A curated list of my GitHub stars! Generated by starred.
- ai
- algorithm
- android
- ansible
- api
- artificial-intelligence
- automation
- awesome
- awesome-list
- aws
- azure
- backend
- bash
- bot
- bugbounty
- c
- chatgpt
- chatgpt-api
- chrome
- chrome-extension
- cli
- code
- code-quality
- compiler
- config
- cpp
- cryptocurrency
- cryptography
- crystal
- csharp
- css
- cybersecurity
- data
- data-visualization
- database
- deep-learning
- deno
- deployment
- devops
- django
- docker
- dotfiles
- education
- ethereum
- firefox
- flask
- framework
- frontend
- git
- github
- github-config
- go
- golang
- graphql
- hacking
- hacking-tool
- hacking-tools
- hacktoberfest
- haskell
- homebrew
- html
- http
- image-processing
- ios
- iot
- java
- javascript
- jekyll
- jekyll-theme
- js
- json
- kubernetes
- language
- laravel
- learning
- linux
- llm
- low-code
- mac
- machine-learning
- macos
- markdown
- mastodon
- microsoft
- mobile
- mongodb
- mongoose
- monitoring
- mysql
- natural-language-processing
- neovim
- nestjs
- nextjs
- nlp
- node
- nodejs
- nosql
- npm
- open-source
- osint
- others
- penetration-testing
- pentesting
- php
- postgresql
- powershell
- privacy
- project-management
- python
- python3
- qt
- raspberry-pi
- react
- react-native
- rest-api
- reverse-engineering
- ruby
- rust
- security
- self-hosted
- server
- shell
- software
- solidity
- sql
- sql-server
- sqlite
- storybook
- swift
- swiftui
- telegram
- terminal
- termux
- termux-hacking
- testing
- typescript
- ubuntu
- vagrant
- vim
- visual-studio-code
- vue
- vuejs
- web
- website
- windows
- xcode
- zig
- Renset/macai - Swift powered native macOS client for Ollama, ChatGPT and compatible API-backends
- plandex-ai/plandex - AI driven development in your terminal. Designed for large, real-world tasks.
- dhammon/ai-goat - Learn AI security through a series of vulnerable LLM CTF challenges. No sign ups, no cloud fees, run everything locally on your system.
- reorproject/reor - Private & local AI personal knowledge management app.
- danielmiessler/fabric - fabric is an open-source framework for augmenting humans using AI. It provides a modular framework for solving specific problems using a crowdsourced set of AI prompts that can be used anywhere.
- wasp-lang/open-saas - A free, open-source SaaS app starter for React & Node.js with superpowers. Production-ready. Community-driven.
- latiotech/LAST - Use AI to Scan Your Code from the Command Line for security and code smells. Bring your own keys. Supports OpenAI and Gemini
- projectdiscovery/nuclei-ai-extension - Nuclei AI - Browser Extension for Rapid Nuclei Template Generation
- k8sgpt-ai/k8sgpt - Giving Kubernetes Superpowers to everyone
- AiGptCode/Ai-Security-URL - functions to exploit common web application vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), Server-Side Request Forgery (SSRF), and Path Traversal.
- Pythagora-io/gpt-pilot - The first real AI developer
- s0md3v/roop - one-click face swap
- sweepai/sweep - Sweep: open-source AI-powered Software Developer for small features and bug fixes.
- continuedev/continue - โฉ Continue is the leading open-source AI code assistant. You can connect any models and any context to build custom autocomplete and chat experiences inside VS Code and JetBrains
- narenmanoharan/gpt-code-assistant - gpt-code-assistant is an open-source coding assistant leveraging language models to search, retrieve, explore and understand any codebase.
- gpt-engineer-org/gpt-engineer - Specify what you want it to build, the AI asks for clarification, and then builds it.
- Significant-Gravitas/AutoGPT - AutoGPT is the vision of accessible AI for everyone, to use and to build on. Our mission is to provide the tools, so that you can focus on what matters.
- builtbybel/Winpilot - The manic cousin of Microsoft Copilot
- DedSecInside/TorBot - Dark Web OSINT Tool
- sensepost/objection - ๐ฑ objection - runtime mobile exploration
- ax/apk.sh - apk.sh makes reverse engineering Android apps easier, automating some repetitive tasks like pulling, decoding, rebuilding and patching an APK.
- oppsec/Apepe - ๐ฒ Enumerate information from an app based on the APK file
- mvt-project/mvt - MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise.
- konstruktoid/ansible-role-hardening - Ansible role to apply a security baseline. Systemd edition.
- erev0s/VAmPI - Vulnerable REST API with OWASP top 10 vulnerabilities for security testing
- adegans/Goosle - The best Meta Search engine running on simple PHP servers that keeps privacy and ease of use in mind!
- zigzap/zap - blazingly fast backends in zig
- unkeyed/unkey - Open source API management platform
- MrEmpy/mantra - ใ๐ใA tool used to hunt down API key leaks in JS files and pages
- twinnydotdev/twinny - The most no-nonsense, locally or API-hosted AI code completion plugin for Visual Studio Code - like GitHub Copilot but completely free and 100% private.
- OpenDevin/OpenDevin - ๐ OpenDevin: Code Less, Make More
- taranis-ai/taranis-ai - Taranis AI is an advanced Open-Source Intelligence (OSINT) tool, leveraging Artificial Intelligence to revolutionize information gathering and situational analysis.
- Significant-Gravitas/AutoGPT - AutoGPT is the vision of accessible AI for everyone, to use and to build on. Our mission is to provide the tools, so that you can focus on what matters.
- Ciphey/Ciphey - โก Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes โก
- blacklanternsecurity/bbot - A recursive internet scanner for hackers.
- securityjoes/MasterParser - MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs
- dvcoolarun/web2pdf - ๐ CLI to convert Webpages to PDFs ๐
- freelabz/secator - secator - the pentester's swiss knife
- google/gcp_scanner - A comprehensive scanner for Google Cloud
- redhuntlabs/BucketLoot - BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets, flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exp
- TupleType/awesome-cicd-attacks - Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.
- sgxgsx/BlueToolkit - BlueToolkit is an extensible Bluetooth Classic vulnerability testing framework that helps uncover new and old vulnerabilities in Bluetooth-enabled devices. Could be used in the vulnerability research,
- sindresorhus/awesome - ๐ Awesome lists about all kinds of interesting topics
- veggiemonk/awesome-docker - ๐ณ A curated list of Docker resources and projects
- awesome-foss/awesome-sysadmin - A curated list of amazingly awesome open-source sysadmin resources.
- danieldurnea/FBI-tools - ๐ต๏ธ OSINT Tools for gathering information and actions forensics ๐ต๏ธ
- Lissy93/personal-security-checklist - ๐ A compiled checklist of 300+ tips for protecting digital security and privacy in 2024
- maguowei/starred - creating your own Awesome List by GitHub stars!
- Escape-Technologies/awesome-graphql-security - A curated list of awesome GraphQL Security frameworks, libraries, software and resources
- tamjid0x01/SmartContracts-audit-checklist - A checklist of things to look for when auditing Solidity smart contracts.
- pluja/awesome-privacy - Awesome Privacy - A curated list of services and alternatives that respect your privacy because PRIVACY MATTERS.
- awesome-selfhosted/awesome-selfhosted - A list of Free Software network services and web applications which can be hosted on your own servers
- cloudcommunity/Free-Certifications - A curated list of free courses & certifications.
- trimstray/the-book-of-secret-knowledge - A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
- viatsko/awesome-vscode - ๐จ A curated list of delightful VS Code packages and resources.
- TupleType/awesome-cicd-attacks - Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.
- wddadk/Offensive-OSINT-Tools - OffSec OSINT Pentest/RedTeam Tools
- sgxgsx/BlueToolkit - BlueToolkit is an extensible Bluetooth Classic vulnerability testing framework that helps uncover new and old vulnerabilities in Bluetooth-enabled devices. Could be used in the vulnerability research,
- sindresorhus/awesome - ๐ Awesome lists about all kinds of interesting topics
- veggiemonk/awesome-docker - ๐ณ A curated list of Docker resources and projects
- awesome-foss/awesome-sysadmin - A curated list of amazingly awesome open-source sysadmin resources.
- danieldurnea/FBI-tools - ๐ต๏ธ OSINT Tools for gathering information and actions forensics ๐ต๏ธ
- Lissy93/personal-security-checklist - ๐ A compiled checklist of 300+ tips for protecting digital security and privacy in 2024
- maguowei/starred - creating your own Awesome List by GitHub stars!
- Escape-Technologies/awesome-graphql-security - A curated list of awesome GraphQL Security frameworks, libraries, software and resources
- tamjid0x01/SmartContracts-audit-checklist - A checklist of things to look for when auditing Solidity smart contracts.
- pluja/awesome-privacy - Awesome Privacy - A curated list of services and alternatives that respect your privacy because PRIVACY MATTERS.
- awesome-selfhosted/awesome-selfhosted - A list of Free Software network services and web applications which can be hosted on your own servers
- cloudcommunity/Free-Certifications - A curated list of free courses & certifications.
- trimstray/the-book-of-secret-knowledge - A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
- viatsko/awesome-vscode - ๐จ A curated list of delightful VS Code packages and resources.
- mesquidar/ForensicsTools - A list of free and open forensics analysis tools and other resources
- ozlerhakan/mongodb-json-files - ๐ฆ A curated list of JSON / BSON datasets from the web in order to practice / use in MongoDB
- prowler-cloud/prowler - Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness.
- gabrielsoltz/metahub - MetaHub is an automated contextual security findings enrichment and impact evaluation tool for vulnerability management.
- rootcathacking/catspin - Catspin rotates the IP address of HTTP requests making IP based blocks or slowdown measures ineffective. It is based on AWS API Gateway and deployed via AWS Cloudformation.
- RhinoSecurityLabs/pacu - The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
- cado-security/varc - Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of particular use when investigating a security incident.
- Zeus-Labs/ZeusCloud - Open Source Cloud Security
- padok-team/yatas - ๐ฆ๐ A simple tool to audit your AWS/GCP infrastructure for misconfiguration or potential security issues with plugins integration
- prowler-cloud/prowler - Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness.
- Dokploy/dokploy - Open Source Alternative to Vercel, Netlify and Heroku.
- TailAdmin/tailadmin-free-tailwind-dashboard-template - Free and Open-source Tailwind CSS Dashboard Admin Template that comes with all essential dashboard UI components, pages and elements
- LeCoupa/awesome-cheatsheets - ๐ฉโ๐ป๐จโ๐ป Awesome cheatsheets for popular programming languages, frameworks and development tools. They include everything you should know in one single file.
- junegunn/fzf - ๐ธ A command-line fuzzy finder
- v1s1t0r1sh3r3/airgeddon - This is a multi-use bash script for Linux systems to audit wireless networks.
- MegaManSec/SSH-Snake - SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.
- Trevohack/DynastyPersist - A Linux persistence tool!
- LeCoupa/awesome-cheatsheets - ๐ฉโ๐ป๐จโ๐ป Awesome cheatsheets for popular programming languages, frameworks and development tools. They include everything you should know in one single file.
- microsoft/inshellisense - IDE style command line auto complete
- Renset/macai - Swift powered native macOS client for Ollama, ChatGPT and compatible API-backends
- blacklanternsecurity/bbot - A recursive internet scanner for hackers.
- TupleType/awesome-cicd-attacks - Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.
- RevoltSecurities/Subdominator - SubDominator helps you discover subdomains associated with a target domain efficiently and with minimal impact for your Bug Bounty
- projectdiscovery/httpx - httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
- chiasmod0n/chiasmodon - Chiasmodon is an OSINT tool designed to assist in the process of gathering information about a target domain. Its primary functionality revolves around searching for domain-related data, including do
- Azathothas/Arsenal - Hastly written Tools & Scripts for Personal Use Cases & Bug Bounties
- projectdiscovery/subfinder - Fast passive subdomain enumeration tool.
- devploit/nomore403 - Tool to bypass 403/40X response codes.
- six2dez/reconftw - reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
- yogeshojha/rengine - reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous mon
- justakazh/DockerExploit - Docker Remote API Scanner and Exploit
- i5nipe/nipejs - Simplify your life with leak detection in JavaScript. NipeJS streamlines the use of regex, making it effortless to uncover potential leaks.
- trickest/inventory - Asset inventory of over 800 public bug bounty programs.
- psbelin/ip_widget - Taskbar IP widget for kali linux (or any distro running XFCE)
- codingo/NoSQLMap - Automated NoSQL database enumeration and web application exploitation tool.
- swisskyrepo/PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
- gotr00t0day/Gsec - Web Security Scanner
- h4r5h1t/webcopilot - An automation tool that enumerates subdomains then filters out xss, sqli, open redirect, lfi, ssrf and rce parameters and then scans for vulnerabilities.
- cosad3s/postleaks - Search for sensitive data in Postman public library.
- redhuntlabs/BucketLoot - BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets, flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exp
- Anof-cyber/ParaForge - A BurpSuite extension to create a custom word-list of endpoint and parameters for enumeration and fuzzing
- GhostTroops/scan4all - Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( อกยฐ อส อกยฐ)...
- commixproject/commix - Automated All-in-One OS Command Injection Exploitation Tool.
- pikpikcu/nodesub - Nodesub is a command-line tool for finding subdomains in bug bounty programs
- iknowjason/edge - Recon tool for cloud provider attribution. Supports AWS, Azure, Google, Cloudflare, and Digital Ocean.
- Zeus-Labs/ZeusCloud - Open Source Cloud Security
- j3ssie/metabigor - OSINT tools and more but without API key
- MrEmpy/mantra - ใ๐ใA tool used to hunt down API key leaks in JS files and pages
- RapidDNS/Afuzz - Afuzz is an automated web path fuzzing tool for the Bug Bounty projects.
- semgrep/semgrep - Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
- libimobiledevice/ideviceinstaller - Manage apps of iOS devices
- Renset/macai - Swift powered native macOS client for Ollama, ChatGPT and compatible API-backends
- paul-gauthier/aider - aider is AI pair programming in your terminal
- wasp-lang/open-saas - A free, open-source SaaS app starter for React & Node.js with superpowers. Production-ready. Community-driven.
- morpheuslord/GPT_Vuln-analyzer - Uses ChatGPT API, Bard API, and Llama2, Python-Nmap, DNS Recon, PCAP and JWT recon modules and uses the GPT3 model to create vulnerability reports based on Nmap scan data, and DNS scan information. It
- continuedev/continue - โฉ Continue is the leading open-source AI code assistant. You can connect any models and any context to build custom autocomplete and chat experiences inside VS Code and JetBrains
- ramon-victor/freegpt-webui - GPT 3.5/4 with a Chat Web UI. No API key required.
- steven-tey/novel - Notion-style WYSIWYG editor with AI-powered autocompletion.
- mlc-ai/web-llm - High-performance In-browser LLM Inference Engine
- Renset/macai - Swift powered native macOS client for Ollama, ChatGPT and compatible API-backends
- wasp-lang/open-saas - A free, open-source SaaS app starter for React & Node.js with superpowers. Production-ready. Community-driven.
- morpheuslord/GPT_Vuln-analyzer - Uses ChatGPT API, Bard API, and Llama2, Python-Nmap, DNS Recon, PCAP and JWT recon modules and uses the GPT3 model to create vulnerability reports based on Nmap scan data, and DNS scan information. It
- ramon-victor/freegpt-webui - GPT 3.5/4 with a Chat Web UI. No API key required.
- mitchmoser/sputnik - Open Source Intelligence Browser Extension
- zdhenard42/SOC-Multitool - A powerful and user-friendly browser extension that streamlines investigations for security professionals.
- LasCC/HackTools - The all-in-one browser extension for offensive security professionals ๐
- blacklanternsecurity/bbot - A recursive internet scanner for hackers.
- paul-gauthier/aider - aider is AI pair programming in your terminal
- junegunn/fzf - ๐ธ A command-line fuzzy finder
- plandex-ai/plandex - AI driven development in your terminal. Designed for large, real-world tasks.
- projectdiscovery/httpx - httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
- dvcoolarun/web2pdf - ๐ CLI to convert Webpages to PDFs ๐
- JoshuaKasa/van-gonography - Hide ๐ต๏ธโโ๏ธ your files of any type inside a image of your choice using steganography
- microsoft/inshellisense - IDE style command line auto complete
- redhuntlabs/BucketLoot - BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets, flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exp
- antonmedv/walk - Terminal file manager
- Infisical/infisical - โพ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure, prevent secret leaks, and manage internal PKI
- nosarthur/gita - Manage many git repos with sanity ไปๅฎน็ฎก็ๅคไธชgitๅบ
- padok-team/yatas - ๐ฆ๐ A simple tool to audit your AWS/GCP infrastructure for misconfiguration or potential security issues with plugins integration
- sherlock-project/sherlock - Hunt down social media accounts by username across social networks
- GitGuardian/ggshield - Find and fix 360+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.
- narenmanoharan/gpt-code-assistant - gpt-code-assistant is an open-source coding assistant leveraging language models to search, retrieve, explore and understand any codebase.
- tcosolutions/betterscan-ce - Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners + OpenAI GPT with One Report (Code, IaC) - Betterscan Community Edition (CE)
- wasp-lang/wasp - The fastest way to develop full-stack web apps with React & Node.js.
- K3V1991/Disable-Firefox-Telemetry-and-Data-Collection - How to disable Firefox Telemetry and Data Collection
- BEPb/BEPb - Config files for my GitHub profile.
- Idov31/Nidhogg - Nidhogg is an all-in-one simple to use rootkit.
- x64dbg/x64dbg - An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
- Ciphey/Ciphey - โก Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes โก
- MetaOSINT/MetaOSINT.github.io - A tool to quickly identify relevant, publicly-available open source intelligence ("OSINT") tools and resources, saving valuable time during investigations, research, and analysis.
- devploit/awesome-ctf-resources - A list of Capture The Flag (CTF) frameworks, libraries, resources and software for started/experienced CTF players ๐ฉ
- PrivateBin/PrivateBin - A minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bits AES.
- samuel-lucas6/Cryptography-Guidelines - Guidance on implementing cryptography as a developer.
- Ciphey/Ciphey - โก Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes โก
- KuroLabs/stegcloak - Hide secrets with invisible characters in plain text securely using passwords ๐ง๐ปโโ๏ธโญ
- owasp-noir/noir - Attack surface detector that identifies endpoints by static analysis
- sveltecult/franken-ui - Franken UI is an HTML-first, open-source library of UI components that works as a standalone or as a Tailwind CSS plugin. It is compatible with UIkit 3. The design is influenced by shadcn/ui.
- adegans/Goosle - The best Meta Search engine running on simple PHP servers that keeps privacy and ease of use in mind!
- jjranalli/nightwind - An automatic, customisable, overridable Tailwind dark mode plugin
- biomejs/biome - A toolchain for web projects, aimed to provide functionalities to maintain them. Biome offers formatter and linter, usable via CLI and LSP.
- chakra-ui/panda - ๐ผ Universal, Type-Safe, CSS-in-JS Framework for Product Teams โก๏ธ
- chaitin/SafeLine - A web security gateway, serve as a reverse proxy to protect your websites from attacks and exploits.
- mitre/caldera - Automated Adversary Emulation Platform
- MetaOSINT/MetaOSINT.github.io - A tool to quickly identify relevant, publicly-available open source intelligence ("OSINT") tools and resources, saving valuable time during investigations, research, and analysis.
- projectdiscovery/httpx - httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
- danieldurnea/FBI-tools - ๐ต๏ธ OSINT Tools for gathering information and actions forensics ๐ต๏ธ
- Geeoon/DNS-Tunnel-Keylogger - Keylogging server and client that uses DNS tunneling/exfiltration to transmit keystrokes through firewalls.
- noraj/haiti - ๐ Hash type identifier (CLI & lib)
- Lissy93/personal-security-checklist - ๐ A compiled checklist of 300+ tips for protecting digital security and privacy in 2024
- fkkarakurt/reconic - A Powerful Network Reconnaissance Tool for Security Professionals
- justakazh/DockerExploit - Docker Remote API Scanner and Exploit
- freelabz/secator - secator - the pentester's swiss knife
- HalilDeniz/PacketSpy - PacketSpy
- future-architect/vuls - Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
- MegaManSec/SSH-Snake - SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.
- gbiagomba/Sherlock - This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)
- taranis-ai/taranis-ai - Taranis AI is an advanced Open-Source Intelligence (OSINT) tool, leveraging Artificial Intelligence to revolutionize information gathering and situational analysis.
- AleksaMCode/Preferred-Network-List-Sniffer - A reconnaissance tool for capturing and displaying SSIDs from device's Preferred Network List.
- OpenCTI-Platform/opencti - Open Cyber Threat Intelligence Platform
- dragonked2/Egyscan - Egyscan The Best web vulnerability scanner; it's a multifaceted security powerhouse designed to fortify your web applications against malicious threats. Let's delve into the tasks and functions that m
- devXprite/infoooze - A OSINT tool which helps you to quickly find information effectively. All you need is to input and it will take take care of rest.
- rfc-st/humble - A humble, and ๐ณ๐ฎ๐๐, security-oriented HTTP headers analyzer.
- lewiswigmore/Virus.xcheck - Virus.xcheck is a Python tool designed to bulk verify the existence of file hashes in the Virus Exchange database and fetch download URLs for malware analysis.
- Idov31/Nidhogg - Nidhogg is an all-in-one simple to use rootkit.
- HalilDeniz/NetworkAssessment - NetworkAssessment: Network Compromise Assessment Tool
- HalilDeniz/TrafficWatch - TrafficWatch, a packet sniffer tool, allows you to monitor and analyze network traffic from PCAP files
- cisagov/LME - Logging Made Easy (LME) is a no-cost and open logging and protective monitoring solution serving all organizations.
- fr0gger/Awesome-GPT-Agents - A curated list of GPT agents for cybersecurity
- franckferman/MetaDetective - ๐ต๏ธ Unleash Metadata Intelligence with MetaDetective. Your Assistant Beyond Metagoofil.
- gotr00t0day/Gsec - Web Security Scanner
- redhuntlabs/Octopii - An AI-powered Personal Identifiable Information (PII) scanner.
- MattKeeley/Spoofy - Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
- redhuntlabs/BucketLoot - BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets, flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exp
- D00Movenok/BounceBack -
โ๏ธ ๐คซ Stealth redirector for your red team operation security - Anof-cyber/ParaForge - A BurpSuite extension to create a custom word-list of endpoint and parameters for enumeration and fuzzing
- x64dbg/x64dbg - An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
- Fundacio-i2CAT/InfoHound - InfoHound is an OSINT to extract a large amount of data given a web domain name.
- D00Movenok/HTMLSmuggler - โ๏ธ HTML Smuggling generator&obfuscator for your Red Team operations
- t3l3machus/Villain - Villain is a high level stage 0/1 C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities) and shar
- 3nock/OTE - OSINT Template Engine
- Fadi002/unshackle - Open-source tool to bypass windows and linux passwords from bootable usb
- Zeus-Labs/ZeusCloud - Open Source Cloud Security
- zdhenard42/SOC-Multitool - A powerful and user-friendly browser extension that streamlines investigations for security professionals.
- p1ngul1n0/blackbird - An OSINT tool to search for accounts by username and email in social networks.
- Drew-Alleman/DataSurgeon - Quickly Extracts IP's, Email Addresses, Hashes, Files, Credit Cards, Social Security Numbers and a lot More From Text
- sherlock-project/sherlock - Hunt down social media accounts by username across social networks
- K3V1991/Disable-Firefox-Telemetry-and-Data-Collection - How to disable Firefox Telemetry and Data Collection
- Abhinandan-Kushwaha/react-native-gifted-charts - The most complete library for Bar, Line, Area, Pie, Donut, Stacked Bar and Population Pyramid charts in React Native. Allows 2D, 3D, gradient, animations and live data updates.
- jerlendds/osintbuddy - Node graphs, OSINT data mining, and plugins. Connect unstructured and public data for transformative insights
- brocoders/nestjs-boilerplate - NestJS boilerplate. Auth, TypeORM, Mongoose, Postgres, MongoDB, Mailing, I18N, Docker.
- teableio/teable - โจ The Next Gen Airtable Alternative: No-Code Postgres
- JoelGMSec/LeakSearch - Search & Parse Password Leaks
- adaptive-scale/dbchaos - Stress-test your database with pre-defined queries. Generate synthetic data and events statically or with GPT.
- LeCoupa/awesome-cheatsheets - ๐ฉโ๐ป๐จโ๐ป Awesome cheatsheets for popular programming languages, frameworks and development tools. They include everything you should know in one single file.
- porsager/postgres - Postgres.js - The Fastest full featured PostgreSQL client for Node.js, Deno, Bun and CloudFlare
- authzed/spicedb - Open Source, Google Zanzibar-inspired permissions database to enable fine-grained authorization for customer applications
- eosphoros-ai/DB-GPT - AI Native Data App Development framework with AWEL(Agentic Workflow Expression Language) and Agents
- google/magika - Detect file content types with deep learning
- mlc-ai/web-llm - High-performance In-browser LLM Inference Engine
- porsager/postgres - Postgres.js - The Fastest full featured PostgreSQL client for Node.js, Deno, Bun and CloudFlare
- Dokploy/dokploy - Open Source Alternative to Vercel, Netlify and Heroku.
- cuber-cloud/cuber-gem - An automation tool that simplify the deployment of your apps on Kubernetes.
- Dokploy/dokploy - Open Source Alternative to Vercel, Netlify and Heroku.
- awesome-foss/awesome-sysadmin - A curated list of amazingly awesome open-source sysadmin resources.
- serversideup/spin - ๐ Replicate your production environment locally using Docker. Just run "spin up". It's really that easy.
- tcosolutions/betterscan-ce - Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners + OpenAI GPT with One Report (Code, IaC) - Betterscan Community Edition (CE)
- k8sgpt-ai/k8sgpt - Giving Kubernetes Superpowers to everyone
- trimstray/the-book-of-secret-knowledge - A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
- cuber-cloud/cuber-gem - An automation tool that simplify the deployment of your apps on Kubernetes.
- CISOfy/lynis - Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
- cider-security-research/cicd-goat - A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.
- LeCoupa/awesome-cheatsheets - ๐ฉโ๐ป๐จโ๐ป Awesome cheatsheets for popular programming languages, frameworks and development tools. They include everything you should know in one single file.
- makeplane/plane - ๐ฅ ๐ฅ ๐ฅ Open Source JIRA, Linear and Asana Alternative. Plane helps you track your issues, epics, and product roadmaps in the simplest way possible.
- brocoders/nestjs-boilerplate - NestJS boilerplate. Auth, TypeORM, Mongoose, Postgres, MongoDB, Mailing, I18N, Docker.
- Stirling-Tools/Stirling-PDF - #1 Locally hosted web application that allows you to perform various operations on PDF files
- Dokploy/dokploy - Open Source Alternative to Vercel, Netlify and Heroku.
- veggiemonk/awesome-docker - ๐ณ A curated list of Docker resources and projects
- justakazh/DockerExploit - Docker Remote API Scanner and Exploit
- oppsec/tomcter - ๐น Tomcter is a python tool developed to bruteforce Apache Tomcat manager login with default credentials.
- serversideup/spin - ๐ Replicate your production environment locally using Docker. Just run "spin up". It's really that easy.
- dani-garcia/vaultwarden - Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs
- oppsec/juumla - ๐ฆ Juumla is a python tool created to identify Joomla version, scan for vulnerabilities and sensitive files
- goodwithtech/dockle - Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start
- LeCoupa/awesome-cheatsheets - ๐ฉโ๐ป๐จโ๐ป Awesome cheatsheets for popular programming languages, frameworks and development tools. They include everything you should know in one single file.
- searxng/searxng-docker - The docker-compose files for setting up a SearXNG instance with docker.
- deepfence/SecretScanner - ๐ ๐ Find secrets and passwords in container images and file systems ๐ ๐
- cuber-cloud/cuber-gem - An automation tool that simplify the deployment of your apps on Kubernetes.
- makeplane/plane - ๐ฅ ๐ฅ ๐ฅ Open Source JIRA, Linear and Asana Alternative. Plane helps you track your issues, epics, and product roadmaps in the simplest way possible.
- keidarcy/dotfiles - Robust & colorful dot configuration and utilities files with CI check ๐ฆ๐ฆ.
- jayharris/dotfiles-windows - dotfiles for Windows, including Developer-minded system defaults. Built in PowerShell
- samuel-lucas6/Cryptography-Guidelines - Guidance on implementing cryptography as a developer.
- tamjid0x01/SmartContracts-audit-checklist - A checklist of things to look for when auditing Solidity smart contracts.
- mitchmoser/sputnik - Open Source Intelligence Browser Extension
- K3V1991/Disable-Firefox-Telemetry-and-Data-Collection - How to disable Firefox Telemetry and Data Collection
- PhoenixC2/PhoenixC2 - Command & Control-Framework created for collaboration in python3
- sveltecult/franken-ui - Franken UI is an HTML-first, open-source library of UI components that works as a standalone or as a Tailwind CSS plugin. It is compatible with UIkit 3. The design is influenced by shadcn/ui.
- sensepost/objection - ๐ฑ objection - runtime mobile exploration
- redeye-framework/Redeye - Redeye is a tool intended to help you manage your data during a pentest operation
- PhoenixC2/PhoenixC2 - Command & Control-Framework created for collaboration in python3
- Dokploy/dokploy - Open Source Alternative to Vercel, Netlify and Heroku.
- LeCoupa/awesome-cheatsheets - ๐ฉโ๐ป๐จโ๐ป Awesome cheatsheets for popular programming languages, frameworks and development tools. They include everything you should know in one single file.
- plandex-ai/plandex - AI driven development in your terminal. Designed for large, real-world tasks.
- nosarthur/gita - Manage many git repos with sanity ไปๅฎน็ฎก็ๅคไธชgitๅบ
- commitizen/cz-cli - The commitizen command line utility. #BlackLivesMatter
- gitleaks/gitleaks - Protect and discover secrets using Gitleaks ๐
- powerexploit/Ashok - Ashok is a OSINT Recon Tool , a.k.a ๐ Swiss Army knife .
- dolmen/github-keygen - Easy creation of secure SSH configuration for your GitHub account(s)
- devXprite/infoooze - A OSINT tool which helps you to quickly find information effectively. All you need is to input and it will take take care of rest.
- synacktiv/nord-stream - Nord Stream is a tool that allows you to extract secrets stored inside CI/CD environments by deploying malicious pipelines. It currently supports Azure DevOps, GitHub and GitLab.
- carlospolop/PurplePanda - Identify privilege escalation paths within and across different clouds
- BEPb/BEPb - Config files for my GitHub profile.
- ollama/ollama - Get up and running with Llama 3, Mistral, Gemma 2, and other large language models.
- smallstep/certificates - ๐ก๏ธ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.
- junegunn/fzf - ๐ธ A command-line fuzzy finder
- OJ/gobuster - Directory/File, DNS and VHost busting tool written in Go
- future-architect/vuls - Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
- goodwithtech/dockle - Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start
- DedSecInside/TorBot - Dark Web OSINT Tool
- semgrep/semgrep - Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
- nodauf/Girsh - Automatically spawn a reverse shell fully interactive for Linux or Windows victim
- Infisical/infisical - โพ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure, prevent secret leaks, and manage internal PKI
- PhoenixC2/PhoenixC2 - Command & Control-Framework created for collaboration in python3
- gitleaks/gitleaks - Protect and discover secrets using Gitleaks ๐
- ollama/ollama - Get up and running with Llama 3, Mistral, Gemma 2, and other large language models.
- plandex-ai/plandex - AI driven development in your terminal. Designed for large, real-world tasks.
- future-architect/vuls - Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
- 0x4D31/galah - Galah: An LLM-powered web honeypot. Wasting attackers' time with faker-than-ever HTTP responses!
- gophish/gophish - Open-Source Phishing Toolkit
- goodwithtech/dockle - Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start
- AdguardTeam/AdGuardHome - Network-wide ads & trackers blocking DNS server
- BishopFox/sliver - Adversary Emulation Framework
- GhostTroops/scan4all - Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( อกยฐ อส อกยฐ)...
- seekr-osint/seekr - A multi-purpose OSINT toolkit with a neat web-interface.
- nodauf/Girsh - Automatically spawn a reverse shell fully interactive for Linux or Windows victim
- Infisical/infisical - โพ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure, prevent secret leaks, and manage internal PKI
- jpillora/chisel - A fast TCP/UDP tunnel over HTTP
- gitleaks/gitleaks - Protect and discover secrets using Gitleaks ๐
- Escape-Technologies/awesome-graphql-security - A curated list of awesome GraphQL Security frameworks, libraries, software and resources
- blacklanternsecurity/bbot - A recursive internet scanner for hackers.
- adeptex/whispers - Identify hardcoded secrets in static structured text (version 2)
- CleasbyCode/jdvrif - Hide data within JPG images using this steganography-like privacy tool. Post images on Mastodon and other hosting sites.
- FLOCK4H/Freeway - WiFi Penetration Testing & Auditing Tool
- TupleType/awesome-cicd-attacks - Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.
- mitre/caldera - Automated Adversary Emulation Platform
- wddadk/Offensive-OSINT-Tools - OffSec OSINT Pentest/RedTeam Tools
- diego-treitos/linux-smart-enumeration - Linux enumeration tool for pentesting and CTFs with verbosity levels
- samratashok/nishang - Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
- Azathothas/Arsenal - Hastly written Tools & Scripts for Personal Use Cases & Bug Bounties
- danieldurnea/FBI-tools - ๐ต๏ธ OSINT Tools for gathering information and actions forensics ๐ต๏ธ
- noraj/haiti - ๐ Hash type identifier (CLI & lib)
- projectdiscovery/subfinder - Fast passive subdomain enumeration tool.
- six2dez/reconftw - reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
- devploit/awesome-ctf-resources - A list of Capture The Flag (CTF) frameworks, libraries, resources and software for started/experienced CTF players ๐ฉ
- v1s1t0r1sh3r3/airgeddon - This is a multi-use bash script for Linux systems to audit wireless networks.
- yogeshojha/rengine - reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous mon
- freelabz/secator - secator - the pentester's swiss knife
- MegaManSec/SSH-Snake - SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.
- AleksaMCode/Preferred-Network-List-Sniffer - A reconnaissance tool for capturing and displaying SSIDs from device's Preferred Network List.
- trickest/inventory - Asset inventory of over 800 public bug bounty programs.
- Frissi0n/GTFONow - Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries using GTFOBins.
- infosecn1nja/Red-Teaming-Toolkit - This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
- rootcathacking/catspin - Catspin rotates the IP address of HTTP requests making IP based blocks or slowdown measures ineffective. It is based on AWS API Gateway and deployed via AWS Cloudformation.
- devXprite/infoooze - A OSINT tool which helps you to quickly find information effectively. All you need is to input and it will take take care of rest.
- codingo/NoSQLMap - Automated NoSQL database enumeration and web application exploitation tool.
- swisskyrepo/PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
- Trevohack/DynastyPersist - A Linux persistence tool!
- factionsecurity/faction - Pen Test Report Generation and Assessment Collaboration
- t3l3machus/BabelStrike - The purpose of this tool is: 1. to transliterate and generate possible usernames out of a full names list that may include names written in multiple (non-English) languages, common problem occurring f
- DedSecInside/TorBot - Dark Web OSINT Tool
- AiGptCode/Ai-Security-URL - functions to exploit common web application vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), Server-Side Request Forgery (SSRF), and Path Traversal.
- trickest/find-gh-poc - Find CVE PoCs on GitHub
- trickest/cve - Gather and update all available and newest CVEs with their PoC.
- gotr00t0day/Gsec - Web Security Scanner
- trimstray/the-book-of-secret-knowledge - A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
- The-Viper-One/PsMapExec - A PowerShell tool that takes strong inspiration from CrackMapExec / NetExec
- Pennyw0rth/NetExec - The Network Execution Tool
- x64dbg/x64dbg - An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
- t3l3machus/Villain - Villain is a high level stage 0/1 C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities) and shar
- 3nock/OTE - OSINT Template Engine
- Fadi002/unshackle - Open-source tool to bypass windows and linux passwords from bootable usb
- PhoenixC2/PhoenixC2 - Command & Control-Framework created for collaboration in python3
- MrEmpy/mantra - ใ๐ใA tool used to hunt down API key leaks in JS files and pages
- LasCC/HackTools - The all-in-one browser extension for offensive security professionals ๐
- Ciphey/Ciphey - โก Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes โก
- Drew-Alleman/DataSurgeon - Quickly Extracts IP's, Email Addresses, Hashes, Files, Credit Cards, Social Security Numbers and a lot More From Text
- jaykali/maskphish - Introducing "URL Making Technology" to the world for the very FIRST TIME. Give a Mask to Phishing URL like a PRO.. A MUST have tool for Phishing.
- KuroLabs/stegcloak - Hide secrets with invisible characters in plain text securely using passwords ๐ง๐ปโโ๏ธโญ
- t3l3machus/psudohash - Generates millions of keyword-based password mutations in seconds.
- powerexploit/Ashok - Ashok is a OSINT Recon Tool , a.k.a ๐ Swiss Army knife .
- adeptex/whispers - Identify hardcoded secrets in static structured text (version 2)
- CleasbyCode/jdvrif - Hide data within JPG images using this steganography-like privacy tool. Post images on Mastodon and other hosting sites.
- The-Z-Labs/linux-exploit-suggester - Linux privilege escalation auditing tool
- AleksaMCode/Preferred-Network-List-Sniffer - A reconnaissance tool for capturing and displaying SSIDs from device's Preferred Network List.
- codingo/NoSQLMap - Automated NoSQL database enumeration and web application exploitation tool.
- AiGptCode/Ai-Security-URL - functions to exploit common web application vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), Server-Side Request Forgery (SSRF), and Path Traversal.
- t3l3machus/Villain - Villain is a high level stage 0/1 C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities) and shar
- Fadi002/unshackle - Open-source tool to bypass windows and linux passwords from bootable usb
- jaykali/maskphish - Introducing "URL Making Technology" to the world for the very FIRST TIME. Give a Mask to Phishing URL like a PRO.. A MUST have tool for Phishing.
- KuroLabs/stegcloak - Hide secrets with invisible characters in plain text securely using passwords ๐ง๐ปโโ๏ธโญ
- t3l3machus/psudohash - Generates millions of keyword-based password mutations in seconds.
- MegaManSec/SSH-Snake - SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.
- AleksaMCode/Preferred-Network-List-Sniffer - A reconnaissance tool for capturing and displaying SSIDs from device's Preferred Network List.
- morpheuslord/GPT_Vuln-analyzer - Uses ChatGPT API, Bard API, and Llama2, Python-Nmap, DNS Recon, PCAP and JWT recon modules and uses the GPT3 model to create vulnerability reports based on Nmap scan data, and DNS scan information. It
- Fadi002/unshackle - Open-source tool to bypass windows and linux passwords from bootable usb
- jaykali/maskphish - Introducing "URL Making Technology" to the world for the very FIRST TIME. Give a Mask to Phishing URL like a PRO.. A MUST have tool for Phishing.
- KuroLabs/stegcloak - Hide secrets with invisible characters in plain text securely using passwords ๐ง๐ปโโ๏ธโญ
- projectdiscovery/httpx - httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
- noraj/haiti - ๐ Hash type identifier (CLI & lib)
- Lissy93/personal-security-checklist - ๐ A compiled checklist of 300+ tips for protecting digital security and privacy in 2024
- konstruktoid/ansible-role-hardening - Ansible role to apply a security baseline. Systemd edition.
- Cvar1984/sussyfinder - Single PHP file to detect potentially malicious threats based on token and hash with web interface and VirusTotal integrations. Contact me for premium apps fully integrated with VirusTotal and 10+ mor
- oppsec/tomcter - ๐น Tomcter is a python tool developed to bruteforce Apache Tomcat manager login with default credentials.
- wasp-lang/wasp - The fastest way to develop full-stack web apps with React & Node.js.
- dani-garcia/vaultwarden - Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs
- konstruktoid/hardening - Hardening Ubuntu. Systemd edition.
- tamjid0x01/SmartContracts-audit-checklist - A checklist of things to look for when auditing Solidity smart contracts.
- eraser-dev/eraser - ๐งน Cleaning up images from Kubernetes nodes
- oppsec/juumla - ๐ฆ Juumla is a python tool created to identify Joomla version, scan for vulnerabilities and sensitive files
- codingo/NoSQLMap - Automated NoSQL database enumeration and web application exploitation tool.
- swisskyrepo/PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
- swisskyrepo/InternalAllTheThings - Active Directory and Internal Pentest Cheatsheets
- DedSecInside/TorBot - Dark Web OSINT Tool
- cloudcommunity/Free-Certifications - A curated list of free courses & certifications.
- aquasecurity/kube-bench - Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark
- searxng/searxng - SearXNG is a free internet metasearch engine which aggregates results from various search services and databases. Users are neither tracked nor profiled.
- secdev/scapy - Scapy: the Python-based interactive packet manipulation program & library.
- deepfence/SecretScanner - ๐ ๐ Find secrets and passwords in container images and file systems ๐ ๐
- globocom/secDevLabs - A laboratory for learning secure web and mobile development in a practical manner.
- oppsec/Pinkerton - ๐ต๏ธ Pinkerton is an JavaScript file crawler and secret finder tool developed in Python
- cado-security/varc - Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of particular use when investigating a security incident.
- logto-io/logto - ๐งโ๐ The better identity infrastructure for developers and the open-source alternative to Auth0.
- projectdiscovery/nuclei - Fast and customizable vulnerability scanner based on simple YAML based DSL.
- akto-api-security/akto - Proactive, Open source API security โ API discovery, Testing in CI/CD, Test Library with 150+ Tests, Add custom tests, Sensitive data exposure
- intel/cve-bin-tool - The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or
- owasp-noir/noir - Attack surface detector that identifies endpoints by static analysis
- React95/React95 - A React components library with Win95 UI
- BC-SECURITY/Empire - Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.
- projectdiscovery/naabu - A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests
- trufflesecurity/trufflehog - Find and verify secrets
- Ciphey/Ciphey - โก Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes โก
- gitleaks/gitleaks - Protect and discover secrets using Gitleaks ๐
- sherlock-project/sherlock - Hunt down social media accounts by username across social networks
- jaykali/maskphish - Introducing "URL Making Technology" to the world for the very FIRST TIME. Give a Mask to Phishing URL like a PRO.. A MUST have tool for Phishing.
- wasp-lang/wasp - The fastest way to develop full-stack web apps with React & Node.js.
- Hakky54/certificate-ripper - ๐ A CLI tool to extract server certificates
- Kalabasa/htmz - html with targeted manipulation zones
- projectdiscovery/httpx - httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
- rfc-st/humble - A humble, and ๐ณ๐ฎ๐๐, security-oriented HTTP headers analyzer.
- BishopFox/sliver - Adversary Emulation Framework
- santoru/shcheck - A basic tool to check security headers of a website
- zigzap/zap - blazingly fast backends in zig
- jpillora/chisel - A fast TCP/UDP tunnel over HTTP
- redhuntlabs/Octopii - An AI-powered Personal Identifiable Information (PII) scanner.
- sensepost/objection - ๐ฑ objection - runtime mobile exploration
- libimobiledevice/ideviceinstaller - Manage apps of iOS devices
- mvt-project/mvt - MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise.
- AleksaMCode/Preferred-Network-List-Sniffer - A reconnaissance tool for capturing and displaying SSIDs from device's Preferred Network List.
- Stirling-Tools/Stirling-PDF - #1 Locally hosted web application that allows you to perform various operations on PDF files
- Hakky54/certificate-ripper - ๐ A CLI tool to extract server certificates
- semgrep/semgrep - Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
- drawdb-io/drawdb - Free, simple, and intuitive online database design tool and SQL generator.
- formkit/tempo - ๐ Parse, format, manipulate, and internationalize dates and times in JavaScript and TypeScript.
- wasp-lang/wasp - The fastest way to develop full-stack web apps with React & Node.js.
- LeCoupa/awesome-cheatsheets - ๐ฉโ๐ป๐จโ๐ป Awesome cheatsheets for popular programming languages, frameworks and development tools. They include everything you should know in one single file.
- imgly/background-removal-js - Remove backgrounds from images directly in the browser environment with ease and no additional costs or privacy concerns. Explore an interactive demo.
- semgrep/semgrep - Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
- cockpit-project/cockpit - Cockpit is a web-based graphical interface for servers.
- biomejs/biome - A toolchain for web projects, aimed to provide functionalities to maintain them. Biome offers formatter and linter, usable via CLI and LSP.
- oppsec/Pinkerton - ๐ต๏ธ Pinkerton is an JavaScript file crawler and secret finder tool developed in Python
- logto-io/logto - ๐งโ๐ The better identity infrastructure for developers and the open-source alternative to Auth0.
- MrEmpy/mantra - ใ๐ใA tool used to hunt down API key leaks in JS files and pages
- puffinsoft/jscanify - Open-source Javascript mobile document scanner.
- commitizen/cz-cli - The commitizen command line utility. #BlackLivesMatter
- KuroLabs/stegcloak - Hide secrets with invisible characters in plain text securely using passwords ๐ง๐ปโโ๏ธโญ
- sproogen/modern-resume-theme - A modern static resume template and theme. Powered by Jekyll and GitHub pages.
- sproogen/modern-resume-theme - A modern static resume template and theme. Powered by Jekyll and GitHub pages.
- Kalabasa/htmz - html with targeted manipulation zones
- MrEmpy/mantra - ใ๐ใA tool used to hunt down API key leaks in JS files and pages
- puffinsoft/jscanify - Open-source Javascript mobile document scanner.
- biomejs/biome - A toolchain for web projects, aimed to provide functionalities to maintain them. Biome offers formatter and linter, usable via CLI and LSP.
- ozlerhakan/mongodb-json-files - ๐ฆ A curated list of JSON / BSON datasets from the web in order to practice / use in MongoDB
- yannh/kubeconform - A FAST Kubernetes manifests validator, with support for Custom Resources!
- eraser-dev/eraser - ๐งน Cleaning up images from Kubernetes nodes
- k8sgpt-ai/k8sgpt - Giving Kubernetes Superpowers to everyone
- goodwithtech/dockle - Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start
- LeCoupa/awesome-cheatsheets - ๐ฉโ๐ป๐จโ๐ป Awesome cheatsheets for popular programming languages, frameworks and development tools. They include everything you should know in one single file.
- aquasecurity/kube-bench - Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark
- DataDog/KubeHound - Kubernetes Attack Graph
- deepfence/SecretScanner - ๐ ๐ Find secrets and passwords in container images and file systems ๐ ๐
- cuber-cloud/cuber-gem - An automation tool that simplify the deployment of your apps on Kubernetes.
- authzed/spicedb - Open Source, Google Zanzibar-inspired permissions database to enable fine-grained authorization for customer applications
- carlospolop/PurplePanda - Identify privilege escalation paths within and across different clouds
- LeCoupa/awesome-cheatsheets - ๐ฉโ๐ป๐จโ๐ป Awesome cheatsheets for popular programming languages, frameworks and development tools. They include everything you should know in one single file.
- serversideup/spin - ๐ Replicate your production environment locally using Docker. Just run "spin up". It's really that easy.
- cloudcommunity/Free-Certifications - A curated list of free courses & certifications.
- chainguard-dev/bincapz - detect malicious program behaviors
- v1s1t0r1sh3r3/airgeddon - This is a multi-use bash script for Linux systems to audit wireless networks.
- future-architect/vuls - Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
- vm32/Digital-Forensics-Script-for-Linux - Advanced Bash script designed for conducting digital forensics on Linux systems
- Aditya-dom/moonwalk-back - Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.
- Trevohack/DynastyPersist - A Linux persistence tool!
- GyulyVGC/sniffnet - Comfortably monitor your Internet traffic ๐ต๏ธโโ๏ธ
- microsoft/inshellisense - IDE style command line auto complete
- trimstray/the-book-of-secret-knowledge - A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
- XDeadHackerX/NetRadar - NetRadar is a Networking tool focused on mapping local and WiFi networks. It provides detailed information about connected devices, open ports, servers and automated scans for WiFi networks.NetRadar e
- Fadi002/unshackle - Open-source tool to bypass windows and linux passwords from bootable usb
- CISOfy/lynis - Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
- mesquidar/ForensicsTools - A list of free and open forensics analysis tools and other resources
- nyxiereal/XToolbox - XToolBox - A collection of 150+ Windows 10/11 optimization and tweaking apps!
- sherlock-project/sherlock - Hunt down social media accounts by username across social networks
- jaykali/maskphish - Introducing "URL Making Technology" to the world for the very FIRST TIME. Give a Mask to Phishing URL like a PRO.. A MUST have tool for Phishing.
- Renset/macai - Swift powered native macOS client for Ollama, ChatGPT and compatible API-backends
- ollama/ollama - Get up and running with Llama 3, Mistral, Gemma 2, and other large language models.
- plandex-ai/plandex - AI driven development in your terminal. Designed for large, real-world tasks.
- OpenDevin/OpenDevin - ๐ OpenDevin: Code Less, Make More
- dhammon/ai-goat - Learn AI security through a series of vulnerable LLM CTF challenges. No sign ups, no cloud fees, run everything locally on your system.
- 0x4D31/galah - Galah: An LLM-powered web honeypot. Wasting attackers' time with faker-than-ever HTTP responses!
- fr0gger/Awesome-GPT-Agents - A curated list of GPT agents for cybersecurity
- GreyDGL/PentestGPT - A GPT-empowered penetration testing tool
- continuedev/continue - โฉ Continue is the leading open-source AI code assistant. You can connect any models and any context to build custom autocomplete and chat experiences inside VS Code and JetBrains
- narenmanoharan/gpt-code-assistant - gpt-code-assistant is an open-source coding assistant leveraging language models to search, retrieve, explore and understand any codebase.
- eosphoros-ai/DB-GPT - AI Native Data App Development framework with AWEL(Agentic Workflow Expression Language) and Agents
- mlc-ai/web-llm - High-performance In-browser LLM Inference Engine
- teableio/teable - โจ The Next Gen Airtable Alternative: No-Code Postgres
- maxgoedjen/secretive - Store SSH keys in the Secure Enclave
- redhuntlabs/Octopii - An AI-powered Personal Identifiable Information (PII) scanner.
- Renset/macai - Swift powered native macOS client for Ollama, ChatGPT and compatible API-backends
- chainguard-dev/bincapz - detect malicious program behaviors
- GyulyVGC/sniffnet - Comfortably monitor your Internet traffic ๐ต๏ธโโ๏ธ
- microsoft/inshellisense - IDE style command line auto complete
- Hakky54/certificate-ripper - ๐ A CLI tool to extract server certificates
- mesquidar/ForensicsTools - A list of free and open forensics analysis tools and other resources
- drduh/macOS-Security-and-Privacy-Guide - Guide to securing and improving privacy on macOS
- reorproject/reor - Private & local AI personal knowledge management app.
- matro7sh/BypassAV - This map lists the essential techniques to bypass anti-virus and EDR
- CleasbyCode/jdvrif - Hide data within JPG images using this steganography-like privacy tool. Post images on Mastodon and other hosting sites.
- nickvourd/Windows-Local-Privilege-Escalation-Cookbook - Windows Local Privilege Escalation Cookbook
- drak3hft7/Cheat-Sheet---Active-Directory - This cheat sheet contains common enumeration and attack methods for Windows Active Directory with the use of powershell.
- sensepost/objection - ๐ฑ objection - runtime mobile exploration
- oppsec/Apepe - ๐ฒ Enumerate information from an app based on the APK file
- mvt-project/mvt - MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise.
- brocoders/nestjs-boilerplate - NestJS boilerplate. Auth, TypeORM, Mongoose, Postgres, MongoDB, Mailing, I18N, Docker.
- hudy9x/namviek - The open-source project manager for tiny teams
- Dokploy/dokploy - Open Source Alternative to Vercel, Netlify and Heroku.
- codingo/NoSQLMap - Automated NoSQL database enumeration and web application exploitation tool.
- ozlerhakan/mongodb-json-files - ๐ฆ A curated list of JSON / BSON datasets from the web in order to practice / use in MongoDB
- brocoders/nestjs-boilerplate - NestJS boilerplate. Auth, TypeORM, Mongoose, Postgres, MongoDB, Mailing, I18N, Docker.
- openstatusHQ/openstatus - ๐ The open-source synthetic monitoring platform ๐
- Security-Onion-Solutions/securityonion - Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, detections, a
- Dokploy/dokploy - Open Source Alternative to Vercel, Netlify and Heroku.
- Ciphey/Ciphey - โก Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes โก
- junegunn/fzf - ๐ธ A command-line fuzzy finder
- keidarcy/dotfiles - Robust & colorful dot configuration and utilities files with CI check ๐ฆ๐ฆ.
- brocoders/nestjs-boilerplate - NestJS boilerplate. Auth, TypeORM, Mongoose, Postgres, MongoDB, Mailing, I18N, Docker.
- openstatusHQ/openstatus - ๐ The open-source synthetic monitoring platform ๐
- Dokploy/dokploy - Open Source Alternative to Vercel, Netlify and Heroku.
- sadmann7/shadcn-table - A shadcn table component with server-side sorting, filtering, and pagination.
- diogocapela/flatdraw - A simple canvas drawing web app with responsive UI. Made with TypeScript, React, and Next.js.
- tatethurston/nextjs-routes - Type safe routing for Next.js
- Infisical/infisical - โพ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure, prevent secret leaks, and manage internal PKI
- steven-tey/novel - Notion-style WYSIWYG editor with AI-powered autocompletion.
- makeplane/plane - ๐ฅ ๐ฅ ๐ฅ Open Source JIRA, Linear and Asana Alternative. Plane helps you track your issues, epics, and product roadmaps in the simplest way possible.
- taranis-ai/taranis-ai - Taranis AI is an advanced Open-Source Intelligence (OSINT) tool, leveraging Artificial Intelligence to revolutionize information gathering and situational analysis.
- redhuntlabs/Octopii - An AI-powered Personal Identifiable Information (PII) scanner.
- wasp-lang/wasp - The fastest way to develop full-stack web apps with React & Node.js.
- logto-io/logto - ๐งโ๐ The better identity infrastructure for developers and the open-source alternative to Auth0.
- commitizen/cz-cli - The commitizen command line utility. #BlackLivesMatter
- brocoders/nestjs-boilerplate - NestJS boilerplate. Auth, TypeORM, Mongoose, Postgres, MongoDB, Mailing, I18N, Docker.
- wasp-lang/open-saas - A free, open-source SaaS app starter for React & Node.js with superpowers. Production-ready. Community-driven.
- serversideup/spin - ๐ Replicate your production environment locally using Docker. Just run "spin up". It's really that easy.
- devXprite/infoooze - A OSINT tool which helps you to quickly find information effectively. All you need is to input and it will take take care of rest.
- LeCoupa/awesome-cheatsheets - ๐ฉโ๐ป๐จโ๐ป Awesome cheatsheets for popular programming languages, frameworks and development tools. They include everything you should know in one single file.
- porsager/postgres - Postgres.js - The Fastest full featured PostgreSQL client for Node.js, Deno, Bun and CloudFlare
- Infisical/infisical - โพ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure, prevent secret leaks, and manage internal PKI
- puffinsoft/jscanify - Open-source Javascript mobile document scanner.
- codingo/NoSQLMap - Automated NoSQL database enumeration and web application exploitation tool.
- devXprite/infoooze - A OSINT tool which helps you to quickly find information effectively. All you need is to input and it will take take care of rest.
- openstatusHQ/openstatus - ๐ The open-source synthetic monitoring platform ๐
- sadmann7/shadcn-table - A shadcn table component with server-side sorting, filtering, and pagination.
- Lissy93/personal-security-checklist - ๐ A compiled checklist of 300+ tips for protecting digital security and privacy in 2024
- wasp-lang/open-saas - A free, open-source SaaS app starter for React & Node.js with superpowers. Production-ready. Community-driven.
- wasp-lang/wasp - The fastest way to develop full-stack web apps with React & Node.js.
- latiotech/LAST - Use AI to Scan Your Code from the Command Line for security and code smells. Bring your own keys. Supports OpenAI and Gemini
- devXprite/infoooze - A OSINT tool which helps you to quickly find information effectively. All you need is to input and it will take take care of rest.
- imgly/background-removal-js - Remove backgrounds from images directly in the browser environment with ease and no additional costs or privacy concerns. Explore an interactive demo.
- AdguardTeam/AdGuardHome - Network-wide ads & trackers blocking DNS server
- commixproject/commix - Automated All-in-One OS Command Injection Exploitation Tool.
- t3l3machus/Villain - Villain is a high level stage 0/1 C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities) and shar
- continuedev/continue - โฉ Continue is the leading open-source AI code assistant. You can connect any models and any context to build custom autocomplete and chat experiences inside VS Code and JetBrains
- Infisical/infisical - โพ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure, prevent secret leaks, and manage internal PKI
- unkeyed/unkey - Open source API management platform
- mesquidar/ForensicsTools - A list of free and open forensics analysis tools and other resources
- t3l3machus/psudohash - Generates millions of keyword-based password mutations in seconds.
- blacklanternsecurity/bbot - A recursive internet scanner for hackers.
- powerexploit/Ashok - Ashok is a OSINT Recon Tool , a.k.a ๐ Swiss Army knife .
- elceef/dnstwist - Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
- wddadk/Offensive-OSINT-Tools - OffSec OSINT Pentest/RedTeam Tools
- spyboy-productions/omnisci3nt - Unveiling the Hidden Layers of the Web โ A Comprehensive Web Reconnaissance Tool
- MetaOSINT/MetaOSINT.github.io - A tool to quickly identify relevant, publicly-available open source intelligence ("OSINT") tools and resources, saving valuable time during investigations, research, and analysis.
- AnonCatalyst/Ominis-OSINT - This Python application is an OSINT (Open Source Intelligence) tool called "Ominis OSINT - Web Hunter." It performs online information gathering by querying Google for search results related to a user
- projectdiscovery/httpx - httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
- chiasmod0n/chiasmodon - Chiasmodon is an OSINT tool designed to assist in the process of gathering information about a target domain. Its primary functionality revolves around searching for domain-related data, including do
- danieldurnea/FBI-tools - ๐ต๏ธ OSINT Tools for gathering information and actions forensics ๐ต๏ธ
- projectdiscovery/subfinder - Fast passive subdomain enumeration tool.
- six2dez/reconftw - reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
- yogeshojha/rengine - reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous mon
- freelabz/secator - secator - the pentester's swiss knife
- s0md3v/Photon - Incredibly fast crawler designed for OSINT.
- taranis-ai/taranis-ai - Taranis AI is an advanced Open-Source Intelligence (OSINT) tool, leveraging Artificial Intelligence to revolutionize information gathering and situational analysis.
- N0rz3/Phunter - Phunter is an osint tool allowing you to find various information via a phone number ๐๐
- mitchmoser/sputnik - Open Source Intelligence Browser Extension
- trickest/inventory - Asset inventory of over 800 public bug bounty programs.
- OpenCTI-Platform/opencti - Open Cyber Threat Intelligence Platform
- devXprite/infoooze - A OSINT tool which helps you to quickly find information effectively. All you need is to input and it will take take care of rest.
- SherlockLinux/SherlockLinux - Distribuciรณn para OSINT basada en Debian 12 / OSINT Distribution based in Debian 12
- MandConsultingGroup/porch-pirate - Porch Pirate is the most comprehensive Postman recon / OSINT client and framework that facilitates the automated discovery and exploitation of API endpoints and secrets committed to workspaces, collec
- m8sec/CrossLinked - LinkedIn enumeration tool to extract valid employee names from an organization through search engine scraping
- Josue87/MetaFinder - Search for documents in a domain through Search Engines (Google, Bing and Baidu). The objective is to extract metadata
- Alb-310/Geogramint - An OSINT Geolocalization tool for Telegram that find nearby users and groups ๐ก๐๐
- DedSecInside/TorBot - Dark Web OSINT Tool
- franckferman/MetaDetective - ๐ต๏ธ Unleash Metadata Intelligence with MetaDetective. Your Assistant Beyond Metagoofil.
- cosad3s/postleaks - Search for sensitive data in Postman public library.
- saeeddhqan/Maryam - Maryam: Open-source Intelligence(OSINT) Framework
- redhuntlabs/BucketLoot - BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets, flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exp
- jerlendds/osintbuddy - Node graphs, OSINT data mining, and plugins. Connect unstructured and public data for transformative insights
- KawaCoder/GhostRecon - Popular OSINT framework. Works fine with kali linux and other Debian-based systems. Coded this as a teen, so not really reliable for real researches.
- Fundacio-i2CAT/InfoHound - InfoHound is an OSINT to extract a large amount of data given a web domain name.
- seekr-osint/seekr - A multi-purpose OSINT toolkit with a neat web-interface.
- 3nock/OTE - OSINT Template Engine
- Lissy93/web-check - ๐ต๏ธโโ๏ธ All-in-one OSINT tool for analysing any website
- jakecreps/poastal - Poastal - the Email OSINT tool
- j3ssie/metabigor - OSINT tools and more but without API key
- p1ngul1n0/blackbird - An OSINT tool to search for accounts by username and email in social networks.
- initstring/cloud_enum - Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.
- Drew-Alleman/DataSurgeon - Quickly Extracts IP's, Email Addresses, Hashes, Files, Credit Cards, Social Security Numbers and a lot More From Text
- sherlock-project/sherlock - Hunt down social media accounts by username across social networks
- itm4n/PrintSpoofer - Abusing impersonation privileges through the "Printer Bug"
- domain-protect/domain-protect-gcp - Protect against subdomain takeover
- sosdave/KeyTabExtract - Extracts Key Values from .keytab files
- RevoltSecurities/SubProber - Subprober is a powerful and efficient subdomain scanning tool written in Python. With the ability to handle large lists of subdomains. The tool offers concurrent scanning, allowing users to define the
- kabutor/forenwindows - Decrypt offline windows passwords, chrome and firefox
- CICADA8-Research/RemoteKrbRelay - Remote Kerberos Relay made easy! Advanced Kerberos Relay Framework
- p0dalirius/smbclient-ng - smbclient-ng, a fast and user friendly way to interact with SMB shares.
- mrd0x/PWA-Phishing -
- Diverto/IPPrintC2 - PoC for using MS Windows printers for persistence / command and control via Internet Printing
- An0nUD4Y/Evilginx-Phishing-Infra-Setup - Evilginx Phishing Engagement Infrastructure Setup Guide
- login-securite/conpass - Continuous password spraying tool
- assetnote/nowafpls - Burp Plugin to Bypass WAFs through the insertion of Junk Data
- RedByte1337/GraphSpy - Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI
- tylerdotrar/Unfuck-Windows10 - Script meant to debloat Windows 10, enhance privacy, and improve performance & the overall user experience.
- tylerdotrar/SigmaPotato - SeImpersonate privilege escalation tool for Windows 8 - 11 and Windows Server 2012 - 2022 with extensive PowerShell and .NET reflection support.
- AlteredSecurity/Disable-TamperProtection - A POC to disable TamperProtection and other Defender / MDE components
- huntandhackett/PassiveAggression - Source code and examples for PassiveAggression
- AlessandroZ/LaZagne - Credentials recovery project
- skelsec/pypykatz - Mimikatz implementation in pure Python
- Azure/Stormspotter - Azure Red Team tool for graphing Azure and Azure Active Directory objects
- xaitax/TotalRecall - This tool extracts and displays data from the Recall feature in Windows 11, providing an easy way to access information about your PC's activity snapshots.
- MultSec/MultCheck - Identifies bad bytes from static analysis with any Anti-Virus scanner.
- Meckazin/ChromeKatz - Dump cookies directly from Chrome process memory
- es3n1n/no-defender - A slightly more fun way to disable windows defender + firewall. (through the WSC api)
- shreyaschavhan/advanced-sql-injection-for-awae -
- puzzlepeaches/awesome-password-spraying - Everything and anything related to password spraying
- 0xVIC/Diccionarios - Fuzzing en espaรฑol
- Leo4j/Invoke-SessionHunter - Retrieve and display information about active user sessions on remote computers. No admin privileges required.
- xxxserxxx/gotop - A terminal based graphical activity monitor inspired by gtop and vtop
- mlcsec/SharpGraphView - Microsoft Graph API post-exploitation toolkit
- hoodoer/JS-Tap - JavaScript payload and supporting software to be used as XSS payload or post exploitation implant to monitor users as they use the targeted application. Also includes a C2 for executing custom JavaScr
- HernanRodriguez1/SharpBruteForceSSH -
- jfjallid/go-secdump - Tool to remotely dump secrets from the Windows registry
- 0xKayala/NucleiScanner - NucleiScanner is a Powerful Automation tool for detecting Unknown Vulnerabilities in the Web Applications
- login-securite/lsassy - Extract credentials from lsass remotely
- OWASP/OFFAT - The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towar
- bats3c/darkarmour - Windows AV Evasion
- its-a-feature/Mythic - A collaborative, multi-platform, red teaming framework
- marco-liberale/PasteBomb - PasteBomb C2-less RAT
- tldrsec/awesome-secure-defaults - Awesome secure by default libraries to help you eliminate bug classes!
- trap-bytes/hauditor - hauditor is a tool designed to analyze the security headers returned by a web page.
- AlDanial/cloc - cloc counts blank lines, comment lines, and physical lines of source code in many programming languages.
- latiotech/insecure-kubernetes-deployments - A full insecure kubernetes application for testing security tools
- col-1002/HTB-CPTS - Most of the notes, resources and scripts I used to prepare for the HTB CPTS and "pass it the 2 time."
- theowni/Damn-Vulnerable-RESTaurant-API-Game - Damn Vulnerable Restaurant is an intentionally vulnerable Web API game for learning and training purposes dedicated to developers, ethical hackers and security engineers.
- janhq/awesome-local-ai - An awesome repository of local AI tools
- Y2Z/monolith - โฌ๏ธ CLI tool for saving complete web pages as a single HTML file
- AbstractEngine/pentest-muse-cli -
- surajpkhetani/AutoSmuggle - Utility to craft HTML or SVG smuggled files for Red Team engagements
- The-OSINT-Newsletter/excalibur - Pivot from a Twitter profile to Medium, Product Hunt, Mastodon, and more with OSINT
- trap-bytes/403jump - HTTP 403 bypass tool
- luijait/DarkGPT - DarkGPT is an OSINT assistant based on GPT-4-200K (recommended use) designed to perform queries on leaked databases, thus providing an artificial intelligence assistant that can be useful in your trad
- UndeadSec/SwaggerSpy - Automated OSINT on SwaggerHub
- chaudharyarjun/RepoReaper - RepoReaper is an automated tool crafted to meticulously scan and identify exposed .git repositories within specified domains and their subdomains.
- Kevin-Robertson/Inveigh - .NET IPv4/IPv6 machine-in-the-middle tool for penetration testers
- lgandx/Responder - Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication
- infosecn1nja/AD-Attack-Defense - Attack and defend active directory using modern post exploitation adversary tradecraft activity
- DanMcInerney/net-creds - Sniffs sensitive data from interface or pcap
- lgandx/PCredz - This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface.
- GhostPack/Rubeus - Trying to tame the three-headed dog.
- MobSF/Mobile-Security-Framework-MobSF - Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and
- sikumy/ethical-hacking - Personal Hacking Playground.
- r3ggi/electroniz3r - Take over macOS Electron apps' TCC permissions
- catsploit/catsploit -
- spyboy-productions/Valid8Proxy - Tool designed for fetching, validating, and storing working proxies.
- Slowerzs/ThievingFox -
- JeanPeyreMesMots/osx-password-dumper - A tool to dump users's .plist on a Mac OS system and to convert them into a crackable hash
- lkarlslund/Adalanche - Active Directory ACL Visualizer and Explorer - who's really Domain Admin? (Commerical versions available from NetSection)
- MaibornWolff/SecObserve - SecObserve is an open source vulnerability management system for software development and cloud environments. It supports a variety of open source vulnerability scanners and integrates easily into CI/
- brinhosa/apidetector - APIDetector: Efficiently scan for exposed Swagger endpoints across web domains and subdomains. Supports HTTP/HTTPS, multi-threading, and flexible input/output options. Ideal for API security testing.
- FalconForceTeam/SOAPHound - SOAPHound is a custom-developed .NET data collector tool which can be used to enumerate Active Directory environments via the Active Directory Web Services (ADWS) protocol.
- VikParuchuri/marker - Convert PDF to markdown quickly with high accuracy
- YS-L/csvlens - Command line csv viewer
- jhaddix/awsScrape - A tool to scrape the AWS ranges looking for a keyword in SSL certificate data.
- KasperskyLab/iShutdown -
- Ostorlab/KEV - Ostorlab KEV: One-command to detect most remotely known exploitable vulnerabilities. Sourced from CISA KEV, Google's Tsunami, Ostorlab's Asteroid and Bug Bounty programs.
- thomasjjj/Telegram-Snowball-Sampling - The Telegram Snowball Sampling Tool is a Python-based utility designed for conducting snowball sampling to collect Telegram channels through forwards.
- floriandiud/facebook-group-members-scraper - Facebook Group Members Extractor. Download Facebook group members in CSV.
- msd0pe-1/cve-maker - Tool to find CVEs and Exploits.
- algolia/autocomplete - ๐ฎ Fast and full-featured autocomplete library
- xaitax/SploitScan - SploitScan is a sophisticated cybersecurity utility designed to provide detailed information on vulnerabilities and associated exploits.
- 0sumcode/0up - 0up is a zero-knowledge, open-source, encrypted file sharing service
- agentcoinorg/evo.ninja - A versatile generalist agent.
- WithSecureLabs/damn-vulnerable-llm-agent -
- splunk/ShellSweep - ShellSweeping the evil.
- BishopFox/sj - A tool for auditing endpoints defined in exposed (Swagger/OpenAPI) definition files.
- 0xNslabs/CanaryTokenScanner - Script designed to identify CanaryTokens within Microsoft Office documents and Acrobat Reader PDF (docx, xlsx, pptx, pdf).
- assetnote/kiterunner - Contextual Content Discovery Tool
- BC-SECURITY/Moriarty - Moriarty is designed to enumerate missing KBs, detect various vulnerabilities, and suggest potential exploits for Privilege Escalation in Windows environments.
- Xacone/BestEdrOfTheMarket - Little user-mode AV/EDR evasion lab for training & learning purposes
- francoismichel/ssh3 - SSH3: faster and rich secure shell using HTTP/3, checkout our article here: https://arxiv.org/abs/2312.08396 and our Internet-Draft: https://datatracker.ietf.org/doc/draft-michel-ssh3/
- myshell-ai/OpenVoice - Instant voice cloning by MyShell.
- helviojunior/knowsmore - KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes, BloodHound, NTDS and DCSync).
- nowak0x01/WPXStrike - WPXStrike is a script designed to escalate a Cross-Site Scripting (XSS) vulnerability to Remote Code Execution (RCE) or other's criticals vulnerabilities in WordPress
- nowak0x01/JoomSploit - JoomSploit is a script designed to escalate a Cross-Site Scripting (XSS) vulnerability to Remote Code Execution (RCE) or other's criticals vulnerabilities in Joomla CMS.
- nowak0x01/PrestaXSRF - PrestaXSRF is a script designed to escalate a Cross-Site Scripting (XSS) vulnerability to Remote Code Execution (RCE) or other's criticals vulnerabilities in PrestaShop E-Commerce
- nowak0x01/Drupalwned - Drupalwned is a script designed to escalate a Cross-Site Scripting (XSS) vulnerability to Remote Code Execution (RCE) or other's criticals vulnerabilities in Drupal CMS.
- cristianzsh/forensictools - Collection of forensic tools
- simeononsecurity/Blue-Team-Tools - A collection of scripts, tools. and configs for various OS'es and applications, all free and or open-source, to assist in impromptu Blue-Team defense under an active threat.
- ntoskernel/deepsecrets - Secrets scanner that understands code
- dmcxblue/SharpHIBP - A C# Tool to gather information about email breaches
- d0ge/sign-saboteur - SignSaboteur is a Burp Suite extension for editing, signing, verifying various signed web tokens
- lkarlslund/ldapnomnom - Quietly and anonymously bruteforce Active Directory usernames at insane speeds from Domain Controllers by (ab)using LDAP Ping requests (cLDAP)
- ipSlav/DirtyCLR - An App Domain Manager Injection DLL PoC on steroids
- yeyintminthuhtut/Awesome-Red-Teaming - List of Awesome Red Teaming Resources
- waf-bypass-maker/waf-community-bypasses -
- Siguza/ios-resources - Useful resources for iOS hacking
- onhexgroup/Conferences - Conference presentation slides
- akamai/Invoke-DHCPCheckup -
- owasp-dep-scan/dep-scan - OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container ima
- candiddev/rot - Secure Secrets Management for the Modern Sysadmin
- spyboy-productions/CloakQuest3r - Uncover the true IP address of websites safeguarded by Cloudflare & Others
- VSCodium/vscodium - binary releases of VS Code without MS branding/telemetry/licensing
- xforcered/ADOKit - Azure DevOps Services Attack Toolkit
- dchrastil/ScrapedIn - A tool to scrape LinkedIn without API restrictions for data reconnaissance
- dub-flow/sessionprobe - SessionProbe is a multi-threaded tool designed for penetration testing and bug bounty hunting. It evaluates user privileges in web applications by taking a session token and checking access across a l
- 0xB455/m365-fatigue -
- digininja/pipal - Pipal, THE password analyser
- owerdogan/wallpapers-for-kali - Recolored Kali Linux wallpapers
- dirkjanm/BloodHound.py - A Python based ingestor for BloodHound
- gatariee/Winton - Command and Control (C2) framework
- skelsec/evilrdp -
- S1lkys/SharpKiller - Lifetime AMSI bypass by @ZeroMemoryEx ported to .NET Framework 4.8
- kudelskisecurity/youshallnotpass - YouShallNotPass brings an added level of execution security to mission-critical CI/CD Systems.
- gustanini/PowerTools - Powershell tools used for Red Team / Pentesting.
- WithSecureLabs/IceKube -
- R-s0n/ars0n-framework - A Modern Framework for Bug Bounty Hunting
- kgretzky/evilqr - Proof-of-concept to demonstrate dynamic QR swap phishing attacks in practice.
- Aqua-Nautilus/CVE-Half-Day-Watcher -
- trungdq88/Awesome-Black-Friday-Cyber-Monday - Awesome deals on Black Friday: Apps, SaaS, Books, Courses, etc.
- Sn1r/Forbidden-Buster - A tool designed to automate various techniques in order to bypass HTTP 401 and 403 response codes and gain access to unauthorized areas in the system. This code is made for security enthusiasts and pr
- gojek/CureIAM - Clean accounts over permissions in GCP infra at scale
- Zerx0r/dvenom - ๐ Double Venom (DVenom) is a tool that provides an encryption wrapper and loader for your shellcode.
- c3c/ADExplorerSnapshot.py - ADExplorerSnapshot.py is an AD Explorer snapshot parser. It is made as an ingestor for BloodHound, and also supports full-object dumping to NDJSON.
- 0x90n/InfoSec-Black-Friday - All the deals for InfoSec related software/tools this Black Friday
- abi/screenshot-to-code - Drop in a screenshot and convert it to clean code (HTML/Tailwind/React/Vue)
- assume-breach/Home-Grown-Red-Team -
- langchain-ai/opengpts -
- YasserREED/NoBlindi - NoBlindi is a command-line tool for exploiting blind NoSQL injection vulnerabilities to recover passwords in web applications.
- carlospolop/Auto_Wordlists -
- thomasjjj/Telegram_Geolocation_Scraper - Load a JSON export of a Telegram channel containing coordinates of geolocations and filter into a csv for loading into Google Earth.
- 0xDEADFED5/ps_tiny11 - This script creates a trimmed-down Windows 11 image, based on tiny11builder
- ramykatour/GitBook-Downloader-To-HTML-Converter - GitBook Downloader To HTML Converter
- Sija/gitbook2pdf - CLI utility to turn a published GitBook website into a collection of PDFs for offline reading
- Etesam913/react-magic-motion - react-magic-motion is a react.js library that โจ magically animates your components.
- pentagridsec/archive_pwn - A Python-based tool to create zip, tar and cpio archives to exploit common archive library issues and developer mistakes
- evilsocket/legba - A multiprotocol credentials bruteforcer / password sprayer and enumerator. ๐ฅท
- protectai/modelscan - Protection against Model Serialization Attacks
- Orange-Cyberdefense/GOAD - game of active directory
- decoder-it/LocalPotato -
- Orange-Cyberdefense/KeePwn - A python tool to automate KeePass discovery and secret extraction.
- openappsec/waf-comparison-project - Testing datasets and tools to compare WAF efficacy
- tomwechsler/Active_Directory_Advanced_Threat_Hunting - This repo is about Active Directory Advanced Threat Hunting
- FuzzySecurity/Magikarp - ECC Public Key Cryptography
- ripp3rdoc/XAMPPv3.3.0-BOF - Exploit Proof-of-Concept code for XAMPP v3.3.0 โ '.ini' Buffer Overflow (Unicode + SEH)
- sockysec/Telerecon - A reconnaissance framework for researching and investigating Telegram.
- foozzi/discoshell - a simple discovery script that uses popular tools like subfinder, amass, puredns, alterx, massdns and others
- SkyperTHC/curlshell - reverse shell using curl
- AlbusSec/Penetration-List - Penetration-List: A comprehensive resource for testers, covering all types of vulnerabilities and materials used in Penetration Testing. Includes payloads, dorks, fuzzing materials, and offers in-dept
- coffeeandsecurity/DakshSCRA -
- r0oth3x49/ghauri - An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws
- rbsec/sslscan - sslscan tests SSL/TLS enabled services to discover supported cipher suites
- Orange-Cyberdefense/LinikatzV2 - linikatz is a tool to attack AD on UNIX
- nsacyber/ELITEWOLF - OT security monitoring #nsacyber
- govolution/avet - AntiVirus Evasion Tool
- amrudesh1/MORF - Mobile Reconnaissance Framework
- tenable/EscalateGPT - An AI-powered tool for discovering privilege escalation opportunities in AWS IAM configurations.
- dev-lu/osint_toolkit - A full stack web application that combines many tools and services for security analysts into a single tool.
- Dec0ne/DavRelayUp - DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced (the default settings).
- synacktiv/GPOddity - The GPOddity project, aiming at automating GPO attack vectors through NTLM relaying (and more).
- FourCoreLabs/LolDriverScan - Scan vulnerable drivers on Windows with loldrivers.io
- invictus-ir/Invictus-AWS -
- a13xp0p0v/kernel-hardening-checker - A tool for checking the security hardening options of the Linux kernel
- p0dalirius/ExtractBitlockerKeys - A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain.
- eversinc33/CredGuess - Generate password spraying lists based on the pwdLastSet-attribute of users.
- Octoberfest7/TeamsPhisher - Send phishing messages and attachments to Microsoft Teams users
- Kitsun3Sec/Pentest-Cheat-Sheets - A collection of snippets of codes and commands to make your life easier!
- guibacellar/TEx - Telegram Monitor
- p0dalirius/LDAPWordlistHarvester - A tool to generate a wordlist from the information present in LDAP, in order to crack passwords of domain accounts.
- Mazars-Tech/AD_Miner - AD Miner is an Active Directory audit tool that leverages cypher queries to crunch data from the #Bloodhound graph database to uncover security weaknesses
- moabukar/tech-vault - A list of many interview questions & real-world challenges in Tech! (https://tech-vault-web.vercel.app/)
- measuredco/puck - The visual editor for React
- 0xKayala/NucleiFuzzer - NucleiFuzzer is a Powerful Automation tool for detecting XSS, SQLi, SSRF, Open-Redirect, etc.. Vulnerabilities in Web Applications
- optiv/KnockKnock - Enumerate valid users within Microsoft Teams and OneDrive with clean output.
- DataDog/HASH - HASH (HTTP Agnostic Software Honeypot)
- nccgroup/ccs -
- S12cybersecurity/RDPCredentialStealer - RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++
- m-bain/whisperX - WhisperX: Automatic Speech Recognition with Word-level Timestamps (& Diarization)
- gitwonk/gitwonk - The open source GitBook, Confluence, and Archbee alternative. Write technical docs like never before ๐
- capture0x/LFI-FINDER - LFI-FINDER is an open-source tool available on GitHub that focuses on detecting Local File Inclusion (LFI) vulnerabilities
- magisterquis/chromecookiestealer - Steal/Inject Chrome cookies over the DevTools (--remote-debugging-port) protocol.
- sAjibuu/Upload_Bypass - A simple tool for bypassing file upload restrictions.
- kgretzky/evilginx2 - Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
- Kyuu-Ji/Awesome-Azure-Pentest - A collection of resources, tools and more for penetration testing and securing Microsofts cloud platform Azure.
- joswr1ght/basicblobfinder - Identify Azure blobs using a wordlist of account name and container name strings
- jawaharputti/EHTools - Wi-Fi tools keep getting more and more accessible to beginners, and the Ehtools Framework is a framework of serious penetration tools that can be explored easily from within it. This powerful and si
- Neo23x0/yaraQA - YARA rule analyzer to improve rule quality and performance
- mshumer/gpt-prompt-engineer -
- LuemmelSec/Pentest-Tools-Collection -
- PaulNorman01/Forensia - Anti Forensics Tool For Red Teamers, Used For Erasing Footprints In The Post Exploitation Phase.
- dievus/msLDAPDump - LDAP enumeration tool implemented in Python3
- BeichenDream/SharpToken - Windows Token Stealing Expert
- 61106960/adPEAS - Powershell tool to automate Active Directory enumeration.
- Rolix44/Kubestroyer - Kubernetes exploitation tool
- iamj0ker/bypass-403 - A simple script just made for self use for bypassing 403
- Dec0ne/ShadowSpray - A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.
- zylon-ai/private-gpt - Interact with your documents using the power of GPT, 100% privately, no data leaks
- SnaffCon/Snaffler - a tool for pentesters to help find delicious candy, by @l0ss and @Sh3r4 ( Twitter: @/mikeloss and @/sh3r4_hax )
- epicweb-dev/epic-stack - This is a Full Stack app starter with the foundational things setup and configured for you to hit the ground running on your next EPIC idea.
- trustedsec/hardcidr - hardCIDR is a Linux Bash script, but also functions under macOS. Your mileage may vary on other distros. The script with no specified options will query ARIN and a pool of BGP route servers. The route
- jkfran/killport - A command-line tool to easily kill processes running on a specified port.
- vulnersCom/getsploit - Command line utility for searching and downloading exploits
- builtbybel/ThisIsWin11 - The real PowerToys for Windows 11
- HavocFramework/Havoc - The Havoc Framework.
- Mebus/cupp - Common User Passwords Profiler (CUPP)
- sc0tfree/mentalist - Mentalist is a graphical tool for custom wordlist generation. It utilizes common human paradigms for constructing passwords and can output the full wordlist as well as rules compatible with Hashcat an
- ropnop/kerbrute - A tool to perform Kerberos pre-auth bruteforcing
- microsoft/AttackSurfaceAnalyzer - Attack Surface Analyzer can help you analyze your operating system's security configuration for changes during software installation.
- sandboxie-plus/Sandboxie - Sandboxie Plus & Classic
- openai/gpt-2 - Code for the paper "Language Models are Unsupervised Multitask Learners"
- powerexploit/Ashok - Ashok is a OSINT Recon Tool , a.k.a ๐ Swiss Army knife .
- TupleType/awesome-cicd-attacks - Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.
- sgxgsx/BlueToolkit - BlueToolkit is an extensible Bluetooth Classic vulnerability testing framework that helps uncover new and old vulnerabilities in Bluetooth-enabled devices. Could be used in the vulnerability research,
- samratashok/nishang - Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
- Syslifters/HackTheBox-Reporting - Hack The Box CPTS, CBBH Exam and Lab Reporting / Note-Taking Tool
- danieldurnea/FBI-tools - ๐ต๏ธ OSINT Tools for gathering information and actions forensics ๐ต๏ธ
- six2dez/reconftw - reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
- ByteSnipers/awesome-pentest-cheat-sheets - Collection of cheat sheets useful for pentesting
- fkkarakurt/reconic - A Powerful Network Reconnaissance Tool for Security Professionals
- yogeshojha/rengine - reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous mon
- trickest/inventory - Asset inventory of over 800 public bug bounty programs.
- codingo/NoSQLMap - Automated NoSQL database enumeration and web application exploitation tool.
- swisskyrepo/PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
- factionsecurity/faction - Pen Test Report Generation and Assessment Collaboration
- 0xsyr0/OSCP - OSCP Cheat Sheet
- trickest/find-gh-poc - Find CVE PoCs on GitHub
- trickest/cve - Gather and update all available and newest CVEs with their PoC.
- GreyDGL/PentestGPT - A GPT-empowered penetration testing tool
- gotr00t0day/Gsec - Web Security Scanner
- MattKeeley/Spoofy - Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
- RhinoSecurityLabs/pacu - The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
- praetorian-inc/noseyparker - Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.
- t3l3machus/Villain - Villain is a high level stage 0/1 C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities) and shar
- redeye-framework/Redeye - Redeye is a tool intended to help you manage your data during a pentest operation
- mandiant/commando-vm - Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. [email protected]
- Syslifters/sysreptor - Fully customisable, offensive security reporting solution designed for pentesters, red teamers and other security-related people alike.
- GhostManager/Ghostwriter - The SpecterOps project management and reporting engine
- initstring/cloud_enum - Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.
- t3l3machus/psudohash - Generates millions of keyword-based password mutations in seconds.
- blacklanternsecurity/bbot - A recursive internet scanner for hackers.
- wddadk/Offensive-OSINT-Tools - OffSec OSINT Pentest/RedTeam Tools
- diego-treitos/linux-smart-enumeration - Linux enumeration tool for pentesting and CTFs with verbosity levels
- sgxgsx/BlueToolkit - BlueToolkit is an extensible Bluetooth Classic vulnerability testing framework that helps uncover new and old vulnerabilities in Bluetooth-enabled devices. Could be used in the vulnerability research,
- Syslifters/offsec-tools - Compiled tools for internal assessments
- OJ/gobuster - Directory/File, DNS and VHost busting tool written in Go
- ffuf/ffuf - Fast web fuzzer written in Go
- danieldurnea/FBI-tools - ๐ต๏ธ OSINT Tools for gathering information and actions forensics ๐ต๏ธ
- noraj/haiti - ๐ Hash type identifier (CLI & lib)
- devploit/nomore403 - Tool to bypass 403/40X response codes.
- six2dez/reconftw - reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
- ByteSnipers/awesome-pentest-cheat-sheets - Collection of cheat sheets useful for pentesting
- fkkarakurt/reconic - A Powerful Network Reconnaissance Tool for Security Professionals
- v1s1t0r1sh3r3/airgeddon - This is a multi-use bash script for Linux systems to audit wireless networks.
- yogeshojha/rengine - reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous mon
- justakazh/DockerExploit - Docker Remote API Scanner and Exploit
- freelabz/secator - secator - the pentester's swiss knife
- MegaManSec/SSH-Snake - SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.
- i5nipe/nipejs - Simplify your life with leak detection in JavaScript. NipeJS streamlines the use of regex, making it effortless to uncover potential leaks.
- trickest/inventory - Asset inventory of over 800 public bug bounty programs.
- Frissi0n/GTFONow - Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries using GTFOBins.
- casterbyte/MITMonster - A monster cheatsheet on MITM attacks
- emrekybs/AD-AssessmentKit - Contains a collection of Bash scripts designed for comprehensive security audits and network mapping of Active Directory (AD) environments. The scripts automate various tasks including LDAP querying,
- psbelin/ip_widget - Taskbar IP widget for kali linux (or any distro running XFCE)
- NH-RED-TEAM/RustHound - Active Directory data collector for BloodHound written in Rust. ๐ฆ
- infosecn1nja/Red-Teaming-Toolkit - This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
- rootcathacking/catspin - Catspin rotates the IP address of HTTP requests making IP based blocks or slowdown measures ineffective. It is based on AWS API Gateway and deployed via AWS Cloudformation.
- Leo4j/Amnesiac - Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with lateral movement within Active Directory environments
- casterbyte/Above - Invisible network protocol sniffer
- factionsecurity/faction - Pen Test Report Generation and Assessment Collaboration
- t3l3machus/BabelStrike - The purpose of this tool is: 1. to transliterate and generate possible usernames out of a full names list that may include names written in multiple (non-English) languages, common problem occurring f
- 0xsyr0/OSCP - OSCP Cheat Sheet
- trickest/find-gh-poc - Find CVE PoCs on GitHub
- trickest/cve - Gather and update all available and newest CVEs with their PoC.
- gotr00t0day/Gsec - Web Security Scanner
- The-Viper-One/PsMapExec - A PowerShell tool that takes strong inspiration from CrackMapExec / NetExec
- MattKeeley/Spoofy - Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
- redhuntlabs/BucketLoot - BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets, flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exp
- Pennyw0rth/NetExec - The Network Execution Tool
- D00Movenok/BounceBack -
โ๏ธ ๐คซ Stealth redirector for your red team operation security - Anof-cyber/ParaForge - A BurpSuite extension to create a custom word-list of endpoint and parameters for enumeration and fuzzing
- D00Movenok/HTMLSmuggler - โ๏ธ HTML Smuggling generator&obfuscator for your Red Team operations
- commixproject/commix - Automated All-in-One OS Command Injection Exploitation Tool.
- t3l3machus/Villain - Villain is a high level stage 0/1 C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities) and shar
- owasp-noir/noir - Attack surface detector that identifies endpoints by static analysis
- iknowjason/edge - Recon tool for cloud provider attribution. Supports AWS, Azure, Google, Cloudflare, and Digital Ocean.
- thewhiteh4t/FinalRecon - All In One Web Recon
- Zeus-Labs/ZeusCloud - Open Source Cloud Security
- CERT-Polska/Artemis - A modular vulnerability scanner with automatic report generation capabilities.
- PhoenixC2/PhoenixC2 - Command & Control-Framework created for collaboration in python3
- j3ssie/metabigor - OSINT tools and more but without API key
- RapidDNS/Afuzz - Afuzz is an automated web path fuzzing tool for the Bug Bounty projects.
- p1ngul1n0/blackbird - An OSINT tool to search for accounts by username and email in social networks.
- Ciphey/Ciphey - โก Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes โก
- Drew-Alleman/DataSurgeon - Quickly Extracts IP's, Email Addresses, Hashes, Files, Credit Cards, Social Security Numbers and a lot More From Text
- sherlock-project/sherlock - Hunt down social media accounts by username across social networks
- byt3bl33d3r/CrackMapExec - A swiss army knife for pentesting networks
- t3l3machus/psudohash - Generates millions of keyword-based password mutations in seconds.
- Cvar1984/sussyfinder - Single PHP file to detect potentially malicious threats based on token and hash with web interface and VirusTotal integrations. Contact me for premium apps fully integrated with VirusTotal and 10+ mor
- adegans/Goosle - The best Meta Search engine running on simple PHP servers that keeps privacy and ease of use in mind!
- PrivateBin/PrivateBin - A minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bits AES.
- LeCoupa/awesome-cheatsheets - ๐ฉโ๐ป๐จโ๐ป Awesome cheatsheets for popular programming languages, frameworks and development tools. They include everything you should know in one single file.
- Dokploy/dokploy - Open Source Alternative to Vercel, Netlify and Heroku.
- teableio/teable - โจ The Next Gen Airtable Alternative: No-Code Postgres
- drawdb-io/drawdb - Free, simple, and intuitive online database design tool and SQL generator.
- wasp-lang/open-saas - A free, open-source SaaS app starter for React & Node.js with superpowers. Production-ready. Community-driven.
- porsager/postgres - Postgres.js - The Fastest full featured PostgreSQL client for Node.js, Deno, Bun and CloudFlare
- logto-io/logto - ๐งโ๐ The better identity infrastructure for developers and the open-source alternative to Auth0.
- makeplane/plane - ๐ฅ ๐ฅ ๐ฅ Open Source JIRA, Linear and Asana Alternative. Plane helps you track your issues, epics, and product roadmaps in the simplest way possible.
- securityjoes/MasterParser - MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs
- samratashok/nishang - Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
- nickvourd/Windows-Local-Privilege-Escalation-Cookbook - Windows Local Privilege Escalation Cookbook
- chopinrlz/powerpass - Store and retrieve encrypted secrets with PowerShell on Windows, Linux, or MacOS and also from KeePass 2 databases on Windows
- drak3hft7/Cheat-Sheet---Active-Directory - This cheat sheet contains common enumeration and attack methods for Windows Active Directory with the use of powershell.
- microsoft/inshellisense - IDE style command line auto complete
- h0ru/AMSI-Reaper -
- The-Viper-One/PsMapExec - A PowerShell tool that takes strong inspiration from CrackMapExec / NetExec
- joeavanzato/Trawler - PowerShell script to help Incident Responders discover potential adversary persistence mechanisms.
- byt3bl33d3r/CrackMapExec - A swiss army knife for pentesting networks
- jayharris/dotfiles-windows - dotfiles for Windows, including Developer-minded system defaults. Built in PowerShell
- CleasbyCode/jdvrif - Hide data within JPG images using this steganography-like privacy tool. Post images on Mastodon and other hosting sites.
- Lissy93/personal-security-checklist - ๐ A compiled checklist of 300+ tips for protecting digital security and privacy in 2024
- pluja/awesome-privacy - Awesome Privacy - A curated list of services and alternatives that respect your privacy because PRIVACY MATTERS.
- awesome-selfhosted/awesome-selfhosted - A list of Free Software network services and web applications which can be hosted on your own servers
- troennes/private-secure-windows - Privacy and security baseline for personal Windows 10 and Windows 11
- AdguardTeam/AdGuardHome - Network-wide ads & trackers blocking DNS server
- K3V1991/Disable-Firefox-Telemetry-and-Data-Collection - How to disable Firefox Telemetry and Data Collection
- Lissy93/web-check - ๐ต๏ธโโ๏ธ All-in-one OSINT tool for analysing any website
- svenmauch/WinSlap - Swiftly configure a fresh Windows 10 installation with useful tweaks and privacy settings.
- hellzerg/optimizer - The finest Windows Optimizer
- KuroLabs/stegcloak - Hide secrets with invisible characters in plain text securely using passwords ๐ง๐ปโโ๏ธโญ
- drduh/macOS-Security-and-Privacy-Guide - Guide to securing and improving privacy on macOS
- makeplane/plane - ๐ฅ ๐ฅ ๐ฅ Open Source JIRA, Linear and Asana Alternative. Plane helps you track your issues, epics, and product roadmaps in the simplest way possible.
- blacklanternsecurity/bbot - A recursive internet scanner for hackers.
- FLOCK4H/Freeway - WiFi Penetration Testing & Auditing Tool
- prowler-cloud/prowler - Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness.
- otsaloma/catapult - App launcher for Linux
- RevoltSecurities/Subdominator - SubDominator helps you discover subdomains associated with a target domain efficiently and with minimal impact for your Bug Bounty
- sarperavci/GoogleRecaptchaBypass - Solve Google reCAPTCHA in less than 5 seconds! ๐
- AnonCatalyst/Ominis-OSINT - This Python application is an OSINT (Open Source Intelligence) tool called "Ominis OSINT - Web Hunter." It performs online information gathering by querying Google for search results related to a user
- epogrebnyak/justpath - Inspect and refine PATH environment variable on Windows, Linux and MacOS.
- dvcoolarun/web2pdf - ๐ CLI to convert Webpages to PDFs ๐
- fkkarakurt/reconic - A Powerful Network Reconnaissance Tool for Security Professionals
- fortra/impacket - Impacket is a collection of Python classes for working with network protocols.
- oppsec/tomcter - ๐น Tomcter is a python tool developed to bruteforce Apache Tomcat manager login with default credentials.
- s0md3v/Photon - Incredibly fast crawler designed for OSINT.
- latiotech/LAST - Use AI to Scan Your Code from the Command Line for security and code smells. Bring your own keys. Supports OpenAI and Gemini
- oppsec/juumla - ๐ฆ Juumla is a python tool created to identify Joomla version, scan for vulnerabilities and sensitive files
- dragonked2/Egyscan - Egyscan The Best web vulnerability scanner; it's a multifaceted security powerhouse designed to fortify your web applications against malicious threats. Let's delve into the tasks and functions that m
- lewiswigmore/Virus.xcheck - Virus.xcheck is a Python tool designed to bulk verify the existence of file hashes in the Virus Exchange database and fetch download URLs for malware analysis.
- JoshuaKasa/van-gonography - Hide ๐ต๏ธโโ๏ธ your files of any type inside a image of your choice using steganography
- bellingcat/wayback-google-analytics - A lightweight tool for scraping current and historic Google Analytics data
- Alb-310/Geogramint - An OSINT Geolocalization tool for Telegram that find nearby users and groups ๐ก๐๐
- DedSecInside/TorBot - Dark Web OSINT Tool
- AiGptCode/Ai-Security-URL - functions to exploit common web application vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), Server-Side Request Forgery (SSRF), and Path Traversal.
- franckferman/MetaDetective - ๐ต๏ธ Unleash Metadata Intelligence with MetaDetective. Your Assistant Beyond Metagoofil.
- GreyDGL/PentestGPT - A GPT-empowered penetration testing tool
- redhuntlabs/Octopii - An AI-powered Personal Identifiable Information (PII) scanner.
- searxng/searxng - SearXNG is a free internet metasearch engine which aggregates results from various search services and databases. Users are neither tracked nor profiled.
- MattKeeley/Spoofy - Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
- semgrep/semgrep - Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
- secdev/scapy - Scapy: the Python-based interactive packet manipulation program & library.
- Pennyw0rth/NetExec - The Network Execution Tool
- RhinoSecurityLabs/pacu - The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
- Anof-cyber/ParaForge - A BurpSuite extension to create a custom word-list of endpoint and parameters for enumeration and fuzzing
- bsilverthorn/maccarone - AI-managed code blocks in Python โชโฉ
- oppsec/Apepe - ๐ฒ Enumerate information from an app based on the APK file
- oppsec/Pinkerton - ๐ต๏ธ Pinkerton is an JavaScript file crawler and secret finder tool developed in Python
- commixproject/commix - Automated All-in-One OS Command Injection Exploitation Tool.
- fox-it/dissect - Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (part
- intel/cve-bin-tool - The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or
- PhoenixC2/PhoenixC2 - Command & Control-Framework created for collaboration in python3
- jakecreps/poastal - Poastal - the Email OSINT tool
- gpt-engineer-org/gpt-engineer - Specify what you want it to build, the AI asks for clarification, and then builds it.
- makeplane/plane - ๐ฅ ๐ฅ ๐ฅ Open Source JIRA, Linear and Asana Alternative. Plane helps you track your issues, epics, and product roadmaps in the simplest way possible.
- Significant-Gravitas/AutoGPT - AutoGPT is the vision of accessible AI for everyone, to use and to build on. Our mission is to provide the tools, so that you can focus on what matters.
- p1ngul1n0/blackbird - An OSINT tool to search for accounts by username and email in social networks.
- nyxiereal/XToolbox - XToolBox - A collection of 150+ Windows 10/11 optimization and tweaking apps!
- Ciphey/Ciphey - โก Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes โก
- sherlock-project/sherlock - Hunt down social media accounts by username across social networks
- byt3bl33d3r/CrackMapExec - A swiss army knife for pentesting networks
- JoelGMSec/LeakSearch - Search & Parse Password Leaks
- HalilDeniz/NetProbe - NetProbe: Network Probe
- HalilDeniz/PacketSpy - PacketSpy
- oppsec/tomcter - ๐น Tomcter is a python tool developed to bruteforce Apache Tomcat manager login with default credentials.
- N0rz3/Phunter - Phunter is an osint tool allowing you to find various information via a phone number ๐๐
- HalilDeniz/NetworkSherlock - NetworkSherlock: powerful and flexible port scanning tool With Shodan
- rfc-st/humble - A humble, and ๐ณ๐ฎ๐๐, security-oriented HTTP headers analyzer.
- lewiswigmore/Virus.xcheck - Virus.xcheck is a Python tool designed to bulk verify the existence of file hashes in the Virus Exchange database and fetch download URLs for malware analysis.
- HalilDeniz/TrafficWatch - TrafficWatch, a packet sniffer tool, allows you to monitor and analyze network traffic from PCAP files
- HalilDeniz/PathFinder - Web Path Finder
- m8sec/CrossLinked - LinkedIn enumeration tool to extract valid employee names from an organization through search engine scraping
- DedSecInside/TorBot - Dark Web OSINT Tool
- franckferman/MetaDetective - ๐ต๏ธ Unleash Metadata Intelligence with MetaDetective. Your Assistant Beyond Metagoofil.
- MattKeeley/Spoofy - Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
- Pennyw0rth/NetExec - The Network Execution Tool
- jerlendds/osintbuddy - Node graphs, OSINT data mining, and plugins. Connect unstructured and public data for transformative insights
- oppsec/Pinkerton - ๐ต๏ธ Pinkerton is an JavaScript file crawler and secret finder tool developed in Python
- thewhiteh4t/FinalRecon - All In One Web Recon
- PhoenixC2/PhoenixC2 - Command & Control-Framework created for collaboration in python3
- nyxiereal/XToolbox - XToolBox - A collection of 150+ Windows 10/11 optimization and tweaking apps!
- sherlock-project/sherlock - Hunt down social media accounts by username across social networks
- 3nock/OTE - OSINT Template Engine
- AleksaMCode/Preferred-Network-List-Sniffer - A reconnaissance tool for capturing and displaying SSIDs from device's Preferred Network List.
- drawdb-io/drawdb - Free, simple, and intuitive online database design tool and SQL generator.
- pmndrs/uikit - ๐จ user interfaces for react-three-fiber
- wasp-lang/open-saas - A free, open-source SaaS app starter for React & Node.js with superpowers. Production-ready. Community-driven.
- wasp-lang/wasp - The fastest way to develop full-stack web apps with React & Node.js.
- albingroen/react-cmdk - A fast, accessible, and pretty command palette for React
- lmsqueezy/wedges - An ever-expanding, open-source React UI library built with the Wedges Design System, Radix primitives, and Tailwind CSS.
- nick-keller/react-datasheet-grid - An Airtable-like / Excel-like component to create beautiful spreadsheets.
- react-dnd/react-dnd - Drag and Drop for React
- diogocapela/flatdraw - A simple canvas drawing web app with responsive UI. Made with TypeScript, React, and Next.js.
- Infisical/infisical - โพ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure, prevent secret leaks, and manage internal PKI
- React95/React95 - A React components library with Win95 UI
- makeplane/plane - ๐ฅ ๐ฅ ๐ฅ Open Source JIRA, Linear and Asana Alternative. Plane helps you track your issues, epics, and product roadmaps in the simplest way possible.
- Abhinandan-Kushwaha/react-native-gifted-charts - The most complete library for Bar, Line, Area, Pie, Donut, Stacked Bar and Population Pyramid charts in React Native. Allows 2D, 3D, gradient, animations and live data updates.
- makeplane/plane - ๐ฅ ๐ฅ ๐ฅ Open Source JIRA, Linear and Asana Alternative. Plane helps you track your issues, epics, and product roadmaps in the simplest way possible.
- chainguard-dev/bincapz - detect malicious program behaviors
- ax/apk.sh - apk.sh makes reverse engineering Android apps easier, automating some repetitive tasks like pulling, decoding, rebuilding and patching an APK.
- mentebinaria/retoolkit - Reverse Engineer's Toolkit
- x64dbg/x64dbg - An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
- ReagentX/imessage-exporter - Export iMessage data + run iMessage Diagnostics
- mandiant/flare-vm - A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.
- semgrep/semgrep - Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
- dani-garcia/vaultwarden - Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs
- NH-RED-TEAM/RustHound - Active Directory data collector for BloodHound written in Rust. ๐ฆ
- GyulyVGC/sniffnet - Comfortably monitor your Internet traffic ๐ต๏ธโโ๏ธ
- cea-sec/usbsas - Tool and framework for securely reading untrusted USB mass storage devices.
- praetorian-inc/noseyparker - Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.
- build-trust/ockam - Orchestrate end-to-end encryption, cryptographic identities, mutual authentication, and authorization policies between distributed applications โ at massive scale.
- Drew-Alleman/DataSurgeon - Quickly Extracts IP's, Email Addresses, Hashes, Files, Credit Cards, Social Security Numbers and a lot More From Text
- chaitin/SafeLine - A web security gateway, serve as a reverse proxy to protect your websites from attacks and exploits.
- prowler-cloud/prowler - Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness.
- smallstep/certificates - ๐ก๏ธ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.
- sgxgsx/BlueToolkit - BlueToolkit is an extensible Bluetooth Classic vulnerability testing framework that helps uncover new and old vulnerabilities in Bluetooth-enabled devices. Could be used in the vulnerability research,
- MetaOSINT/MetaOSINT.github.io - A tool to quickly identify relevant, publicly-available open source intelligence ("OSINT") tools and resources, saving valuable time during investigations, research, and analysis.
- securityjoes/MasterParser - MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs
- samratashok/nishang - Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
- Azathothas/Arsenal - Hastly written Tools & Scripts for Personal Use Cases & Bug Bounties
- danieldurnea/FBI-tools - ๐ต๏ธ OSINT Tools for gathering information and actions forensics ๐ต๏ธ
- cddmp/enum4linux-ng - A next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for security professionals and CTF players.
- dhammon/ai-goat - Learn AI security through a series of vulnerable LLM CTF challenges. No sign ups, no cloud fees, run everything locally on your system.
- noraj/haiti - ๐ Hash type identifier (CLI & lib)
- six2dez/reconftw - reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
- devploit/awesome-ctf-resources - A list of Capture The Flag (CTF) frameworks, libraries, resources and software for started/experienced CTF players ๐ฉ
- Lissy93/personal-security-checklist - ๐ A compiled checklist of 300+ tips for protecting digital security and privacy in 2024
- Escape-Technologies/awesome-graphql-security - A curated list of awesome GraphQL Security frameworks, libraries, software and resources
- v1s1t0r1sh3r3/airgeddon - This is a multi-use bash script for Linux systems to audit wireless networks.
- ShellCode33/CredSLayer - Extract credentials and other useful info from network captures
- konstruktoid/ansible-role-hardening - Ansible role to apply a security baseline. Systemd edition.
- justakazh/DockerExploit - Docker Remote API Scanner and Exploit
- sensepost/objection - ๐ฑ objection - runtime mobile exploration
- freelabz/secator - secator - the pentester's swiss knife
- future-architect/vuls - Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
- MegaManSec/SSH-Snake - SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.
- gbiagomba/Sherlock - This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)
- AleksaMCode/Preferred-Network-List-Sniffer - A reconnaissance tool for capturing and displaying SSIDs from device's Preferred Network List.
- trickest/inventory - Asset inventory of over 800 public bug bounty programs.
- 0x4D31/galah - Galah: An LLM-powered web honeypot. Wasting attackers' time with faker-than-ever HTTP responses!
- OpenCTI-Platform/opencti - Open Cyber Threat Intelligence Platform
- Frissi0n/GTFONow - Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries using GTFOBins.
- konstruktoid/hardening - Hardening Ubuntu. Systemd edition.
- Aditya-dom/moonwalk-back - Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.
- gabrielsoltz/metahub - MetaHub is an automated contextual security findings enrichment and impact evaluation tool for vulnerability management.
- tamjid0x01/SmartContracts-audit-checklist - A checklist of things to look for when auditing Solidity smart contracts.
- gophish/gophish - Open-Source Phishing Toolkit
- xlab-si/iac-scan-runner - Service that scans your Infrastructure as Code for common vulnerabilities
- MandConsultingGroup/porch-pirate - Porch Pirate is the most comprehensive Postman recon / OSINT client and framework that facilitates the automated discovery and exploitation of API endpoints and secrets committed to workspaces, collec
- rfc-st/humble - A humble, and ๐ณ๐ฎ๐๐, security-oriented HTTP headers analyzer.
- PrivateBin/PrivateBin - A minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bits AES.
- liamg/furious - ๐ Go IP/port scanner with SYN (stealth) scanning and device manufacturer identification
- troennes/private-secure-windows - Privacy and security baseline for personal Windows 10 and Windows 11
- swisskyrepo/PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
- swisskyrepo/InternalAllTheThings - Active Directory and Internal Pentest Cheatsheets
- factionsecurity/faction - Pen Test Report Generation and Assessment Collaboration
- goodwithtech/dockle - Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start
- HalilDeniz/NetworkAssessment - NetworkAssessment: Network Compromise Assessment Tool
- cisagov/LME - Logging Made Easy (LME) is a no-cost and open logging and protective monitoring solution serving all organizations.
- HalilDeniz/PathFinder - Web Path Finder
- andresriancho/w3af - w3af: web application attack and audit framework, the open source web vulnerability scanner.
- LucasPDiniz/403-Bypass - Bypass 403 pages
- maxgoedjen/secretive - Store SSH keys in the Secure Enclave
- spark1security/n0s1 - Secret Scanner for Jira, Confluence, Asana, Wrike and Linear
- 0xsyr0/OSCP - OSCP Cheat Sheet
- DedSecInside/TorBot - Dark Web OSINT Tool
- GyulyVGC/sniffnet - Comfortably monitor your Internet traffic ๐ต๏ธโโ๏ธ
- CycodeLabs/raven - CI/CD Security Analyzer
- franckferman/MetaDetective - ๐ต๏ธ Unleash Metadata Intelligence with MetaDetective. Your Assistant Beyond Metagoofil.
- ElectronicCats/CatSniffer - CatSniffer is an original multiprotocol and multiband board for sniffing, communicating, and attacking IoT (Internet of Things) devices using the latest radio IoT protocols. It is a highly portable US
- trickest/find-gh-poc - Find CVE PoCs on GitHub
- trickest/cve - Gather and update all available and newest CVEs with their PoC.
- gotr00t0day/Gsec - Web Security Scanner
- trimstray/the-book-of-secret-knowledge - A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
- cea-sec/usbsas - Tool and framework for securely reading untrusted USB mass storage devices.
- GitGuardian/ggshield - Find and fix 360+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.
- santoru/shcheck - A basic tool to check security headers of a website
- google/gcp_scanner - A comprehensive scanner for Google Cloud
- MattKeeley/Spoofy - Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
- secdev/scapy - Scapy: the Python-based interactive packet manipulation program & library.
- mschwager/route-detect - Find authentication (authn) and authorization (authz) security bugs in web application routes.
- jtesta/ssh-audit - SSH server & client security auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)
- Pennyw0rth/NetExec - The Network Execution Tool
- Security-Onion-Solutions/securityonion - Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, detections, a
- RhinoSecurityLabs/pacu - The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
- K3V1991/Disable-Firefox-Telemetry-and-Data-Collection - How to disable Firefox Telemetry and Data Collection
- D00Movenok/BounceBack -
โ๏ธ ๐คซ Stealth redirector for your red team operation security - deepfence/SecretScanner - ๐ ๐ Find secrets and passwords in container images and file systems ๐ ๐
- globocom/secDevLabs - A laboratory for learning secure web and mobile development in a practical manner.
- x64dbg/x64dbg - An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
- praetorian-inc/noseyparker - Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.
- D00Movenok/HTMLSmuggler - โ๏ธ HTML Smuggling generator&obfuscator for your Red Team operations
- cado-security/varc - Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of particular use when investigating a security incident.
- projectdiscovery/nuclei - Fast and customizable vulnerability scanner based on simple YAML based DSL.
- akto-api-security/akto - Proactive, Open source API security โ API discovery, Testing in CI/CD, Test Library with 150+ Tests, Add custom tests, Sensitive data exposure
- authzed/spicedb - Open Source, Google Zanzibar-inspired permissions database to enable fine-grained authorization for customer applications
- intel/cve-bin-tool - The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or
- owasp-noir/noir - Attack surface detector that identifies endpoints by static analysis
- build-trust/ockam - Orchestrate end-to-end encryption, cryptographic identities, mutual authentication, and authorization policies between distributed applications โ at massive scale.
- Infisical/infisical - โพ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure, prevent secret leaks, and manage internal PKI
- Lissy93/web-check - ๐ต๏ธโโ๏ธ All-in-one OSINT tool for analysing any website
- Zeus-Labs/ZeusCloud - Open Source Cloud Security
- padok-team/yatas - ๐ฆ๐ A simple tool to audit your AWS/GCP infrastructure for misconfiguration or potential security issues with plugins integration
- CERT-Polska/Artemis - A modular vulnerability scanner with automatic report generation capabilities.
- j3ssie/metabigor - OSINT tools and more but without API key
- eosphoros-ai/DB-GPT - AI Native Data App Development framework with AWEL(Agentic Workflow Expression Language) and Agents
- mvt-project/mvt - MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise.
- MrEmpy/mantra - ใ๐ใA tool used to hunt down API key leaks in JS files and pages
- nyxiereal/XToolbox - XToolBox - A collection of 150+ Windows 10/11 optimization and tweaking apps!
- trufflesecurity/trufflehog - Find and verify secrets
- cider-security-research/cicd-goat - A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.
- gitleaks/gitleaks - Protect and discover secrets using Gitleaks ๐
- KuroLabs/stegcloak - Hide secrets with invisible characters in plain text securely using passwords ๐ง๐ปโโ๏ธโญ
- drduh/macOS-Security-and-Privacy-Guide - Guide to securing and improving privacy on macOS
- chaitin/SafeLine - A web security gateway, serve as a reverse proxy to protect your websites from attacks and exploits.
- Dokploy/dokploy - Open Source Alternative to Vercel, Netlify and Heroku.
- awesome-foss/awesome-sysadmin - A curated list of amazingly awesome open-source sysadmin resources.
- PrivateBin/PrivateBin - A minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bits AES.
- awesome-selfhosted/awesome-selfhosted - A list of Free Software network services and web applications which can be hosted on your own servers
- lukejacksonn/servor - Dependency free file server for single page app development
- K3V1991/Disable-Firefox-Telemetry-and-Data-Collection - How to disable Firefox Telemetry and Data Collection
- MegaManSec/SSH-Snake - SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.
- konstruktoid/hardening - Hardening Ubuntu. Systemd edition.
- CISOfy/lynis - Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
- awesome-foss/awesome-sysadmin - A curated list of amazingly awesome open-source sysadmin resources.
- tamjid0x01/SmartContracts-audit-checklist - A checklist of things to look for when auditing Solidity smart contracts.
- drawdb-io/drawdb - Free, simple, and intuitive online database design tool and SQL generator.
- drawdb-io/drawdb - Free, simple, and intuitive online database design tool and SQL generator.
- teableio/teable - โจ The Next Gen Airtable Alternative: No-Code Postgres
- drawdb-io/drawdb - Free, simple, and intuitive online database design tool and SQL generator.
- React95/React95 - A React components library with Win95 UI
- Renset/macai - Swift powered native macOS client for Ollama, ChatGPT and compatible API-backends
- Renset/macai - Swift powered native macOS client for Ollama, ChatGPT and compatible API-backends
- Alb-310/Geogramint - An OSINT Geolocalization tool for Telegram that find nearby users and groups ๐ก๐๐
- plandex-ai/plandex - AI driven development in your terminal. Designed for large, real-world tasks.
- JoshuaKasa/van-gonography - Hide ๐ต๏ธโโ๏ธ your files of any type inside a image of your choice using steganography
- microsoft/inshellisense - IDE style command line auto complete
- antonmedv/walk - Terminal file manager
- morpheuslord/GPT_Vuln-analyzer - Uses ChatGPT API, Bard API, and Llama2, Python-Nmap, DNS Recon, PCAP and JWT recon modules and uses the GPT3 model to create vulnerability reports based on Nmap scan data, and DNS scan information. It
- nosarthur/gita - Manage many git repos with sanity ไปๅฎน็ฎก็ๅคไธชgitๅบ
- devXprite/infoooze - A OSINT tool which helps you to quickly find information effectively. All you need is to input and it will take take care of rest.
- jaykali/maskphish - Introducing "URL Making Technology" to the world for the very FIRST TIME. Give a Mask to Phishing URL like a PRO.. A MUST have tool for Phishing.
- jaykali/maskphish - Introducing "URL Making Technology" to the world for the very FIRST TIME. Give a Mask to Phishing URL like a PRO.. A MUST have tool for Phishing.
- Aditya-dom/moonwalk-back - Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.
- Hakky54/certificate-ripper - ๐ A CLI tool to extract server certificates
- MetaOSINT/MetaOSINT.github.io - A tool to quickly identify relevant, publicly-available open source intelligence ("OSINT") tools and resources, saving valuable time during investigations, research, and analysis.
- brocoders/nestjs-boilerplate - NestJS boilerplate. Auth, TypeORM, Mongoose, Postgres, MongoDB, Mailing, I18N, Docker.
- pmndrs/uikit - ๐จ user interfaces for react-three-fiber
- formkit/tempo - ๐ Parse, format, manipulate, and internationalize dates and times in JavaScript and TypeScript.
- wasp-lang/open-saas - A free, open-source SaaS app starter for React & Node.js with superpowers. Production-ready. Community-driven.
- albingroen/react-cmdk - A fast, accessible, and pretty command palette for React
- imgly/background-removal-js - Remove backgrounds from images directly in the browser environment with ease and no additional costs or privacy concerns. Explore an interactive demo.
- semgrep/semgrep - Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
- jerlendds/osintbuddy - Node graphs, OSINT data mining, and plugins. Connect unstructured and public data for transformative insights
- biomejs/biome - A toolchain for web projects, aimed to provide functionalities to maintain them. Biome offers formatter and linter, usable via CLI and LSP.
- logto-io/logto - ๐งโ๐ The better identity infrastructure for developers and the open-source alternative to Auth0.
- seekr-osint/seekr - A multi-purpose OSINT toolkit with a neat web-interface.
- diogocapela/flatdraw - A simple canvas drawing web app with responsive UI. Made with TypeScript, React, and Next.js.
- tatethurston/nextjs-routes - Type safe routing for Next.js
- Infisical/infisical - โพ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure, prevent secret leaks, and manage internal PKI
- chakra-ui/panda - ๐ผ Universal, Type-Safe, CSS-in-JS Framework for Product Teams โก๏ธ
- makeplane/plane - ๐ฅ ๐ฅ ๐ฅ Open Source JIRA, Linear and Asana Alternative. Plane helps you track your issues, epics, and product roadmaps in the simplest way possible.
- konstruktoid/ansible-role-hardening - Ansible role to apply a security baseline. Systemd edition.
- konstruktoid/hardening - Hardening Ubuntu. Systemd edition.
- konstruktoid/ansible-role-hardening - Ansible role to apply a security baseline. Systemd edition.
- junegunn/fzf - ๐ธ A command-line fuzzy finder
- keidarcy/dotfiles - Robust & colorful dot configuration and utilities files with CI check ๐ฆ๐ฆ.
- LeCoupa/awesome-cheatsheets - ๐ฉโ๐ป๐จโ๐ป Awesome cheatsheets for popular programming languages, frameworks and development tools. They include everything you should know in one single file.
- viatsko/awesome-vscode - ๐จ A curated list of delightful VS Code packages and resources.
- continuedev/continue - โฉ Continue is the leading open-source AI code assistant. You can connect any models and any context to build custom autocomplete and chat experiences inside VS Code and JetBrains
- nuxt/ui - A UI Library for Modern Web Apps, powered by Vue & Tailwind CSS.
- LeCoupa/awesome-cheatsheets - ๐ฉโ๐ป๐จโ๐ป Awesome cheatsheets for popular programming languages, frameworks and development tools. They include everything you should know in one single file.
- AnonCatalyst/Ominis-OSINT - This Python application is an OSINT (Open Source Intelligence) tool called "Ominis OSINT - Web Hunter." It performs online information gathering by querying Google for search results related to a user
- OJ/gobuster - Directory/File, DNS and VHost busting tool written in Go
- ffuf/ffuf - Fast web fuzzer written in Go
- devploit/awesome-ctf-resources - A list of Capture The Flag (CTF) frameworks, libraries, resources and software for started/experienced CTF players ๐ฉ
- HalilDeniz/PathFinder - Web Path Finder
- gotr00t0day/Gsec - Web Security Scanner
- biomejs/biome - A toolchain for web projects, aimed to provide functionalities to maintain them. Biome offers formatter and linter, usable via CLI and LSP.
- AiGptCode/Ai-Security-URL - functions to exploit common web application vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), Server-Side Request Forgery (SSRF), and Path Traversal.
- ramon-victor/freegpt-webui - GPT 3.5/4 with a Chat Web UI. No API key required.
- emrekybs/nim-shell - Reverse shell that can bypass windows defender detection
- nickvourd/Windows-Local-Privilege-Escalation-Cookbook - Windows Local Privilege Escalation Cookbook
- NH-RED-TEAM/RustHound - Active Directory data collector for BloodHound written in Rust. ๐ฆ
- drak3hft7/Cheat-Sheet---Active-Directory - This cheat sheet contains common enumeration and attack methods for Windows Active Directory with the use of powershell.
- troennes/private-secure-windows - Privacy and security baseline for personal Windows 10 and Windows 11
- JoshuaKasa/van-gonography - Hide ๐ต๏ธโโ๏ธ your files of any type inside a image of your choice using steganography
- Idov31/Nidhogg - Nidhogg is an all-in-one simple to use rootkit.
- mentebinaria/retoolkit - Reverse Engineer's Toolkit
- GyulyVGC/sniffnet - Comfortably monitor your Internet traffic ๐ต๏ธโโ๏ธ
- microsoft/inshellisense - IDE style command line auto complete
- AiGptCode/Ai-Security-URL - functions to exploit common web application vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), Server-Side Request Forgery (SSRF), and Path Traversal.
- h0ru/AMSI-Reaper -
- Pennyw0rth/NetExec - The Network Execution Tool
- x64dbg/x64dbg - An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
- joeavanzato/Trawler - PowerShell script to help Incident Responders discover potential adversary persistence mechanisms.
- mandiant/commando-vm - Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. [email protected]
- Fadi002/unshackle - Open-source tool to bypass windows and linux passwords from bootable usb
- mesquidar/ForensicsTools - A list of free and open forensics analysis tools and other resources
- svenmauch/WinSlap - Swiftly configure a fresh Windows 10 installation with useful tweaks and privacy settings.
- hellzerg/optimizer - The finest Windows Optimizer
- nyxiereal/XToolbox - XToolBox - A collection of 150+ Windows 10/11 optimization and tweaking apps!
- Drew-Alleman/DataSurgeon - Quickly Extracts IP's, Email Addresses, Hashes, Files, Credit Cards, Social Security Numbers and a lot More From Text
- byt3bl33d3r/CrackMapExec - A swiss army knife for pentesting networks
- jayharris/dotfiles-windows - dotfiles for Windows, including Developer-minded system defaults. Built in PowerShell
- namazso/SecureUxTheme - ๐จ A secure boot compatible in-memory UxTheme patcher
- LeCoupa/awesome-cheatsheets - ๐ฉโ๐ป๐จโ๐ป Awesome cheatsheets for popular programming languages, frameworks and development tools. They include everything you should know in one single file.
- zigzap/zap - blazingly fast backends in zig
To the extent possible under law, dkadev has waived all copyright and related or neighboring rights to this work.