Skip to content

dkadev/awesome-stars

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

ย 

History

166 Commits
.github/workflows
.github/workflows
ย 
ย 
LICENSE
LICENSE
ย 
ย 
README.md
README.md
ย 
ย 
pinned.md
pinned.md
ย 
ย 
topics.md
topics.md
ย 
ย 

Repository files navigation

Awesome Stars Awesome

A curated list of my GitHub stars! Generated by starred.

Contents

C

C#

C++

Crystal

  • owasp-noir/noir - Attack surface detector that identifies endpoints by static analysis

Go

  • MultSec/MultCheck - Identifies bad bytes from static analysis with any Anti-Virus scanner.
  • ollama/ollama - Get up and running with Llama 3, Mistral, Gemma, and other large language models.
  • smallstep/certificates - ๐Ÿ›ก๏ธ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.
  • xxxserxxx/gotop - A terminal based graphical activity monitor inspired by gtop and vtop
  • jfjallid/go-secdump - Tool to remotely dump secrets from the Windows registry
  • junegunn/fzf - ๐ŸŒธ A command-line fuzzy finder
  • marco-liberale/PasteBomb - PasteBomb C2-less RAT
  • trap-bytes/hauditor - hauditor is a tool designed to analyze the security headers returned by a web page.
  • plandex-ai/plandex - AI driven development in your terminal. Designed for large, real-world tasks.
  • OJ/gobuster - Directory/File, DNS and VHost busting tool written in Go
  • projectdiscovery/httpx - httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
  • ffuf/ffuf - Fast web fuzzer written in Go
  • trap-bytes/403jump - HTTP 403 bypass tool
  • projectdiscovery/subfinder - Fast passive subdomain enumeration tool.
  • devploit/nomore403 - Tool to bypass 403/40X response codes.
  • yannh/kubeconform - A FAST Kubernetes manifests validator, with support for Custom Resources!
  • lkarlslund/Adalanche - Active Directory ACL Visualizer and Explorer - who's really Domain Admin? (Commerical versions available from NetSection)
  • future-architect/vuls - Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
  • jhaddix/awsScrape - A tool to scrape the AWS ranges looking for a keyword in SSL certificate data.
  • i5nipe/nipejs - Simplify your life with leak detection in JavaScript. NipeJS streamlines the use of regex, making it effortless to uncover potential leaks.
  • 0x4D31/galah - Galah: An LLM-powered web honeypot. Wasting attackers' time with faker-than-ever HTTP responses!
  • BishopFox/sj - A tool for auditing endpoints defined in exposed (Swagger/OpenAPI) definition files.
  • assetnote/kiterunner - Contextual Content Discovery Tool
  • francoismichel/ssh3 - SSH3: faster and rich secure shell using HTTP/3, checkout our article here: https://arxiv.org/abs/2312.08396 and our Internet-Draft: https://datatracker.ietf.org/doc/draft-michel-ssh3/
  • adaptive-scale/dbchaos - Stress-test your database with pre-defined queries. Generate synthetic data and events statically or with GPT.
  • gophish/gophish - Open-Source Phishing Toolkit
  • eraser-dev/eraser - ๐Ÿงน Cleaning up images from Kubernetes nodes
  • lkarlslund/ldapnomnom - Quietly and anonymously bruteforce Active Directory usernames at insane speeds from Domain Controllers by (ab)using LDAP Ping requests (cLDAP)
  • dub-flow/sessionprobe - SessionProbe is a multi-threaded tool designed for penetration testing and bug bounty hunting. It evaluates user privileges in web applications by taking a session token and checking access across a l
  • k8sgpt-ai/k8sgpt - Giving Kubernetes Superpowers to everyone
  • gatariee/Winton - Command and Control (C2) framework
  • liamg/furious - ๐Ÿ˜  Go IP/port scanner with SYN (stealth) scanning and device manufacturer identification
  • kudelskisecurity/youshallnotpass - YouShallNotPass brings an added level of execution security to mission-critical CI/CD Systems.
  • goodwithtech/dockle - Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start
  • Zerx0r/dvenom - ๐Ÿ Double Venom (DVenom) is a tool that provides an encryption wrapper and loader for your shellcode.
  • AdguardTeam/AdGuardHome - Network-wide ads & trackers blocking DNS server
  • trickest/find-gh-poc - Find CVE PoCs on GitHub
  • BishopFox/sliver - Adversary Emulation Framework
  • aquasecurity/kube-bench - Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark
  • redhuntlabs/BucketLoot - BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets, flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exp
  • amrudesh1/MORF - Mobile Reconnaissance Framework
  • FourCoreLabs/LolDriverScan - Scan vulnerable drivers on Windows with loldrivers.io
  • DataDog/KubeHound - Kubernetes Attack Graph
  • D00Movenok/BounceBack - โ†•๏ธ๐Ÿคซ Stealth redirector for your red team operation security
  • GhostTroops/scan4all - Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( อกยฐ อœส– อกยฐ)...
  • deepfence/SecretScanner - ๐Ÿ”“ ๐Ÿ”“ Find secrets and passwords in container images and file systems ๐Ÿ”“ ๐Ÿ”“
  • seekr-osint/seekr - A multi-purpose OSINT toolkit with a neat web-interface.
  • antonmedv/walk - Terminal file manager
  • projectdiscovery/nuclei - Fast and customizable vulnerability scanner based on simple YAML based DSL.
  • authzed/spicedb - Open Source, Google Zanzibar-inspired permissions database to enable fine-grained authorization for customer applications
  • magisterquis/chromecookiestealer - Steal/Inject Chrome cookies over the DevTools (--remote-debugging-port) protocol.
  • kgretzky/evilginx2 - Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
  • iknowjason/edge - Recon tool for cloud provider attribution. Supports AWS, Azure, Google, Cloudflare, and Digital Ocean.
  • nodauf/Girsh - Automatically spawn a reverse shell fully interactive for Linux or Windows victim
  • padok-team/yatas - ๐Ÿฆ‰๐Ÿ”Ž A simple tool to audit your AWS/GCP infrastructure for misconfiguration or potential security issues with plugins integration
  • j3ssie/metabigor - OSINT tools and more but without API key
  • jpillora/chisel - A fast TCP/UDP tunnel over HTTP
  • Rolix44/Kubestroyer - Kubernetes exploitation tool
  • MrEmpy/mantra - ใ€Œ๐Ÿ”‘ใ€A tool used to hunt down API key leaks in JS files and pages
  • projectdiscovery/naabu - A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests
  • trufflesecurity/trufflehog - Find and verify secrets
  • gitleaks/gitleaks - Protect and discover secrets using Gitleaks ๐Ÿ”‘
  • HavocFramework/Havoc - The Havoc Framework.
  • ropnop/kerbrute - A tool to perform Kerberos pre-auth bruteforcing

HCL

HTML

Inno Setup

Java

  • Stirling-Tools/Stirling-PDF - #1 Locally hosted web application that allows you to perform various operations on PDF files
  • d0ge/sign-saboteur - SignSaboteur is a Burp Suite extension for editing, signing, verifying various signed web tokens
  • Hakky54/certificate-ripper - ๐Ÿ” A CLI tool to extract server certificates
  • akto-api-security/akto - Proactive, Open source API security โ†’ API discovery, Testing in CI/CD, Test Library with 150+ Tests, Add custom tests, Sensitive data exposure

JavaScript

  • hoodoer/JS-Tap - JavaScript payload and supporting software to be used as XSS payload or post exploitation implant to monitor users as they use the targeted application. Also includes a C2 for executing custom JavaScr
  • its-a-feature/Mythic - A collaborative, multi-platform, red teaming framework
  • drawdb-io/drawdb - Free, simple, and intuitive online database design tool and SQL generator.
  • Kalabasa/htmz - html with targeted manipulation zones
  • MobSF/Mobile-Security-Framework-MobSF - Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and
  • lukejacksonn/servor - Dependency free file server for single page app development
  • mitchmoser/sputnik - Open Source Intelligence Browser Extension
  • OpenCTI-Platform/opencti - Open Cyber Threat Intelligence Platform
  • nowak0x01/WPXStrike - WPXStrike is a script designed to escalate a Cross-Site Scripting (XSS) vulnerability to Remote Code Execution (RCE) or other's criticals vulnerabilities in WordPress
  • nowak0x01/JoomSploit - JoomSploit is a script designed to escalate a Cross-Site Scripting (XSS) vulnerability to Remote Code Execution (RCE) or other's criticals vulnerabilities in Joomla CMS.
  • nowak0x01/PrestaXSRF - PrestaXSRF is a script designed to escalate a Cross-Site Scripting (XSS) vulnerability to Remote Code Execution (RCE) or other's criticals vulnerabilities in PrestaShop E-Commerce
  • nowak0x01/Drupalwned - Drupalwned is a script designed to escalate a Cross-Site Scripting (XSS) vulnerability to Remote Code Execution (RCE) or other's criticals vulnerabilities in Drupal CMS.
  • projectdiscovery/nuclei-ai-extension - Nuclei AI - Browser Extension for Rapid Nuclei Template Generation
  • devXprite/infoooze - A OSINT tool which helps you to quickly find information effectively. All you need is to input and it will take take care of rest.
  • factionsecurity/faction - Pen Test Report Generation and Assessment Collaboration
  • R-s0n/ars0n-framework - A Modern Framework for Bug Bounty Hunting
  • LeCoupa/awesome-cheatsheets - ๐Ÿ‘ฉโ€๐Ÿ’ป๐Ÿ‘จโ€๐Ÿ’ป Awesome cheatsheets for popular programming languages, frameworks and development tools. They include everything you should know in one single file.
  • kgretzky/evilqr - Proof-of-concept to demonstrate dynamic QR swap phishing attacks in practice.
  • Sija/gitbook2pdf - CLI utility to turn a published GitBook website into a collection of PDFs for offline reading
  • jjranalli/nightwind - An automatic, customisable, overridable Tailwind dark mode plugin
  • cockpit-project/cockpit - Cockpit is a web-based graphical interface for servers.
  • porsager/postgres - Postgres.js - The Fastest full featured PostgreSQL client for Node.js, Deno, Bun and CloudFlare
  • viatsko/awesome-vscode - ๐ŸŽจ A curated list of delightful VS Code packages and resources.
  • dev-lu/osint_toolkit - A full stack web application that combines many tools and services for security analysts into a single tool.
  • Mazars-Tech/AD_Miner - AD Miner is an Active Directory audit tool that leverages cypher queries to crunch data from the #Bloodhound graph database to uncover security weaknesses
  • D00Movenok/HTMLSmuggler - โœ‰๏ธ HTML Smuggling generator&obfuscator for your Red Team operations
  • redeye-framework/Redeye - Redeye is a tool intended to help you manage your data during a pentest operation
  • DataDog/HASH - HASH (HTTP Agnostic Software Honeypot)
  • pikpikcu/nodesub - Nodesub is a command-line tool for finding subdomains in bug bounty programs
  • zdhenard42/SOC-Multitool - A powerful and user-friendly browser extension that streamlines investigations for security professionals.
  • ColonelParrot/jscanify - Open-source Javascript mobile document scanner.
  • commitizen/cz-cli - The commitizen command line utility. #BlackLivesMatter
  • KuroLabs/stegcloak - Hide secrets with invisible characters in plain text securely using passwords ๐Ÿง™๐Ÿปโ€โ™‚๏ธโญ

Jinja

Jupyter Notebook

Kotlin

Lua

  • keidarcy/dotfiles - Robust & colorful dot configuration and utilities files with CI check ๐Ÿฆ„๐Ÿฆ„.

Nim

OCaml

  • semgrep/semgrep - Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

Others

PHP

  • Cvar1984/sussyfinder - Single PHP file to detect potentially malicious threats based on token and hash with web interface and VirusTotal integrations. Contact me for premium apps fully integrated with VirusTotal and 10+ mor
  • adegans/Goosle - A Meta Search engine with privacy and ease of use in mind
  • PrivateBin/PrivateBin - A minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bits AES.
  • globocom/secDevLabs - A laboratory for learning secure web and mobile development in a practical manner.

Perl

  • AlDanial/cloc - cloc counts blank lines, comment lines, and physical lines of source code in many programming languages.
  • dolmen/github-keygen - Easy creation of secure SSH configuration for your GitHub account(s)

PowerShell

Python

  • p0dalirius/smbclient-ng - smbclient-ng, a fast and user friendly way to interact with SMB shares.
  • login-securite/conpass - Continuous password spraying tool
  • assetnote/nowafpls - Burp Plugin to Bypass WAFs through the insertion of Junk Data
  • paul-gauthier/aider - aider is AI pair programming in your terminal
  • FLOCK4H/Freeway - WiFi Penetration Testing & Auditing Tool
  • AlessandroZ/LaZagne - Credentials recovery project
  • skelsec/pypykatz - Mimikatz implementation in pure Python
  • Azure/Stormspotter - Azure Red Team tool for graphing Azure and Azure Active Directory objects
  • prowler-cloud/prowler - Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness.
  • xaitax/TotalRecall - This tool extracts and displays data from the Recall feature in Windows 11, providing an easy way to access information about your PC's activity snapshots.
  • mitre/caldera - Automated Adversary Emulation Platform
  • otsaloma/catapult - App launcher for Linux
  • RevoltSecurities/Subdominator - SubDominator helps you discover subdomains associated with a target domain efficiently and with minimal impact for your Bug Bounty
  • sarperavci/GoogleRecaptchaBypass - Solve Google reCAPTCHA in less than 5 seconds! ๐Ÿš€
  • login-securite/lsassy - Extract credentials from lsass remotely
  • AnonCatalyst/Ominis-OSINT - This Python application is an OSINT (Open Source Intelligence) tool called "Ominis OSINT - Web Hunter." It performs online information gathering by querying Google for search results related to a user
  • OWASP/OFFAT - The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towar
  • bats3c/darkarmour - Windows AV Evasion
  • theowni/Damn-Vulnerable-RESTaurant-API-Game - Damn Vulnerable Restaurant is an intentionally vulnerable Web API game for learning and training purposes dedicated to developers, ethical hackers and security engineers.
  • chiasmod0n/chiasmodon - Chiasmodon is an OSINT tool designed to assist in the process of gathering information about a target domain. Its primary functionality revolves around searching for domain-related data, including do
  • OpenDevin/OpenDevin - ๐Ÿš OpenDevin: Code Less, Make More
  • AbstractEngine/pentest-muse-cli -
  • Geeoon/DNS-Tunnel-Keylogger - Keylogging server and client that uses DNS tunneling/exfiltration to transmit keystrokes through firewalls.
  • cddmp/enum4linux-ng - A next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for security professionals and CTF players.
  • The-OSINT-Newsletter/excalibur - Pivot from a Twitter profile to Medium, Product Hunt, Mastodon, and more with OSINT
  • dhammon/ai-goat - Learn AI security through a series of vulnerable LLM CTF challenges. No sign ups, no cloud fees, run everything locally on your system.
  • luijait/DarkGPT - DarkGPT is an OSINT assistant based on GPT-4-200K (recommended use) designed to perform queries on leaked databases, thus providing an artificial intelligence assistant that can be useful in your trad
  • JoelGMSec/LeakSearch - Search & Parse Password Leaks
  • epogrebnyak/justpath - Inspect and refine PATH environment variable on Windows, Linux and MacOS.
  • erev0s/VAmPI - Vulnerable REST API with OWASP top 10 vulnerabilities for security testing
  • dvcoolarun/web2pdf - ๐Ÿ”„ CLI to convert Webpages to PDFs ๐Ÿš€
  • UndeadSec/SwaggerSpy - Automated OSINT on SwaggerHub
  • chaudharyarjun/RepoReaper - RepoReaper is an automated tool crafted to meticulously scan and identify exposed .git repositories within specified domains and their subdomains.
  • maguowei/starred - creating your own Awesome List by GitHub stars!
  • google/magika - Detect file content types with deep learning
  • fkkarakurt/reconic - A Powerful Network Reconnaissance Tool for Security Professionals
  • fortra/impacket - Impacket is a collection of Python classes for working with network protocols.
  • lgandx/Responder - Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication
  • DanMcInerney/net-creds - Sniffs sensitive data from interface or pcap
  • ShellCode33/CredSLayer - Extract credentials and other useful info from network captures
  • lgandx/PCredz - This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface.
  • sikumy/ethical-hacking - Personal Hacking Playground.
  • catsploit/catsploit -
  • justakazh/DockerExploit - Docker Remote API Scanner and Exploit
  • spyboy-productions/Valid8Proxy - Tool designed for fetching, validating, and storing working proxies.
  • sensepost/objection - ๐Ÿ“ฑ objection - runtime mobile exploration
  • Slowerzs/ThievingFox -
  • freelabz/secator - secator - the pentester's swiss knife
  • HalilDeniz/NetProbe - NetProbe: Network Probe
  • HalilDeniz/PacketSpy - PacketSpy
  • danielmiessler/fabric - fabric is an open-source framework for augmenting humans using AI. It provides a modular framework for solving specific problems using a crowdsourced set of AI prompts that can be used anywhere.
  • MaibornWolff/SecObserve - SecObserve is an open source vulnerability management system for software development and cloud environments. It supports a variety of open source vulnerability scanners and integrates easily into CI/
  • oppsec/tomcter - ๐Ÿ˜น Tomcter is a python tool developed to bruteforce Apache Tomcat manager login with default credentials.
  • brinhosa/apidetector - APIDetector: Efficiently scan for exposed Swagger endpoints across web domains and subdomains. Supports HTTP/HTTPS, multi-threading, and flexible input/output options. Ideal for API security testing.
  • s0md3v/Photon - Incredibly fast crawler designed for OSINT.
  • VikParuchuri/marker - Convert PDF to markdown quickly with high accuracy
  • latiotech/LAST - Use AI to Scan Your Code from the Command Line for security and code smells. Bring your own keys. Supports OpenAI and Gemini
  • taranis-ai/taranis-ai - Taranis AI is an advanced Open-Source Intelligence (OSINT) tool, leveraging Artificial Intelligence to revolutionize information gathering and situational analysis.
  • KasperskyLab/iShutdown -
  • thomasjjj/Telegram-Snowball-Sampling - The Telegram Snowball Sampling Tool is a Python-based utility designed for conducting snowball sampling to collect Telegram channels through forwards.
  • N0rz3/Phunter - Phunter is an osint tool allowing you to find various information via a phone number ๐Ÿ”Ž๐Ÿ“ž
  • msd0pe-1/cve-maker - Tool to find CVEs and Exploits.
  • xaitax/SploitScan - SploitScan is a sophisticated cybersecurity utility designed to provide detailed information on vulnerabilities and associated exploits.
  • AleksaMCode/Preferred-Network-List-Sniffer - A reconnaissance tool for capturing and displaying SSIDs from device's Preferred Network List.
  • WithSecureLabs/damn-vulnerable-llm-agent -
  • tcosolutions/betterscan-ce - Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners + OpenAI GPT with One Report (Code, IaC) - Betterscan Community Edition (CE)
  • 0xNslabs/CanaryTokenScanner - Script designed to identify CanaryTokens within Microsoft Office documents and Acrobat Reader PDF (docx, xlsx, pptx, pdf).
  • Frissi0n/GTFONow - Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries using GTFOBins.
  • myshell-ai/OpenVoice - Instant voice cloning by MyShell.
  • gabrielsoltz/metahub - MetaHub is an automated contextual security findings enrichment and impact evaluation tool for vulnerability management.
  • helviojunior/knowsmore - KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes, BloodHound, NTDS and DCSync).
  • ntoskernel/deepsecrets - Secrets scanner that understands code
  • HalilDeniz/NetworkSherlock - NetworkSherlock: powerful and flexible port scanning tool With Shodan
  • oppsec/juumla - ๐Ÿฆ Juumla is a python tool created to identify Joomla version, scan for vulnerabilities and sensitive files
  • dragonked2/Egyscan - Egyscan The Best web vulnerability scanner; it's a multifaceted security powerhouse designed to fortify your web applications against malicious threats. Let's delve into the tasks and functions that m
  • xlab-si/iac-scan-runner - Service that scans your Infrastructure as Code for common vulnerabilities
  • owasp-dep-scan/dep-scan - OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container ima
  • spyboy-productions/CloakQuest3r - Uncover the true IP address of websites safeguarded by Cloudflare & Others
  • MandConsultingGroup/porch-pirate - Porch Pirate is the most comprehensive Postman recon / OSINT client and framework that facilitates the automated discovery and exploitation of API endpoints and secrets committed to workspaces, collec
  • rfc-st/humble - A humble, and ๐—ณ๐—ฎ๐˜€๐˜, security-oriented HTTP headers analyzer.
  • lewiswigmore/Virus.xcheck - Virus.xcheck is a Python tool designed to bulk verify the existence of file hashes in the Virus Exchange database and fetch download URLs for malware analysis.
  • dchrastil/ScrapedIn - A tool to scrape LinkedIn without API restrictions for data reconnaissance
  • 0xB455/m365-fatigue -
  • codingo/NoSQLMap - Automated NoSQL database enumeration and web application exploitation tool.
  • dirkjanm/BloodHound.py - A Python based ingestor for BloodHound
  • skelsec/evilrdp -
  • casterbyte/Above - Invisible network protocol sniffer
  • swisskyrepo/PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
  • WithSecureLabs/IceKube -
  • JoshuaKasa/van-gonography - Hide ๐Ÿ•ต๏ธโ€โ™‚๏ธ your files of any type inside a image of your choice using steganography
  • t3l3machus/BabelStrike - The purpose of this tool is: 1. to transliterate and generate possible usernames out of a full names list that may include names written in multiple (non-English) languages, common problem occurring f
  • Aqua-Nautilus/CVE-Half-Day-Watcher -
  • Sn1r/Forbidden-Buster - A tool designed to automate various techniques in order to bypass HTTP 401 and 403 response codes and gain access to unauthorized areas in the system. This code is made for security enthusiasts and pr
  • HalilDeniz/NetworkAssessment - NetworkAssessment: Network Compromise Assessment Tool
  • HalilDeniz/TrafficWatch - TrafficWatch, a packet sniffer tool, allows you to monitor and analyze network traffic from PCAP files
  • cisagov/LME - Logging Made Easy (LME) is a no-cost and open logging and protective monitoring solution serving all organizations.
  • HalilDeniz/PathFinder - Web Path Finder
  • gojek/CureIAM - Clean accounts over permissions in GCP infra at scale
  • c3c/ADExplorerSnapshot.py - ADExplorerSnapshot.py is an AD Explorer snapshot parser. It is made as an ingestor for BloodHound, and also supports full-object dumping to NDJSON.
  • bellingcat/wayback-google-analytics - A lightweight tool for scraping current and historic Google Analytics data
  • m8sec/CrossLinked - LinkedIn enumeration tool to extract valid employee names from an organization through search engine scraping
  • Josue87/MetaFinder - Search for documents in a domain through Search Engines (Google, Bing and Baidu). The objective is to extract metadata
  • andresriancho/w3af - w3af: web application attack and audit framework, the open source web vulnerability scanner.
  • abi/screenshot-to-code - Drop in a screenshot and convert it to clean code (HTML/Tailwind/React/Vue)
  • Alb-310/Geogramint - An OSINT Geolocalization tool for Telegram that find nearby users and groups ๐Ÿ“ก๐ŸŒ๐Ÿ”
  • assume-breach/Home-Grown-Red-Team -
  • YasserREED/NoBlindi - NoBlindi is a command-line tool for exploiting blind NoSQL injection vulnerabilities to recover passwords in web applications.
  • carlospolop/Auto_Wordlists -
  • thomasjjj/Telegram_Geolocation_Scraper - Load a JSON export of a Telegram channel containing coordinates of geolocations and filter into a csv for loading into Google Earth.
  • spark1security/n0s1 - Secret Scanner for Jira, Confluence, Asana, Wrike and Linear
  • 0xsyr0/OSCP - OSCP Cheat Sheet
  • DedSecInside/TorBot - Dark Web OSINT Tool
  • ramykatour/GitBook-Downloader-To-HTML-Converter - GitBook Downloader To HTML Converter
  • pentagridsec/archive_pwn - A Python-based tool to create zip, tar and cpio archives to exploit common archive library issues and developer mistakes
  • AiGptCode/Ai-Security-URL - functions to exploit common web application vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), Server-Side Request Forgery (SSRF), and Path Traversal.
  • protectai/modelscan - Protection against Model Serialization Attacks
  • CycodeLabs/raven - CI/CD Security Analyzer
  • franckferman/MetaDetective - ๐Ÿ•ต๏ธ Unleash Metadata Intelligence with MetaDetective. Your Assistant Beyond Metagoofil.
  • ElectronicCats/CatSniffer - CatSniffer is an original multiprotocol and multiband board for sniffing, communicating, and attacking IoT (Internet of Things) devices using the latest radio IoT protocols. It is a highly portable US
  • GreyDGL/PentestGPT - A GPT-empowered penetration testing tool
  • gotr00t0day/Gsec - Web Security Scanner
  • redhuntlabs/Octopii - An AI-powered Personal Identifiable Information (PII) scanner.
  • Orange-Cyberdefense/KeePwn - A python tool to automate KeePass discovery and secret extraction.
  • openappsec/waf-comparison-project - Testing datasets and tools to compare WAF efficacy
  • ripp3rdoc/XAMPPv3.3.0-BOF - Exploit Proof-of-Concept code for XAMPP v3.3.0 โ€” '.ini' Buffer Overflow (Unicode + SEH)
  • cosad3s/postleaks - Search for sensitive data in Postman public library.
  • sockysec/Telerecon - A reconnaissance framework for researching and investigating Telegram.
  • SkyperTHC/curlshell - reverse shell using curl
  • saeeddhqan/Maryam - Maryam: Open-source Intelligence(OSINT) Framework
  • AlbusSec/Penetration-List - Penetration-List: A comprehensive resource for testers, covering all types of vulnerabilities and materials used in Penetration Testing. Includes payloads, dorks, fuzzing materials, and offers in-dept
  • r0oth3x49/ghauri - An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws
  • GitGuardian/ggshield - Find and fix 360+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.
  • santoru/shcheck - A basic tool to check security headers of a website
  • searxng/searxng - SearXNG is a free internet metasearch engine which aggregates results from various search services and databases. Users are neither tracked nor profiled.
  • google/gcp_scanner - A comprehensive scanner for Google Cloud
  • MattKeeley/Spoofy - Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
  • secdev/scapy - Scapy: the Python-based interactive packet manipulation program & library.
  • mschwager/route-detect - Find authentication (authn) and authorization (authz) security bugs in web application routes.
  • jtesta/ssh-audit - SSH server & client security auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)
  • synacktiv/nord-stream - Nord Stream is a tool that allows you to extract secrets stored inside CI/CD environments by deploying malicious pipelines. It currently supports Azure DevOps, GitHub and GitLab.
  • Pennyw0rth/NetExec - The Network Execution Tool
  • tenable/EscalateGPT - An AI-powered tool for discovering privilege escalation opportunities in AWS IAM configurations.
  • synacktiv/GPOddity - The GPOddity project, aiming at automating GPO attack vectors through NTLM relaying (and more).
  • RhinoSecurityLabs/pacu - The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
  • invictus-ir/Invictus-AWS -
  • a13xp0p0v/kernel-hardening-checker - A tool for checking the security hardening options of the Linux kernel
  • p0dalirius/ExtractBitlockerKeys - A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain.
  • eversinc33/CredGuess - Generate password spraying lists based on the pwdLastSet-attribute of users.
  • Octoberfest7/TeamsPhisher - Send phishing messages and attachments to Microsoft Teams users
  • guibacellar/TEx - Telegram Monitor
  • Anof-cyber/ParaForge - A BurpSuite extension to create a custom word-list of endpoint and parameters for enumeration and fuzzing
  • p0dalirius/LDAPWordlistHarvester - A tool to generate a wordlist from the information present in LDAP, in order to crack passwords of domain accounts.
  • bsilverthorn/maccarone - AI-managed code blocks in Python โชโฉ
  • oppsec/Apepe - ๐Ÿ“ฒ Enumerate information from an app based on the APK file
  • oppsec/Pinkerton - ๐Ÿ•ต๏ธ Pinkerton is an JavaScript file crawler and secret finder tool developed in Python
  • Fundacio-i2CAT/InfoHound - InfoHound is an OSINT to extract a large amount of data given a web domain name.
  • optiv/KnockKnock - Enumerate valid users within Microsoft Teams and OneDrive with clean output.
  • cado-security/varc - Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of particular use when investigating a security incident.
  • commixproject/commix - Automated All-in-One OS Command Injection Exploitation Tool.
  • t3l3machus/Villain - Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities etc) and share them among conn
  • Pythagora-io/gpt-pilot - The first real AI developer
  • nccgroup/ccs -
  • s0md3v/roop - one-click face swap
  • morpheuslord/GPT_Vuln-analyzer - Uses ChatGPT API, Bard API, and Llama2, Python-Nmap, DNS Recon, PCAP and JWT recon modules and uses the GPT3 model to create vulnerability reports based on Nmap scan data, and DNS scan information. It
  • m-bain/whisperX - WhisperX: Automatic Speech Recognition with Word-level Timestamps (& Diarization)
  • intel/cve-bin-tool - The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or
  • capture0x/LFI-FINDER - LFI-FINDER is an open-source tool available on GitHub that focuses on detecting Local File Inclusion (LFI) vulnerabilities
  • sAjibuu/Upload_Bypass - A simple tool for bypassing file upload restrictions.
  • thewhiteh4t/FinalRecon - All In One Web Recon
  • joswr1ght/basicblobfinder - Identify Azure blobs using a wordlist of account name and container name strings
  • Neo23x0/yaraQA - YARA rule analyzer to improve rule quality and performance
  • nosarthur/gita - Manage many git repos with sanity ไปŽๅฎน็ฎก็†ๅคšไธชgitๅบ“
  • CERT-Polska/Artemis - A modular vulnerability scanner with automatic report generation capabilities.
  • narenmanoharan/gpt-code-assistant - gpt-code-assistant is an open-source coding assistant leveraging language models to search, retrieve, explore and understand any codebase.
  • ramon-victor/freegpt-webui - GPT 3.5/4 with a Chat Web UI. No API key required.
  • PhoenixC2/PhoenixC2 - Command & Control-Framework created for collaboration in python3
  • jakecreps/poastal - Poastal - the Email OSINT tool
  • dievus/msLDAPDump - LDAP enumeration tool implemented in Python3
  • gpt-engineer-org/gpt-engineer - Specify what you want it to build, the AI asks for clarification, and then builds it.
  • eosphoros-ai/DB-GPT - AI Native Data App Development framework with AWEL(Agentic Workflow Expression Language) and Agents
  • Significant-Gravitas/AutoGPT - AutoGPT is the vision of accessible AI for everyone, to use and to build on. Our mission is to provide the tools, so that you can focus on what matters.
  • mvt-project/mvt - MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise.
  • Syslifters/sysreptor - Fully customisable, offensive security reporting solution designed for pentesters, red teamers and other security-related people alike.
  • RapidDNS/Afuzz - Afuzz is an automated web path fuzzing tool for the Bug Bounty projects.
  • smol-ai/developer - the first library to let you embed a developer agent in your own app!
  • zylon-ai/private-gpt - Interact with your documents using the power of GPT, 100% privately, no data leaks
  • p1ngul1n0/blackbird - An OSINT tool to search for accounts by username and email in social networks.
  • vulnersCom/getsploit - Command line utility for searching and downloading exploits
  • GhostManager/Ghostwriter - The SpecterOps project management and reporting engine
  • nyxiereal/XToolbox - XToolBox - A collection of 150+ Windows 10/11 optimization and tweaking apps!
  • cider-security-research/cicd-goat - A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.
  • carlospolop/PurplePanda - Identify privilege escalation paths within and across different clouds
  • Ciphey/Ciphey - โšก Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes โšก
  • initstring/cloud_enum - Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.
  • Mebus/cupp - Common User Passwords Profiler (CUPP)
  • sc0tfree/mentalist - Mentalist is a graphical tool for custom wordlist generation. It utilizes common human paradigms for constructing passwords and can output the full wordlist as well as rules compatible with Hashcat an
  • sherlock-project/sherlock - Hunt down social media accounts by username across social networks
  • byt3bl33d3r/CrackMapExec - A swiss army knife for pentesting networks
  • t3l3machus/psudohash - Generates millions of keyword-based password mutations in seconds.
  • openai/gpt-2 - Code for the paper "Language Models are Unsupervised Multitask Learners"

Rich Text Format

Ruby

Rust

  • Y2Z/monolith - โฌ›๏ธ CLI tool for saving complete web pages as a single HTML file
  • YS-L/csvlens - Command line csv viewer
  • dani-garcia/vaultwarden - Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs
  • Aditya-dom/moonwalk-back - Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.
  • NH-RED-TEAM/RustHound - Active Directory data collector for BloodHound written in Rust. ๐Ÿฆ€
  • GyulyVGC/sniffnet - Comfortably monitor your Internet traffic ๐Ÿ•ต๏ธโ€โ™‚๏ธ
  • evilsocket/legba - A multiprotocol credentials bruteforcer / password sprayer and enumerator. ๐Ÿฅท
  • cea-sec/usbsas - Tool and framework for securely reading untrusted USB mass storage devices.
  • praetorian-inc/noseyparker - Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.
  • biomejs/biome - A toolchain for web projects, aimed to provide functionalities to maintain them. Biome offers formatter and linter, usable via CLI and LSP.
  • ReagentX/imessage-exporter - Export iMessage data + run iMessage Diagnostics
  • build-trust/ockam - Orchestrate end-to-end encryption, cryptographic identities, mutual authentication, and authorization policies between distributed applications โ€“ at massive scale.
  • jkfran/killport - A command-line tool to easily kill processes running on a specified port.
  • Drew-Alleman/DataSurgeon - Quickly Extracts IP's, Email Addresses, Hashes, Files, Credit Cards, Social Security Numbers and a lot More From Text

Shell

  • diego-treitos/linux-smart-enumeration - Linux enumeration tool for pentesting and CTFs with verbosity levels
  • sgxgsx/BlueToolkit - BlueToolkit is an extensible Bluetooth Classic vulnerability testing framework that helps uncover new and old vulnerabilities in Bluetooth-enabled devices. Could be used in the vulnerability research,
  • 0xKayala/NucleiScanner - NucleiScanner is a Powerful Automation tool for detecting Unknown Vulnerabilities in the Web Applications
  • The-Z-Labs/linux-exploit-suggester - Linux privilege escalation auditing tool
  • Azathothas/Arsenal - Hastly written Tools & Scripts for Personal Use Cases & Bug Bounties
  • six2dez/reconftw - reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
  • v1s1t0r1sh3r3/airgeddon - This is a multi-use bash script for Linux systems to audit wireless networks.
  • JeanPeyreMesMots/osx-password-dumper - A tool to dump users's .plist on a Mac OS system and to convert them into a crackable hash
  • MegaManSec/SSH-Snake - SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.
  • serversideup/spin - ๐Ÿš€ Replicate your production environment locally using Docker. Just run "spin up". It's really that easy.
  • gbiagomba/Sherlock - This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)
  • trickest/inventory - Asset inventory of over 800 public bug bounty programs.
  • vm32/Digital-Forensics-Script-for-Linux - Advanced Bash script designed for conducting digital forensics on Linux systems
  • konstruktoid/hardening - Hardening Ubuntu. Systemd edition.
  • emrekybs/AD-AssessmentKit - Contains a collection of Bash scripts designed for comprehensive security audits and network mapping of Active Directory (AD) environments. The scripts automate various tasks including LDAP querying,
  • psbelin/ip_widget - Taskbar IP widget for kali linux (or any distro running XFCE)
  • rootcathacking/catspin - Catspin rotates the IP address of HTTP requests making IP based blocks or slowdown measures ineffective. It is based on AWS API Gateway and deployed via AWS Cloudformation.
  • SherlockLinux/SherlockLinux - Distribuciรณn para OSINT basada en Debian 12 / OSINT Distribution based in Debian 12
  • ax/apk.sh - apk.sh makes reverse engineering Android apps easier, automating some repetitive tasks like pulling, decoding, rebuilding and patching an APK.
  • VSCodium/vscodium - binary releases of VS Code without MS branding/telemetry/licensing
  • Trevohack/DynastyPersist - A Linux persistence tool!
  • h4r5h1t/webcopilot - An automation tool that enumerates subdomains then filters out xss, sqli, open redirect, lfi, ssrf and rce parameters and then scans for vulnerabilities.
  • foozzi/discoshell - a simple discovery script that uses popular tools like subfinder, amass, puredns, alterx, massdns and others
  • Orange-Cyberdefense/LinikatzV2 - linikatz is a tool to attack AD on UNIX
  • govolution/avet - AntiVirus Evasion Tool
  • Security-Onion-Solutions/securityonion - Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, and case mana
  • KawaCoder/GhostRecon - Popular OSINT framework. Works fine with kali linux and other Debian-based systems. Coded this as a teen, so not really reliable for real researches.
  • Kitsun3Sec/Pentest-Cheat-Sheets - A collection of snippets of codes and commands to make your life easier!
  • 0xKayala/NucleiFuzzer - NucleiFuzzer is a Powerful Automation tool for detecting XSS, SQLi, SSRF, Open-Redirect, etc.. Vulnerabilities in Web Applications
  • BEPb/BEPb - Config files for my GitHub profile.
  • XDeadHackerX/NetRadar - NetRadar is a Networking tool focused on mapping local and WiFi networks. It provides detailed information about connected devices, open ports, servers and automated scans for WiFi networks.NetRadar e
  • Fadi002/unshackle - Open-source tool to bypass windows and linux passwords from bootable usb
  • jawaharputti/EHTools - Wi-Fi tools keep getting more and more accessible to beginners, and the Ehtools Framework is a framework of serious penetration tools that can be explored easily from within it. This powerful and si
  • iamj0ker/bypass-403 - A simple script just made for self use for bypassing 403
  • CISOfy/lynis - Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
  • trustedsec/hardcidr - hardCIDR is a Linux Bash script, but also functions under macOS. Your mileage may vary on other distros. The script with no specified options will query ARIN and a pool of BGP route servers. The route
  • jaykali/maskphish - Introducing "URL Making Technology" to the world for the very FIRST TIME. Give a Mask to Phishing URL like a PRO.. A MUST have tool for Phishing.
  • ozlerhakan/mongodb-json-files - ๐Ÿ“ฆ A curated list of JSON / BSON datasets from the web in order to practice / use in MongoDB

Svelte

  • 0sumcode/0up - 0up is a zero-knowledge, open-source, encrypted file sharing service

Swift

TypeScript

  • chaitin/SafeLine - A web security gateway, serve as a reverse proxy to protect your websites from attacks and exploits.
  • brocoders/nestjs-boilerplate - NestJS boilerplate. Auth, TypeORM, Mongoose, Postgres, MongoDB, Mailing, I18N, Docker.
  • hudy9x/namviek - The open-source project manager for tiny teams
  • Dokploy/dokploy - Open Source Alternative to Vercel, Netlify and Heroku.
  • teableio/teable - โœจ The Next Gen Airtable Alternative: No-Code Postgres
  • rjmacarthy/twinny - The most no-nonsense, locally or API-hosted AI code completion plugin for Visual Studio Code - like GitHub Copilot but completely free and 100% private.
  • sveltecult/franken-ui - Franken UI is an HTML-first, open-source library of UI components that works as a standalone or as a Tailwind CSS plugin. It is compatible with UIkit 3. The design is influenced by shadcn/ui.
  • sadmann7/shadcn-table - A shadcn table component with server-side sorting, filtering, and pagination.
  • Abhinandan-Kushwaha/react-native-gifted-charts - The most complete library for Bar, Line, Area, Pie, Donut, Stacked Bar and Population Pyramid charts in React Native. Allows 2D, 3D, gradient, animations and live data updates.
  • pmndrs/uikit - ๐ŸŽจ user interfaces for react-three-fiber
  • Lissy93/personal-security-checklist - ๐Ÿ”’ A compiled checklist of 300+ tips for protecting digital security and privacy in 2024
  • formkit/tempo - ๐Ÿ“† Parse, format, manipulate, and internationalize dates and times in JavaScript and TypeScript.
  • reorproject/reor - Private & local AI personal knowledge management app.
  • wasp-lang/open-saas - A free, open-source SaaS app starter for React & Node.js with superpowers. Production-ready. Community-driven.
  • wasp-lang/wasp - The fastest way to develop full-stack web apps with React & Node.js.
  • albingroen/react-cmdk - A fast, accessible, and pretty command palette for React
  • floriandiud/facebook-group-members-scraper - Facebook Group Members Extractor. Download Facebook group members in CSV.
  • algolia/autocomplete - ๐Ÿ”ฎ Fast and full-featured autocomplete library
  • agentcoinorg/evo.ninja - A versatile generalist agent.
  • lmsqueezy/wedges - An ever-expanding, open-source React UI library built with the Wedges Design System, Radix primitives, and Tailwind CSS.
  • imgly/background-removal-js - Remove backgrounds from images directly in the browser environment with ease and no additional costs or privacy concerns. Explore an interactive demo.
  • nick-keller/react-datasheet-grid - An Airtable-like / Excel-like component to create beautiful spreadsheets.
  • microsoft/inshellisense - IDE style command line auto complete
  • Etesam913/react-magic-motion - react-magic-motion is a react.js library that โœจ magically animates your components.
  • jerlendds/osintbuddy - Node graphs, OSINT data mining, and plugins. Connect unstructured and public data for transformative insights
  • measuredco/puck - The visual editor for React
  • logto-io/logto - ๐Ÿง‘โ€๐Ÿš€ The better identity infrastructure for developers and the open-source alternative to Auth0.
  • react-dnd/react-dnd - Drag and Drop for React
  • gitwonk/gitwonk - The open source GitBook, Confluence, and Archbee alternative. Write technical docs like never before ๐Ÿ™
  • diogocapela/flatdraw - A simple canvas drawing web app with responsive UI. Made with TypeScript, React, and Next.js.
  • tatethurston/nextjs-routes - Type safe routing for Next.js
  • continuedev/continue - โฉ Continue is the leading open-source AI code assistant. You can connect any models and any context to build custom autocomplete and chat experiences inside VS Code and JetBrains
  • Infisical/infisical - โ™พ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure, prevent secret leaks, and manage internal PKI
  • Lissy93/web-check - ๐Ÿ•ต๏ธโ€โ™‚๏ธ All-in-one OSINT tool for analysing any website
  • Zeus-Labs/ZeusCloud - Open Source Cloud Security
  • React95/React95 - A React components library with Win95 UI
  • chakra-ui/panda - ๐Ÿผ Universal, Type-Safe, CSS-in-JS Framework for Product Teams โšก๏ธ
  • unkeyed/unkey - Open source API management platform
  • steven-tey/novel - Notion-style WYSIWYG editor with AI-powered autocompletion.
  • makeplane/plane - ๐Ÿ”ฅ ๐Ÿ”ฅ ๐Ÿ”ฅ Open Source JIRA, Linear and Asana Alternative. Plane helps you track your issues, epics, and product roadmaps in the simplest way possible.
  • epicweb-dev/epic-stack - This is a Full Stack app starter with the foundational things setup and configured for you to hit the ground running on your next EPIC idea.
  • mlc-ai/web-llm - High-performance In-browser LLM Inference Engine
  • LasCC/HackTools - The all-in-one browser extension for offensive security professionals ๐Ÿ› 

Vue

  • nuxt/ui - A UI Library for Modern Web Apps, powered by Vue & Tailwind CSS.

YARA

License

CC0

To the extent possible under law, dkadev has waived all copyright and related or neighboring rights to this work.

About

A curated list of my GitHub stars!

Resources

Readme

License

CC0-1.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Contributors 2

  •  
  •