Awesome Stars

A curated list of my GitHub stars! Generated by starred.

ai
algorithm
android
ansible
api
artificial-intelligence
automation
awesome
awesome-list
aws
azure
backend
bash
bot
bugbounty
c
chatgpt
chatgpt-api
chrome
chrome-extension
cli
code
code-quality
compiler
config
cpp
cryptocurrency
cryptography
crystal
csharp
css
cybersecurity
data
data-visualization
database
deep-learning
deno
deployment
devops
django
docker
dotfiles
education
ethereum
firefox
flask
framework
frontend
git
github
github-config
go
golang
graphql
hacking
hacking-tool
hacking-tools
hacktoberfest
haskell
homebrew
html
http
image-processing
ios
iot
java
javascript
jekyll
jekyll-theme
js
json
kubernetes
language
laravel
learning
linux
llm
low-code
mac
machine-learning
macos
markdown
mastodon
microsoft
mobile
mongodb
mongoose
monitoring
mysql
natural-language-processing
neovim
nestjs
nextjs
nlp
node
nodejs
nosql
npm
open-source
osint
others
penetration-testing
pentesting
php
postgresql
powershell
privacy
project-management
python
python3
qt
raspberry-pi
react
react-native
rest-api
reverse-engineering
ruby
rust
security
self-hosted
server
shell
software
solidity
sql
sql-server
sqlite
storybook
swift
swiftui
telegram
terminal
termux
termux-hacking
testing
twitter
typescript
ubuntu
vagrant
vim
visual-studio-code
vue
vuejs
web
website
windows
xcode
zig

ai

Renset/macai - Swift powered native macOS client for Ollama, ChatGPT and compatible API-backends
plandex-ai/plandex - AI driven development in your terminal. Designed for large, real-world tasks.
dhammon/ai-goat - Learn AI security through a series of vulnerable LLM CTF challenges. No sign ups, no cloud fees, run everything locally on your system.
reorproject/reor - Private & local AI personal knowledge management app.
danielmiessler/fabric - fabric is an open-source framework for augmenting humans using AI. It provides a modular framework for solving specific problems using a crowdsourced set of AI prompts that can be used anywhere.
wasp-lang/open-saas - A free, open-source SaaS app starter for React & Node.js with superpowers. Production-ready. Community-driven.
latiotech/LAST - Use AI to Scan Your Code from the Command Line for security and code smells. Bring your own keys. Supports OpenAI and Gemini
projectdiscovery/nuclei-ai-extension - Nuclei AI - Browser Extension for Rapid Nuclei Template Generation
k8sgpt-ai/k8sgpt - Giving Kubernetes Superpowers to everyone
AiGptCode/Ai-Security-URL - functions to exploit common web application vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), Server-Side Request Forgery (SSRF), and Path Traversal.
Pythagora-io/gpt-pilot - The first real AI developer
s0md3v/roop - one-click face swap
sweepai/sweep - Sweep: open-source AI-powered Software Developer for small features and bug fixes.
continuedev/continue - ⏩ Continue is the leading open-source AI code assistant. You can connect any models and any context to build custom autocomplete and chat experiences inside VS Code and JetBrains
narenmanoharan/gpt-code-assistant - gpt-code-assistant is an open-source coding assistant leveraging language models to search, retrieve, explore and understand any codebase.
gpt-engineer-org/gpt-engineer - Specify what you want it to build, the AI asks for clarification, and then builds it.
Significant-Gravitas/AutoGPT - AutoGPT is the vision of accessible AI for everyone, to use and to build on. Our mission is to provide the tools, so that you can focus on what matters.
builtbybel/Winpilot - The manic cousin of Microsoft Copilot

algorithm

DedSecInside/TorBot - Dark Web OSINT Tool

android

sensepost/objection - 📱 objection - runtime mobile exploration
ax/apk.sh - apk.sh makes reverse engineering Android apps easier, automating some repetitive tasks like pulling, decoding, rebuilding and patching an APK.
oppsec/Apepe - 📲 Enumerate information from an app based on the APK file
mvt-project/mvt - MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise.

ansible

konstruktoid/ansible-role-hardening - Ansible role to apply a security baseline. Systemd edition.

api

erev0s/VAmPI - Vulnerable REST API with OWASP top 10 vulnerabilities for security testing
adegans/Goosle - The best Meta Search engine running on simple PHP servers that keeps privacy and ease of use in mind!
zigzap/zap - blazingly fast backends in zig
unkeyed/unkey - Open source API management platform
MrEmpy/mantra - 「🔑」A tool used to hunt down API key leaks in JS files and pages

artificial-intelligence

twinnydotdev/twinny - The most no-nonsense, locally or API-hosted AI code completion plugin for Visual Studio Code - like GitHub Copilot but completely free and 100% private.
OpenDevin/OpenDevin - 🐚 OpenDevin: Code Less, Make More
taranis-ai/taranis-ai - Taranis AI is an advanced Open-Source Intelligence (OSINT) tool, leveraging Artificial Intelligence to revolutionize information gathering and situational analysis.
Significant-Gravitas/AutoGPT - AutoGPT is the vision of accessible AI for everyone, to use and to build on. Our mission is to provide the tools, so that you can focus on what matters.
Ciphey/Ciphey - ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

automation

blacklanternsecurity/bbot - A recursive internet scanner for hackers.
securityjoes/MasterParser - MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs
dvcoolarun/web2pdf - 🔄 CLI to convert Webpages to PDFs 🚀
freelabz/secator - secator - the pentester's swiss knife
google/gcp_scanner - A comprehensive scanner for Google Cloud
redhuntlabs/BucketLoot - BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets, flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exp

awesome

TupleType/awesome-cicd-attacks - Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.
sgxgsx/BlueToolkit - BlueToolkit is an extensible Bluetooth Classic vulnerability testing framework that helps uncover new and old vulnerabilities in Bluetooth-enabled devices. Could be used in the vulnerability research,
sindresorhus/awesome - 😎 Awesome lists about all kinds of interesting topics
veggiemonk/awesome-docker - 🐳 A curated list of Docker resources and projects
awesome-foss/awesome-sysadmin - A curated list of amazingly awesome open-source sysadmin resources.
danieldurnea/FBI-tools - 🕵️ OSINT Tools for gathering information and actions forensics 🕵️
Lissy93/personal-security-checklist - 🔒 A compiled checklist of 300+ tips for protecting digital security and privacy in 2024
maguowei/starred - creating your own Awesome List by GitHub stars!
Escape-Technologies/awesome-graphql-security - A curated list of awesome GraphQL Security frameworks, libraries, software and resources
tamjid0x01/SmartContracts-audit-checklist - A checklist of things to look for when auditing Solidity smart contracts.
pluja/awesome-privacy - Awesome Privacy - A curated list of services and alternatives that respect your privacy because PRIVACY MATTERS.
awesome-selfhosted/awesome-selfhosted - A list of Free Software network services and web applications which can be hosted on your own servers
cloudcommunity/Free-Certifications - A curated list of free courses & certifications.
trimstray/the-book-of-secret-knowledge - A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
viatsko/awesome-vscode - 🎨 A curated list of delightful VS Code packages and resources.

awesome-list

TupleType/awesome-cicd-attacks - Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.
wddadk/Offensive-OSINT-Tools - OffSec OSINT Pentest/RedTeam Tools
sgxgsx/BlueToolkit - BlueToolkit is an extensible Bluetooth Classic vulnerability testing framework that helps uncover new and old vulnerabilities in Bluetooth-enabled devices. Could be used in the vulnerability research,
sindresorhus/awesome - 😎 Awesome lists about all kinds of interesting topics
veggiemonk/awesome-docker - 🐳 A curated list of Docker resources and projects
awesome-foss/awesome-sysadmin - A curated list of amazingly awesome open-source sysadmin resources.
danieldurnea/FBI-tools - 🕵️ OSINT Tools for gathering information and actions forensics 🕵️
Lissy93/personal-security-checklist - 🔒 A compiled checklist of 300+ tips for protecting digital security and privacy in 2024
maguowei/starred - creating your own Awesome List by GitHub stars!
Escape-Technologies/awesome-graphql-security - A curated list of awesome GraphQL Security frameworks, libraries, software and resources
tamjid0x01/SmartContracts-audit-checklist - A checklist of things to look for when auditing Solidity smart contracts.
pluja/awesome-privacy - Awesome Privacy - A curated list of services and alternatives that respect your privacy because PRIVACY MATTERS.
awesome-selfhosted/awesome-selfhosted - A list of Free Software network services and web applications which can be hosted on your own servers
cloudcommunity/Free-Certifications - A curated list of free courses & certifications.
trimstray/the-book-of-secret-knowledge - A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
viatsko/awesome-vscode - 🎨 A curated list of delightful VS Code packages and resources.
mesquidar/ForensicsTools - A list of free and open forensics analysis tools and other resources
ozlerhakan/mongodb-json-files - 📦 A curated list of JSON / BSON datasets from the web in order to practice / use in MongoDB

aws

prowler-cloud/prowler - Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness.
gabrielsoltz/metahub - MetaHub is an automated contextual security findings enrichment and impact evaluation tool for vulnerability management.
rootcathacking/catspin - Catspin rotates the IP address of HTTP requests making IP based blocks or slowdown measures ineffective. It is based on AWS API Gateway and deployed via AWS Cloudformation.
RhinoSecurityLabs/pacu - The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
cado-security/varc - Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of particular use when investigating a security incident.
Zeus-Labs/ZeusCloud - Open Source Cloud Security
padok-team/yatas - 🦉🔎 A simple tool to audit your AWS/GCP infrastructure for misconfiguration or potential security issues with plugins integration

azure

prowler-cloud/prowler - Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness.

backend

Dokploy/dokploy - Open Source Alternative to Vercel, Netlify and Heroku.
TailAdmin/tailadmin-free-tailwind-dashboard-template - Free and Open-source Tailwind CSS Dashboard Admin Template that comes with all essential dashboard UI components, pages and elements
LeCoupa/awesome-cheatsheets - 👩‍💻👨‍💻 Awesome cheatsheets for popular programming languages, frameworks and development tools. They include everything you should know in one single file.

bash

junegunn/fzf - 🌸 A command-line fuzzy finder
v1s1t0r1sh3r3/airgeddon - This is a multi-use bash script for Linux systems to audit wireless networks.
MegaManSec/SSH-Snake - SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.
Trevohack/DynastyPersist - A Linux persistence tool!
LeCoupa/awesome-cheatsheets - 👩‍💻👨‍💻 Awesome cheatsheets for popular programming languages, frameworks and development tools. They include everything you should know in one single file.
microsoft/inshellisense - IDE style command line auto complete

bot

Renset/macai - Swift powered native macOS client for Ollama, ChatGPT and compatible API-backends

bugbounty

blacklanternsecurity/bbot - A recursive internet scanner for hackers.
TupleType/awesome-cicd-attacks - Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.
RevoltSecurities/Subdominator - SubDominator helps you discover subdomains associated with a target domain efficiently and with minimal impact for your Bug Bounty
projectdiscovery/httpx - httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
chiasmod0n/chiasmodon - Chiasmodon is an OSINT tool designed to assist in the process of gathering information about a target domain. Its primary functionality revolves around searching for domain-related data, including do
Azathothas/Arsenal - Hastly written Tools & Scripts for Personal Use Cases & Bug Bounties
projectdiscovery/subfinder - Fast passive subdomain enumeration tool.
devploit/nomore403 - Tool to bypass 403/40X response codes.
six2dez/reconftw - reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
yogeshojha/rengine - reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous mon
justakazh/DockerExploit - Docker Remote API Scanner and Exploit
i5nipe/nipejs - Simplify your life with leak detection in JavaScript. NipeJS streamlines the use of regex, making it effortless to uncover potential leaks.
trickest/inventory - Asset inventory of over 800 public bug bounty programs.
psbelin/ip_widget - Taskbar IP widget for kali linux (or any distro running XFCE)
codingo/NoSQLMap - Automated NoSQL database enumeration and web application exploitation tool.
swisskyrepo/PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
gotr00t0day/Gsec - Web Security Scanner
h4r5h1t/webcopilot - An automation tool that enumerates subdomains then filters out xss, sqli, open redirect, lfi, ssrf and rce parameters and then scans for vulnerabilities.
cosad3s/postleaks - Search for sensitive data in Postman public library.
redhuntlabs/BucketLoot - BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets, flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exp
Anof-cyber/ParaForge - A BurpSuite extension to create a custom word-list of endpoint and parameters for enumeration and fuzzing
GhostTroops/scan4all - Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...
commixproject/commix - Automated All-in-One OS Command Injection Exploitation Tool.
pikpikcu/nodesub - Nodesub is a command-line tool for finding subdomains in bug bounty programs
iknowjason/edge - Recon tool for cloud provider attribution. Supports AWS, Azure, Google, Cloudflare, and Digital Ocean.
Zeus-Labs/ZeusCloud - Open Source Cloud Security
j3ssie/metabigor - OSINT tools and more but without API key
MrEmpy/mantra - 「🔑」A tool used to hunt down API key leaks in JS files and pages
RapidDNS/Afuzz - Afuzz is an automated web path fuzzing tool for the Bug Bounty projects.

c

semgrep/semgrep - Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
libimobiledevice/ideviceinstaller - Manage apps of iOS devices

chatgpt

Renset/macai - Swift powered native macOS client for Ollama, ChatGPT and compatible API-backends
paul-gauthier/aider - aider is AI pair programming in your terminal
wasp-lang/open-saas - A free, open-source SaaS app starter for React & Node.js with superpowers. Production-ready. Community-driven.
morpheuslord/GPT_Vuln-analyzer - Uses ChatGPT API, Bard API, and Llama2, Python-Nmap, DNS Recon, PCAP and JWT recon modules and uses the GPT3 model to create vulnerability reports based on Nmap scan data, and DNS scan information. It
continuedev/continue - ⏩ Continue is the leading open-source AI code assistant. You can connect any models and any context to build custom autocomplete and chat experiences inside VS Code and JetBrains
ramon-victor/freegpt-webui - GPT 3.5/4 with a Chat Web UI. No API key required.
steven-tey/novel - Notion-style WYSIWYG editor with AI-powered autocompletion.
mlc-ai/web-llm - High-performance In-browser LLM Inference Engine

chatgpt-api

Renset/macai - Swift powered native macOS client for Ollama, ChatGPT and compatible API-backends
wasp-lang/open-saas - A free, open-source SaaS app starter for React & Node.js with superpowers. Production-ready. Community-driven.
morpheuslord/GPT_Vuln-analyzer - Uses ChatGPT API, Bard API, and Llama2, Python-Nmap, DNS Recon, PCAP and JWT recon modules and uses the GPT3 model to create vulnerability reports based on Nmap scan data, and DNS scan information. It
ramon-victor/freegpt-webui - GPT 3.5/4 with a Chat Web UI. No API key required.

chrome

mitchmoser/sputnik - Open Source Intelligence Browser Extension

chrome-extension

zdhenard42/SOC-Multitool - A powerful and user-friendly browser extension that streamlines investigations for security professionals.
LasCC/HackTools - The all-in-one browser extension for offensive security professionals 🛠

cli

blacklanternsecurity/bbot - A recursive internet scanner for hackers.
paul-gauthier/aider - aider is AI pair programming in your terminal
junegunn/fzf - 🌸 A command-line fuzzy finder
plandex-ai/plandex - AI driven development in your terminal. Designed for large, real-world tasks.
projectdiscovery/httpx - httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
dvcoolarun/web2pdf - 🔄 CLI to convert Webpages to PDFs 🚀
JoshuaKasa/van-gonography - Hide 🕵️‍♂️ your files of any type inside a image of your choice using steganography
microsoft/inshellisense - IDE style command line auto complete
redhuntlabs/BucketLoot - BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets, flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exp
antonmedv/walk - Terminal file manager
Infisical/infisical - ♾ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure, prevent secret leaks, and manage internal PKI
nosarthur/gita - Manage many git repos with sanity 从容管理多个git库
padok-team/yatas - 🦉🔎 A simple tool to audit your AWS/GCP infrastructure for misconfiguration or potential security issues with plugins integration
sherlock-project/sherlock - Hunt down social media accounts by username across social networks

code

GitGuardian/ggshield - Find and fix 360+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.
narenmanoharan/gpt-code-assistant - gpt-code-assistant is an open-source coding assistant leveraging language models to search, retrieve, explore and understand any codebase.

code-quality

tcosolutions/betterscan-ce - Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners + OpenAI GPT with One Report (Code, IaC) - Betterscan Community Edition (CE)

compiler

wasp-lang/wasp - The fastest way to develop full-stack web apps with React & Node.js.

config

K3V1991/Disable-Firefox-Telemetry-and-Data-Collection - How to disable Firefox Telemetry and Data Collection
BEPb/BEPb - Config files for my GitHub profile.

cpp

Idov31/Nidhogg - Nidhogg is an all-in-one simple to use rootkit.
x64dbg/x64dbg - An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
Ciphey/Ciphey - ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

cryptocurrency

MetaOSINT/MetaOSINT.github.io - A tool to quickly identify relevant, publicly-available open source intelligence ("OSINT") tools and resources, saving valuable time during investigations, research, and analysis.

cryptography

devploit/awesome-ctf-resources - A list of Capture The Flag (CTF) frameworks, libraries, resources and software for started/experienced CTF players 🚩
PrivateBin/PrivateBin - A minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bits AES.
samuel-lucas6/Cryptography-Guidelines - Guidance on implementing cryptography as a developer.
Ciphey/Ciphey - ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
KuroLabs/stegcloak - Hide secrets with invisible characters in plain text securely using passwords 🧙🏻‍♂️⭐

crystal

owasp-noir/noir - Attack surface detector that identifies endpoints by static analysis

csharp

h0ru/AMSI-Reaper -

css

sveltecult/franken-ui - Franken UI is an HTML-first, open-source library of UI components that works as a standalone or as a Tailwind CSS plugin. It is compatible with UIkit 3. The design is influenced by shadcn/ui.
adegans/Goosle - The best Meta Search engine running on simple PHP servers that keeps privacy and ease of use in mind!
jjranalli/nightwind - An automatic, customisable, overridable Tailwind dark mode plugin
biomejs/biome - A toolchain for web projects, aimed to provide functionalities to maintain them. Biome offers formatter and linter, usable via CLI and LSP.
chakra-ui/panda - 🐼 Universal, Type-Safe, CSS-in-JS Framework for Product Teams ⚡️

cybersecurity

chaitin/SafeLine - A web security gateway, serve as a reverse proxy to protect your websites from attacks and exploits.
mitre/caldera - Automated Adversary Emulation Platform
MetaOSINT/MetaOSINT.github.io - A tool to quickly identify relevant, publicly-available open source intelligence ("OSINT") tools and resources, saving valuable time during investigations, research, and analysis.
projectdiscovery/httpx - httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
danieldurnea/FBI-tools - 🕵️ OSINT Tools for gathering information and actions forensics 🕵️
Geeoon/DNS-Tunnel-Keylogger - Keylogging server and client that uses DNS tunneling/exfiltration to transmit keystrokes through firewalls.
noraj/haiti - 🔑 Hash type identifier (CLI & lib)
Lissy93/personal-security-checklist - 🔒 A compiled checklist of 300+ tips for protecting digital security and privacy in 2024
fkkarakurt/reconic - A Powerful Network Reconnaissance Tool for Security Professionals
justakazh/DockerExploit - Docker Remote API Scanner and Exploit
freelabz/secator - secator - the pentester's swiss knife
HalilDeniz/PacketSpy - PacketSpy
future-architect/vuls - Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
MegaManSec/SSH-Snake - SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.
gbiagomba/Sherlock - This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)
taranis-ai/taranis-ai - Taranis AI is an advanced Open-Source Intelligence (OSINT) tool, leveraging Artificial Intelligence to revolutionize information gathering and situational analysis.
AleksaMCode/Preferred-Network-List-Sniffer - A reconnaissance tool for capturing and displaying SSIDs from device's Preferred Network List.
OpenCTI-Platform/opencti - Open Cyber Threat Intelligence Platform
dragonked2/Egyscan - Egyscan The Best web vulnerability scanner; it's a multifaceted security powerhouse designed to fortify your web applications against malicious threats. Let's delve into the tasks and functions that m
devXprite/infoooze - A OSINT tool which helps you to quickly find information effectively. All you need is to input and it will take take care of rest.
rfc-st/humble - A humble, and 𝗳𝗮𝘀𝘁, security-oriented HTTP headers analyzer.
lewiswigmore/Virus.xcheck - Virus.xcheck is a Python tool designed to bulk verify the existence of file hashes in the Virus Exchange database and fetch download URLs for malware analysis.
Idov31/Nidhogg - Nidhogg is an all-in-one simple to use rootkit.
HalilDeniz/NetworkAssessment - NetworkAssessment: Network Compromise Assessment Tool
HalilDeniz/TrafficWatch - TrafficWatch, a packet sniffer tool, allows you to monitor and analyze network traffic from PCAP files
cisagov/LME - Logging Made Easy (LME) is a no-cost and open logging and protective monitoring solution serving all organizations.
fr0gger/Awesome-GPT-Agents - A curated list of GPT agents for cybersecurity
franckferman/MetaDetective - 🕵️ Unleash Metadata Intelligence with MetaDetective. Your Assistant Beyond Metagoofil.
gotr00t0day/Gsec - Web Security Scanner
redhuntlabs/Octopii - An AI-powered Personal Identifiable Information (PII) scanner.
MattKeeley/Spoofy - Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
redhuntlabs/BucketLoot - BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets, flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exp
D00Movenok/BounceBack - ↕️🤫 Stealth redirector for your red team operation security
Anof-cyber/ParaForge - A BurpSuite extension to create a custom word-list of endpoint and parameters for enumeration and fuzzing
x64dbg/x64dbg - An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
Fundacio-i2CAT/InfoHound - InfoHound is an OSINT to extract a large amount of data given a web domain name.
D00Movenok/HTMLSmuggler - ✉️ HTML Smuggling generator&obfuscator for your Red Team operations
t3l3machus/Villain - Villain is a high level stage 0/1 C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities) and shar
3nock/OTE - OSINT Template Engine
Fadi002/unshackle - Open-source tool to bypass windows and linux passwords from bootable usb
Zeus-Labs/ZeusCloud - Open Source Cloud Security
zdhenard42/SOC-Multitool - A powerful and user-friendly browser extension that streamlines investigations for security professionals.
p1ngul1n0/blackbird - An OSINT tool to search for accounts by username and email in social networks.
Drew-Alleman/DataSurgeon - Quickly Extracts IP's, Email Addresses, Hashes, Files, Credit Cards, Social Security Numbers and a lot More From Text
sherlock-project/sherlock - Hunt down social media accounts by username across social networks

data

K3V1991/Disable-Firefox-Telemetry-and-Data-Collection - How to disable Firefox Telemetry and Data Collection

data-visualization

Abhinandan-Kushwaha/react-native-gifted-charts - The most complete library for Bar, Line, Area, Pie, Donut, Stacked Bar and Population Pyramid charts in React Native. Allows 2D, 3D, gradient, animations and live data updates.
jerlendds/osintbuddy - Node graphs, OSINT data mining, and plugins. Connect unstructured and public data for transformative insights

database

brocoders/nestjs-boilerplate - NestJS boilerplate. Auth, TypeORM, Mongoose, Postgres, MongoDB, Mailing, I18N, Docker.
teableio/teable - ✨ The Next Gen Airtable Alternative: No-Code Postgres
JoelGMSec/LeakSearch - Search & Parse Password Leaks
adaptive-scale/dbchaos - Stress-test your database with pre-defined queries. Generate synthetic data and events statically or with GPT.
LeCoupa/awesome-cheatsheets - 👩‍💻👨‍💻 Awesome cheatsheets for popular programming languages, frameworks and development tools. They include everything you should know in one single file.
porsager/postgres - Postgres.js - The Fastest full featured PostgreSQL client for Node.js, Deno, Bun and CloudFlare
authzed/spicedb - Open Source, Google Zanzibar-inspired permissions database to enable fine-grained authorization for customer applications
eosphoros-ai/DB-GPT - AI Native Data App Development framework with AWEL(Agentic Workflow Expression Language) and Agents

deep-learning

google/magika - Detect file content types with deep learning
mlc-ai/web-llm - High-performance In-browser LLM Inference Engine

deno

porsager/postgres - Postgres.js - The Fastest full featured PostgreSQL client for Node.js, Deno, Bun and CloudFlare

deployment

Dokploy/dokploy - Open Source Alternative to Vercel, Netlify and Heroku.
cuber-cloud/cuber-gem - An automation tool that simplify the deployment of your apps on Kubernetes.

devops

Dokploy/dokploy - Open Source Alternative to Vercel, Netlify and Heroku.
awesome-foss/awesome-sysadmin - A curated list of amazingly awesome open-source sysadmin resources.
serversideup/spin - 🚀 Replicate your production environment locally using Docker. Just run "spin up". It's really that easy.
tcosolutions/betterscan-ce - Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners + OpenAI GPT with One Report (Code, IaC) - Betterscan Community Edition (CE)
k8sgpt-ai/k8sgpt - Giving Kubernetes Superpowers to everyone
trimstray/the-book-of-secret-knowledge - A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
cuber-cloud/cuber-gem - An automation tool that simplify the deployment of your apps on Kubernetes.
CISOfy/lynis - Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
cider-security-research/cicd-goat - A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.

django

LeCoupa/awesome-cheatsheets - 👩‍💻👨‍💻 Awesome cheatsheets for popular programming languages, frameworks and development tools. They include everything you should know in one single file.
makeplane/plane - 🔥 🔥 🔥 Open Source JIRA, Linear and Asana Alternative. Plane helps you track your issues, epics, and product roadmaps in the simplest way possible.

docker

brocoders/nestjs-boilerplate - NestJS boilerplate. Auth, TypeORM, Mongoose, Postgres, MongoDB, Mailing, I18N, Docker.
Stirling-Tools/Stirling-PDF - #1 Locally hosted web application that allows you to perform various operations on PDF files
Dokploy/dokploy - Open Source Alternative to Vercel, Netlify and Heroku.
veggiemonk/awesome-docker - 🐳 A curated list of Docker resources and projects
justakazh/DockerExploit - Docker Remote API Scanner and Exploit
oppsec/tomcter - 😹 Tomcter is a python tool developed to bruteforce Apache Tomcat manager login with default credentials.
serversideup/spin - 🚀 Replicate your production environment locally using Docker. Just run "spin up". It's really that easy.
dani-garcia/vaultwarden - Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs
oppsec/juumla - 🦁 Juumla is a python tool created to identify Joomla version, scan for vulnerabilities and sensitive files
goodwithtech/dockle - Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start
LeCoupa/awesome-cheatsheets - 👩‍💻👨‍💻 Awesome cheatsheets for popular programming languages, frameworks and development tools. They include everything you should know in one single file.
searxng/searxng-docker - The docker-compose files for setting up a SearXNG instance with docker.
deepfence/SecretScanner - 🔓 🔓 Find secrets and passwords in container images and file systems 🔓 🔓
cuber-cloud/cuber-gem - An automation tool that simplify the deployment of your apps on Kubernetes.
makeplane/plane - 🔥 🔥 🔥 Open Source JIRA, Linear and Asana Alternative. Plane helps you track your issues, epics, and product roadmaps in the simplest way possible.

dotfiles

keidarcy/dotfiles - Robust & colorful dot configuration and utilities files with CI check 🦄🦄.
jayharris/dotfiles-windows - dotfiles for Windows, including Developer-minded system defaults. Built in PowerShell

education

samuel-lucas6/Cryptography-Guidelines - Guidance on implementing cryptography as a developer.

ethereum

tamjid0x01/SmartContracts-audit-checklist - A checklist of things to look for when auditing Solidity smart contracts.

firefox

mitchmoser/sputnik - Open Source Intelligence Browser Extension
K3V1991/Disable-Firefox-Telemetry-and-Data-Collection - How to disable Firefox Telemetry and Data Collection

flask

PhoenixC2/PhoenixC2 - Command & Control-Framework created for collaboration in python3

framework

sveltecult/franken-ui - Franken UI is an HTML-first, open-source library of UI components that works as a standalone or as a Tailwind CSS plugin. It is compatible with UIkit 3. The design is influenced by shadcn/ui.
sensepost/objection - 📱 objection - runtime mobile exploration
redeye-framework/Redeye - Redeye is a tool intended to help you manage your data during a pentest operation
PhoenixC2/PhoenixC2 - Command & Control-Framework created for collaboration in python3

frontend

Dokploy/dokploy - Open Source Alternative to Vercel, Netlify and Heroku.
LeCoupa/awesome-cheatsheets - 👩‍💻👨‍💻 Awesome cheatsheets for popular programming languages, frameworks and development tools. They include everything you should know in one single file.

git

plandex-ai/plandex - AI driven development in your terminal. Designed for large, real-world tasks.
nosarthur/gita - Manage many git repos with sanity 从容管理多个git库
commitizen/cz-cli - The commitizen command line utility. #BlackLivesMatter
gitleaks/gitleaks - Protect and discover secrets using Gitleaks 🔑

github

powerexploit/Ashok - Ashok is a OSINT Recon Tool , a.k.a 😍 Swiss Army knife .
dolmen/github-keygen - Easy creation of secure SSH configuration for your GitHub account(s)
devXprite/infoooze - A OSINT tool which helps you to quickly find information effectively. All you need is to input and it will take take care of rest.
synacktiv/nord-stream - Nord Stream is a tool that allows you to extract secrets stored inside CI/CD environments by deploying malicious pipelines. It currently supports Azure DevOps, GitHub and GitLab.
carlospolop/PurplePanda - Identify privilege escalation paths within and across different clouds

github-config

BEPb/BEPb - Config files for my GitHub profile.

go

ollama/ollama - Get up and running with Llama 3, Mistral, Gemma 2, and other large language models.
smallstep/certificates - 🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.
junegunn/fzf - 🌸 A command-line fuzzy finder
OJ/gobuster - Directory/File, DNS and VHost busting tool written in Go
future-architect/vuls - Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
goodwithtech/dockle - Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start
DedSecInside/TorBot - Dark Web OSINT Tool
semgrep/semgrep - Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
nodauf/Girsh - Automatically spawn a reverse shell fully interactive for Linux or Windows victim
Infisical/infisical - ♾ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure, prevent secret leaks, and manage internal PKI
PhoenixC2/PhoenixC2 - Command & Control-Framework created for collaboration in python3
gitleaks/gitleaks - Protect and discover secrets using Gitleaks 🔑

golang

ollama/ollama - Get up and running with Llama 3, Mistral, Gemma 2, and other large language models.
plandex-ai/plandex - AI driven development in your terminal. Designed for large, real-world tasks.
future-architect/vuls - Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
0x4D31/galah - Galah: An LLM-powered web honeypot. Wasting attackers' time with faker-than-ever HTTP responses!
gophish/gophish - Open-Source Phishing Toolkit
goodwithtech/dockle - Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start
AdguardTeam/AdGuardHome - Network-wide ads & trackers blocking DNS server
BishopFox/sliver - Adversary Emulation Framework
GhostTroops/scan4all - Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...
seekr-osint/seekr - A multi-purpose OSINT toolkit with a neat web-interface.
nodauf/Girsh - Automatically spawn a reverse shell fully interactive for Linux or Windows victim
Infisical/infisical - ♾ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure, prevent secret leaks, and manage internal PKI
jpillora/chisel - A fast TCP/UDP tunnel over HTTP
gitleaks/gitleaks - Protect and discover secrets using Gitleaks 🔑

graphql

Escape-Technologies/awesome-graphql-security - A curated list of awesome GraphQL Security frameworks, libraries, software and resources

hacking

blacklanternsecurity/bbot - A recursive internet scanner for hackers.
adeptex/whispers - Identify hardcoded secrets in static structured text (version 2)
CleasbyCode/jdvrif - Hide data within JPG images using this steganography-like privacy tool. Post images on Mastodon and other hosting sites.
FLOCK4H/Freeway - WiFi Penetration Testing & Auditing Tool
TupleType/awesome-cicd-attacks - Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.
mitre/caldera - Automated Adversary Emulation Platform
wddadk/Offensive-OSINT-Tools - OffSec OSINT Pentest/RedTeam Tools
diego-treitos/linux-smart-enumeration - Linux enumeration tool for pentesting and CTFs with verbosity levels
samratashok/nishang - Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
Azathothas/Arsenal - Hastly written Tools & Scripts for Personal Use Cases & Bug Bounties
danieldurnea/FBI-tools - 🕵️ OSINT Tools for gathering information and actions forensics 🕵️
noraj/haiti - 🔑 Hash type identifier (CLI & lib)
projectdiscovery/subfinder - Fast passive subdomain enumeration tool.
six2dez/reconftw - reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
devploit/awesome-ctf-resources - A list of Capture The Flag (CTF) frameworks, libraries, resources and software for started/experienced CTF players 🚩
v1s1t0r1sh3r3/airgeddon - This is a multi-use bash script for Linux systems to audit wireless networks.
yogeshojha/rengine - reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous mon
freelabz/secator - secator - the pentester's swiss knife
MegaManSec/SSH-Snake - SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.
AleksaMCode/Preferred-Network-List-Sniffer - A reconnaissance tool for capturing and displaying SSIDs from device's Preferred Network List.
trickest/inventory - Asset inventory of over 800 public bug bounty programs.
Frissi0n/GTFONow - Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries using GTFOBins.
infosecn1nja/Red-Teaming-Toolkit - This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
rootcathacking/catspin - Catspin rotates the IP address of HTTP requests making IP based blocks or slowdown measures ineffective. It is based on AWS API Gateway and deployed via AWS Cloudformation.
devXprite/infoooze - A OSINT tool which helps you to quickly find information effectively. All you need is to input and it will take take care of rest.
codingo/NoSQLMap - Automated NoSQL database enumeration and web application exploitation tool.
swisskyrepo/PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Trevohack/DynastyPersist - A Linux persistence tool!
factionsecurity/faction - Pen Test Report Generation and Assessment Collaboration
t3l3machus/BabelStrike - The purpose of this tool is: 1. to transliterate and generate possible usernames out of a full names list that may include names written in multiple (non-English) languages, common problem occurring f
DedSecInside/TorBot - Dark Web OSINT Tool
AiGptCode/Ai-Security-URL - functions to exploit common web application vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), Server-Side Request Forgery (SSRF), and Path Traversal.
trickest/find-gh-poc - Find CVE PoCs on GitHub
trickest/cve - Gather and update all available and newest CVEs with their PoC.
gotr00t0day/Gsec - Web Security Scanner
trimstray/the-book-of-secret-knowledge - A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
The-Viper-One/PsMapExec - A PowerShell tool that takes strong inspiration from CrackMapExec / NetExec
Pennyw0rth/NetExec - The Network Execution Tool
x64dbg/x64dbg - An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
t3l3machus/Villain - Villain is a high level stage 0/1 C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities) and shar
3nock/OTE - OSINT Template Engine
Fadi002/unshackle - Open-source tool to bypass windows and linux passwords from bootable usb
PhoenixC2/PhoenixC2 - Command & Control-Framework created for collaboration in python3
MrEmpy/mantra - 「🔑」A tool used to hunt down API key leaks in JS files and pages
LasCC/HackTools - The all-in-one browser extension for offensive security professionals 🛠
Ciphey/Ciphey - ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
Drew-Alleman/DataSurgeon - Quickly Extracts IP's, Email Addresses, Hashes, Files, Credit Cards, Social Security Numbers and a lot More From Text
jaykali/maskphish - Introducing "URL Making Technology" to the world for the very FIRST TIME. Give a Mask to Phishing URL like a PRO.. A MUST have tool for Phishing.
KuroLabs/stegcloak - Hide secrets with invisible characters in plain text securely using passwords 🧙🏻‍♂️⭐
t3l3machus/psudohash - Generates millions of keyword-based password mutations in seconds.

hacking-tool

powerexploit/Ashok - Ashok is a OSINT Recon Tool , a.k.a 😍 Swiss Army knife .
adeptex/whispers - Identify hardcoded secrets in static structured text (version 2)
CleasbyCode/jdvrif - Hide data within JPG images using this steganography-like privacy tool. Post images on Mastodon and other hosting sites.
The-Z-Labs/linux-exploit-suggester - Linux privilege escalation auditing tool
AleksaMCode/Preferred-Network-List-Sniffer - A reconnaissance tool for capturing and displaying SSIDs from device's Preferred Network List.
codingo/NoSQLMap - Automated NoSQL database enumeration and web application exploitation tool.
AiGptCode/Ai-Security-URL - functions to exploit common web application vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), Server-Side Request Forgery (SSRF), and Path Traversal.
t3l3machus/Villain - Villain is a high level stage 0/1 C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities) and shar
Fadi002/unshackle - Open-source tool to bypass windows and linux passwords from bootable usb
jaykali/maskphish - Introducing "URL Making Technology" to the world for the very FIRST TIME. Give a Mask to Phishing URL like a PRO.. A MUST have tool for Phishing.
KuroLabs/stegcloak - Hide secrets with invisible characters in plain text securely using passwords 🧙🏻‍♂️⭐
t3l3machus/psudohash - Generates millions of keyword-based password mutations in seconds.

hacking-tools

MegaManSec/SSH-Snake - SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.
AleksaMCode/Preferred-Network-List-Sniffer - A reconnaissance tool for capturing and displaying SSIDs from device's Preferred Network List.
morpheuslord/GPT_Vuln-analyzer - Uses ChatGPT API, Bard API, and Llama2, Python-Nmap, DNS Recon, PCAP and JWT recon modules and uses the GPT3 model to create vulnerability reports based on Nmap scan data, and DNS scan information. It
Fadi002/unshackle - Open-source tool to bypass windows and linux passwords from bootable usb
jaykali/maskphish - Introducing "URL Making Technology" to the world for the very FIRST TIME. Give a Mask to Phishing URL like a PRO.. A MUST have tool for Phishing.
KuroLabs/stegcloak - Hide secrets with invisible characters in plain text securely using passwords 🧙🏻‍♂️⭐

hacktoberfest

projectdiscovery/httpx - httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
noraj/haiti - 🔑 Hash type identifier (CLI & lib)
Lissy93/personal-security-checklist - 🔒 A compiled checklist of 300+ tips for protecting digital security and privacy in 2024
konstruktoid/ansible-role-hardening - Ansible role to apply a security baseline. Systemd edition.
Cvar1984/sussyfinder - Single PHP file to detect potentially malicious threats based on token and hash with web interface and VirusTotal integrations. Contact me for premium apps fully integrated with VirusTotal and 10+ mor
oppsec/tomcter - 😹 Tomcter is a python tool developed to bruteforce Apache Tomcat manager login with default credentials.
wasp-lang/wasp - The fastest way to develop full-stack web apps with React & Node.js.
dani-garcia/vaultwarden - Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs
konstruktoid/hardening - Hardening Ubuntu. Systemd edition.
tamjid0x01/SmartContracts-audit-checklist - A checklist of things to look for when auditing Solidity smart contracts.
eraser-dev/eraser - 🧹 Cleaning up images from Kubernetes nodes
oppsec/juumla - 🦁 Juumla is a python tool created to identify Joomla version, scan for vulnerabilities and sensitive files
codingo/NoSQLMap - Automated NoSQL database enumeration and web application exploitation tool.
swisskyrepo/PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
swisskyrepo/InternalAllTheThings - Active Directory and Internal Pentest Cheatsheets
DedSecInside/TorBot - Dark Web OSINT Tool
cloudcommunity/Free-Certifications - A curated list of free courses & certifications.
aquasecurity/kube-bench - Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark
searxng/searxng - SearXNG is a free internet metasearch engine which aggregates results from various search services and databases. Users are neither tracked nor profiled.
secdev/scapy - Scapy: the Python-based interactive packet manipulation program & library.
deepfence/SecretScanner - 🔓 🔓 Find secrets and passwords in container images and file systems 🔓 🔓
globocom/secDevLabs - A laboratory for learning secure web and mobile development in a practical manner.
oppsec/Pinkerton - 🕵️ Pinkerton is an JavaScript file crawler and secret finder tool developed in Python
cado-security/varc - Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of particular use when investigating a security incident.
logto-io/logto - 🧑‍🚀 The better identity infrastructure for developers and the open-source alternative to Auth0.
projectdiscovery/nuclei - Fast and customizable vulnerability scanner based on simple YAML based DSL.
akto-api-security/akto - Proactive, Open source API security → API discovery, Testing in CI/CD, Test Library with 150+ Tests, Add custom tests, Sensitive data exposure
intel/cve-bin-tool - The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or
owasp-noir/noir - Attack surface detector that identifies endpoints by static analysis
React95/React95 - A React components library with Win95 UI
BC-SECURITY/Empire - Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.
projectdiscovery/naabu - A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests
trufflesecurity/trufflehog - Find and verify secrets
Ciphey/Ciphey - ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
gitleaks/gitleaks - Protect and discover secrets using Gitleaks 🔑
sherlock-project/sherlock - Hunt down social media accounts by username across social networks
jaykali/maskphish - Introducing "URL Making Technology" to the world for the very FIRST TIME. Give a Mask to Phishing URL like a PRO.. A MUST have tool for Phishing.

haskell

wasp-lang/wasp - The fastest way to develop full-stack web apps with React & Node.js.

homebrew

Hakky54/certificate-ripper - 🔐 A CLI tool to extract server certificates

html

Kalabasa/htmz - html with targeted manipulation zones

http

projectdiscovery/httpx - httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
rfc-st/humble - A humble, and 𝗳𝗮𝘀𝘁, security-oriented HTTP headers analyzer.
BishopFox/sliver - Adversary Emulation Framework
santoru/shcheck - A basic tool to check security headers of a website
zigzap/zap - blazingly fast backends in zig
jpillora/chisel - A fast TCP/UDP tunnel over HTTP

image-processing

redhuntlabs/Octopii - An AI-powered Personal Identifiable Information (PII) scanner.

ios

sensepost/objection - 📱 objection - runtime mobile exploration
libimobiledevice/ideviceinstaller - Manage apps of iOS devices
mvt-project/mvt - MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise.

iot

AleksaMCode/Preferred-Network-List-Sniffer - A reconnaissance tool for capturing and displaying SSIDs from device's Preferred Network List.

java

Stirling-Tools/Stirling-PDF - #1 Locally hosted web application that allows you to perform various operations on PDF files
Hakky54/certificate-ripper - 🔐 A CLI tool to extract server certificates
semgrep/semgrep - Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

javascript

drawdb-io/drawdb - Free, simple, and intuitive online database design tool and SQL generator.
formkit/tempo - 📆 Parse, format, manipulate, and internationalize dates and times in JavaScript and TypeScript.
wasp-lang/wasp - The fastest way to develop full-stack web apps with React & Node.js.
LeCoupa/awesome-cheatsheets - 👩‍💻👨‍💻 Awesome cheatsheets for popular programming languages, frameworks and development tools. They include everything you should know in one single file.
imgly/background-removal-js - Remove backgrounds from images directly in the browser environment with ease and no additional costs or privacy concerns. Explore an interactive demo.
semgrep/semgrep - Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
cockpit-project/cockpit - Cockpit is a web-based graphical interface for servers.
biomejs/biome - A toolchain for web projects, aimed to provide functionalities to maintain them. Biome offers formatter and linter, usable via CLI and LSP.
oppsec/Pinkerton - 🕵️ Pinkerton is an JavaScript file crawler and secret finder tool developed in Python
logto-io/logto - 🧑‍🚀 The better identity infrastructure for developers and the open-source alternative to Auth0.
MrEmpy/mantra - 「🔑」A tool used to hunt down API key leaks in JS files and pages
puffinsoft/jscanify - Open-source Javascript mobile document scanner.
commitizen/cz-cli - The commitizen command line utility. #BlackLivesMatter
KuroLabs/stegcloak - Hide secrets with invisible characters in plain text securely using passwords 🧙🏻‍♂️⭐

jekyll

sproogen/modern-resume-theme - A modern static resume template and theme. Powered by Jekyll and GitHub pages.

jekyll-theme

sproogen/modern-resume-theme - A modern static resume template and theme. Powered by Jekyll and GitHub pages.

js

Kalabasa/htmz - html with targeted manipulation zones
MrEmpy/mantra - 「🔑」A tool used to hunt down API key leaks in JS files and pages
puffinsoft/jscanify - Open-source Javascript mobile document scanner.

json

biomejs/biome - A toolchain for web projects, aimed to provide functionalities to maintain them. Biome offers formatter and linter, usable via CLI and LSP.
ozlerhakan/mongodb-json-files - 📦 A curated list of JSON / BSON datasets from the web in order to practice / use in MongoDB

kubernetes

yannh/kubeconform - A FAST Kubernetes manifests validator, with support for Custom Resources!
eraser-dev/eraser - 🧹 Cleaning up images from Kubernetes nodes
k8sgpt-ai/k8sgpt - Giving Kubernetes Superpowers to everyone
goodwithtech/dockle - Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start
LeCoupa/awesome-cheatsheets - 👩‍💻👨‍💻 Awesome cheatsheets for popular programming languages, frameworks and development tools. They include everything you should know in one single file.
aquasecurity/kube-bench - Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark
DataDog/KubeHound - Kubernetes Attack Graph
deepfence/SecretScanner - 🔓 🔓 Find secrets and passwords in container images and file systems 🔓 🔓
cuber-cloud/cuber-gem - An automation tool that simplify the deployment of your apps on Kubernetes.
authzed/spicedb - Open Source, Google Zanzibar-inspired permissions database to enable fine-grained authorization for customer applications
carlospolop/PurplePanda - Identify privilege escalation paths within and across different clouds

language

LeCoupa/awesome-cheatsheets - 👩‍💻👨‍💻 Awesome cheatsheets for popular programming languages, frameworks and development tools. They include everything you should know in one single file.

laravel

serversideup/spin - 🚀 Replicate your production environment locally using Docker. Just run "spin up". It's really that easy.

learning

cloudcommunity/Free-Certifications - A curated list of free courses & certifications.

linux

chainguard-dev/bincapz - detect malicious program behaviors
v1s1t0r1sh3r3/airgeddon - This is a multi-use bash script for Linux systems to audit wireless networks.
future-architect/vuls - Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
vm32/Digital-Forensics-Script-for-Linux - Advanced Bash script designed for conducting digital forensics on Linux systems
Aditya-dom/moonwalk-back - Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.
Trevohack/DynastyPersist - A Linux persistence tool!
GyulyVGC/sniffnet - Comfortably monitor your Internet traffic 🕵️‍♂️
microsoft/inshellisense - IDE style command line auto complete
trimstray/the-book-of-secret-knowledge - A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
XDeadHackerX/NetRadar - NetRadar is a Networking tool focused on mapping local and WiFi networks. It provides detailed information about connected devices, open ports, servers and automated scans for WiFi networks.NetRadar e
Fadi002/unshackle - Open-source tool to bypass windows and linux passwords from bootable usb
CISOfy/lynis - Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
mesquidar/ForensicsTools - A list of free and open forensics analysis tools and other resources
nyxiereal/XToolbox - XToolBox - A collection of 150+ Windows 10/11 optimization and tweaking apps!
sherlock-project/sherlock - Hunt down social media accounts by username across social networks
jaykali/maskphish - Introducing "URL Making Technology" to the world for the very FIRST TIME. Give a Mask to Phishing URL like a PRO.. A MUST have tool for Phishing.

llm

Renset/macai - Swift powered native macOS client for Ollama, ChatGPT and compatible API-backends
ollama/ollama - Get up and running with Llama 3, Mistral, Gemma 2, and other large language models.
plandex-ai/plandex - AI driven development in your terminal. Designed for large, real-world tasks.
OpenDevin/OpenDevin - 🐚 OpenDevin: Code Less, Make More
dhammon/ai-goat - Learn AI security through a series of vulnerable LLM CTF challenges. No sign ups, no cloud fees, run everything locally on your system.
0x4D31/galah - Galah: An LLM-powered web honeypot. Wasting attackers' time with faker-than-ever HTTP responses!
fr0gger/Awesome-GPT-Agents - A curated list of GPT agents for cybersecurity
GreyDGL/PentestGPT - A GPT-empowered penetration testing tool
continuedev/continue - ⏩ Continue is the leading open-source AI code assistant. You can connect any models and any context to build custom autocomplete and chat experiences inside VS Code and JetBrains
narenmanoharan/gpt-code-assistant - gpt-code-assistant is an open-source coding assistant leveraging language models to search, retrieve, explore and understand any codebase.
eosphoros-ai/DB-GPT - AI Native Data App Development framework with AWEL(Agentic Workflow Expression Language) and Agents
mlc-ai/web-llm - High-performance In-browser LLM Inference Engine

low-code

teableio/teable - ✨ The Next Gen Airtable Alternative: No-Code Postgres

mac

maxgoedjen/secretive - Store SSH keys in the Secure Enclave

machine-learning

redhuntlabs/Octopii - An AI-powered Personal Identifiable Information (PII) scanner.

macos

Renset/macai - Swift powered native macOS client for Ollama, ChatGPT and compatible API-backends
chainguard-dev/bincapz - detect malicious program behaviors
GyulyVGC/sniffnet - Comfortably monitor your Internet traffic 🕵️‍♂️
microsoft/inshellisense - IDE style command line auto complete
Hakky54/certificate-ripper - 🔐 A CLI tool to extract server certificates
mesquidar/ForensicsTools - A list of free and open forensics analysis tools and other resources
drduh/macOS-Security-and-Privacy-Guide - Guide to securing and improving privacy on macOS

markdown

reorproject/reor - Private & local AI personal knowledge management app.
matro7sh/BypassAV - This map lists the essential techniques to bypass anti-virus and EDR

mastodon

CleasbyCode/jdvrif - Hide data within JPG images using this steganography-like privacy tool. Post images on Mastodon and other hosting sites.

microsoft

nickvourd/Windows-Local-Privilege-Escalation-Cookbook - Windows Local Privilege Escalation Cookbook
drak3hft7/Cheat-Sheet---Active-Directory - This cheat sheet contains common enumeration and attack methods for Windows Active Directory with the use of powershell.

mobile

sensepost/objection - 📱 objection - runtime mobile exploration
oppsec/Apepe - 📲 Enumerate information from an app based on the APK file
mvt-project/mvt - MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise.

mongodb

brocoders/nestjs-boilerplate - NestJS boilerplate. Auth, TypeORM, Mongoose, Postgres, MongoDB, Mailing, I18N, Docker.
hudy9x/namviek - The open-source project manager for tiny teams
Dokploy/dokploy - Open Source Alternative to Vercel, Netlify and Heroku.
codingo/NoSQLMap - Automated NoSQL database enumeration and web application exploitation tool.
ozlerhakan/mongodb-json-files - 📦 A curated list of JSON / BSON datasets from the web in order to practice / use in MongoDB

mongoose

brocoders/nestjs-boilerplate - NestJS boilerplate. Auth, TypeORM, Mongoose, Postgres, MongoDB, Mailing, I18N, Docker.

monitoring

openstatusHQ/openstatus - 🏓 The open-source synthetic monitoring platform 🏓
Security-Onion-Solutions/securityonion - Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, detections, a

mysql

Dokploy/dokploy - Open Source Alternative to Vercel, Netlify and Heroku.

natural-language-processing

Ciphey/Ciphey - ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

neovim

junegunn/fzf - 🌸 A command-line fuzzy finder
keidarcy/dotfiles - Robust & colorful dot configuration and utilities files with CI check 🦄🦄.

nestjs

brocoders/nestjs-boilerplate - NestJS boilerplate. Auth, TypeORM, Mongoose, Postgres, MongoDB, Mailing, I18N, Docker.

nextjs

openstatusHQ/openstatus - 🏓 The open-source synthetic monitoring platform 🏓
Dokploy/dokploy - Open Source Alternative to Vercel, Netlify and Heroku.
sadmann7/shadcn-table - A shadcn table component with server-side sorting, filtering, and pagination.
diogocapela/flatdraw - A simple canvas drawing web app with responsive UI. Made with TypeScript, React, and Next.js.
tatethurston/nextjs-routes - Type safe routing for Next.js
Infisical/infisical - ♾ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure, prevent secret leaks, and manage internal PKI
steven-tey/novel - Notion-style WYSIWYG editor with AI-powered autocompletion.
makeplane/plane - 🔥 🔥 🔥 Open Source JIRA, Linear and Asana Alternative. Plane helps you track your issues, epics, and product roadmaps in the simplest way possible.

nlp

taranis-ai/taranis-ai - Taranis AI is an advanced Open-Source Intelligence (OSINT) tool, leveraging Artificial Intelligence to revolutionize information gathering and situational analysis.
redhuntlabs/Octopii - An AI-powered Personal Identifiable Information (PII) scanner.

node

wasp-lang/wasp - The fastest way to develop full-stack web apps with React & Node.js.
logto-io/logto - 🧑‍🚀 The better identity infrastructure for developers and the open-source alternative to Auth0.
commitizen/cz-cli - The commitizen command line utility. #BlackLivesMatter

nodejs

brocoders/nestjs-boilerplate - NestJS boilerplate. Auth, TypeORM, Mongoose, Postgres, MongoDB, Mailing, I18N, Docker.
wasp-lang/open-saas - A free, open-source SaaS app starter for React & Node.js with superpowers. Production-ready. Community-driven.
serversideup/spin - 🚀 Replicate your production environment locally using Docker. Just run "spin up". It's really that easy.
devXprite/infoooze - A OSINT tool which helps you to quickly find information effectively. All you need is to input and it will take take care of rest.
LeCoupa/awesome-cheatsheets - 👩‍💻👨‍💻 Awesome cheatsheets for popular programming languages, frameworks and development tools. They include everything you should know in one single file.
porsager/postgres - Postgres.js - The Fastest full featured PostgreSQL client for Node.js, Deno, Bun and CloudFlare
Infisical/infisical - ♾ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure, prevent secret leaks, and manage internal PKI
puffinsoft/jscanify - Open-source Javascript mobile document scanner.

nosql

codingo/NoSQLMap - Automated NoSQL database enumeration and web application exploitation tool.

npm

devXprite/infoooze - A OSINT tool which helps you to quickly find information effectively. All you need is to input and it will take take care of rest.

open-source

openstatusHQ/openstatus - 🏓 The open-source synthetic monitoring platform 🏓
sadmann7/shadcn-table - A shadcn table component with server-side sorting, filtering, and pagination.
Lissy93/personal-security-checklist - 🔒 A compiled checklist of 300+ tips for protecting digital security and privacy in 2024
wasp-lang/open-saas - A free, open-source SaaS app starter for React & Node.js with superpowers. Production-ready. Community-driven.
wasp-lang/wasp - The fastest way to develop full-stack web apps with React & Node.js.
latiotech/LAST - Use AI to Scan Your Code from the Command Line for security and code smells. Bring your own keys. Supports OpenAI and Gemini
devXprite/infoooze - A OSINT tool which helps you to quickly find information effectively. All you need is to input and it will take take care of rest.
imgly/background-removal-js - Remove backgrounds from images directly in the browser environment with ease and no additional costs or privacy concerns. Explore an interactive demo.
AdguardTeam/AdGuardHome - Network-wide ads & trackers blocking DNS server
commixproject/commix - Automated All-in-One OS Command Injection Exploitation Tool.
t3l3machus/Villain - Villain is a high level stage 0/1 C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities) and shar
continuedev/continue - ⏩ Continue is the leading open-source AI code assistant. You can connect any models and any context to build custom autocomplete and chat experiences inside VS Code and JetBrains
Infisical/infisical - ♾ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure, prevent secret leaks, and manage internal PKI
unkeyed/unkey - Open source API management platform
mesquidar/ForensicsTools - A list of free and open forensics analysis tools and other resources
t3l3machus/psudohash - Generates millions of keyword-based password mutations in seconds.

osint

blacklanternsecurity/bbot - A recursive internet scanner for hackers.
powerexploit/Ashok - Ashok is a OSINT Recon Tool , a.k.a 😍 Swiss Army knife .
elceef/dnstwist - Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
wddadk/Offensive-OSINT-Tools - OffSec OSINT Pentest/RedTeam Tools
spyboy-productions/omnisci3nt - Unveiling the Hidden Layers of the Web – A Comprehensive Web Reconnaissance Tool
MetaOSINT/MetaOSINT.github.io - A tool to quickly identify relevant, publicly-available open source intelligence ("OSINT") tools and resources, saving valuable time during investigations, research, and analysis.
AnonCatalyst/Ominis-OSINT - This Python application is an OSINT (Open Source Intelligence) tool called "Ominis OSINT - Web Hunter." It performs online information gathering by querying Google for search results related to a user
projectdiscovery/httpx - httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
chiasmod0n/chiasmodon - Chiasmodon is an OSINT tool designed to assist in the process of gathering information about a target domain. Its primary functionality revolves around searching for domain-related data, including do
danieldurnea/FBI-tools - 🕵️ OSINT Tools for gathering information and actions forensics 🕵️
projectdiscovery/subfinder - Fast passive subdomain enumeration tool.
six2dez/reconftw - reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
yogeshojha/rengine - reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous mon
freelabz/secator - secator - the pentester's swiss knife
s0md3v/Photon - Incredibly fast crawler designed for OSINT.
taranis-ai/taranis-ai - Taranis AI is an advanced Open-Source Intelligence (OSINT) tool, leveraging Artificial Intelligence to revolutionize information gathering and situational analysis.
N0rz3/Phunter - Phunter is an osint tool allowing you to find various information via a phone number 🔎📞
mitchmoser/sputnik - Open Source Intelligence Browser Extension
trickest/inventory - Asset inventory of over 800 public bug bounty programs.
OpenCTI-Platform/opencti - Open Cyber Threat Intelligence Platform
devXprite/infoooze - A OSINT tool which helps you to quickly find information effectively. All you need is to input and it will take take care of rest.
SherlockLinux/SherlockLinux - Distribución para OSINT basada en Debian 12 / OSINT Distribution based in Debian 12
MandConsultingGroup/porch-pirate - Porch Pirate is the most comprehensive Postman recon / OSINT client and framework that facilitates the automated discovery and exploitation of API endpoints and secrets committed to workspaces, collec
m8sec/CrossLinked - LinkedIn enumeration tool to extract valid employee names from an organization through search engine scraping
Josue87/MetaFinder - Search for documents in a domain through Search Engines (Google, Bing and Baidu). The objective is to extract metadata
Alb-310/Geogramint - An OSINT Geolocalization tool for Telegram that find nearby users and groups 📡🌍🔍
DedSecInside/TorBot - Dark Web OSINT Tool
franckferman/MetaDetective - 🕵️ Unleash Metadata Intelligence with MetaDetective. Your Assistant Beyond Metagoofil.
cosad3s/postleaks - Search for sensitive data in Postman public library.
saeeddhqan/Maryam - Maryam: Open-source Intelligence(OSINT) Framework
redhuntlabs/BucketLoot - BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets, flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exp
jerlendds/osintbuddy - Node graphs, OSINT data mining, and plugins. Connect unstructured and public data for transformative insights
KawaCoder/GhostRecon - Popular OSINT framework. Works fine with kali linux and other Debian-based systems. Coded this as a teen, so not really reliable for real researches.
Fundacio-i2CAT/InfoHound - InfoHound is an OSINT to extract a large amount of data given a web domain name.
seekr-osint/seekr - A multi-purpose OSINT toolkit with a neat web-interface.
3nock/OTE - OSINT Template Engine
Lissy93/web-check - 🕵️‍♂️ All-in-one OSINT tool for analysing any website
jakecreps/poastal - Poastal - the Email OSINT tool
j3ssie/metabigor - OSINT tools and more but without API key
p1ngul1n0/blackbird - An OSINT tool to search for accounts by username and email in social networks.
initstring/cloud_enum - Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.
Drew-Alleman/DataSurgeon - Quickly Extracts IP's, Email Addresses, Hashes, Files, Credit Cards, Social Security Numbers and a lot More From Text
sherlock-project/sherlock - Hunt down social media accounts by username across social networks

others

itm4n/PrintSpoofer - Abusing impersonation privileges through the "Printer Bug"
domain-protect/domain-protect-gcp - Protect against subdomain takeover
sosdave/KeyTabExtract - Extracts Key Values from .keytab files
RevoltSecurities/SubProber - Subprober is a powerful and efficient subdomain scanning tool written in Python. With the ability to handle large lists of subdomains. The tool offers concurrent scanning, allowing users to define the
kabutor/forenwindows - Decrypt offline windows passwords, chrome and firefox
CICADA8-Research/RemoteKrbRelay - Remote Kerberos Relay made easy! Advanced Kerberos Relay Framework
p0dalirius/smbclient-ng - smbclient-ng, a fast and user friendly way to interact with SMB shares.
mrd0x/PWA-Phishing -
Diverto/IPPrintC2 - PoC for using MS Windows printers for persistence / command and control via Internet Printing
An0nUD4Y/Evilginx-Phishing-Infra-Setup - Evilginx Phishing Engagement Infrastructure Setup Guide
login-securite/conpass - Continuous password spraying tool
assetnote/nowafpls - Burp Plugin to Bypass WAFs through the insertion of Junk Data
RedByte1337/GraphSpy - Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI
tylerdotrar/Unfuck-Windows10 - Script meant to debloat Windows 10, enhance privacy, and improve performance & the overall user experience.
tylerdotrar/SigmaPotato - SeImpersonate privilege escalation tool for Windows 8 - 11 and Windows Server 2012 - 2022 with extensive PowerShell and .NET reflection support.
AlteredSecurity/Disable-TamperProtection - A POC to disable TamperProtection and other Defender / MDE components
huntandhackett/PassiveAggression - Source code and examples for PassiveAggression
AlessandroZ/LaZagne - Credentials recovery project
skelsec/pypykatz - Mimikatz implementation in pure Python
Azure/Stormspotter - Azure Red Team tool for graphing Azure and Azure Active Directory objects
xaitax/TotalRecall - This tool extracts and displays data from the Recall feature in Windows 11, providing an easy way to access information about your PC's activity snapshots.
MultSec/MultCheck - Identifies bad bytes from static analysis with any Anti-Virus scanner.
Meckazin/ChromeKatz - Dump cookies directly from Chrome process memory
es3n1n/no-defender - A slightly more fun way to disable windows defender + firewall. (through the WSC api)
shreyaschavhan/advanced-sql-injection-for-awae -
puzzlepeaches/awesome-password-spraying - Everything and anything related to password spraying
0xVIC/Diccionarios - Fuzzing en español
Leo4j/Invoke-SessionHunter - Retrieve and display information about active user sessions on remote computers. No admin privileges required.
xxxserxxx/gotop - A terminal based graphical activity monitor inspired by gtop and vtop
mlcsec/SharpGraphView - Microsoft Graph API post-exploitation toolkit
hoodoer/JS-Tap - JavaScript payload and supporting software to be used as XSS payload or post exploitation implant to monitor users as they use the targeted application. Also includes a C2 for executing custom JavaScr
HernanRodriguez1/SharpBruteForceSSH -
jfjallid/go-secdump - Tool to remotely dump secrets from the Windows registry
0xKayala/NucleiScanner - NucleiScanner is a Powerful Automation tool for detecting Unknown Vulnerabilities in the Web Applications
login-securite/lsassy - Extract credentials from lsass remotely
OWASP/OFFAT - The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towar
bats3c/darkarmour - Windows AV Evasion
its-a-feature/Mythic - A collaborative, multi-platform, red teaming framework
marco-liberale/PasteBomb - PasteBomb C2-less RAT
tldrsec/awesome-secure-defaults - Awesome secure by default libraries to help you eliminate bug classes!
trap-bytes/hauditor - hauditor is a tool designed to analyze the security headers returned by a web page.
AlDanial/cloc - cloc counts blank lines, comment lines, and physical lines of source code in many programming languages.
latiotech/insecure-kubernetes-deployments - A full insecure kubernetes application for testing security tools
col-1002/HTB-CPTS - Most of the notes, resources and scripts I used to prepare for the HTB CPTS and "pass it the 2 time."
theowni/Damn-Vulnerable-RESTaurant-API-Game - Damn Vulnerable Restaurant is an intentionally vulnerable Web API game for learning and training purposes dedicated to developers, ethical hackers and security engineers.
janhq/awesome-local-ai - An awesome repository of local AI tools
Y2Z/monolith - ⬛️ CLI tool for saving complete web pages as a single HTML file
AbstractEngine/pentest-muse-cli -
surajpkhetani/AutoSmuggle - Utility to craft HTML or SVG smuggled files for Red Team engagements
The-OSINT-Newsletter/excalibur - Pivot from a Twitter profile to Medium, Product Hunt, Mastodon, and more with OSINT
trap-bytes/403jump - HTTP 403 bypass tool
luijait/DarkGPT - DarkGPT is an OSINT assistant based on GPT-4-200K (recommended use) designed to perform queries on leaked databases, thus providing an artificial intelligence assistant that can be useful in your trad
UndeadSec/SwaggerSpy - Automated OSINT on SwaggerHub
chaudharyarjun/RepoReaper - RepoReaper is an automated tool crafted to meticulously scan and identify exposed .git repositories within specified domains and their subdomains.
Kevin-Robertson/Inveigh - .NET IPv4/IPv6 machine-in-the-middle tool for penetration testers
lgandx/Responder - Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication
infosecn1nja/AD-Attack-Defense - Attack and defend active directory using modern post exploitation adversary tradecraft activity
DanMcInerney/net-creds - Sniffs sensitive data from interface or pcap
lgandx/PCredz - This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface.
GhostPack/Rubeus - Trying to tame the three-headed dog.
MobSF/Mobile-Security-Framework-MobSF - Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and
sikumy/ethical-hacking - Personal Hacking Playground.
r3ggi/electroniz3r - Take over macOS Electron apps' TCC permissions
catsploit/catsploit -
spyboy-productions/Valid8Proxy - Tool designed for fetching, validating, and storing working proxies.
Slowerzs/ThievingFox -
JeanPeyreMesMots/osx-password-dumper - A tool to dump users's .plist on a Mac OS system and to convert them into a crackable hash
lkarlslund/Adalanche - Active Directory ACL Visualizer and Explorer - who's really Domain Admin? (Commerical versions available from NetSection)
MaibornWolff/SecObserve - SecObserve is an open source vulnerability management system for software development and cloud environments. It supports a variety of open source vulnerability scanners and integrates easily into CI/
brinhosa/apidetector - APIDetector: Efficiently scan for exposed Swagger endpoints across web domains and subdomains. Supports HTTP/HTTPS, multi-threading, and flexible input/output options. Ideal for API security testing.
FalconForceTeam/SOAPHound - SOAPHound is a custom-developed .NET data collector tool which can be used to enumerate Active Directory environments via the Active Directory Web Services (ADWS) protocol.
VikParuchuri/marker - Convert PDF to markdown quickly with high accuracy
YS-L/csvlens - Command line csv viewer
jhaddix/awsScrape - A tool to scrape the AWS ranges looking for a keyword in SSL certificate data.
KasperskyLab/iShutdown -
Ostorlab/KEV - Ostorlab KEV: One-command to detect most remotely known exploitable vulnerabilities. Sourced from CISA KEV, Google's Tsunami, Ostorlab's Asteroid and Bug Bounty programs.
thomasjjj/Telegram-Snowball-Sampling - The Telegram Snowball Sampling Tool is a Python-based utility designed for conducting snowball sampling to collect Telegram channels through forwards.
floriandiud/facebook-group-members-scraper - Facebook Group Members Extractor. Download Facebook group members in CSV.
msd0pe-1/cve-maker - Tool to find CVEs and Exploits.
algolia/autocomplete - 🔮 Fast and full-featured autocomplete library
xaitax/SploitScan - SploitScan is a sophisticated cybersecurity utility designed to provide detailed information on vulnerabilities and associated exploits.
0sumcode/0up - 0up is a zero-knowledge, open-source, encrypted file sharing service
agentcoinorg/evo.ninja - A versatile generalist agent.
WithSecureLabs/damn-vulnerable-llm-agent -
splunk/ShellSweep - ShellSweeping the evil.
BishopFox/sj - A tool for auditing endpoints defined in exposed (Swagger/OpenAPI) definition files.
0xNslabs/CanaryTokenScanner - Script designed to identify CanaryTokens within Microsoft Office documents and Acrobat Reader PDF (docx, xlsx, pptx, pdf).
assetnote/kiterunner - Contextual Content Discovery Tool
BC-SECURITY/Moriarty - Moriarty is designed to enumerate missing KBs, detect various vulnerabilities, and suggest potential exploits for Privilege Escalation in Windows environments.
Xacone/BestEdrOfTheMarket - Little user-mode AV/EDR evasion lab for training & learning purposes
francoismichel/ssh3 - SSH3: faster and rich secure shell using HTTP/3, checkout our article here: https://arxiv.org/abs/2312.08396 and our Internet-Draft: https://datatracker.ietf.org/doc/draft-michel-ssh3/
myshell-ai/OpenVoice - Instant voice cloning by MyShell.
helviojunior/knowsmore - KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes, BloodHound, NTDS and DCSync).
nowak0x01/WPXStrike - WPXStrike is a script designed to escalate a Cross-Site Scripting (XSS) vulnerability to Remote Code Execution (RCE) or other's criticals vulnerabilities in WordPress
nowak0x01/JoomSploit - JoomSploit is a script designed to escalate a Cross-Site Scripting (XSS) vulnerability to Remote Code Execution (RCE) or other's criticals vulnerabilities in Joomla CMS.
nowak0x01/PrestaXSRF - PrestaXSRF is a script designed to escalate a Cross-Site Scripting (XSS) vulnerability to Remote Code Execution (RCE) or other's criticals vulnerabilities in PrestaShop E-Commerce
nowak0x01/Drupalwned - Drupalwned is a script designed to escalate a Cross-Site Scripting (XSS) vulnerability to Remote Code Execution (RCE) or other's criticals vulnerabilities in Drupal CMS.
cristianzsh/forensictools - Collection of forensic tools
simeononsecurity/Blue-Team-Tools - A collection of scripts, tools. and configs for various OS'es and applications, all free and or open-source, to assist in impromptu Blue-Team defense under an active threat.
ntoskernel/deepsecrets - Secrets scanner that understands code
dmcxblue/SharpHIBP - A C# Tool to gather information about email breaches
d0ge/sign-saboteur - SignSaboteur is a Burp Suite extension for editing, signing, verifying various signed web tokens
lkarlslund/ldapnomnom - Quietly and anonymously bruteforce Active Directory usernames at insane speeds from Domain Controllers by (ab)using LDAP Ping requests (cLDAP)
ipSlav/DirtyCLR - An App Domain Manager Injection DLL PoC on steroids
yeyintminthuhtut/Awesome-Red-Teaming - List of Awesome Red Teaming Resources
waf-bypass-maker/waf-community-bypasses -
Siguza/ios-resources - Useful resources for iOS hacking
onhexgroup/Conferences - Conference presentation slides
akamai/Invoke-DHCPCheckup -
owasp-dep-scan/dep-scan - OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container ima
candiddev/rot - Secure Secrets Management for the Modern Sysadmin
spyboy-productions/CloakQuest3r - Uncover the true IP address of websites safeguarded by Cloudflare & Others
VSCodium/vscodium - binary releases of VS Code without MS branding/telemetry/licensing
xforcered/ADOKit - Azure DevOps Services Attack Toolkit
dchrastil/ScrapedIn - A tool to scrape LinkedIn without API restrictions for data reconnaissance
dub-flow/sessionprobe - SessionProbe is a multi-threaded tool designed for penetration testing and bug bounty hunting. It evaluates user privileges in web applications by taking a session token and checking access across a l
0xB455/m365-fatigue -
digininja/pipal - Pipal, THE password analyser
owerdogan/wallpapers-for-kali - Recolored Kali Linux wallpapers
dirkjanm/BloodHound.py - A Python based ingestor for BloodHound
gatariee/Winton - Command and Control (C2) framework
skelsec/evilrdp -
S1lkys/SharpKiller - Lifetime AMSI bypass by @ZeroMemoryEx ported to .NET Framework 4.8
kudelskisecurity/youshallnotpass - YouShallNotPass brings an added level of execution security to mission-critical CI/CD Systems.
gustanini/PowerTools - Powershell tools used for Red Team / Pentesting.
WithSecureLabs/IceKube -
R-s0n/ars0n-framework - A Modern Framework for Bug Bounty Hunting
kgretzky/evilqr - Proof-of-concept to demonstrate dynamic QR swap phishing attacks in practice.
Aqua-Nautilus/CVE-Half-Day-Watcher -
trungdq88/Awesome-Black-Friday-Cyber-Monday - Awesome deals on Black Friday: Apps, SaaS, Books, Courses, etc.
Sn1r/Forbidden-Buster - A tool designed to automate various techniques in order to bypass HTTP 401 and 403 response codes and gain access to unauthorized areas in the system. This code is made for security enthusiasts and pr
gojek/CureIAM - Clean accounts over permissions in GCP infra at scale
Zerx0r/dvenom - 🐍 Double Venom (DVenom) is a tool that provides an encryption wrapper and loader for your shellcode.
c3c/ADExplorerSnapshot.py - ADExplorerSnapshot.py is an AD Explorer snapshot parser. It is made as an ingestor for BloodHound, and also supports full-object dumping to NDJSON.
0x90n/InfoSec-Black-Friday - All the deals for InfoSec related software/tools this Black Friday
abi/screenshot-to-code - Drop in a screenshot and convert it to clean code (HTML/Tailwind/React/Vue)
assume-breach/Home-Grown-Red-Team -
langchain-ai/opengpts -
YasserREED/NoBlindi - NoBlindi is a command-line tool for exploiting blind NoSQL injection vulnerabilities to recover passwords in web applications.
carlospolop/Auto_Wordlists -
thomasjjj/Telegram_Geolocation_Scraper - Load a JSON export of a Telegram channel containing coordinates of geolocations and filter into a csv for loading into Google Earth.
0xDEADFED5/ps_tiny11 - This script creates a trimmed-down Windows 11 image, based on tiny11builder
ramykatour/GitBook-Downloader-To-HTML-Converter - GitBook Downloader To HTML Converter
Sija/gitbook2pdf - CLI utility to turn a published GitBook website into a collection of PDFs for offline reading
Etesam913/react-magic-motion - react-magic-motion is a react.js library that ✨ magically animates your components.
pentagridsec/archive_pwn - A Python-based tool to create zip, tar and cpio archives to exploit common archive library issues and developer mistakes
evilsocket/legba - A multiprotocol credentials bruteforcer / password sprayer and enumerator. 🥷
protectai/modelscan - Protection against Model Serialization Attacks
Orange-Cyberdefense/GOAD - game of active directory
decoder-it/LocalPotato -
Orange-Cyberdefense/KeePwn - A python tool to automate KeePass discovery and secret extraction.
openappsec/waf-comparison-project - Testing datasets and tools to compare WAF efficacy
tomwechsler/Active_Directory_Advanced_Threat_Hunting - This repo is about Active Directory Advanced Threat Hunting
FuzzySecurity/Magikarp - ECC Public Key Cryptography
ripp3rdoc/XAMPPv3.3.0-BOF - Exploit Proof-of-Concept code for XAMPP v3.3.0 — '.ini' Buffer Overflow (Unicode + SEH)
sockysec/Telerecon - A reconnaissance framework for researching and investigating Telegram.
foozzi/discoshell - a simple discovery script that uses popular tools like subfinder, amass, puredns, alterx, massdns and others
SkyperTHC/curlshell - reverse shell using curl
AlbusSec/Penetration-List - Penetration-List: A comprehensive resource for testers, covering all types of vulnerabilities and materials used in Penetration Testing. Includes payloads, dorks, fuzzing materials, and offers in-dept
coffeeandsecurity/DakshSCRA -
r0oth3x49/ghauri - An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws
rbsec/sslscan - sslscan tests SSL/TLS enabled services to discover supported cipher suites
Orange-Cyberdefense/LinikatzV2 - linikatz is a tool to attack AD on UNIX
nsacyber/ELITEWOLF - OT security monitoring #nsacyber
govolution/avet - AntiVirus Evasion Tool
amrudesh1/MORF - Mobile Reconnaissance Framework
tenable/EscalateGPT - An AI-powered tool for discovering privilege escalation opportunities in AWS IAM configurations.
dev-lu/osint_toolkit - A full stack web application that combines many tools and services for security analysts into a single tool.
Dec0ne/DavRelayUp - DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced (the default settings).
synacktiv/GPOddity - The GPOddity project, aiming at automating GPO attack vectors through NTLM relaying (and more).
FourCoreLabs/LolDriverScan - Scan vulnerable drivers on Windows with loldrivers.io
invictus-ir/Invictus-AWS -
a13xp0p0v/kernel-hardening-checker - A tool for checking the security hardening options of the Linux kernel
p0dalirius/ExtractBitlockerKeys - A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain.
eversinc33/CredGuess - Generate password spraying lists based on the pwdLastSet-attribute of users.
Octoberfest7/TeamsPhisher - Send phishing messages and attachments to Microsoft Teams users
Kitsun3Sec/Pentest-Cheat-Sheets - A collection of snippets of codes and commands to make your life easier!
guibacellar/TEx - Telegram Monitor
p0dalirius/LDAPWordlistHarvester - A tool to generate a wordlist from the information present in LDAP, in order to crack passwords of domain accounts.
Mazars-Tech/AD_Miner - AD Miner is an Active Directory audit tool that leverages cypher queries to crunch data from the #Bloodhound graph database to uncover security weaknesses
moabukar/tech-vault - A list of many interview questions & real-world challenges in Tech! (https://tech-vault-web.vercel.app/)
measuredco/puck - The visual editor for React
0xKayala/NucleiFuzzer - NucleiFuzzer is a Powerful Automation tool for detecting XSS, SQLi, SSRF, Open-Redirect, etc.. Vulnerabilities in Web Applications
optiv/KnockKnock - Enumerate valid users within Microsoft Teams and OneDrive with clean output.
DataDog/HASH - HASH (HTTP Agnostic Software Honeypot)
nccgroup/ccs -
S12cybersecurity/RDPCredentialStealer - RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++
m-bain/whisperX - WhisperX: Automatic Speech Recognition with Word-level Timestamps (& Diarization)
gitwonk/gitwonk - The open source GitBook, Confluence, and Archbee alternative. Write technical docs like never before 🐙
capture0x/LFI-FINDER - LFI-FINDER is an open-source tool available on GitHub that focuses on detecting Local File Inclusion (LFI) vulnerabilities
magisterquis/chromecookiestealer - Steal/Inject Chrome cookies over the DevTools (--remote-debugging-port) protocol.
sAjibuu/Upload_Bypass - A simple tool for bypassing file upload restrictions.
kgretzky/evilginx2 - Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
Kyuu-Ji/Awesome-Azure-Pentest - A collection of resources, tools and more for penetration testing and securing Microsofts cloud platform Azure.
joswr1ght/basicblobfinder - Identify Azure blobs using a wordlist of account name and container name strings
jawaharputti/EHTools - Wi-Fi tools keep getting more and more accessible to beginners, and the Ehtools Framework is a framework of serious penetration tools that can be explored easily from within it. This powerful and si
Neo23x0/yaraQA - YARA rule analyzer to improve rule quality and performance
mshumer/gpt-prompt-engineer -
LuemmelSec/Pentest-Tools-Collection -
PaulNorman01/Forensia - Anti Forensics Tool For Red Teamers, Used For Erasing Footprints In The Post Exploitation Phase.
dievus/msLDAPDump - LDAP enumeration tool implemented in Python3
BeichenDream/SharpToken - Windows Token Stealing Expert
61106960/adPEAS - Powershell tool to automate Active Directory enumeration.
Rolix44/Kubestroyer - Kubernetes exploitation tool
iamj0ker/bypass-403 - A simple script just made for self use for bypassing 403
Dec0ne/ShadowSpray - A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.
zylon-ai/private-gpt - Interact with your documents using the power of GPT, 100% privately, no data leaks
SnaffCon/Snaffler - a tool for pentesters to help find delicious candy, by @l0ss and @Sh3r4 ( Twitter: @/mikeloss and @/sh3r4_hax )
epicweb-dev/epic-stack - This is a Full Stack app starter with the foundational things setup and configured for you to hit the ground running on your next EPIC idea.
trustedsec/hardcidr - hardCIDR is a Linux Bash script, but also functions under macOS. Your mileage may vary on other distros. The script with no specified options will query ARIN and a pool of BGP route servers. The route
jkfran/killport - A command-line tool to easily kill processes running on a specified port.
vulnersCom/getsploit - Command line utility for searching and downloading exploits
builtbybel/ThisIsWin11 - The real PowerToys for Windows 11
HavocFramework/Havoc - The Havoc Framework.
Mebus/cupp - Common User Passwords Profiler (CUPP)
sc0tfree/mentalist - Mentalist is a graphical tool for custom wordlist generation. It utilizes common human paradigms for constructing passwords and can output the full wordlist as well as rules compatible with Hashcat an
ropnop/kerbrute - A tool to perform Kerberos pre-auth bruteforcing
microsoft/AttackSurfaceAnalyzer - Attack Surface Analyzer can help you analyze your operating system's security configuration for changes during software installation.
sandboxie-plus/Sandboxie - Sandboxie Plus & Classic
openai/gpt-2 - Code for the paper "Language Models are Unsupervised Multitask Learners"

penetration-testing

powerexploit/Ashok - Ashok is a OSINT Recon Tool , a.k.a 😍 Swiss Army knife .
TupleType/awesome-cicd-attacks - Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.
sgxgsx/BlueToolkit - BlueToolkit is an extensible Bluetooth Classic vulnerability testing framework that helps uncover new and old vulnerabilities in Bluetooth-enabled devices. Could be used in the vulnerability research,
samratashok/nishang - Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
Syslifters/HackTheBox-Reporting - Hack The Box CPTS, CBBH Exam and Lab Reporting / Note-Taking Tool
danieldurnea/FBI-tools - 🕵️ OSINT Tools for gathering information and actions forensics 🕵️
six2dez/reconftw - reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
ByteSnipers/awesome-pentest-cheat-sheets - Collection of cheat sheets useful for pentesting
fkkarakurt/reconic - A Powerful Network Reconnaissance Tool for Security Professionals
yogeshojha/rengine - reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous mon
trickest/inventory - Asset inventory of over 800 public bug bounty programs.
codingo/NoSQLMap - Automated NoSQL database enumeration and web application exploitation tool.
swisskyrepo/PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
factionsecurity/faction - Pen Test Report Generation and Assessment Collaboration
0xsyr0/OSCP - OSCP Cheat Sheet
trickest/find-gh-poc - Find CVE PoCs on GitHub
trickest/cve - Gather and update all available and newest CVEs with their PoC.
GreyDGL/PentestGPT - A GPT-empowered penetration testing tool
gotr00t0day/Gsec - Web Security Scanner
MattKeeley/Spoofy - Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
RhinoSecurityLabs/pacu - The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
praetorian-inc/noseyparker - Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.
t3l3machus/Villain - Villain is a high level stage 0/1 C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities) and shar
redeye-framework/Redeye - Redeye is a tool intended to help you manage your data during a pentest operation
mandiant/commando-vm - Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. commandovm@mandiant.com
Syslifters/sysreptor - Fully customisable, offensive security reporting solution designed for pentesters, red teamers and other security-related people alike.
GhostManager/Ghostwriter - The SpecterOps project management and reporting engine
initstring/cloud_enum - Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.
t3l3machus/psudohash - Generates millions of keyword-based password mutations in seconds.

pentesting

blacklanternsecurity/bbot - A recursive internet scanner for hackers.
wddadk/Offensive-OSINT-Tools - OffSec OSINT Pentest/RedTeam Tools
diego-treitos/linux-smart-enumeration - Linux enumeration tool for pentesting and CTFs with verbosity levels
sgxgsx/BlueToolkit - BlueToolkit is an extensible Bluetooth Classic vulnerability testing framework that helps uncover new and old vulnerabilities in Bluetooth-enabled devices. Could be used in the vulnerability research,
Syslifters/offsec-tools - Compiled tools for internal assessments
OJ/gobuster - Directory/File, DNS and VHost busting tool written in Go
ffuf/ffuf - Fast web fuzzer written in Go
danieldurnea/FBI-tools - 🕵️ OSINT Tools for gathering information and actions forensics 🕵️
noraj/haiti - 🔑 Hash type identifier (CLI & lib)
devploit/nomore403 - Tool to bypass 403/40X response codes.
six2dez/reconftw - reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
ByteSnipers/awesome-pentest-cheat-sheets - Collection of cheat sheets useful for pentesting
fkkarakurt/reconic - A Powerful Network Reconnaissance Tool for Security Professionals
v1s1t0r1sh3r3/airgeddon - This is a multi-use bash script for Linux systems to audit wireless networks.
yogeshojha/rengine - reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous mon
justakazh/DockerExploit - Docker Remote API Scanner and Exploit
freelabz/secator - secator - the pentester's swiss knife
MegaManSec/SSH-Snake - SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.
i5nipe/nipejs - Simplify your life with leak detection in JavaScript. NipeJS streamlines the use of regex, making it effortless to uncover potential leaks.
trickest/inventory - Asset inventory of over 800 public bug bounty programs.
Frissi0n/GTFONow - Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries using GTFOBins.
casterbyte/MITMonster - A monster cheatsheet on MITM attacks
emrekybs/AD-AssessmentKit - Contains a collection of Bash scripts designed for comprehensive security audits and network mapping of Active Directory (AD) environments. The scripts automate various tasks including LDAP querying,
psbelin/ip_widget - Taskbar IP widget for kali linux (or any distro running XFCE)
NH-RED-TEAM/RustHound - Active Directory data collector for BloodHound written in Rust. 🦀
infosecn1nja/Red-Teaming-Toolkit - This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
rootcathacking/catspin - Catspin rotates the IP address of HTTP requests making IP based blocks or slowdown measures ineffective. It is based on AWS API Gateway and deployed via AWS Cloudformation.
Leo4j/Amnesiac - Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with lateral movement within Active Directory environments
casterbyte/Above - Invisible network protocol sniffer
factionsecurity/faction - Pen Test Report Generation and Assessment Collaboration
t3l3machus/BabelStrike - The purpose of this tool is: 1. to transliterate and generate possible usernames out of a full names list that may include names written in multiple (non-English) languages, common problem occurring f
0xsyr0/OSCP - OSCP Cheat Sheet
trickest/find-gh-poc - Find CVE PoCs on GitHub
trickest/cve - Gather and update all available and newest CVEs with their PoC.
gotr00t0day/Gsec - Web Security Scanner
The-Viper-One/PsMapExec - A PowerShell tool that takes strong inspiration from CrackMapExec / NetExec
MattKeeley/Spoofy - Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
redhuntlabs/BucketLoot - BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets, flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exp
Pennyw0rth/NetExec - The Network Execution Tool
D00Movenok/BounceBack - ↕️🤫 Stealth redirector for your red team operation security
Anof-cyber/ParaForge - A BurpSuite extension to create a custom word-list of endpoint and parameters for enumeration and fuzzing
D00Movenok/HTMLSmuggler - ✉️ HTML Smuggling generator&obfuscator for your Red Team operations
commixproject/commix - Automated All-in-One OS Command Injection Exploitation Tool.
t3l3machus/Villain - Villain is a high level stage 0/1 C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities) and shar
owasp-noir/noir - Attack surface detector that identifies endpoints by static analysis
iknowjason/edge - Recon tool for cloud provider attribution. Supports AWS, Azure, Google, Cloudflare, and Digital Ocean.
thewhiteh4t/FinalRecon - All In One Web Recon
Zeus-Labs/ZeusCloud - Open Source Cloud Security
CERT-Polska/Artemis - A modular vulnerability scanner with automatic report generation capabilities.
PhoenixC2/PhoenixC2 - Command & Control-Framework created for collaboration in python3
j3ssie/metabigor - OSINT tools and more but without API key
RapidDNS/Afuzz - Afuzz is an automated web path fuzzing tool for the Bug Bounty projects.
p1ngul1n0/blackbird - An OSINT tool to search for accounts by username and email in social networks.
Ciphey/Ciphey - ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
Drew-Alleman/DataSurgeon - Quickly Extracts IP's, Email Addresses, Hashes, Files, Credit Cards, Social Security Numbers and a lot More From Text
sherlock-project/sherlock - Hunt down social media accounts by username across social networks
byt3bl33d3r/CrackMapExec - A swiss army knife for pentesting networks
t3l3machus/psudohash - Generates millions of keyword-based password mutations in seconds.

php

Cvar1984/sussyfinder - Single PHP file to detect potentially malicious threats based on token and hash with web interface and VirusTotal integrations. Contact me for premium apps fully integrated with VirusTotal and 10+ mor
adegans/Goosle - The best Meta Search engine running on simple PHP servers that keeps privacy and ease of use in mind!
PrivateBin/PrivateBin - A minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bits AES.
LeCoupa/awesome-cheatsheets - 👩‍💻👨‍💻 Awesome cheatsheets for popular programming languages, frameworks and development tools. They include everything you should know in one single file.

postgresql

Dokploy/dokploy - Open Source Alternative to Vercel, Netlify and Heroku.
teableio/teable - ✨ The Next Gen Airtable Alternative: No-Code Postgres
drawdb-io/drawdb - Free, simple, and intuitive online database design tool and SQL generator.
wasp-lang/open-saas - A free, open-source SaaS app starter for React & Node.js with superpowers. Production-ready. Community-driven.
porsager/postgres - Postgres.js - The Fastest full featured PostgreSQL client for Node.js, Deno, Bun and CloudFlare
logto-io/logto - 🧑‍🚀 The better identity infrastructure for developers and the open-source alternative to Auth0.
makeplane/plane - 🔥 🔥 🔥 Open Source JIRA, Linear and Asana Alternative. Plane helps you track your issues, epics, and product roadmaps in the simplest way possible.

powershell

securityjoes/MasterParser - MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs
samratashok/nishang - Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
nickvourd/Windows-Local-Privilege-Escalation-Cookbook - Windows Local Privilege Escalation Cookbook
chopinrlz/powerpass - Store and retrieve encrypted secrets with PowerShell on Windows, Linux, or MacOS and also from KeePass 2 databases on Windows
drak3hft7/Cheat-Sheet---Active-Directory - This cheat sheet contains common enumeration and attack methods for Windows Active Directory with the use of powershell.
microsoft/inshellisense - IDE style command line auto complete
h0ru/AMSI-Reaper -
The-Viper-One/PsMapExec - A PowerShell tool that takes strong inspiration from CrackMapExec / NetExec
joeavanzato/Trawler - PowerShell script to help Incident Responders discover potential adversary persistence mechanisms.
byt3bl33d3r/CrackMapExec - A swiss army knife for pentesting networks
jayharris/dotfiles-windows - dotfiles for Windows, including Developer-minded system defaults. Built in PowerShell

privacy

CleasbyCode/jdvrif - Hide data within JPG images using this steganography-like privacy tool. Post images on Mastodon and other hosting sites.
Lissy93/personal-security-checklist - 🔒 A compiled checklist of 300+ tips for protecting digital security and privacy in 2024
pluja/awesome-privacy - Awesome Privacy - A curated list of services and alternatives that respect your privacy because PRIVACY MATTERS.
awesome-selfhosted/awesome-selfhosted - A list of Free Software network services and web applications which can be hosted on your own servers
troennes/private-secure-windows - Privacy and security baseline for personal Windows 10 and Windows 11
AdguardTeam/AdGuardHome - Network-wide ads & trackers blocking DNS server
K3V1991/Disable-Firefox-Telemetry-and-Data-Collection - How to disable Firefox Telemetry and Data Collection
Lissy93/web-check - 🕵️‍♂️ All-in-one OSINT tool for analysing any website
svenmauch/WinSlap - Swiftly configure a fresh Windows 10 installation with useful tweaks and privacy settings.
hellzerg/optimizer - The finest Windows Optimizer
KuroLabs/stegcloak - Hide secrets with invisible characters in plain text securely using passwords 🧙🏻‍♂️⭐
drduh/macOS-Security-and-Privacy-Guide - Guide to securing and improving privacy on macOS

project-management

makeplane/plane - 🔥 🔥 🔥 Open Source JIRA, Linear and Asana Alternative. Plane helps you track your issues, epics, and product roadmaps in the simplest way possible.

python

blacklanternsecurity/bbot - A recursive internet scanner for hackers.
FLOCK4H/Freeway - WiFi Penetration Testing & Auditing Tool
prowler-cloud/prowler - Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness.
otsaloma/catapult - App launcher for Linux
RevoltSecurities/Subdominator - SubDominator helps you discover subdomains associated with a target domain efficiently and with minimal impact for your Bug Bounty
sarperavci/GoogleRecaptchaBypass - Solve Google reCAPTCHA in less than 5 seconds! 🚀
AnonCatalyst/Ominis-OSINT - This Python application is an OSINT (Open Source Intelligence) tool called "Ominis OSINT - Web Hunter." It performs online information gathering by querying Google for search results related to a user
epogrebnyak/justpath - Inspect and refine PATH environment variable on Windows, Linux and MacOS.
dvcoolarun/web2pdf - 🔄 CLI to convert Webpages to PDFs 🚀
fkkarakurt/reconic - A Powerful Network Reconnaissance Tool for Security Professionals
fortra/impacket - Impacket is a collection of Python classes for working with network protocols.
oppsec/tomcter - 😹 Tomcter is a python tool developed to bruteforce Apache Tomcat manager login with default credentials.
s0md3v/Photon - Incredibly fast crawler designed for OSINT.
latiotech/LAST - Use AI to Scan Your Code from the Command Line for security and code smells. Bring your own keys. Supports OpenAI and Gemini
oppsec/juumla - 🦁 Juumla is a python tool created to identify Joomla version, scan for vulnerabilities and sensitive files
dragonked2/Egyscan - Egyscan The Best web vulnerability scanner; it's a multifaceted security powerhouse designed to fortify your web applications against malicious threats. Let's delve into the tasks and functions that m
lewiswigmore/Virus.xcheck - Virus.xcheck is a Python tool designed to bulk verify the existence of file hashes in the Virus Exchange database and fetch download URLs for malware analysis.
JoshuaKasa/van-gonography - Hide 🕵️‍♂️ your files of any type inside a image of your choice using steganography
bellingcat/wayback-google-analytics - A lightweight tool for scraping current and historic Google Analytics data
Alb-310/Geogramint - An OSINT Geolocalization tool for Telegram that find nearby users and groups 📡🌍🔍
DedSecInside/TorBot - Dark Web OSINT Tool
AiGptCode/Ai-Security-URL - functions to exploit common web application vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), Server-Side Request Forgery (SSRF), and Path Traversal.
franckferman/MetaDetective - 🕵️ Unleash Metadata Intelligence with MetaDetective. Your Assistant Beyond Metagoofil.
GreyDGL/PentestGPT - A GPT-empowered penetration testing tool
redhuntlabs/Octopii - An AI-powered Personal Identifiable Information (PII) scanner.
searxng/searxng - SearXNG is a free internet metasearch engine which aggregates results from various search services and databases. Users are neither tracked nor profiled.
MattKeeley/Spoofy - Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
semgrep/semgrep - Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
secdev/scapy - Scapy: the Python-based interactive packet manipulation program & library.
Pennyw0rth/NetExec - The Network Execution Tool
RhinoSecurityLabs/pacu - The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
Anof-cyber/ParaForge - A BurpSuite extension to create a custom word-list of endpoint and parameters for enumeration and fuzzing
bsilverthorn/maccarone - AI-managed code blocks in Python ⏪⏩
oppsec/Apepe - 📲 Enumerate information from an app based on the APK file
oppsec/Pinkerton - 🕵️ Pinkerton is an JavaScript file crawler and secret finder tool developed in Python
commixproject/commix - Automated All-in-One OS Command Injection Exploitation Tool.
fox-it/dissect - Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (part
intel/cve-bin-tool - The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or
PhoenixC2/PhoenixC2 - Command & Control-Framework created for collaboration in python3
jakecreps/poastal - Poastal - the Email OSINT tool
gpt-engineer-org/gpt-engineer - Specify what you want it to build, the AI asks for clarification, and then builds it.
makeplane/plane - 🔥 🔥 🔥 Open Source JIRA, Linear and Asana Alternative. Plane helps you track your issues, epics, and product roadmaps in the simplest way possible.
Significant-Gravitas/AutoGPT - AutoGPT is the vision of accessible AI for everyone, to use and to build on. Our mission is to provide the tools, so that you can focus on what matters.
p1ngul1n0/blackbird - An OSINT tool to search for accounts by username and email in social networks.
nyxiereal/XToolbox - XToolBox - A collection of 150+ Windows 10/11 optimization and tweaking apps!
Ciphey/Ciphey - ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
sherlock-project/sherlock - Hunt down social media accounts by username across social networks
byt3bl33d3r/CrackMapExec - A swiss army knife for pentesting networks

python3

JoelGMSec/LeakSearch - Search & Parse Password Leaks
HalilDeniz/NetProbe - NetProbe: Network Probe
HalilDeniz/PacketSpy - PacketSpy
oppsec/tomcter - 😹 Tomcter is a python tool developed to bruteforce Apache Tomcat manager login with default credentials.
N0rz3/Phunter - Phunter is an osint tool allowing you to find various information via a phone number 🔎📞
HalilDeniz/NetworkSherlock - NetworkSherlock: powerful and flexible port scanning tool With Shodan
rfc-st/humble - A humble, and 𝗳𝗮𝘀𝘁, security-oriented HTTP headers analyzer.
lewiswigmore/Virus.xcheck - Virus.xcheck is a Python tool designed to bulk verify the existence of file hashes in the Virus Exchange database and fetch download URLs for malware analysis.
HalilDeniz/TrafficWatch - TrafficWatch, a packet sniffer tool, allows you to monitor and analyze network traffic from PCAP files
HalilDeniz/PathFinder - Web Path Finder
m8sec/CrossLinked - LinkedIn enumeration tool to extract valid employee names from an organization through search engine scraping
DedSecInside/TorBot - Dark Web OSINT Tool
franckferman/MetaDetective - 🕵️ Unleash Metadata Intelligence with MetaDetective. Your Assistant Beyond Metagoofil.
MattKeeley/Spoofy - Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
Pennyw0rth/NetExec - The Network Execution Tool
jerlendds/osintbuddy - Node graphs, OSINT data mining, and plugins. Connect unstructured and public data for transformative insights
oppsec/Pinkerton - 🕵️ Pinkerton is an JavaScript file crawler and secret finder tool developed in Python
thewhiteh4t/FinalRecon - All In One Web Recon
PhoenixC2/PhoenixC2 - Command & Control-Framework created for collaboration in python3
nyxiereal/XToolbox - XToolBox - A collection of 150+ Windows 10/11 optimization and tweaking apps!
sherlock-project/sherlock - Hunt down social media accounts by username across social networks

qt

3nock/OTE - OSINT Template Engine

raspberry-pi

AleksaMCode/Preferred-Network-List-Sniffer - A reconnaissance tool for capturing and displaying SSIDs from device's Preferred Network List.

react

drawdb-io/drawdb - Free, simple, and intuitive online database design tool and SQL generator.
pmndrs/uikit - 🎨 user interfaces for react-three-fiber
wasp-lang/open-saas - A free, open-source SaaS app starter for React & Node.js with superpowers. Production-ready. Community-driven.
wasp-lang/wasp - The fastest way to develop full-stack web apps with React & Node.js.
albingroen/react-cmdk - A fast, accessible, and pretty command palette for React
lmsqueezy/wedges - An ever-expanding, open-source React UI library built with the Wedges Design System, Radix primitives, and Tailwind CSS.
nick-keller/react-datasheet-grid - An Airtable-like / Excel-like component to create beautiful spreadsheets.
react-dnd/react-dnd - Drag and Drop for React
diogocapela/flatdraw - A simple canvas drawing web app with responsive UI. Made with TypeScript, React, and Next.js.
Infisical/infisical - ♾ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure, prevent secret leaks, and manage internal PKI
React95/React95 - A React components library with Win95 UI
makeplane/plane - 🔥 🔥 🔥 Open Source JIRA, Linear and Asana Alternative. Plane helps you track your issues, epics, and product roadmaps in the simplest way possible.

react-native

Abhinandan-Kushwaha/react-native-gifted-charts - The most complete library for Bar, Line, Area, Pie, Donut, Stacked Bar and Population Pyramid charts in React Native. Allows 2D, 3D, gradient, animations and live data updates.

rest-api

makeplane/plane - 🔥 🔥 🔥 Open Source JIRA, Linear and Asana Alternative. Plane helps you track your issues, epics, and product roadmaps in the simplest way possible.

reverse-engineering

chainguard-dev/bincapz - detect malicious program behaviors
ax/apk.sh - apk.sh makes reverse engineering Android apps easier, automating some repetitive tasks like pulling, decoding, rebuilding and patching an APK.
mentebinaria/retoolkit - Reverse Engineer's Toolkit
x64dbg/x64dbg - An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
ReagentX/imessage-exporter - Export iMessage data + run iMessage Diagnostics
mandiant/flare-vm - A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.

ruby

semgrep/semgrep - Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

rust

dani-garcia/vaultwarden - Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs
NH-RED-TEAM/RustHound - Active Directory data collector for BloodHound written in Rust. 🦀
GyulyVGC/sniffnet - Comfortably monitor your Internet traffic 🕵️‍♂️
cea-sec/usbsas - Tool and framework for securely reading untrusted USB mass storage devices.
praetorian-inc/noseyparker - Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.
build-trust/ockam - Orchestrate end-to-end encryption, cryptographic identities, mutual authentication, and authorization policies between distributed applications – at massive scale.
Drew-Alleman/DataSurgeon - Quickly Extracts IP's, Email Addresses, Hashes, Files, Credit Cards, Social Security Numbers and a lot More From Text

security

chaitin/SafeLine - A web security gateway, serve as a reverse proxy to protect your websites from attacks and exploits.
prowler-cloud/prowler - Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness.
smallstep/certificates - 🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.
sgxgsx/BlueToolkit - BlueToolkit is an extensible Bluetooth Classic vulnerability testing framework that helps uncover new and old vulnerabilities in Bluetooth-enabled devices. Could be used in the vulnerability research,
MetaOSINT/MetaOSINT.github.io - A tool to quickly identify relevant, publicly-available open source intelligence ("OSINT") tools and resources, saving valuable time during investigations, research, and analysis.
securityjoes/MasterParser - MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs
samratashok/nishang - Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
Azathothas/Arsenal - Hastly written Tools & Scripts for Personal Use Cases & Bug Bounties
danieldurnea/FBI-tools - 🕵️ OSINT Tools for gathering information and actions forensics 🕵️
cddmp/enum4linux-ng - A next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for security professionals and CTF players.
dhammon/ai-goat - Learn AI security through a series of vulnerable LLM CTF challenges. No sign ups, no cloud fees, run everything locally on your system.
noraj/haiti - 🔑 Hash type identifier (CLI & lib)
six2dez/reconftw - reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
devploit/awesome-ctf-resources - A list of Capture The Flag (CTF) frameworks, libraries, resources and software for started/experienced CTF players 🚩
Lissy93/personal-security-checklist - 🔒 A compiled checklist of 300+ tips for protecting digital security and privacy in 2024
Escape-Technologies/awesome-graphql-security - A curated list of awesome GraphQL Security frameworks, libraries, software and resources
v1s1t0r1sh3r3/airgeddon - This is a multi-use bash script for Linux systems to audit wireless networks.
ShellCode33/CredSLayer - Extract credentials and other useful info from network captures
konstruktoid/ansible-role-hardening - Ansible role to apply a security baseline. Systemd edition.
justakazh/DockerExploit - Docker Remote API Scanner and Exploit
sensepost/objection - 📱 objection - runtime mobile exploration
freelabz/secator - secator - the pentester's swiss knife
future-architect/vuls - Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
MegaManSec/SSH-Snake - SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.
gbiagomba/Sherlock - This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)
AleksaMCode/Preferred-Network-List-Sniffer - A reconnaissance tool for capturing and displaying SSIDs from device's Preferred Network List.
trickest/inventory - Asset inventory of over 800 public bug bounty programs.
0x4D31/galah - Galah: An LLM-powered web honeypot. Wasting attackers' time with faker-than-ever HTTP responses!
OpenCTI-Platform/opencti - Open Cyber Threat Intelligence Platform
Frissi0n/GTFONow - Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries using GTFOBins.
konstruktoid/hardening - Hardening Ubuntu. Systemd edition.
Aditya-dom/moonwalk-back - Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.
gabrielsoltz/metahub - MetaHub is an automated contextual security findings enrichment and impact evaluation tool for vulnerability management.
tamjid0x01/SmartContracts-audit-checklist - A checklist of things to look for when auditing Solidity smart contracts.
gophish/gophish - Open-Source Phishing Toolkit
xlab-si/iac-scan-runner - Service that scans your Infrastructure as Code for common vulnerabilities
MandConsultingGroup/porch-pirate - Porch Pirate is the most comprehensive Postman recon / OSINT client and framework that facilitates the automated discovery and exploitation of API endpoints and secrets committed to workspaces, collec
rfc-st/humble - A humble, and 𝗳𝗮𝘀𝘁, security-oriented HTTP headers analyzer.
PrivateBin/PrivateBin - A minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bits AES.
liamg/furious - 😠 Go IP/port scanner with SYN (stealth) scanning and device manufacturer identification
troennes/private-secure-windows - Privacy and security baseline for personal Windows 10 and Windows 11
swisskyrepo/PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
swisskyrepo/InternalAllTheThings - Active Directory and Internal Pentest Cheatsheets
factionsecurity/faction - Pen Test Report Generation and Assessment Collaboration
goodwithtech/dockle - Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start
HalilDeniz/NetworkAssessment - NetworkAssessment: Network Compromise Assessment Tool
cisagov/LME - Logging Made Easy (LME) is a no-cost and open logging and protective monitoring solution serving all organizations.
HalilDeniz/PathFinder - Web Path Finder
andresriancho/w3af - w3af: web application attack and audit framework, the open source web vulnerability scanner.
LucasPDiniz/403-Bypass - Bypass 403 pages
maxgoedjen/secretive - Store SSH keys in the Secure Enclave
spark1security/n0s1 - Secret Scanner for Jira, Confluence, Asana, Wrike and Linear
0xsyr0/OSCP - OSCP Cheat Sheet
DedSecInside/TorBot - Dark Web OSINT Tool
GyulyVGC/sniffnet - Comfortably monitor your Internet traffic 🕵️‍♂️
CycodeLabs/raven - CI/CD Security Analyzer
franckferman/MetaDetective - 🕵️ Unleash Metadata Intelligence with MetaDetective. Your Assistant Beyond Metagoofil.
ElectronicCats/CatSniffer - CatSniffer is an original multiprotocol and multiband board for sniffing, communicating, and attacking IoT (Internet of Things) devices using the latest radio IoT protocols. It is a highly portable US
trickest/find-gh-poc - Find CVE PoCs on GitHub
trickest/cve - Gather and update all available and newest CVEs with their PoC.
gotr00t0day/Gsec - Web Security Scanner
trimstray/the-book-of-secret-knowledge - A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
cea-sec/usbsas - Tool and framework for securely reading untrusted USB mass storage devices.
GitGuardian/ggshield - Find and fix 360+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.
santoru/shcheck - A basic tool to check security headers of a website
google/gcp_scanner - A comprehensive scanner for Google Cloud
MattKeeley/Spoofy - Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
secdev/scapy - Scapy: the Python-based interactive packet manipulation program & library.
mschwager/route-detect - Find authentication (authn) and authorization (authz) security bugs in web application routes.
jtesta/ssh-audit - SSH server & client security auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)
Pennyw0rth/NetExec - The Network Execution Tool
Security-Onion-Solutions/securityonion - Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, detections, a
RhinoSecurityLabs/pacu - The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
K3V1991/Disable-Firefox-Telemetry-and-Data-Collection - How to disable Firefox Telemetry and Data Collection
D00Movenok/BounceBack - ↕️🤫 Stealth redirector for your red team operation security
deepfence/SecretScanner - 🔓 🔓 Find secrets and passwords in container images and file systems 🔓 🔓
globocom/secDevLabs - A laboratory for learning secure web and mobile development in a practical manner.
x64dbg/x64dbg - An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
praetorian-inc/noseyparker - Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.
D00Movenok/HTMLSmuggler - ✉️ HTML Smuggling generator&obfuscator for your Red Team operations
cado-security/varc - Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of particular use when investigating a security incident.
projectdiscovery/nuclei - Fast and customizable vulnerability scanner based on simple YAML based DSL.
akto-api-security/akto - Proactive, Open source API security → API discovery, Testing in CI/CD, Test Library with 150+ Tests, Add custom tests, Sensitive data exposure
authzed/spicedb - Open Source, Google Zanzibar-inspired permissions database to enable fine-grained authorization for customer applications
intel/cve-bin-tool - The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or
owasp-noir/noir - Attack surface detector that identifies endpoints by static analysis
build-trust/ockam - Orchestrate end-to-end encryption, cryptographic identities, mutual authentication, and authorization policies between distributed applications – at massive scale.
Infisical/infisical - ♾ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure, prevent secret leaks, and manage internal PKI
Lissy93/web-check - 🕵️‍♂️ All-in-one OSINT tool for analysing any website
Zeus-Labs/ZeusCloud - Open Source Cloud Security
padok-team/yatas - 🦉🔎 A simple tool to audit your AWS/GCP infrastructure for misconfiguration or potential security issues with plugins integration
CERT-Polska/Artemis - A modular vulnerability scanner with automatic report generation capabilities.
j3ssie/metabigor - OSINT tools and more but without API key
eosphoros-ai/DB-GPT - AI Native Data App Development framework with AWEL(Agentic Workflow Expression Language) and Agents
mvt-project/mvt - MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise.
MrEmpy/mantra - 「🔑」A tool used to hunt down API key leaks in JS files and pages
nyxiereal/XToolbox - XToolBox - A collection of 150+ Windows 10/11 optimization and tweaking apps!
trufflesecurity/trufflehog - Find and verify secrets
cider-security-research/cicd-goat - A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.
gitleaks/gitleaks - Protect and discover secrets using Gitleaks 🔑
KuroLabs/stegcloak - Hide secrets with invisible characters in plain text securely using passwords 🧙🏻‍♂️⭐
drduh/macOS-Security-and-Privacy-Guide - Guide to securing and improving privacy on macOS

self-hosted

chaitin/SafeLine - A web security gateway, serve as a reverse proxy to protect your websites from attacks and exploits.
Dokploy/dokploy - Open Source Alternative to Vercel, Netlify and Heroku.
awesome-foss/awesome-sysadmin - A curated list of amazingly awesome open-source sysadmin resources.
PrivateBin/PrivateBin - A minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bits AES.
awesome-selfhosted/awesome-selfhosted - A list of Free Software network services and web applications which can be hosted on your own servers

server

lukejacksonn/servor - Dependency free file server for single page app development
K3V1991/Disable-Firefox-Telemetry-and-Data-Collection - How to disable Firefox Telemetry and Data Collection

shell

MegaManSec/SSH-Snake - SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.
konstruktoid/hardening - Hardening Ubuntu. Systemd edition.
CISOfy/lynis - Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

software

awesome-foss/awesome-sysadmin - A curated list of amazingly awesome open-source sysadmin resources.

solidity

tamjid0x01/SmartContracts-audit-checklist - A checklist of things to look for when auditing Solidity smart contracts.

sql

drawdb-io/drawdb - Free, simple, and intuitive online database design tool and SQL generator.

sql-server

drawdb-io/drawdb - Free, simple, and intuitive online database design tool and SQL generator.

sqlite

teableio/teable - ✨ The Next Gen Airtable Alternative: No-Code Postgres
drawdb-io/drawdb - Free, simple, and intuitive online database design tool and SQL generator.

storybook

React95/React95 - A React components library with Win95 UI

swift

Renset/macai - Swift powered native macOS client for Ollama, ChatGPT and compatible API-backends

swiftui

Renset/macai - Swift powered native macOS client for Ollama, ChatGPT and compatible API-backends

telegram

Alb-310/Geogramint - An OSINT Geolocalization tool for Telegram that find nearby users and groups 📡🌍🔍

terminal

plandex-ai/plandex - AI driven development in your terminal. Designed for large, real-world tasks.
JoshuaKasa/van-gonography - Hide 🕵️‍♂️ your files of any type inside a image of your choice using steganography
microsoft/inshellisense - IDE style command line auto complete
antonmedv/walk - Terminal file manager
morpheuslord/GPT_Vuln-analyzer - Uses ChatGPT API, Bard API, and Llama2, Python-Nmap, DNS Recon, PCAP and JWT recon modules and uses the GPT3 model to create vulnerability reports based on Nmap scan data, and DNS scan information. It
nosarthur/gita - Manage many git repos with sanity 从容管理多个git库

termux

devXprite/infoooze - A OSINT tool which helps you to quickly find information effectively. All you need is to input and it will take take care of rest.
jaykali/maskphish - Introducing "URL Making Technology" to the world for the very FIRST TIME. Give a Mask to Phishing URL like a PRO.. A MUST have tool for Phishing.

termux-hacking

jaykali/maskphish - Introducing "URL Making Technology" to the world for the very FIRST TIME. Give a Mask to Phishing URL like a PRO.. A MUST have tool for Phishing.

testing

Aditya-dom/moonwalk-back - Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.
Hakky54/certificate-ripper - 🔐 A CLI tool to extract server certificates

twitter

MetaOSINT/MetaOSINT.github.io - A tool to quickly identify relevant, publicly-available open source intelligence ("OSINT") tools and resources, saving valuable time during investigations, research, and analysis.

typescript

brocoders/nestjs-boilerplate - NestJS boilerplate. Auth, TypeORM, Mongoose, Postgres, MongoDB, Mailing, I18N, Docker.
pmndrs/uikit - 🎨 user interfaces for react-three-fiber
formkit/tempo - 📆 Parse, format, manipulate, and internationalize dates and times in JavaScript and TypeScript.
wasp-lang/open-saas - A free, open-source SaaS app starter for React & Node.js with superpowers. Production-ready. Community-driven.
albingroen/react-cmdk - A fast, accessible, and pretty command palette for React
imgly/background-removal-js - Remove backgrounds from images directly in the browser environment with ease and no additional costs or privacy concerns. Explore an interactive demo.
semgrep/semgrep - Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
jerlendds/osintbuddy - Node graphs, OSINT data mining, and plugins. Connect unstructured and public data for transformative insights
biomejs/biome - A toolchain for web projects, aimed to provide functionalities to maintain them. Biome offers formatter and linter, usable via CLI and LSP.
logto-io/logto - 🧑‍🚀 The better identity infrastructure for developers and the open-source alternative to Auth0.
seekr-osint/seekr - A multi-purpose OSINT toolkit with a neat web-interface.
diogocapela/flatdraw - A simple canvas drawing web app with responsive UI. Made with TypeScript, React, and Next.js.
tatethurston/nextjs-routes - Type safe routing for Next.js
Infisical/infisical - ♾ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure, prevent secret leaks, and manage internal PKI
chakra-ui/panda - 🐼 Universal, Type-Safe, CSS-in-JS Framework for Product Teams ⚡️
makeplane/plane - 🔥 🔥 🔥 Open Source JIRA, Linear and Asana Alternative. Plane helps you track your issues, epics, and product roadmaps in the simplest way possible.

ubuntu

konstruktoid/ansible-role-hardening - Ansible role to apply a security baseline. Systemd edition.
konstruktoid/hardening - Hardening Ubuntu. Systemd edition.

vagrant

konstruktoid/ansible-role-hardening - Ansible role to apply a security baseline. Systemd edition.

vim

junegunn/fzf - 🌸 A command-line fuzzy finder
keidarcy/dotfiles - Robust & colorful dot configuration and utilities files with CI check 🦄🦄.
LeCoupa/awesome-cheatsheets - 👩‍💻👨‍💻 Awesome cheatsheets for popular programming languages, frameworks and development tools. They include everything you should know in one single file.

visual-studio-code

viatsko/awesome-vscode - 🎨 A curated list of delightful VS Code packages and resources.
continuedev/continue - ⏩ Continue is the leading open-source AI code assistant. You can connect any models and any context to build custom autocomplete and chat experiences inside VS Code and JetBrains

vue

nuxt/ui - A UI Library for Modern Web Apps, powered by Vue & Tailwind CSS.

vuejs

LeCoupa/awesome-cheatsheets - 👩‍💻👨‍💻 Awesome cheatsheets for popular programming languages, frameworks and development tools. They include everything you should know in one single file.

web

AnonCatalyst/Ominis-OSINT - This Python application is an OSINT (Open Source Intelligence) tool called "Ominis OSINT - Web Hunter." It performs online information gathering by querying Google for search results related to a user
OJ/gobuster - Directory/File, DNS and VHost busting tool written in Go
ffuf/ffuf - Fast web fuzzer written in Go
devploit/awesome-ctf-resources - A list of Capture The Flag (CTF) frameworks, libraries, resources and software for started/experienced CTF players 🚩
HalilDeniz/PathFinder - Web Path Finder
gotr00t0day/Gsec - Web Security Scanner
biomejs/biome - A toolchain for web projects, aimed to provide functionalities to maintain them. Biome offers formatter and linter, usable via CLI and LSP.

website

AiGptCode/Ai-Security-URL - functions to exploit common web application vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), Server-Side Request Forgery (SSRF), and Path Traversal.
ramon-victor/freegpt-webui - GPT 3.5/4 with a Chat Web UI. No API key required.

windows

emrekybs/nim-shell - Reverse shell that can bypass windows defender detection
nickvourd/Windows-Local-Privilege-Escalation-Cookbook - Windows Local Privilege Escalation Cookbook
NH-RED-TEAM/RustHound - Active Directory data collector for BloodHound written in Rust. 🦀
drak3hft7/Cheat-Sheet---Active-Directory - This cheat sheet contains common enumeration and attack methods for Windows Active Directory with the use of powershell.
troennes/private-secure-windows - Privacy and security baseline for personal Windows 10 and Windows 11
JoshuaKasa/van-gonography - Hide 🕵️‍♂️ your files of any type inside a image of your choice using steganography
Idov31/Nidhogg - Nidhogg is an all-in-one simple to use rootkit.
mentebinaria/retoolkit - Reverse Engineer's Toolkit
GyulyVGC/sniffnet - Comfortably monitor your Internet traffic 🕵️‍♂️
microsoft/inshellisense - IDE style command line auto complete
AiGptCode/Ai-Security-URL - functions to exploit common web application vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), Server-Side Request Forgery (SSRF), and Path Traversal.
h0ru/AMSI-Reaper -
Pennyw0rth/NetExec - The Network Execution Tool
x64dbg/x64dbg - An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
joeavanzato/Trawler - PowerShell script to help Incident Responders discover potential adversary persistence mechanisms.
mandiant/commando-vm - Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. commandovm@mandiant.com
Fadi002/unshackle - Open-source tool to bypass windows and linux passwords from bootable usb
mesquidar/ForensicsTools - A list of free and open forensics analysis tools and other resources
svenmauch/WinSlap - Swiftly configure a fresh Windows 10 installation with useful tweaks and privacy settings.
hellzerg/optimizer - The finest Windows Optimizer
nyxiereal/XToolbox - XToolBox - A collection of 150+ Windows 10/11 optimization and tweaking apps!
Drew-Alleman/DataSurgeon - Quickly Extracts IP's, Email Addresses, Hashes, Files, Credit Cards, Social Security Numbers and a lot More From Text
byt3bl33d3r/CrackMapExec - A swiss army knife for pentesting networks
jayharris/dotfiles-windows - dotfiles for Windows, including Developer-minded system defaults. Built in PowerShell
namazso/SecureUxTheme - 🎨 A secure boot compatible in-memory UxTheme patcher

xcode

LeCoupa/awesome-cheatsheets - 👩‍💻👨‍💻 Awesome cheatsheets for popular programming languages, frameworks and development tools. They include everything you should know in one single file.

zig

zigzap/zap - blazingly fast backends in zig

License

To the extent possible under law, dkadev has waived all copyright and related or neighboring rights to this work.

Files

topics.md

Latest commit

History

topics.md

File metadata and controls

Awesome Stars

Contents

ai

algorithm

android

ansible

api

artificial-intelligence

automation

awesome

awesome-list

aws

azure

backend

bash

bot

bugbounty

c

chatgpt

chatgpt-api

chrome

chrome-extension

cli

code

code-quality

compiler

config

cpp

cryptocurrency

cryptography

crystal

csharp

css

cybersecurity

data

data-visualization

database

deep-learning

deno

deployment

devops

django

docker

dotfiles

education

ethereum

firefox

flask

framework

frontend

git

github

github-config

go

golang

graphql

hacking

hacking-tool

hacking-tools

hacktoberfest

haskell

homebrew

html

http

image-processing

ios

iot

java

javascript

jekyll

jekyll-theme

js

json

kubernetes