.shields.io/github/stars/KJCracks/Clutch?label=%20)|
 |Utils|[idb](https://github.com/facebook/idb)|idb is a flexible command line interface for automating iOS simulators and devices|![](https://img.shields.io/github/stars/facebook/idb?label=%20)|
 ||[HideJB](http://cydia.saurik.com/package/com.thuthuatjb.hidejb/)|a tweak has the ability to skip Jailbreak detection on iOS apps.||
 ||[ssl-kill-switch2](https://github.com/nabla-c0d3/ssl-kill-switch2)|Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS and OS X Apps|![](https://img.shields.io/github/stars/nabla-c0d3/ssl-kill-switch2?label=%20)|

categorize/langs/Objective-C.md

@@ -3,20 +3,20 @@
 
 | Type | Name | Description | Star |
 | --- | --- | --- | --- |
-|Analysis|[needle](https://github.com/FSecureLABS/needle)|The iOS Security Testing Framework|![](https://img.shields.io/github/stars/FSecureLABS/needle?label=%20)|
+|Analysis|[drozer](https://github.com/FSecureLABS/drozer)|The Leading Security Assessment Framework for Android.|![](https://img.shields.io/github/stars/FSecureLABS/drozer?label=%20)|
+|Analysis|[objection](https://github.com/sensepost/objection)|📱 objection - runtime mobile exploration|![](https://img.shields.io/github/stars/sensepost/objection?label=%20)|
 |Analysis|[apkleaks](https://github.com/dwisiswant0/apkleaks)|Scanning APK file for URIs, endpoints & secrets.|![](https://img.shields.io/github/stars/dwisiswant0/apkleaks?label=%20)|
+|Analysis|[needle](https://github.com/FSecureLABS/needle)|The iOS Security Testing Framework|![](https://img.shields.io/github/stars/FSecureLABS/needle?label=%20)|
 |Analysis|[scrounger](https://github.com/nettitude/scrounger)|Mobile application testing toolkit|![](https://img.shields.io/github/stars/nettitude/scrounger?label=%20)|
-|Analysis|[objection](https://github.com/sensepost/objection)|📱 objection - runtime mobile exploration|![](https://img.shields.io/github/stars/sensepost/objection?label=%20)|
-|Analysis|[drozer](https://github.com/FSecureLABS/drozer)|The Leading Security Assessment Framework for Android.|![](https://img.shields.io/github/stars/FSecureLABS/drozer?label=%20)|
 |Pentest|[HacknDroid](https://github.com/RaffaDNDM/HacknDroid)|Automation of some Mobile Application Penetration Testing activities and interaction with the mobile Android device.|![](https://img.shields.io/github/stars/RaffaDNDM/HacknDroid?label=%20)|
 |RE|[apkx](https://github.com/b-mueller/apkx)|One-Step APK Decompilation With Multiple Backends|![](https://img.shields.io/github/stars/b-mueller/apkx?label=%20)|
+|RE|[fridump](https://github.com/Nightbringer21/fridump)|A universal memory dumper using Frida|![](https://img.shields.io/github/stars/Nightbringer21/fridump?label=%20)|
 |RE|[enjarify](https://github.com/Storyyeller/enjarify)|Enjarify is a tool for translating Dalvik bytecode to equivalent Java bytecode. This allows Java analysis tools to analyze Android applications.|![](https://img.shields.io/github/stars/Storyyeller/enjarify?label=%20)|
 |RE|[frida-tools](https://github.com/frida/frida-tools)|Frida CLI tools|![](https://img.shields.io/github/stars/frida/frida-tools?label=%20)|
-|RE|[fridump](https://github.com/Nightbringer21/fridump)|A universal memory dumper using Frida|![](https://img.shields.io/github/stars/Nightbringer21/fridump?label=%20)|
 |Scanner|[qark](https://github.com/linkedin/qark)|Tool to look for several security related Android application vulnerabilities|![](https://img.shields.io/github/stars/linkedin/qark?label=%20)|
-||[PlaystoreDownloader](https://github.com/ClaudiuGeorgiu/PlaystoreDownloader)|A command line tool to download Android applications directly from the Google Play Store by specifying their package name (an initial one-time configuration is required)|![](https://img.shields.io/github/stars/ClaudiuGeorgiu/PlaystoreDownloader?label=%20)|
-||[gplaycli](https://github.com/matlink/gplaycli)|Google Play Downloader via Command line|![](https://img.shields.io/github/stars/matlink/gplaycli?label=%20)|
 ||[frida-gadget](https://github.com/ksg97031/frida-gadget)|frida-gadget is a tool that can be used to patch APKs in order to utilize the Frida gadget.|![](https://img.shields.io/github/stars/ksg97031/frida-gadget?label=%20)|
 ||[gplaydl](https://github.com/rehmatworks/gplaydl)|Command Line Google Play APK downloader. Download APK files to your PC directly from Google Play Store.|![](https://img.shields.io/github/stars/rehmatworks/gplaydl?label=%20)|
+||[gplaycli](https://github.com/matlink/gplaycli)|Google Play Downloader via Command line|![](https://img.shields.io/github/stars/matlink/gplaycli?label=%20)|
+||[PlaystoreDownloader](https://github.com/ClaudiuGeorgiu/PlaystoreDownloader)|A command line tool to download Android applications directly from the Google Play Store by specifying their package name (an initial one-time configuration is required)|![](https://img.shields.io/github/stars/ClaudiuGeorgiu/PlaystoreDownloader?label=%20)|
 ||[toothpicker](https://github.com/seemoo-lab/toothpicker)|ToothPicker is an in-process, coverage-guided fuzzer for iOS. for iOS Bluetooth|![](https://img.shields.io/github/stars/seemoo-lab/toothpicker?label=%20)|
 

categorize/langs/Python.md

@@ -6,8 +6,8 @@
 |Analysis|[iFunBox](http://www.i-funbox.com/)|General file management software for iPhone and other Apple products||
 |RE|[Smali-CFGs](https://github.com/EugenioDelfa/Smali-CFGs)|Smali Control Flow Graph's|![](https://img.shields.io/github/stars/EugenioDelfa/Smali-CFGs?label=%20)|
 |RE|[iSpy](https://github.com/BishopFox/iSpy)|A reverse engineering framework for iOS|![](https://img.shields.io/github/stars/BishopFox/iSpy?label=%20)|
-||[googleplay](https://github.com/89z/googleplay)|Download APK from Google Play or send API requests|![](https://img.shields.io/github/stars/89z/googleplay?label=%20)|
 ||[A-Jailbreak](https://www.ios-repo-updates.com/repository/baw-repo/package/com.rpgfarm.a-Jailbreak/)|Super Jailbreak detection Jailbreak!||
-||[Liberty](https://yaluJailbreak.net/liberty/)|Bypass Jailbreak and SSL Pinning||
+||[googleplay](https://github.com/89z/googleplay)|Download APK from Google Play or send API requests|![](https://img.shields.io/github/stars/89z/googleplay?label=%20)|
 ||[MEDUZA](https://github.com/kov4l3nko/MEDUZA)|A more or less universal SSL unpinning tool for iOS|![](https://img.shields.io/github/stars/kov4l3nko/MEDUZA?label=%20)|
+||[Liberty](https://yaluJailbreak.net/liberty/)|Bypass Jailbreak and SSL Pinning||
 

categorize/langs/Unknown.md

@@ -3,8 +3,8 @@
 
 | Type | Name | Description | Star |
 | --- | --- | --- | --- |
-||[FlyJB-X](https://github.com/XsF1re/FlyJB-X)|You can HIDE Doing Jailbreak your iDevice.|![](https://img.shields.io/github/stars/XsF1re/FlyJB-X?label=%20)|
-||[A-Jailbreak](https://www.ios-repo-updates.com/repository/baw-repo/package/com.rpgfarm.a-Jailbreak/)|Super Jailbreak detection Jailbreak!||
 ||[HideJB](http://cydia.saurik.com/package/com.thuthuatjb.hidejb/)|a tweak has the ability to skip Jailbreak detection on iOS apps.||
+||[A-Jailbreak](https://www.ios-repo-updates.com/repository/baw-repo/package/com.rpgfarm.a-Jailbreak/)|Super Jailbreak detection Jailbreak!||
+||[FlyJB-X](https://github.com/XsF1re/FlyJB-X)|You can HIDE Doing Jailbreak your iDevice.|![](https://img.shields.io/github/stars/XsF1re/FlyJB-X?label=%20)|
 ||[Liberty](https://yaluJailbreak.net/liberty/)|Bypass Jailbreak and SSL Pinning||
 

categorize/tags/Jailbreak.md

@@ -3,6 +3,6 @@
 
 | Type | Name | Description | Star |
 | --- | --- | --- | --- |
-||[frida-scripts](https://github.com/0xdea/frida-scripts)|A collection of my Frida.re instrumentation scripts to facilitate reverse engineering of mobile apps.|![](https://img.shields.io/github/stars/0xdea/frida-scripts?label=%20)|
 ||[frida-gadget](https://github.com/ksg97031/frida-gadget)|frida-gadget is a tool that can be used to patch APKs in order to utilize the Frida gadget.|![](https://img.shields.io/github/stars/ksg97031/frida-gadget?label=%20)|
+||[frida-scripts](https://github.com/0xdea/frida-scripts)|A collection of my Frida.re instrumentation scripts to facilitate reverse engineering of mobile apps.|![](https://img.shields.io/github/stars/0xdea/frida-scripts?label=%20)|
 

categorize/tags/SCRIPTS.md

@@ -3,9 +3,9 @@
 
 | Type | Name | Description | Star |
 | --- | --- | --- | --- |
-||[PlaystoreDownloader](https://github.com/ClaudiuGeorgiu/PlaystoreDownloader)|A command line tool to download Android applications directly from the Google Play Store by specifying their package name (an initial one-time configuration is required)|![](https://img.shields.io/github/stars/ClaudiuGeorgiu/PlaystoreDownloader?label=%20)|
+||[gplaydl](https://github.com/rehmatworks/gplaydl)|Command Line Google Play APK downloader. Download APK files to your PC directly from Google Play Store.|![](https://img.shields.io/github/stars/rehmatworks/gplaydl?label=%20)|
 ||[gplaycli](https://github.com/matlink/gplaycli)|Google Play Downloader via Command line|![](https://img.shields.io/github/stars/matlink/gplaycli?label=%20)|
+||[PlaystoreDownloader](https://github.com/ClaudiuGeorgiu/PlaystoreDownloader)|A command line tool to download Android applications directly from the Google Play Store by specifying their package name (an initial one-time configuration is required)|![](https://img.shields.io/github/stars/ClaudiuGeorgiu/PlaystoreDownloader?label=%20)|
 ||[googleplay](https://github.com/89z/googleplay)|Download APK from Google Play or send API requests|![](https://img.shields.io/github/stars/89z/googleplay?label=%20)|
-||[gplaydl](https://github.com/rehmatworks/gplaydl)|Command Line Google Play APK downloader. Download APK files to your PC directly from Google Play Store.|![](https://img.shields.io/github/stars/rehmatworks/gplaydl?label=%20)|
 ||[ipainstaller](https://github.com/autopear/ipainstaller)|Install IPA from command line|![](https://img.shields.io/github/stars/autopear/ipainstaller?label=%20)|