A curated list of my GitHub stars! Generated by starred.
- ai
- analytics
- android
- angular
- ansible
- api
- arduino
- artificial-intelligence
- automation
- awesome
- awesome-list
- aws
- azure
- bash
- blockchain
- c
- chatgpt
- chrome-extension
- cli
- code
- compiler
- cpp
- csharp
- css
- cybersecurity
- data
- data-analysis
- data-visualization
- database
- deep-learning
- devops
- discord
- django
- docker
- dotnet
- electron
- english
- firefox
- flask
- framework
- github
- go
- golang
- hacking
- hacktoberfest
- html
- http
- image-processing
- ios
- iot
- java
- javascript
- js
- json
- kubernetes
- language
- library
- linux
- low-code
- lua
- machine-learning
- macos
- mongodb
- monitoring
- mysql
- nextjs
- nlp
- node
- nodejs
- npm
- open-source
- osint
- others
- parsing
- penetration-testing
- pentesting
- php
- postgresql
- powershell
- privacy
- python
- python3
- pytorch
- rails
- raspberry-pi
- react
- react-native
- reactjs
- reverse-engineering
- ruby
- rust
- scala
- security
- self-hosted
- serverless
- shell
- statistics
- telegram
- tensorflow
- terminal
- termux
- termux-hacking
- typescript
- vagrant
- vue
- web
- webapp
- webpack
- windows
- wordpress
- upscayl/upscayl - 🆙 Upscayl - Free and Open Source AI Image Upscaler for Linux, MacOS and Windows built with Linux-First philosophy.
- aorumbayev/autogpt4all - 🛠️ User-friendly bash script for setting up and configuring your LocalAI server with the GPT4All for free! 💸
- mudler/LocalAI - 🤖 The free, Open Source OpenAI alternative. Self-hosted, community-driven and local-first. Drop-in replacement for OpenAI running on consumer-grade hardware. No GPU required. Runs ggml, gguf, GP
- Significant-Gravitas/AutoGPT - AutoGPT is the vision of accessible AI for everyone, to use and to build on. Our mission is to provide the tools, so that you can focus on what matters.
- BishopFox/eyeballer - Convolutional neural network for analyzing pentest screenshots
- AUTOMATIC1111/stable-diffusion-webui - Stable Diffusion web UI
- zetavg/LLaMA-LoRA-Tuner - UI tool for fine-tuning and testing your own LoRA models base on LLaMA, GPT-J and more. One-click run on Google Colab. + A Gradio ChatGPT-like Chat UI to demonstrate your language models.
- ParisNeo/lollms-webui - Lord of Large Language Models Web User Interface
- nsacyber/WALKOFF - A flexible, easy to use, automation framework allowing users to integrate their capabilities and devices to cut through the repetitive, tedious tasks slowing them down. #nsacyber
- activecm/rita - Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis.
- DefectDojo/django-DefectDojo - DevSecOps, ASPM, Vulnerability Management. All on one platform.
- Th30neAnd0nly/AIRAVAT - A multifunctional Android RAT with GUI based Web Panel without port forwarding.
- P0cL4bs/Nanobrok - Web Service write in Python for control and protect your android device remotely.
- droidefense/engine - Droidefense: Advance Android Malware Analysis Framework
- gloxec/CrossC2 - generate CobaltStrike's cross-platform payload
- laurent22/joplin - Joplin - the secure note taking and to-do app with synchronisation capabilities for Windows, macOS, Linux, Android and iOS.
- AhMyth/AhMyth-Android-RAT - Android Remote Administration Tool
- ashishb/android-security-awesome - A collection of android security related resources
- n1nj4sec/pupy - Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C
- jonaswinkler/paperless-ng - A supercharged version of paperless: scan, index and archive all your physical documents
- SpamScope/spamscope - Fast Advanced Spam Analysis Tool
- mudler/LocalAI - 🤖 The free, Open Source OpenAI alternative. Self-hosted, community-driven and local-first. Drop-in replacement for OpenAI running on consumer-grade hardware. No GPU required. Runs ggml, gguf, GP
- TheHive-Project/TheHive - TheHive: a Scalable, Open Source and Free Security Incident Response Platform
- screetsec/Brutal - Payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy . Brutal is a toolkit to quickly create various payload,powers
- FlowiseAI/Flowise - Drag & drop UI to build your customized LLM flow
- Significant-Gravitas/AutoGPT - AutoGPT is the vision of accessible AI for everyone, to use and to build on. Our mission is to provide the tools, so that you can focus on what matters.
- Ciphey/Ciphey - ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
- OWASP/Nettacker - Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
- medpaf/hawk - Network, recon and offensive-security tool for Linux.
- ksharinarayanan/SourceWolf - Amazingly fast response crawler to find juicy stuff in the source code! 😎🔥
- gokulapap/Reconator - Automated Recon for Pentesting & Bug Bounty
- nsacyber/WALKOFF - A flexible, easy to use, automation framework allowing users to integrate their capabilities and devices to cut through the repetitive, tedious tasks slowing them down. #nsacyber
- DefectDojo/django-DefectDojo - DevSecOps, ASPM, Vulnerability Management. All on one platform.
- nheijmans/malzoo - Mass static malware analysis tool
- djsime1/awesome-flipperzero - 🐬 A collection of awesome resources for the Flipper Zero device.
- edoardottt/awesome-hacker-search-engines - A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
- danieldurnea/FBI-tools - 🕵️ OSINT Tools for gathering information and actions forensics 🕵️
- cipher387/osint_stuff_tool_collection - A collection of several hundred online tools for OSINT
- trimstray/the-book-of-secret-knowledge - A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
- ItIsMeCall911/Awesome-Telegram-OSINT - 📚 A Curated List of Awesome Telegram OSINT Tools, Sites & Resources
- jakejarvis/awesome-shodan-queries - 🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩💻
- paralax/awesome-honeypots - an awesome list of honeypot resources
- sroberts/awesome-iocs - A collection of sources of indicators of compromise.
- meirwah/awesome-incident-response - A curated list of tools for incident response
- carpedm20/awesome-hacking - A curated list of awesome Hacking tutorials, tools and resources
- ashishb/android-security-awesome - A collection of android security related resources
- rshipp/awesome-malware-analysis - Defund the Police.
- apsdehal/awesome-ctf - A curated list of CTF frameworks, libraries, resources and softwares
- sindresorhus/awesome - 😎 Awesome lists about all kinds of interesting topics
- djsime1/awesome-flipperzero - 🐬 A collection of awesome resources for the Flipper Zero device.
- edoardottt/awesome-hacker-search-engines - A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
- danieldurnea/FBI-tools - 🕵️ OSINT Tools for gathering information and actions forensics 🕵️
- cipher387/osint_stuff_tool_collection - A collection of several hundred online tools for OSINT
- trimstray/the-book-of-secret-knowledge - A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
- ItIsMeCall911/Awesome-Telegram-OSINT - 📚 A Curated List of Awesome Telegram OSINT Tools, Sites & Resources
- jakejarvis/awesome-shodan-queries - 🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩💻
- paralax/awesome-honeypots - an awesome list of honeypot resources
- sroberts/awesome-iocs - A collection of sources of indicators of compromise.
- meirwah/awesome-incident-response - A curated list of tools for incident response
- ashishb/android-security-awesome - A collection of android security related resources
- rshipp/awesome-malware-analysis - Defund the Police.
- sbilly/awesome-security - A collection of awesome software, libraries, documents, books, resources and cools stuffs about security.
- sindresorhus/awesome - 😎 Awesome lists about all kinds of interesting topics
- matanolabs/matano - Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
- ANSSI-FR/DFIR-O365RC - PowerShell module for Office 365 and Azure log collection
- aorumbayev/autogpt4all - 🛠️ User-friendly bash script for setting up and configuring your LocalAI server with the GPT4All for free! 💸
- D3Ext/WEF - Wi-Fi Exploitation Framework
- drak3hft7/Subscan4 - Script that performs a scan of a specific domain, using the following tools: Subfinder, assetfinder, amass and httpx. The result is merged into one file.
- leebaird/discover - Custom bash scripts used to automate various penetration testing tasks including recon, scanning, enumeration, and malicious payload creation using Metasploit. For use with Kali Linux.
- zarkones/XENA - XENA is the managed remote administration platform for botnet creation & development powered by blockchain and machine learning. Aiming to provide an ecosystem which serves the bot herders. Favoring s
- fluent/fluent-bit - Fast and Lightweight Logs and Metrics processor for Linux, BSD, OSX and Windows
- arkime/arkime - Arkime is an open source, large scale, full packet capturing, indexing, and database system.
- FlowiseAI/Flowise - Drag & drop UI to build your customized LLM flow
- OpenLMLab/MOSS - An open-source tool-augmented conversational language model from Fudan University
- LasCC/HackTools - The all-in-one browser extension for offensive security professionals 🛠
- senran101604/sagemode - 👀Sagemode: Track and Unveil Online identities across social media platforms🕵️♂️
- freedmand/semantra - Multi-tool for semantic search
- jarun/ddgr - 🦆 DuckDuckGo from the terminal
- ronin-rb/ronin - Ronin is a Free and Open Source Ruby Toolkit for Security Research and Development. Ronin also allows for the rapid development and distribution of code, exploits, payloads, etc, via 3rd party git rep
- asciimoo/wuzz - Interactive cli tool for HTTP inspection
- JS-Encoder/JS-Encoder - JS-Encoder is an online front-end code editor(前端在线代码编辑器)built with vue and codemirror. If you want to support JS-Encoder, click star 💗 to support it!
- ziglang/zig - General-purpose programming language and toolchain for maintaining robust, optimal, and reusable software.
- JS-Encoder/JS-Encoder - JS-Encoder is an online front-end code editor(前端在线代码编辑器)built with vue and codemirror. If you want to support JS-Encoder, click star 💗 to support it!
- r00t-3xp10it/venom - venom - C2 shellcode generator/compiler/handler
- Ciphey/Ciphey - ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
- GhostPack/Seatbelt - Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.
- phuocng/csslayout - A collection of popular layouts and patterns made with CSS. Now it has 100+ patterns and continues growing!
- JS-Encoder/JS-Encoder - JS-Encoder is an online front-end code editor(前端在线代码编辑器)built with vue and codemirror. If you want to support JS-Encoder, click star 💗 to support it!
- senran101604/sagemode - 👀Sagemode: Track and Unveil Online identities across social media platforms🕵️♂️
- A-poc/RedTeam-Tools - Tools and Techniques for Red Team / Penetration Testing
- mturhanlar/turme - This is a repository for Penetration Test, Purple Team Exercise and Red Team
- cisagov/decider - A web application that assists network defenders, analysts, and researchers in the process of mapping adversary behaviors to the MITRE ATT&CK® framework.
- Purp1eW0lf/Blue-Team-Notes - You didn't think I'd go and leave the blue team out, right?
- matanolabs/matano - Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
- t3l3machus/Villain - Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities etc) and share them among conn
- atenreiro/opensquat - The openSquat project is an open-source solution for detecting domain look-alikes by searching for newly registered domains that might be impersonating other legit domains.
- devXprite/httpfy - A fast and powerful http toolkit that take a list of domains to find active domains and other information such as status-code, title, response-time , server, content-type and many other
- Cyb3r-Monk/Threat-Hunting-and-Detection - Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
- Azure/Azure-Sentinel - Cloud-native SIEM for intelligent security analytics for your entire enterprise.
- GamehunterKaan/AutoPWN-Suite - AutoPWN Suite is a project for scanning vulnerabilities and exploiting systems automatically.
- p1ngul1n0/blackbird - An OSINT tool to search for accounts by username in social networks.
- abdulkadir-gungor/JPGtoMalware - It embeds the executable file or payload inside the jpg file. The method the program uses isn't exactly called one of the steganography methods. For this reason, it does not cause any distortion in t
- medpaf/hawk - Network, recon and offensive-security tool for Linux.
- offensive-hub/black-widow - GUI based offensive penetration testing tool (Open Source)
- devXprite/infoooze - A OSINT tool which helps you to quickly find information effectively. All you need is to input and it will take take care of rest.
- Idov31/MrKaplan - MrKaplan is a tool aimed to help red teamers to stay hidden by clearing evidence of execution.
- danieldurnea/FBI-tools - 🕵️ OSINT Tools for gathering information and actions forensics 🕵️
- noraj/rawsec-cybersecurity-inventory - An inventory of tools and resources about CyberSecurity that aims to help people to find everything related to CyberSecurity.
- cipher387/osint_stuff_tool_collection - A collection of several hundred online tools for OSINT
- emalderson/ThePhish - ThePhish: an automated phishing email analysis tool
- undergroundwires/privacy.sexy - Open-source tool to enforce privacy & security best-practices on Windows, macOS and Linux, because privacy is sexy
- nsacyber/WALKOFF - A flexible, easy to use, automation framework allowing users to integrate their capabilities and devices to cut through the repetitive, tedious tasks slowing them down. #nsacyber
- alexandreborges/malwoverview - Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, Threa
- mitre/caldera - Automated Adversary Emulation Platform
- intelowlproject/IntelOwl - IntelOwl: manage your Threat Intelligence at scale
- 1N3/Sn1per - Attack Surface Management Platform
- keithjjones/hostintel - A modular Python application to collect intelligence for malicious hosts.
- maliceio/malice - VirusTotal Wanna Be - Now with 100% more Hipster
- future-architect/vuls - Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
- meirwah/awesome-incident-response - A curated list of tools for incident response
- brimdata/zui - Zui is a powerful desktop application for exploring and working with data. The official front-end to the Zed lake.
- guipsamora/pandas_exercises - Practice your pandas skills!
- gchq/CyberChef - The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis
- netdata/netdata - The open-source observability platform everyone needs!
- ronin-rb/ronin - Ronin is a Free and Open Source Ruby Toolkit for Security Research and Development. Ronin also allows for the rapid development and distribution of code, exploits, payloads, etc, via 3rd party git rep
- netdata/netdata - The open-source observability platform everyone needs!
- AutoGPTQ/AutoGPTQ - An easy-to-use LLMs quantization package with user-friendly apis, based on GPTQ algorithm.
- OpenLMLab/MOSS - An open-source tool-augmented conversational language model from Fudan University
- AUTOMATIC1111/stable-diffusion-webui - Stable Diffusion web UI
- CorentinJ/Real-Time-Voice-Cloning - Clone a voice in 5 seconds to generate arbitrary speech in real-time
- ANSSI-FR/DFIR-O365RC - PowerShell module for Office 365 and Azure log collection
- trimstray/the-book-of-secret-knowledge - A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
- nsacyber/WALKOFF - A flexible, easy to use, automation framework allowing users to integrate their capabilities and devices to cut through the repetitive, tedious tasks slowing them down. #nsacyber
- netdata/netdata - The open-source observability platform everyone needs!
- kensh1ro/Willie-C2 - A Golang implant that uses Discord as a C2 team server
- signorrayan/RedTeam_toolkit - Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools used in the red-teaming together.
- jonaswinkler/paperless-ng - A supercharged version of paperless: scan, index and archive all your physical documents
- DefectDojo/django-DefectDojo - DevSecOps, ASPM, Vulnerability Management. All on one platform.
- aquasecurity/trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
- cyberdefenders/email-header-analyzer - E-Mail Header Analyzer
- JoelGMSec/EvilnoVNC - Ready to go Phishing Platform
- offensive-hub/black-widow - GUI based offensive penetration testing tool (Open Source)
- telekom-security/tpotce - 🍯 T-Pot - The All In One Honeypot Platform 🐝
- hawkeyesec/scanner-cli - A project security/vulnerability/risk scanning tool
- pvnguyen/docker-bro-elk - Bro Network Security Monitor integration with ELK stack using Docker Compose
- deviantony/docker-elk - The Elastic stack (ELK) powered by Docker and Compose.
- uschtwill/docker_monitoring_logging_alerting - Docker host and container monitoring, logging and alerting out of the box using cAdvisor, Prometheus, Grafana for monitoring, Elasticsearch, Kibana and Logstash for logging and elastalert and Alertman
- monitoringartist/dockbix-xxl - 🐳 Dockerized Zabbix - server, web, proxy, java gateway, snmpd with additional extensions
- blacktop/docker-bro - Bro IDS Dockerfile
- netdata/netdata - The open-source observability platform everyone needs!
- SpamScope/spamscope - Fast Advanced Spam Analysis Tool
- HarryR/maltrieve - A tool to retrieve malware directly from the source for security researchers.
- maliceio/malice - VirusTotal Wanna Be - Now with 100% more Hipster
- blacktop/docker-cuckoo - Cuckoo Sandbox Dockerfile
- byt3bl33d3r/SILENTTRINITY - An asynchronous, collaborative post-exploitation agent powered by Python and .NET's DLR
- cobbr/Covenant - Covenant is a collaborative .NET C2 framework for red teamers.
- quasar/Quasar - Remote Administration Tool for Windows
- fremag/MemoScope.Net - Dump and analyze .Net applications memory ( a gui for WinDbg and ClrMd )
- upscayl/upscayl - 🆙 Upscayl - Free and Open Source AI Image Upscaler for Linux, MacOS and Windows built with Linux-First philosophy.
- laurent22/joplin - Joplin - the secure note taking and to-do app with synchronisation capabilities for Windows, macOS, Linux, Android and iOS.
- Ebazhanov/linkedin-skill-assessments-quizzes - Full reference of LinkedIn answers 2023 for skill assessments (aws-lambda, rest-api, javascript, react, git, html, jquery, mongodb, java, Go, python, machine-learning, power-point) linkedin excel test
- openwpm/OpenWPM - A web privacy measurement framework
- jofpin/trape - People tracker on the Internet: OSINT analysis and research tool by Jose Pino
- nsacyber/WALKOFF - A flexible, easy to use, automation framework allowing users to integrate their capabilities and devices to cut through the repetitive, tedious tasks slowing them down. #nsacyber
- certsocietegenerale/fame - FAME Automates Malware Evaluation
- PUNCH-Cyber/stoq - An open source framework for enterprise level automated analysis.
- byt3bl33d3r/MITMf - Framework for Man-In-The-Middle attacks
- devXprite/infoooze - A OSINT tool which helps you to quickly find information effectively. All you need is to input and it will take take care of rest.
- j3ssie/osmedeus - A Workflow Engine for Offensive Security
- aquasecurity/trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
- gravitational/teleport - Protect access to all of your infrastructure
- kitabisa/teler - Real-time HTTP Intrusion Detection
- asciimoo/wuzz - Interactive cli tool for HTTP inspection
- future-architect/vuls - Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
- j3ssie/osmedeus - A Workflow Engine for Offensive Security
- aquasecurity/trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
- gravitational/teleport - Protect access to all of your infrastructure
- zarkones/XENA - XENA is the managed remote administration platform for botnet creation & development powered by blockchain and machine learning. Aiming to provide an ecosystem which serves the bot herders. Favoring s
- kitabisa/teler - Real-time HTTP Intrusion Detection
- kensh1ro/Willie-C2 - A Golang implant that uses Discord as a C2 team server
- BishopFox/sliver - Adversary Emulation Framework
- Ebazhanov/linkedin-skill-assessments-quizzes - Full reference of LinkedIn answers 2023 for skill assessments (aws-lambda, rest-api, javascript, react, git, html, jquery, mongodb, java, Go, python, machine-learning, power-point) linkedin excel test
- asciimoo/wuzz - Interactive cli tool for HTTP inspection
- Genetic-Malware/Ebowla - Framework for Making Environmental Keyed Payloads (NO LONGER SUPPORTED)
- maliceio/malice - VirusTotal Wanna Be - Now with 100% more Hipster
- EgeBalci/HERCULES - HERCULES is a special payload generator that can bypass antivirus softwares.
- gophish/gophish - Open-Source Phishing Toolkit
- future-architect/vuls - Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
- h33tlit/secret-regex-list - List of regex for scraping secret API keys and juicy information.
- tasos-py/Search-Engines-Scraper - Search google, bing, yahoo, and other search engines with python
- six2dez/reconftw - reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
- j3ssie/osmedeus - A Workflow Engine for Offensive Security
- lucthienphong1120/AIO-Pentesting - All in one Pentest methodologies - Tools and commands | Where compiled all common materials for pentester
- A-poc/RedTeam-Tools - Tools and Techniques for Red Team / Penetration Testing
- yogeshojha/rengine - reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous mon
- jofpin/trape - People tracker on the Internet: OSINT analysis and research tool by Jose Pino
- trickest/cve - Gather and update all available and newest CVEs with their PoC.
- edoardottt/awesome-hacker-search-engines - A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
- t3l3machus/Villain - Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities etc) and share them among conn
- devXprite/httpfy - A fast and powerful http toolkit that take a list of domains to find active domains and other information such as status-code, title, response-time , server, content-type and many other
- GamehunterKaan/AutoPWN-Suite - AutoPWN Suite is a project for scanning vulnerabilities and exploiting systems automatically.
- DavidProbinsky/RedTeam-Physical-Tools - Red Team Toolkit - A curated list of tools that are commonly used in the field for Physical Security, Red Teaming, and Tactical Covert Entry.
- Th30neAnd0nly/AIRAVAT - A multifunctional Android RAT with GUI based Web Panel without port forwarding.
- ronin-rb/ronin - Ronin is a Free and Open Source Ruby Toolkit for Security Research and Development. Ronin also allows for the rapid development and distribution of code, exploits, payloads, etc, via 3rd party git rep
- k8gege/PowerLadon - Ladon hacking Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL/ORACLE/VNC
- medpaf/hawk - Network, recon and offensive-security tool for Linux.
- devXprite/infoooze - A OSINT tool which helps you to quickly find information effectively. All you need is to input and it will take take care of rest.
- danieldurnea/FBI-tools - 🕵️ OSINT Tools for gathering information and actions forensics 🕵️
- kurogai/deepweb-scappering - Discover hidden deepweb pages
- vil/H4X-Tools - Open source toolkit for scraping, OSINT and more.
- cipher387/osint_stuff_tool_collection - A collection of several hundred online tools for OSINT
- trimstray/the-book-of-secret-knowledge - A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
- LasCC/HackTools - The all-in-one browser extension for offensive security professionals 🛠
- six2dez/pentest-book -
- jaykali/maskphish - Introducing "URL Making Technology" to the world for the very FIRST TIME. Give a Mask to Phishing URL like a PRO.. A MUST have tool for Phishing.
- diego-treitos/linux-smart-enumeration - Linux enumeration tool for pentesting and CTFs with verbosity levels
- Raikia/FiercePhish - FiercePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns, schedule sending of emails, and much more.
- jakejarvis/awesome-shodan-queries - 🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩💻
- khast3x/h8mail - Email OSINT & Password breach hunting tool, locally or using premium services. Supports chasing down related email
- mitre/caldera - Automated Adversary Emulation Platform
- payloadbox/sql-injection-payload-list - 🎯 SQL Injection Payload List
- Ciphey/Ciphey - ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
- infosecn1nja/Red-Teaming-Toolkit - This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
- D4Vinci/Dr0p1t-Framework - A framework that create an advanced stealthy dropper that bypass most AVs and have a lot of tricks
- samratashok/nishang - Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
- 1N3/Sn1per - Attack Surface Management Platform
- swisskyrepo/PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
- screetsec/TheFatRat - Thefatrat a massive exploiting tool : Easy tool to generate backdoor and easy tool to post exploitation attack like browser attack and etc . This tool compiles a malware with popular payload and then
- screetsec/Brutal - Payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy . Brutal is a toolkit to quickly create various payload,powers
- EgeBalci/HERCULES - HERCULES is a special payload generator that can bypass antivirus softwares.
- averagesecurityguy/scripts - Scripts I use during pentest engagements.
- pentestgeek/phishing-frenzy - Ruby on Rails Phishing Framework
- carpedm20/awesome-hacking - A curated list of awesome Hacking tutorials, tools and resources
- aquasecurity/trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
- edoardottt/awesome-hacker-search-engines - A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
- projectdiscovery/nuclei - Fast and customizable vulnerability scanner based on simple YAML based DSL.
- LDO-CERT/orochi - The Volatility Collaborative GUI
- ronin-rb/ronin - Ronin is a Free and Open Source Ruby Toolkit for Security Research and Development. Ronin also allows for the rapid development and distribution of code, exploits, payloads, etc, via 3rd party git rep
- noraj/rawsec-cybersecurity-inventory - An inventory of tools and resources about CyberSecurity that aims to help people to find everything related to CyberSecurity.
- horsicq/Detect-It-Easy - Program for determining types of files for Windows, Linux and MacOS.
- jaykali/maskphish - Introducing "URL Making Technology" to the world for the very FIRST TIME. Give a Mask to Phishing URL like a PRO.. A MUST have tool for Phishing.
- Ebazhanov/linkedin-skill-assessments-quizzes - Full reference of LinkedIn answers 2023 for skill assessments (aws-lambda, rest-api, javascript, react, git, html, jquery, mongodb, java, Go, python, machine-learning, power-point) linkedin excel test
- BC-SECURITY/Starkiller - Starkiller is a Frontend for PowerShell Empire.
- BC-SECURITY/Empire - Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.
- Ciphey/Ciphey - ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
- pwnlandia/mhn - Modern Honey Network
- intelowlproject/IntelOwl - IntelOwl: manage your Threat Intelligence at scale
- mushorg/glutton - Generic Low Interaction Honeypot
- DefectDojo/django-DefectDojo - DevSecOps, ASPM, Vulnerability Management. All on one platform.
- PowerShell/PowerShell - PowerShell for every system!
- swisskyrepo/PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
- ivre/ivre - Network recon framework. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, collect and analyse network intelligenc
- GoSecure/malboxes - Builds malware analysis Windows VMs so that you don't have to.
- danluu/post-mortems - A collection of postmortems. Sorry for the delay in merging PRs!
- Graylog2/graylog2-server - Free and open log management
- JS-Encoder/JS-Encoder - JS-Encoder is an online front-end code editor(前端在线代码编辑器)built with vue and codemirror. If you want to support JS-Encoder, click star 💗 to support it!
- devXprite/httpfy - A fast and powerful http toolkit that take a list of domains to find active domains and other information such as status-code, title, response-time , server, content-type and many other
- BishopFox/sliver - Adversary Emulation Framework
- asciimoo/wuzz - Interactive cli tool for HTTP inspection
- GuidoBartoli/sherloq - An open-source digital image forensic toolset
- gloxec/CrossC2 - generate CobaltStrike's cross-platform payload
- lucasjacks0n/EggShell - iOS/macOS/Linux Remote Administration Tool
- jakejarvis/awesome-shodan-queries - 🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩💻
- Th30neAnd0nly/AIRAVAT - A multifunctional Android RAT with GUI based Web Panel without port forwarding.
- jaeksoft/opensearchserver - Open-source Enterprise Grade Search Engine Software
- Ghosts/Maus - Lightweight remote administrative client written in Java.
- FlowiseAI/Flowise - Drag & drop UI to build your customized LLM flow
- JS-Encoder/JS-Encoder - JS-Encoder is an online front-end code editor(前端在线代码编辑器)built with vue and codemirror. If you want to support JS-Encoder, click star 💗 to support it!
- laurent22/joplin - Joplin - the secure note taking and to-do app with synchronisation capabilities for Windows, macOS, Linux, Android and iOS.
- arkime/arkime - Arkime is an open source, large scale, full packet capturing, indexing, and database system.
- HynekPetrak/malware-jail - Sandbox for semi-automatic Javascript malware analysis, deobfuscation and payload extraction. Written for Node.js
- JS-Encoder/JS-Encoder - JS-Encoder is an online front-end code editor(前端在线代码编辑器)built with vue and codemirror. If you want to support JS-Encoder, click star 💗 to support it!
- open-policy-agent/opa - Open Policy Agent (OPA) is an open source, general-purpose policy engine.
- cilium/tetragon - eBPF-based Security Observability and Runtime Enforcement
- mudler/LocalAI - 🤖 The free, Open Source OpenAI alternative. Self-hosted, community-driven and local-first. Drop-in replacement for OpenAI running on consumer-grade hardware. No GPU required. Runs ggml, gguf, GP
- aquasecurity/trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
- gravitational/teleport - Protect access to all of your infrastructure
- DefectDojo/django-DefectDojo - DevSecOps, ASPM, Vulnerability Management. All on one platform.
- netdata/netdata - The open-source observability platform everyone needs!
- ziglang/zig - General-purpose programming language and toolchain for maintaining robust, optimal, and reusable software.
- lucthienphong1120/AIO-Pentesting - All in one Pentest methodologies - Tools and commands | Where compiled all common materials for pentester
- senran101604/sagemode - 👀Sagemode: Track and Unveil Online identities across social media platforms🕵️♂️
- A-poc/RedTeam-Tools - Tools and Techniques for Red Team / Penetration Testing
- owerdogan/whoami-project - Whoami provides enhanced privacy, anonymity for Debian and Arch based linux distributions
- vil/H4X-Tools - Open source toolkit for scraping, OSINT and more.
- trimstray/the-book-of-secret-knowledge - A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
- Lucksi/Mr.Holmes - A Complete Osint Tool 🔍
- jaykali/maskphish - Introducing "URL Making Technology" to the world for the very FIRST TIME. Give a Mask to Phishing URL like a PRO.. A MUST have tool for Phishing.
- undergroundwires/privacy.sexy - Open-source tool to enforce privacy & security best-practices on Windows, macOS and Linux, because privacy is sexy
- calebstewart/pwncat - Fancy reverse and bind shell handler
- gloxec/CrossC2 - generate CobaltStrike's cross-platform payload
- netdata/netdata - The open-source observability platform everyone needs!
- epam/nfstrace - Network file system monitor and analyzer
- PowerShell/PowerShell - PowerShell for every system!
- nathanlopez/Stitch - Python Remote Administration Tool (RAT)
- screetsec/TheFatRat - Thefatrat a massive exploiting tool : Easy tool to generate backdoor and easy tool to post exploitation attack like browser attack and etc . This tool compiles a malware with popular payload and then
- brndnmtthws/conky - Light-weight system monitor for X, Wayland, and other things, too
- future-architect/vuls - Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
- n1nj4sec/pupy - Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C
- FlowiseAI/Flowise - Drag & drop UI to build your customized LLM flow
- brndnmtthws/conky - Light-weight system monitor for X, Wayland, and other things, too
- mlabonne/llm-course - Course to get into Large Language Models (LLMs) with roadmaps and Colab notebooks.
- BishopFox/eyeballer - Convolutional neural network for analyzing pentest screenshots
- freedmand/semantra - Multi-tool for semantic search
- zetavg/LLaMA-LoRA-Tuner - UI tool for fine-tuning and testing your own LoRA models base on LLaMA, GPT-J and more. One-click run on Google Colab. + A Gradio ChatGPT-like Chat UI to demonstrate your language models.
- zarkones/XENA - XENA is the managed remote administration platform for botnet creation & development powered by blockchain and machine learning. Aiming to provide an ecosystem which serves the bot herders. Favoring s
- AvalZ/WAF-A-MoLE - A guided mutation-based fuzzer for ML-based Web Application Firewalls
- iperov/DeepFaceLive - Real-time face swap for PC streaming or video calls
- jonaswinkler/paperless-ng - A supercharged version of paperless: scan, index and archive all your physical documents
- netdata/netdata - The open-source observability platform everyone needs!
- senran101604/sagemode - 👀Sagemode: Track and Unveil Online identities across social media platforms🕵️♂️
- Lucksi/Mr.Holmes - A Complete Osint Tool 🔍
- undergroundwires/privacy.sexy - Open-source tool to enforce privacy & security best-practices on Windows, macOS and Linux, because privacy is sexy
- gloxec/CrossC2 - generate CobaltStrike's cross-platform payload
- lucasjacks0n/EggShell - iOS/macOS/Linux Remote Administration Tool
- PowerShell/PowerShell - PowerShell for every system!
- netdata/netdata - The open-source observability platform everyone needs!
- nheijmans/malzoo - Mass static malware analysis tool
- dreadl0ck/netcap - A framework for secure and scalable network traffic analysis - https://netcap.io
- SwiftOnSecurity/sysmon-config - Sysmon configuration file template with default high-quality event tracing
- monitoringartist/dockbix-xxl - 🐳 Dockerized Zabbix - server, web, proxy, java gateway, snmpd with additional extensions
- netdata/netdata - The open-source observability platform everyone needs!
- SigmaHQ/sigma - Main Sigma Rule Repository
- winsiderss/systeminformer - A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Brought to you by Winsider Seminars & Solutions, Inc. @ http://www.windows-internals.co
- magenx/WAZUH-OSSEC - WAZUH - The Open Source Security Platform Installation
- netdata/netdata - The open-source observability platform everyone needs!
- mayooear/gpt4-pdf-chatbot-langchain - GPT4 & LangChain Chatbot for large PDF docs
- AutoGPTQ/AutoGPTQ - An easy-to-use LLMs quantization package with user-friendly apis, based on GPTQ algorithm.
- tejado/telegram-nearby-map - Discover the location of nearby Telegram users 📡🌍
- devXprite/httpfy - A fast and powerful http toolkit that take a list of domains to find active domains and other information such as status-code, title, response-time , server, content-type and many other
- devXprite/infoooze - A OSINT tool which helps you to quickly find information effectively. All you need is to input and it will take take care of rest.
- tejado/telegram-nearby-map - Discover the location of nearby Telegram users 📡🌍
- laurent22/joplin - Joplin - the secure note taking and to-do app with synchronisation capabilities for Windows, macOS, Linux, Android and iOS.
- hawkeyesec/scanner-cli - A project security/vulnerability/risk scanning tool
- devXprite/httpfy - A fast and powerful http toolkit that take a list of domains to find active domains and other information such as status-code, title, response-time , server, content-type and many other
- devXprite/infoooze - A OSINT tool which helps you to quickly find information effectively. All you need is to input and it will take take care of rest.
- hawkeyesec/scanner-cli - A project security/vulnerability/risk scanning tool
- t3l3machus/Villain - Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities etc) and share them among conn
- devXprite/httpfy - A fast and powerful http toolkit that take a list of domains to find active domains and other information such as status-code, title, response-time , server, content-type and many other
- offensive-hub/black-widow - GUI based offensive penetration testing tool (Open Source)
- devXprite/infoooze - A OSINT tool which helps you to quickly find information effectively. All you need is to input and it will take take care of rest.
- TheHive-Project/TheHive - TheHive: a Scalable, Open Source and Free Security Incident Response Platform
- six2dez/reconftw - reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
- senran101604/sagemode - 👀Sagemode: Track and Unveil Online identities across social media platforms🕵️♂️
- j3ssie/osmedeus - A Workflow Engine for Offensive Security
- r1cksec/thoth - Automate recon for red team assessments.
- alephdata/aleph - Search and browse documents and data; find the people and companies you look for.
- yogeshojha/rengine - reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous mon
- jofpin/trape - People tracker on the Internet: OSINT analysis and research tool by Jose Pino
- soxoj/maigret - 🕵️♂️ Collect a dossier on a person by username from thousands of sites
- CScorza/OSINTAnonymous - Creazione d'identità Fake - Impostazione Privacy Profili Social - Creazione Ambiente di Lavoro
- wssheldon/osintui - OSINT from your favorite services in a friendly terminal user interface - integrations for Virustotal, Shodan, and Censys
- edoardottt/awesome-hacker-search-engines - A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
- atenreiro/opensquat - The openSquat project is an open-source solution for detecting domain look-alikes by searching for newly registered domains that might be impersonating other legit domains.
- devXprite/httpfy - A fast and powerful http toolkit that take a list of domains to find active domains and other information such as status-code, title, response-time , server, content-type and many other
- termuxhackers-id/SIGIT - SIGIT - Simple Information Gathering Toolkit
- p1ngul1n0/blackbird - An OSINT tool to search for accounts by username in social networks.
- j3ssie/metabigor - OSINT tools and more but without API ke
- ksharinarayanan/SourceWolf - Amazingly fast response crawler to find juicy stuff in the source code! 😎🔥
- devXprite/infoooze - A OSINT tool which helps you to quickly find information effectively. All you need is to input and it will take take care of rest.
- Malfrats/OSINT-Map - 🗺 A map of OSINT tools.
- danieldurnea/FBI-tools - 🕵️ OSINT Tools for gathering information and actions forensics 🕵️
- vil/H4X-Tools - Open source toolkit for scraping, OSINT and more.
- cipher387/osint_stuff_tool_collection - A collection of several hundred online tools for OSINT
- Lucksi/Mr.Holmes - A Complete Osint Tool 🔍
- v4d1/Dome - Dome - Subdomain Enumeration Tool. Fast and reliable python script that makes active and/or passive scan to obtain subdomains and search for open ports.
- ItIsMeCall911/Awesome-Telegram-OSINT - 📚 A Curated List of Awesome Telegram OSINT Tools, Sites & Resources
- khast3x/h8mail - Email OSINT & Password breach hunting tool, locally or using premium services. Supports chasing down related email
- intelowlproject/IntelOwl - IntelOwl: manage your Threat Intelligence at scale
- s0md3v/Photon - Incredibly fast crawler designed for OSINT.
- leebaird/discover - Custom bash scripts used to automate various penetration testing tasks including recon, scanning, enumeration, and malicious payload creation using Metasploit. For use with Kali Linux.
- lockfale/OSINT-Framework - OSINT Framework
- ivre/ivre - Network recon framework. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, collect and analyse network intelligenc
- neokd/NeoGPT - Chat effortlessly with Documents, YouTube Videos,Code, and Social Media Chats. Your go-to for quick and smart interactions! 🤖💬
- Tib3rius/AutoRecon - AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.
- PromtEngineer/localGPT - Chat with your documents on your local device using GPT models. No data leaves your device and 100% private.
- Pwn3rzs/HAK5-C2-License-Toolkit - Golang tool to help in forcing a license for HAK5 C2 Tool
- lucthienphong1120/TryHackMe-CTF - TryHackMe CTF writeups
- SiriusScan/Sirius -
- hmaverickadams/breach-parse - A tool for parsing breached passwords
- rahulnyk/knowledge_graph - Convert any text to a graph of knowledge. This can be used for Graph Augmented Generation or Knowledge Graph based QnA
- tonywangcn/distributed-web-crawler - The Architecture of a Web Crawler: Building a Google-Inspired Distributed Web Crawler
- sensity-ai/dot - The Deepfake Offensive Toolkit
- tomnomnom/httprobe - Take a list of domains and probe for working HTTP and HTTPS servers
- docker/genai-stack - Langchain + Docker + Neo4j + Ollama
- DragoQCC/HardHatC2 - A C# Command & Control framework
- ConvoStack/convostack - Plug and play embeddable AI chatbot widget and backend deployment framework
- csBlueChip/FlipperZero_plugin_howto - A simple plugin for the FlipperZero written as a tutorial example [ie. excessive documentation & error handling]
- FroggMaster/FlipperZero - A Collection of Flipper Zero Scripts / Applications / ETC...
- reworkd/AgentGPT - 🤖 Assemble, configure, and deploy autonomous AI Agents in your browser.
- deep-floyd/IF -
- P3t3rp4rk3r/Threat_Intelligence - Threat-Intelligence Feeds & Tools & Frameworks
- RomanRII/jenkins-strike - Cobalt Strike profile generator using Jenkins to automate the heavy lifting
- mgeeky/ProtectMyTooling - Multi-Packer wrapper letting us daisy-chain various packers, obfuscators and other Red Team oriented weaponry. Featured with artifacts watermarking, IOCs collection & PE Backdooring. You feed it with
- Ignitetechnologies/BurpSuite-For-Pentester - This cheatsheet is built for the Bug Bounty Hunters and penetration testers in order to help them hunt the vulnerabilities from P4 to P1 solely and completely with "BurpSuite".
- j3ssie/go-auxs - Collection of auxiliary command line tools
- mazen160/secrets-patterns-db - Secrets Patterns DB: The largest open-source Database for detecting secrets, API keys, passwords, tokens, and more.
- bublint/ue5-llama-lora - A proof-of-concept project that showcases the potential for using small, locally trainable LLMs to create next-generation documentation tools.
- oobabooga/text-generation-webui - A Gradio web UI for Large Language Models. Supports transformers, GPTQ, AWQ, EXL2, llama.cpp (GGUF), Llama models.
- Significant-Gravitas/Auto-GPT-Plugins - Plugins for Auto-GPT
- YaS5in3/Bug-Bounty-Wordlists -
- 0xmaximus/Galaxy-Bugbounty-Checklist - Tips and Tutorials for Bug Bounty and also Penetration Tests.
- dafthack/CloudPentestCheatsheets - This repository contains a collection of cheatsheets I have put together for tools related to pentesting organizations that leverage cloud providers.
- michalmalik/linux-re-101 - A collection of resources for linux reverse engineering
- LetsDefend/SOC-Interview-Questions - SOC Interview Questions
- p0dalirius/Coercer - A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.
- CScorza/CORPINT-Corporate-Intelligence - CORPINT - Corporate / Business Intelligence
- rabobank-cdc/DeTTECT - Detect Tactics, Techniques & Combat Threats
- Xyntax/Drystan - Automated information gathering tool for pentest
- HavocFramework/Havoc - The Havoc Framework.
- ion-storm/sysmon-config - Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events w
- ItsCyberAli/Phishing-Templates - Use This At Your Own Risk I Am Not Involved In Anything You Do With These Templates, This Is For Research Purposes Only! Apart From That I Like Developing Frontend Stuff From Time To Time & Will Be Up
- ItsCyberAli/The-Soaring-Eagle - A CLI C2 developed for people who want to learn more about C2 development and malware development to better understand their red team operations.
- bing0o/SubEnum - bash script for Subdomain Enumeration
- S3cur3Th1sSh1t/OffensiveVBA - This repo covers some code execution and AV Evasion methods for Macros in Office documents
- ufrisk/MemProcFS - MemProcFS
- fire1ce/eicar-standard-antivirus-test-files - eicar standard antivirus test files
- lutzenfried/Methodology -
- MalwareArchaeology/ARTHIR - ATT&CK Remote Threat Hunting Incident Response
- vdrmota/Social-Media-and-Contact-Info-Extractor - Run this scraper for free: https://apify.com/vdrmota/contact-info-scraper
- tegal1337/CiLocks - Crack Interface lockscreen, Metasploit and More Android/IOS Hacking
- fin3ss3g0d/evilgophish - evilginx3 + gophish
- sinwindie/OSINT - Collections of tools and methods created to aid in OSINT collection
- DefensiveOrigins/DO-LAB -
- gyoisamurai/GyoiThon - GyoiThon is a growing penetration test tool using Machine Learning.
- WithSecureLabs/C3 - Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing offensive toolkits.
- jstnk9/ETW-Almulahaza - ETW-Almulahaza is a consumer python-based tool that help you monitor ETW events of the operating system
- makdosx/mip22 - 💻 📱 mip22 is a advanced phishing tool
- vanhoefm/fragattacks -
- skelsec/octopwnweb - OctoPwn in your browser
- jallphin/red-team-server - Red Team Server (RTS)
- sans-blue-team/DeepBlueCLI -
- ExpLangcn/agartha - a burp extension for dynamic payload generation to detect injection flaws (RCE, LFI, SQLi), creates access matrix based user sessions to spot authentication/authorization issues, and converts Http req
- blacklanternsecurity/MANSPIDER - Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!
- ibr0wse/RedTeam-PenTest-Cheatsheet-Checklist - Red Teaming and Penetration Testing Checklist, Cheatsheet, Clickscript
- dmcxblue/RedTeam - Red Team Tools
- randorisec/MobileHackingCheatSheet - Basics on commands/tools/info on how to assess the security of mobile applications
- netbiosX/Checklists - Red Teaming & Pentesting checklists for various engagements
- moaistory/WinSearchDBAnalyzer - http://moaistory.blogspot.com/2018/10/winsearchdbanalyzer.html
- hackerschoice/segfault -
- tropChaud/webpage2attack - Generate portable TTP intelligence from a web-based report
- hackerschoice/thc-tips-tricks-hacks-cheat-sheet - Various tips & tricks
- ossf/package-analysis - Open Source Package Analysis
- RenwaX23/XSSTRON - Electron JS Browser To Find XSS Vulnerabilities Automatically
- aniqfakhrul/Sharperner - Simple executable generator with encrypted shellcode.
- password123456/malwarescanner - Simple Malware Scanner written in python
- KathanP19/JSFScan.sh - Automation for javascript recon in bug bounty.
- ericpd/hook-pentester - HOOK-Worm Pentest the Modern Web
- outflanknl/C2-Tool-Collection - A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques.
- mttaggart/OffensiveNotion - Notion as a platform for offensive operations
- htr-tech/zphisher - An automated phishing tool with 30+ templates. This Tool is made for educational purpose only ! Author will not be responsible for any misuse of this toolkit !
- zBreeez3y/EzEnum - A simple Bash script to automate some organization and repetitive tasks while doing TryHackMe or HackTheBox machines
- fastfire/deepdarkCTI - Collection of Cyber Threat Intelligence sources from the deep and dark web
- cipher387/cipher387.github.io - Repo for site with links to my projects
- sowdust/tafferugli - Tafferugli is a Twitter Analysis Framework
- Project-Prismatica/Diagon - The Diagon Attack Framework is a Prismatica application containing the Ravenclaw, Gryffindor, and Slytherin remote access tools (RATs).
- nodauf/GoMapEnum - User enumeration and password bruteforce on Azure, ADFS, OWA, O365, Teams and gather emails on Linkedin
- FourCoreLabs/firedrill - firedrill is a malware simulation harness for evaluating your security controls
- bonjourmalware/melody - Melody is a transparent internet sensor built for threat intelligence. Supports custom tagging rules and vulnerable application simulation.
- cyb3rfox/Aurora-Incident-Response - Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders
- IR0DayToday/Xerosploit-PY3 - Xerosploit based on python3 rooling done !
- SnaffCon/Snaffler - a tool for pentesters to help find delicious candy, by @l0ss and @Sh3r4 ( Twitter: @/mikeloss and @/sh3r4_hax )
- josh0xA/rrgen - A Header Only C++ Library for Storing Safe, Randomly Generated Data Into Modern Containers
- openbullet/OpenBullet2 - OpenBullet reinvented
- krabelize/icmpdoor - ICMP Reverse Shell written in Python 3 and with Scapy (backdoor/rev shell)
- Intellisec-Solutions/Sentinel2D3FEND - This code snippet retrieves Azure Sentinel rules that are mapped to MITRE ATT&CK Framework and generates the related MITRE D3FEND defenses
- alphaSeclab/injection-stuff - PE Injection、DLL Injection、Process Injection、Thread Injection、Code Injection、Shellcode Injection、ELF Injection、Dylib Injection, including 400+Tools and 350+posts
- Etisalat-Egypt/Rodan - Rodan Exploitation Framework
- josh0xA/darkdump - Search The Deep Web Straight From Your Terminal (Ahmia.fi interface)
- dlegs/php-jpeg-injector - Injects php payloads into jpeg images
- sysdream/hershell - Hershell is a simple TCP reverse shell written in Go.
- Mr-Un1k0d3r/EDRs -
- aslitsecurity/CVE-2021-40444_builders - This repo contain builders of cab file, html file, and docx file for CVE-2021-40444 exploit
- deptofdefense/AndroidTacticalAssaultKit-CIV -
- Tylous/ZipExec - A unique technique to execute binaries from a password protected zip
- bigb0sss/gogophish - Fly into Gophish with One Click (Infra Automation)
- f0rb1dd3n/Reptile - LKM Linux rootkit
- cyberheartmi9/PayloadsAllTheThings -
- splunk/attack_range - A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk
- PacktPublishing/Ghidra-Software-Reverse-Engineering-for-Beginners - Software Reverse Engineering with Ghidra, published by Packt
- its-a-feature/Mythic - A collaborative, multi-platform, red teaming framework
- SamJoan/droopescan - A plugin-based scanner that aids security researchers in identifying issues with several CMSs, mainly Drupal & Silverstripe.
- SusmithKrishnan/torghost - TorGhost is an anonymization script. TorGhost redirects all internet traffic through SOCKS5 tor proxy. DNS requests are also redirected via tor, thus preventing DNSLeak. The scripts also disables unsa
- Udyz/nuclei-templates - Community curated list of templates for the nuclei engine to find security vulnerabilities.
- keydet89/RegRipper3.0 - RegRipper3.0
- XploitWizer-Community/XploitSPY - XploitSPY is an Android Monitoring Tool
- capt-meelo/Beaconator - A beacon generator using Cobalt Strike and a variety of tools.
- cipher387/Advanced-search-operators-list - List of the links to the docs for different services, which explain using of advanced search operators
- mgeeky/ThreadStackSpoofer - Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.
- 0sm0s1z/Voltaire - Web application to create indexes for GIAC certification examinations.
- chris-short/sptoolkit - Simple Phishing Toolkit is a super easy to install and use phishing framework built to help Information Security professionals find human vulnerabilities
- SecurityRiskAdvisors/VECTR - VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities across different attack scenarios
- LOLBAS-Project/LOLBAS - Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
- vysecurity/DomainFrontingLists - A list of Domain Frontable Domains by CDN
- pstirparo/mac4n6 - Collection of forensics artifacts location for Mac OS X and iOS
- kaonashi-passwords/Kaonashi - Wordlist, rules and masks from Kaonashi project (RootedCON 2019)
- ropnop/kerbrute - A tool to perform Kerberos pre-auth bruteforcing
- danielmiessler/SecLists - SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensi
- dievus/threader3000 - Multi-threaded Python Port Scanner with Nmap Integration
- Raikia/Kali-Setup - Script for Kali that adds a bunch of tools and customizes it to be much better
- balgan/binaryedge-cheatsheet - A list of queries and actions that I repeat over and over again
- infosecn1nja/MaliciousMacroMSBuild - Generates Malicious Macro and Execute Powershell or Shellcode via MSBuild Application Whitelisting Bypass.
- infosecn1nja/awesome-mitre-attack - A curated list of awesome resources related to Mitre ATT&CK™ Framework
- Neo23x0/vti-dorks - Awesome VirusTotal Intelligence Search Queries
- kevthehermit/VolUtility - Web App for Volatility framework
- cert-ee/s4a - S4A main repository. SaltStack states, install script and build scripts
- LiamRandall/BroMalware-Exercise -
- CIRCL/url-abuse - URL Abuse - A Versatile Software for URL review, analysis and black-list reporting
- corelight/http-stalling-detector - Detect HTTP stalling attacks like slowloris with Bro
- thinkst/opencanary - Modular and decentralised honeypot
- Pr0teus/aleph-docker - An docker compose to quickly load your Aleph for malware analysis.
- merces/aleph - An Open Source Malware Analysis Pipeline System
- kost/dvcs-ripper - Rip web accessible (distributed) version control systems: SVN/GIT/HG...
- AlessandroZ/LaZagne - Credentials recovery project
- avast/retdec - RetDec is a retargetable machine-code decompiler based on LLVM.
- firehol/blocklist-ipsets - ipsets dynamically updated with firehol's update-ipsets.sh script
- warquel/ppdecode - Proofpoint URL Decoder
- miguelraulb/spamhat - Spam Honeypot Tool
- phin3has/mailoney - An SMTP Honeypot
- cryptolok/MorphAES - IDPS & SandBox & AntiVirus STEALTH KILLER. MorphAES is the world's first polymorphic shellcode engine, with metamorphic properties and capability to bypass sandboxes, which makes it undetectable for a
- G4LB1T/SmoothCriminal - Detect sandbox by cursor movement speed
- Mr-Un1k0d3r/DKMC - DKMC - Dont kill my cat - Malicious payload evasion tool
- Mr-Un1k0d3r/MaliciousMacroGenerator - Malicious Macro Generator
- coolacid/logstash-filter-virustotal - Virustotal Lookup filter for Logstash
- ntop/PF_RING - High-speed packet processing framework
- sensepost/rattler - Automated DLL Enumerator
- trustedsec/nps_payload - This script will generate payloads for basic intrusion detection avoidance. It utilizes publicly demonstrated techniques from several different sources. Written by Larry Spohn (@Spoonman1091) Payload
- danielbohannon/Revoke-Obfuscation - PowerShell Obfuscation Detection Framework
- wbenny/mini-tor - proof-of-concept implementation of tor protocol using Microsoft CNG/CryptoAPI
- AonCyberLabs/Windows-Exploit-Suggester - This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploit
- M66B/XPrivacy - XPrivacy - The ultimate, yet easy to use, privacy manager
- apache/metron - Apache Metron
- gamelinux/passivedns - A network sniffer that logs all DNS server replies for use in a passive DNS setup
- athana/Splunk4FireEye - Splunk app for FireEye
- spcampbell/FireStic - A Python script for indexing (putting) FireEye alert data into Elasticsearch...and notifying you too.
- biggiesmallsAG/nightHawkResponse - Incident Response Forensic Framework
- stamparm/DSSS - Damn Small SQLi Scanner
- bhdresh/CVE-2017-0199 - Exploit toolkit CVE-2017-0199 - v4.0 is a handy python script which provides pentesters and security researchers a quick and effective way to test Microsoft Office RCE. It could generate a malicious R
- Xumeiquer/yara-forensics - Set of Yara rules for finding files using magics headers
- z0noxz/powerstager - A payload stager using PowerShell
- Miserlou/omnihash - Hash files, strings, input streams and network resources in various common algorithms simultaneously
- kgretzky/evilginx - PLEASE USE NEW VERSION: https://github.com/kgretzky/evilginx2
- roj4s/Malshare-Crawler - A CGI program that consumes from the malshare.com API alowing to obtain info and to download malware samples.
- maltelligence/maltelligence - a Malware/Threat Analyst Desktop
- clausing/scripts -
- yeti-platform/yeti - Your Everyday Threat Intelligence
- smxlabs/LAMMA-beta - Vulnerability Assessment and Auditing Framework for all the Crypto Implementations.
- PayloadSecurity/VxAPI - A generic interface and CLI for all endpoints of the Falcon Sandbox API
- Neo23x0/signature-base - YARA signature and IOC database for my scanners and tools
- Neo23x0/yarAnalyzer - Yara Rule Analyzer and Statistics
- Pepitoh/VBad - VBA Obfuscation Tools combined with an MS office document generator
- kevthehermit/malwareconfig-miner - MineMeld Miner for Malwareconfig.com C2 Domains
- kevthehermit/DuckToolkit - Encoding Tools for Rubber Ducky
- tehsyntx/loffice - Lazy Office Analyzer
- pwnieexpress/raspberry_pwn - A Raspberry Pi pentesting suite by Pwnie Express
- ChrisRimondi/VulntoES - Vulnerability Data in ES
- xme/mail2ioc - Fork of ioc_parser script to extract IOC's from emails
- itsreallynick/office-crackros - Crack your macros like the math pros.
- michael-yip/ThreatTracker - ThreatTracker is a Python script designed to monitor and generate alerts on given sets of indicators of compromise (IOCs) indexed by a set of Google Custom Search Engines.
- cysinfo/PyMal - PyMal is a python based interactive Malware Analysis Framework. It is built on the top of three pure python programes Pefile, Pydbg and Volatility.
- 1N3/Findsploit - Find exploits in local and online databases instantly
- GlacierW/MBA - Malware Behavior Analyzer
- nsmfoo/antivmdetection - Script to create templates to use with VirtualBox to make vm detection harder
- orlikoski/Skadi - Collect, Process, and Hunt with host based data from MacOS, Windows, and Linux
- phage-nz/ph0neutria - ph0neutria is a malware zoo builder that sources samples straight from the wild. Everything is stored in Viper for ease of access and manageability.
- EmersonElectricCo/fsf - File Scanning Framework
- jesparza/peepdf - Powerful Python tool to analyze PDF documents
- NytroRST/NetRipper - NetRipper - Smart traffic sniffing for penetration testers
- caradoc-org/caradoc - A PDF parser and validator
- Veil-Framework/Veil - Veil 3.1.X (Check version info in Veil at runtime)
- r00t-3xp10it/morpheus - Morpheus - Automating Ettercap TCP/IP (MITM-hijacking Tool)
- r00t-3xp10it/backdoorppt - transform your payload.exe into one fake word doc (.ppt)
- mikeryan/crackle - Crack and decrypt BLE encryption
- sethlaw/sputr - Security Payload Unit Test Repository (SPUTR)
- byt3bl33d3r/gcat - A PoC backdoor that uses Gmail as a C&C server
- LordNoteworthy/al-khaser - Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
- decalage2/exefilter - ExeFilter is an open-source tool and framework to filter file formats in e-mails, web pages or files. It detects many common file formats and can remove active content (scripts, macros, etc) according
- RoliSoft/ReconScan - Network reconnaissance and vulnerability assessment tools.
- williballenthin/EVTXtract - EVTXtract recovers and reconstructs fragments of EVTX log files from raw binary data, including unallocated space and memory images.
- moranned/hostnameFinder - Tool to discover previously unknown hosts at known domains
- JC-SoCal/GIPC - Geographical IP Correlation
- fireeye/OpenIOC_1.1 -
- FSecureLABS/wePWNise - WePWNise generates architecture independent VBA code to be used in Office documents or templates and automates bypassing application control and exploit mitigation software.
- trustedsec/unicorn - Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique presented
- tomchop/malcom - Malcom - Malware Communications Analyzer
- looterz/grimd - ⚡ fast dns proxy that can run anywhere, built to black-hole internet advertisements and malware servers
- FeeiCN/Cobra - Source Code Security Audit (源代码安全审计)
- rmmh/abbrase - password generation based on abbreviating phrases made with markov chains
- RUB-NDS/PRET - Printer Exploitation Toolkit - The tool that made dumpster diving obsolete.
- hatching/vmcloak - Automated Virtual Machine Generation and Cloaking for Cuckoo Sandbox.
- dutchcoders/ares - Phishing toolkit for red teams and pentesters.
- google/glazier - A tool for automating the installation of the Microsoft Windows operating system on various device platforms.
- ThomasTJdev/WMD - Python framework for IT security tools
- cldrn/rainmap-lite - Rainmap Lite - Responsive web based interface that allows users to launch Nmap scans from their mobiles/tablets/web browsers!
- HPE-AppliedSecurityResearch/maltese - Maltese - Malware Traffic Emulator
- psaneme/Kung-Fu-Malware -
- s4n7h0/Halcyon-IDE - First IDE for Nmap Script (NSE) Development.
- sensepost/DET - (extensible) Data Exfiltration Toolkit (DET)
- DataSploit/datasploit - An #OSINT Framework to perform various recon techniques on Companies, People, Phone Number, Bitcoin Addresses, etc., aggregate all the raw data, and give data in multiple formats.
- idanr1986/droidmon - Dalvik Monitoring Framework for CuckooDroid
- gabemarshall/Brosec - Brosec - An interactive reference tool to help security professionals utilize useful payloads and commands.
- tkmru/maruko - malware crawler inspired by 'ちびまる子ちゃん'
- tylabs/qs_old - Command line tool for scanning streams within office documents plus xor db attack
- joxeankoret/cosa-nostra - Cosa Nostra, a FOSS graph based malware clusterization toolkit.
- rapid7/metasploitable3 - Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities.
- ysrc/F-Scrack - F-Scrack is a single file bruteforcer supports multi-protocol
- abdesslem/malwareHunter - Static and automated/dynamic malware analysis
- citizenlab/malware-signatures - Yara rules for malware families seen as part of targeted threats project
- JonnyHightower/neet - Neet - Network Enumeration and Exploitation Tool
- endwall2/endware - The Endware Suite
- samyk/poisontap - Exploits locked/password protected computers over USB, drops persistent WebSocket-based backdoor, exposes internal router, and siphons cookies using Raspberry Pi Zero & Node.js.
- samratashok/Kautilya - Kautilya - Tool for easy use of Human Interface Devices for offensive security and penetration testing.
- mkorman90/VolatilityBot - VolatilityBot – An automated memory analyzer for malware samples and memory dumps
- google/rekall - Rekall Memory Forensic Framework
- entropy1337/infernal-twin - wireless hacking - This is automated wireless hacking tool
- kbandla/dpkt - fast, simple packet creation / parsing, with definitions for the basic TCP/IP protocols
- HurricaneLabs/machinae - Machinae Security Intelligence Collector
- robbyFux/Ragpicker - Ragpicker is a Plugin based malware crawler with pre-analysis and reporting functionalities. Use this tool if you are testing antivirus products, collecting malware for another analyzer/zoo.
- aptnotes/data - APTnotes data
- DidierStevens/DidierStevensSuite - Please no pull requests for this repository. Thanks!
- PowerShellMafia/PowerSploit - PowerSploit - A PowerShell Post-Exploitation Framework
- curi0usJack/luckystrike - A PowerShell based utility for the creation of malicious Office macro documents.
- sensepost/autoDANE - Auto Domain Admin and Network Exploitation.
- secgroundzero/warberry - WarBerryPi - Tactical Exploitation
- intercepter-ng/intercepter-ng.github.io - mirror
- Sh1n0g1/ShinoBOT - RAT / Botnet Simulator for pentest / education
- dineshshetty/Android-InsecureBankv2 - Vulnerable Android application for developers and security enthusiasts to learn about Android insecurities
- petabi/sniffles - Sniffles: Packet Capture Generator for IDS and Regular Expression Evaluation
- jzadeh/aktaion - Aktaion: Open Source ML tool and data samples for Exploit and Phishing Research
- codexgigassys/codex-backend - Codex Gigas malware DNA profiling search engine discovers malware patterns and characteristics assisting individuals who are attracted in malware hunting.
- elima/FileTea - Web-based anonymous file-sharing service
- lolwaleet/BannerGrab - ~ BannerGrab
- salesforce/vulnreport - Open-source pentesting management and automation platform by Salesforce Product Security
- RPISEC/Malware - Course materials for Malware Analysis by RPISEC
- secretsquirrel/Krakatau - Java decompiler, assembler, and disassembler
- secretsquirrel/backdoor-apk - backdoor-apk is a shell script that simplifies the process of adding a backdoor to any Android APK file. Users of this shell script should have working knowledge of Linux, Bash, Metasploit, Apktool, t
- secretsquirrel/recomposer - Randomly changes Win32/64 PE Files for 'safer' uploading to malware and sandbox sites.
- offensive-security/exploitdb - The legacy Exploit Database repository - New repo located at https://gitlab.com/exploit-database/exploitdb
- da667/Autosnort - Repo for autosnort scripts.
- averagesecurityguy/blue - Scripts that are suited for blue teams
- averagesecurityguy/cheat-sheets - Various Cheat Sheets related to development and security
- trustedsec/tap - The TrustedSec Attack Platform is a reliable method for droppers on an infrastructure in order to ensure established connections to an organization.
- trustedsec/ptf - The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.
- joxeankoret/multiav - MultiAV scanner with Python and JSON API. Disclaimer: I don't maintain it any more.
- rampageX/paping - Automatically exported from code.google.com/p/paping
- philwantsfish/shard - A command line tool to detect shared passwords
- ciscocsirt/malspider - Malspider is a web spidering framework that detects characteristics of web compromises.
- philhagen/sof-elk - Configuration files for the SOF-ELK VM, used in SANS FOR572
- Ptr32Void/OSTrICa -
- mandiant/flare-floss - FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.
- mandiant/flare-fakenet-ng - FakeNet-NG - Next Generation Dynamic Network Analysis Tool
- JamesHabben/evolve - Web interface for the Volatility Memory Forensics Framework
- rfxn/linux-malware-detect - Linux Malware Detection (LMD)
- decalage2/balbuzard - Balbuzard is a package of malware analysis tools in python to extract patterns of interest from suspicious files (IP addresses, domain names, known file headers, interesting strings, etc). It can als
- tatanus/SPF - SpeedPhishing Framework
- theintercept/sidtoday - Snowden Archive: The SIDtoday Files
- EC-DIGIT-CSIRC/VirusTotal-Tools -
- pevma/rule2alert - Improvements of/over the original rule2alert
- TravisFSmith/SweetSecurity - Network Security Monitoring on Raspberry Pi type devices
- davehull/Kansa - A Powershell incident response framework
- Invoke-IR/PowerForensics - PowerForensics provides an all in one platform for live disk forensic analysis
- google/grr - GRR Rapid Response: remote live forensics for incident response
- spender-sandbox/cuckoo-modified - Modified edition of cuckoo
- monnappa22/Limon - Limon is a sandbox developed as a research project written in python, which automatically collects, analyzes, and reports on the run time indicators of Linux malware. It allows one to inspect Linux ma
- corkami/docs - documentations, slides decks...
- corkami/pics - File formats explanations, logos redrawing...
- corkami/pocs - Proof of Concepts (PE, PDF...)
- JonDoNym/peinjector - peinjector - MITM PE file infector
- iniqua/plecost - Plecost - Wordpress finger printer Tool
- kevthehermit/RATDecoders - Python Decoders for Common Remote Access Trojans
- Yara-Rules/rules - Repository of yara rules
- brad-sp/community-modified - Modified edition of cuckoo community modules
- brad-sp/cuckoo-modified - Modified edition of cuckoo
- 504ensicsLabs/DAMM - Differential Analysis of Malware in Memory
- 504ensicsLabs/LiME - LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android. The tool supports acquiring
- wmetcalf/buildcuckoo-trusty - A dumb set of scripts for building a cuckoo rig
- seanthegeek/phishforall - A USB phishing evaluation platform
- seanthegeek/etupdate - Updates the Emerging Threats open ruleset for Suricata
- crits/crits_services - CRITs Services Collection
- crits/crits - CRITs - Collaborative Research Into Threats
- cuckoosandbox/cuckoo - Cuckoo Sandbox is an automated dynamic malware analysis system
- PaulSec/twittor - A fully featured backdoor that uses Twitter as a C&C server
- wszf/androrat - androrat
- utkusen/hidden-tear - an open source ransomware honeypot
- davidoren/CuckooSploit - An environment for comprehensive, automated analysis of web-based exploits, based on Cuckoo sandbox.
- ChrisTruncer/PenTestScripts - Scripts that are useful for me on pen tests
- ChrisTruncer/mikto - Script to automate, manage, and multithread Nikto scans.
- galkan/crowbar - Crowbar is brute forcing tool that can be used during penetration tests. It is developed to support protocols that are not currently supported by thc-hydra and other popular brute forcing tools.
- jtibaquira/nsearch - minimal script to help find script into the nse database
- sensepost/mana - DEPRECATED mana toolkit for wifi rogue AP attacks and MitM
- galkan/tools - Tools that are related to pentest and network security
- RedSiege/Just-Metadata - Just-Metadata is a tool that gathers and analyzes metadata about IP addresses. It attempts to find relationships between systems within a large dataset.
- galkan/flashlight - Pentesters spend too much time during information gathering phase. Flashlight (Fener) provides services to scan network/ports and gather information rapidly on target networks. So Flashlight should be
- BahtiyarB/heybe - Penetration testing automation toolkit
- omriher/CapTipper - Malicious HTTP traffic explorer
- Rurik/Noriben - Noriben - Portable, Simple, Malware Analysis Sandbox
- idanr1986/cuckoo-droid - CuckooDroid - Automated Android Malware Analysis with Cuckoo Sandbox.
- hiro4848/sphinx -
- soxoj/maigret - 🕵️♂️ Collect a dossier on a person by username from thousands of sites
- log2timeline/plaso - Super timeline all the things
- gchq/CyberChef - The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis
- six2dez/reconftw - reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
- j3ssie/osmedeus - A Workflow Engine for Offensive Security
- lucthienphong1120/AIO-Pentesting - All in one Pentest methodologies - Tools and commands | Where compiled all common materials for pentester
- crond-jaist/AutoPentest-DRL - AutoPentest-DRL: Automated Penetration Testing Using Deep Reinforcement Learning
- A-poc/RedTeam-Tools - Tools and Techniques for Red Team / Penetration Testing
- yogeshojha/rengine - reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous mon
- trickest/cve - Gather and update all available and newest CVEs with their PoC.
- baguswiratmaadi/reverie - Automated Pentest Tools Designed For Parrot Linux
- t3l3machus/Villain - Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities etc) and share them among conn
- eslam3kl/3klCon - Automation Recon tool which works with Large & Medium scopes. It performs a lot of tasks and gets back all the results in separated files.
- OWASP/Nettacker - Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
- GamehunterKaan/AutoPWN-Suite - AutoPWN Suite is a project for scanning vulnerabilities and exploiting systems automatically.
- moeinfatehi/Backup-Finder - A burp suite extension that reviews backup, old, temporary and unreferenced files on web server for sensitive information (OWASP WSTG-CONF-04, OTG-CONFIG-004)
- offensive-hub/black-widow - GUI based offensive penetration testing tool (Open Source)
- danieldurnea/FBI-tools - 🕵️ OSINT Tools for gathering information and actions forensics 🕵️
- signorrayan/RedTeam_toolkit - Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools used in the red-teaming together.
- v4d1/Dome - Dome - Subdomain Enumeration Tool. Fast and reliable python script that makes active and/or passive scan to obtain subdomains and search for open ports.
- knassar702/scant3r - ScanT3r - Module based Bug Bounty Automation Tool ( use Lotus instead github.com/bugBlocker/lotus )
- jakejarvis/awesome-shodan-queries - 🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩💻
- samratashok/nishang - Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
- 1N3/Sn1per - Attack Surface Management Platform
- swisskyrepo/PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
- screetsec/Brutal - Payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy . Brutal is a toolkit to quickly create various payload,powers
- averagesecurityguy/scripts - Scripts I use during pentest engagements.
- pentestgeek/phishing-frenzy - Ruby on Rails Phishing Framework
- six2dez/reconftw - reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
- j3ssie/osmedeus - A Workflow Engine for Offensive Security
- lucthienphong1120/AIO-Pentesting - All in one Pentest methodologies - Tools and commands | Where compiled all common materials for pentester
- yogeshojha/rengine - reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous mon
- trickest/cve - Gather and update all available and newest CVEs with their PoC.
- zarkones/XENA - XENA is the managed remote administration platform for botnet creation & development powered by blockchain and machine learning. Aiming to provide an ecosystem which serves the bot herders. Favoring s
- t3l3machus/Villain - Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities etc) and share them among conn
- OWASP/Nettacker - Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
- GamehunterKaan/AutoPWN-Suite - AutoPWN Suite is a project for scanning vulnerabilities and exploiting systems automatically.
- moeinfatehi/Backup-Finder - A burp suite extension that reviews backup, old, temporary and unreferenced files on web server for sensitive information (OWASP WSTG-CONF-04, OTG-CONFIG-004)
- DavidProbinsky/RedTeam-Physical-Tools - Red Team Toolkit - A curated list of tools that are commonly used in the field for Physical Security, Red Teaming, and Tactical Covert Entry.
- p1ngul1n0/blackbird - An OSINT tool to search for accounts by username in social networks.
- j3ssie/metabigor - OSINT tools and more but without API ke
- danieldurnea/FBI-tools - 🕵️ OSINT Tools for gathering information and actions forensics 🕵️
- UndeadSec/SocialFish - Phishing Tool & Information Collector
- v4d1/Dome - Dome - Subdomain Enumeration Tool. Fast and reliable python script that makes active and/or passive scan to obtain subdomains and search for open ports.
- six2dez/pentest-book -
- hak5/bashbunny-payloads - The Official Bash Bunny Payload Repository
- knassar702/scant3r - ScanT3r - Module based Bug Bounty Automation Tool ( use Lotus instead github.com/bugBlocker/lotus )
- knownsec/pocsuite3 - pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.
- diego-treitos/linux-smart-enumeration - Linux enumeration tool for pentesting and CTFs with verbosity levels
- jakejarvis/awesome-shodan-queries - 🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩💻
- Ciphey/Ciphey - ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
- mantvydasb/RedTeaming-Tactics-and-Techniques - Red Teaming Tactics and Techniques
- infosecn1nja/Red-Teaming-Toolkit - This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
- vesche/scanless - online port scan scraper
- leebaird/discover - Custom bash scripts used to automate various penetration testing tasks including recon, scanning, enumeration, and malicious payload creation using Metasploit. For use with Kali Linux.
- 1N3/Sn1per - Attack Surface Management Platform
- bluscreenofjeff/Red-Team-Infrastructure-Wiki - Wiki to collect Red Team infrastructure hardening resources
- nccgroup/redsnarf - RedSnarf is a pen-testing / red-teaming tool for Windows environments
- byt3bl33d3r/CrackMapExec - A swiss army knife for pentesting networks
- pentestgeek/phishing-frenzy - Ruby on Rails Phishing Framework
- n1nj4sec/pupy - Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C
- interference-security/empire-web - PowerShell Empire Web Interface
- netdata/netdata - The open-source observability platform everyone needs!
- Purp1eW0lf/Blue-Team-Notes - You didn't think I'd go and leave the blue team out, right?
- ANSSI-FR/DFIR-O365RC - PowerShell module for Office 365 and Azure log collection
- Idov31/MrKaplan - MrKaplan is a tool aimed to help red teamers to stay hidden by clearing evidence of execution.
- nccgroup/Winpayloads - Undetectable Windows Payload Generation
- interference-security/empire-web - PowerShell Empire Web Interface
- D4Vinci/Dr0p1t-Framework - A framework that create an advanced stealthy dropper that bypass most AVs and have a lot of tricks
- samratashok/nishang - Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
- PowerShell/PowerShell - PowerShell for every system!
- Genetic-Malware/Ebowla - Framework for Making Environmental Keyed Payloads (NO LONGER SUPPORTED)
- byt3bl33d3r/CrackMapExec - A swiss army knife for pentesting networks
- CScorza/OSINTAnonymous - Creazione d'identità Fake - Impostazione Privacy Profili Social - Creazione Ambiente di Lavoro
- owerdogan/whoami-project - Whoami provides enhanced privacy, anonymity for Debian and Arch based linux distributions
- tejado/telegram-nearby-map - Discover the location of nearby Telegram users 📡🌍
- undergroundwires/privacy.sexy - Open-source tool to enforce privacy & security best-practices on Windows, macOS and Linux, because privacy is sexy
- fhstp/SoniControl - SoniControl - the first ultrasonic firewall
- StevenBlack/hosts - 🔒 Consolidating and extending hosts files from several well-curated sources. Optionally pick extensions for porn, social media, and other categories.
- usableprivacy/upribox - Usable Privacy Box
- openwpm/OpenWPM - A web privacy measurement framework
- senran101604/sagemode - 👀Sagemode: Track and Unveil Online identities across social media platforms🕵️♂️
- Significant-Gravitas/AutoGPT - AutoGPT is the vision of accessible AI for everyone, to use and to build on. Our mission is to provide the tools, so that you can focus on what matters.
- BishopFox/eyeballer - Convolutional neural network for analyzing pentest screenshots
- alephdata/aleph - Search and browse documents and data; find the people and companies you look for.
- jofpin/trape - People tracker on the Internet: OSINT analysis and research tool by Jose Pino
- soxoj/maigret - 🕵️♂️ Collect a dossier on a person by username from thousands of sites
- zarkones/XENA - XENA is the managed remote administration platform for botnet creation & development powered by blockchain and machine learning. Aiming to provide an ecosystem which serves the bot herders. Favoring s
- atenreiro/opensquat - The openSquat project is an open-source solution for detecting domain look-alikes by searching for newly registered domains that might be impersonating other legit domains.
- OWASP/Nettacker - Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
- GamehunterKaan/AutoPWN-Suite - AutoPWN Suite is a project for scanning vulnerabilities and exploiting systems automatically.
- SubGlitch1/OSRipper - AV evading OSX Backdoor and Crypter Framework
- p1ngul1n0/blackbird - An OSINT tool to search for accounts by username in social networks.
- offensive-hub/black-widow - GUI based offensive penetration testing tool (Open Source)
- signorrayan/RedTeam_toolkit - Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools used in the red-teaming together.
- vil/H4X-Tools - Open source toolkit for scraping, OSINT and more.
- tasos-py/Search-Engines-Scraper - Search google, bing, yahoo, and other search engines with python
- UndeadSec/SocialFish - Phishing Tool & Information Collector
- emalderson/ThePhish - ThePhish: an automated phishing email analysis tool
- gokulapap/Reconator - Automated Recon for Pentesting & Bug Bounty
- Lucksi/Mr.Holmes - A Complete Osint Tool 🔍
- fortra/impacket - Impacket is a collection of Python classes for working with network protocols.
- CorentinJ/Real-Time-Voice-Cloning - Clone a voice in 5 seconds to generate arbitrary speech in real-time
- nccgroup/Winpayloads - Undetectable Windows Payload Generation
- knownsec/pocsuite3 - pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.
- nsacyber/WALKOFF - A flexible, easy to use, automation framework allowing users to integrate their capabilities and devices to cut through the repetitive, tedious tasks slowing them down. #nsacyber
- 0xZDH/o365spray - Username enumeration and password spraying tool aimed at Microsoft O365.
- Ciphey/Ciphey - ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
- buffer/thug - Python low-interaction honeyclient
- intelowlproject/IntelOwl - IntelOwl: manage your Threat Intelligence at scale
- s0md3v/Photon - Incredibly fast crawler designed for OSINT.
- foospidy/HoneyPy - A low to medium interaction honeypot.
- DefectDojo/django-DefectDojo - DevSecOps, ASPM, Vulnerability Management. All on one platform.
- SpamScope/spamscope - Fast Advanced Spam Analysis Tool
- netzob/netzob - Netzob: Protocol Reverse Engineering, Modeling and Fuzzing
- HarryR/maltrieve - A tool to retrieve malware directly from the source for security researchers.
- Neo23x0/Loki - Loki - Simple IOC and YARA Scanner
- mandiant/flare-wmi -
- nathanlopez/Stitch - Python Remote Administration Tool (RAT)
- Veil-Framework/Veil-Evasion - Veil Evasion is no longer supported, use Veil 3.0!
- wifiphisher/wifiphisher - The Rogue Access Point Framework
- StevenBlack/hosts - 🔒 Consolidating and extending hosts files from several well-curated sources. Optionally pick extensions for porn, social media, and other categories.
- nccgroup/redsnarf - RedSnarf is a pen-testing / red-teaming tool for Windows environments
- Genetic-Malware/Ebowla - Framework for Making Environmental Keyed Payloads (NO LONGER SUPPORTED)
- ivre/ivre - Network recon framework. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, collect and analyse network intelligenc
- mozilla/MozDef - DEPRECATED - MozDef: Mozilla Enterprise Defense Platform
- decalage2/ViperMonkey - A VBA parser and emulation engine to analyze malicious macros.
- secrary/SSMA - SSMA - Simple Static Malware Analyzer [This project is not maintained anymore by me]
- nheijmans/malzoo - Mass static malware analysis tool
- byt3bl33d3r/CrackMapExec - A swiss army knife for pentesting networks
- stamparm/maltrail - Malicious traffic detection system
- secretsquirrel/the-backdoor-factory - Patch PE, ELF, Mach-O binaries with shellcode new version in development, available only to sponsors
- rfunix/Pompem - Find exploit tool
- averagesecurityguy/scripts - Scripts I use during pentest engagements.
- decalage2/olefile - olefile is a Python package to parse, read and write Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), such as Microsoft Office 97-20
- decalage2/oletools - oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.
- rsmusllp/king-phisher - Phishing Campaign Toolkit
- Neo23x0/yarGen - yarGen is a generator for YARA rules
- n1nj4sec/pupy - Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C
- byt3bl33d3r/MITMf - Framework for Man-In-The-Middle attacks
- soxoj/maigret - 🕵️♂️ Collect a dossier on a person by username from thousands of sites
- byt3bl33d3r/SILENTTRINITY - An asynchronous, collaborative post-exploitation agent powered by Python and .NET's DLR
- GamehunterKaan/AutoPWN-Suite - AutoPWN Suite is a project for scanning vulnerabilities and exploiting systems automatically.
- signorrayan/RedTeam_toolkit - Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools used in the red-teaming together.
- kurogai/deepweb-scappering - Discover hidden deepweb pages
- vil/H4X-Tools - Open source toolkit for scraping, OSINT and more.
- 0xZDH/o365spray - Username enumeration and password spraying tool aimed at Microsoft O365.
- doomedraven/VirusTotalApi - VirusTotal Full api
- GoSecure/malboxes - Builds malware analysis Windows VMs so that you don't have to.
- decalage2/olefile - olefile is a Python package to parse, read and write Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), such as Microsoft Office 97-20
- openwpm/OpenWPM - A web privacy measurement framework
- AutoGPTQ/AutoGPTQ - An easy-to-use LLMs quantization package with user-friendly apis, based on GPTQ algorithm.
- AUTOMATIC1111/stable-diffusion-webui - Stable Diffusion web UI
- CorentinJ/Real-Time-Voice-Cloning - Clone a voice in 5 seconds to generate arbitrary speech in real-time
- presidentbeef/brakeman - A static analysis security vulnerability scanner for Ruby on Rails applications
- pentestgeek/phishing-frenzy - Ruby on Rails Phishing Framework
- netdata/netdata - The open-source observability platform everyone needs!
- usableprivacy/upribox - Usable Privacy Box
- FlowiseAI/Flowise - Drag & drop UI to build your customized LLM flow
- laurent22/joplin - Joplin - the secure note taking and to-do app with synchronisation capabilities for Windows, macOS, Linux, Android and iOS.
- phuocng/csslayout - A collection of popular layouts and patterns made with CSS. Now it has 100+ patterns and continues growing!
- mentebinaria/retoolkit - Reverse Engineer's Toolkit
- horsicq/Detect-It-Easy - Program for determining types of files for Windows, Linux and MacOS.
- cytopia/badchars - Bad char generator to instruct encoders such as shikata-ga-nai to transform those to other chars.
- netzob/netzob - Netzob: Protocol Reverse Engineering, Modeling and Fuzzing
- a0rtega/pafish - Pafish is a testing tool that uses different techniques to detect virtual machines and malware analysis environments in the same way that malware families do
- panda-re/panda - Platform for Architecture-Neutral Dynamic Analysis
- das-labor/panopticon - A libre cross-platform disassembler.
- ronin-rb/ronin - Ronin is a Free and Open Source Ruby Toolkit for Security Research and Development. Ronin also allows for the rapid development and distribution of code, exploits, payloads, etc, via 3rd party git rep
- hawkeyesec/scanner-cli - A project security/vulnerability/risk scanning tool
- presidentbeef/brakeman - A static analysis security vulnerability scanner for Ruby on Rails applications
- pentestgeek/phishing-frenzy - Ruby on Rails Phishing Framework
- wssheldon/osintui - OSINT from your favorite services in a friendly terminal user interface - integrations for Virustotal, Shodan, and Censys
- matanolabs/matano - Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
- WithSecureLabs/chainsaw - Rapidly Search and Hunt through Windows Forensic Artefacts
- das-labor/panopticon - A libre cross-platform disassembler.
- TheHive-Project/TheHive - TheHive: a Scalable, Open Source and Free Security Incident Response Platform
- six2dez/reconftw - reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
- cilium/tetragon - eBPF-based Security Observability and Runtime Enforcement
- j3ssie/osmedeus - A Workflow Engine for Offensive Security
- aquasecurity/trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
- gravitational/teleport - Protect access to all of your infrastructure
- jofpin/trape - People tracker on the Internet: OSINT analysis and research tool by Jose Pino
- trickest/cve - Gather and update all available and newest CVEs with their PoC.
- wssheldon/osintui - OSINT from your favorite services in a friendly terminal user interface - integrations for Virustotal, Shodan, and Censys
- matanolabs/matano - Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
- edoardottt/awesome-hacker-search-engines - A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
- sublime-security/sublime-platform - A free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing. Gain visibility and control, hunt for advanced threats, collaborate with the community,
- projectdiscovery/nuclei - Fast and customizable vulnerability scanner based on simple YAML based DSL.
- OWASP/Nettacker - Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
- GamehunterKaan/AutoPWN-Suite - AutoPWN Suite is a project for scanning vulnerabilities and exploiting systems automatically.
- WithSecureLabs/chainsaw - Rapidly Search and Hunt through Windows Forensic Artefacts
- google/oss-fuzz - OSS-Fuzz - continuous fuzzing for open source software.
- j3ssie/metabigor - OSINT tools and more but without API ke
- ronin-rb/ronin - Ronin is a Free and Open Source Ruby Toolkit for Security Research and Development. Ronin also allows for the rapid development and distribution of code, exploits, payloads, etc, via 3rd party git rep
- k8gege/PowerLadon - Ladon hacking Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL/ORACLE/VNC
- offensive-hub/black-widow - GUI based offensive penetration testing tool (Open Source)
- Idov31/MrKaplan - MrKaplan is a tool aimed to help red teamers to stay hidden by clearing evidence of execution.
- danieldurnea/FBI-tools - 🕵️ OSINT Tools for gathering information and actions forensics 🕵️
- noraj/rawsec-cybersecurity-inventory - An inventory of tools and resources about CyberSecurity that aims to help people to find everything related to CyberSecurity.
- DinoTools/dionaea - Home of the dionaea honeypot
- trimstray/the-book-of-secret-knowledge - A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
- six2dez/pentest-book -
- undergroundwires/privacy.sexy - Open-source tool to enforce privacy & security best-practices on Windows, macOS and Linux, because privacy is sexy
- knownsec/pocsuite3 - pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.
- P0cL4bs/Nanobrok - Web Service write in Python for control and protect your android device remotely.
- tristanlatr/burpa - Burp Automator - A Burp Suite Automation Tool. It provides a high level CLI and Python interfaces to Burp Suite scanner and can be used to setup Dynamic Application Security Testing (DAST).
- droidefense/engine - Droidefense: Advance Android Malware Analysis Framework
- dreadl0ck/netcap - A framework for secure and scalable network traffic analysis - https://netcap.io
- nsacyber/WALKOFF - A flexible, easy to use, automation framework allowing users to integrate their capabilities and devices to cut through the repetitive, tedious tasks slowing them down. #nsacyber
- Raikia/FiercePhish - FiercePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns, schedule sending of emails, and much more.
- 0xZDH/o365spray - Username enumeration and password spraying tool aimed at Microsoft O365.
- jakejarvis/awesome-shodan-queries - 🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩💻
- mushorg/tanner - He who flays the hide
- telekom-security/tpotce - 🍯 T-Pot - The All In One Honeypot Platform 🐝
- activecm/rita - Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis.
- zeek/packages - The default package source of the Zeek Package Manager. Wrote a package? See the README for how to get it included.
- DefectDojo/django-DefectDojo - DevSecOps, ASPM, Vulnerability Management. All on one platform.
- hawkeyesec/scanner-cli - A project security/vulnerability/risk scanning tool
- SpamScope/spamscope - Fast Advanced Spam Analysis Tool
- SySS-Research/Seth - Perform a MitM attack and extract clear text credentials from RDP connections
- t4d/PhishingKitHunter - Find phishing kits which use your brand/organization's files and image.
- samratashok/nishang - Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
- 1N3/Sn1per - Attack Surface Management Platform
- SigmaHQ/sigma - Main Sigma Rule Repository
- rastating/wordpress-exploit-framework - A Ruby framework designed to aid in the penetration testing of WordPress systems.
- swisskyrepo/PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
- quasar/Quasar - Remote Administration Tool for Windows
- wifiphisher/wifiphisher - The Rogue Access Point Framework
- StevenBlack/hosts - 🔒 Consolidating and extending hosts files from several well-curated sources. Optionally pick extensions for porn, social media, and other categories.
- arkime/arkime - Arkime is an open source, large scale, full packet capturing, indexing, and database system.
- presidentbeef/brakeman - A static analysis security vulnerability scanner for Ruby on Rails applications
- ivre/ivre - Network recon framework. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, collect and analyse network intelligenc
- mozilla/MozDef - DEPRECATED - MozDef: Mozilla Enterprise Defense Platform
- winsiderss/systeminformer - A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Brought to you by Winsider Seminars & Solutions, Inc. @ http://www.windows-internals.co
- decalage2/ViperMonkey - A VBA parser and emulation engine to analyze malicious macros.
- magenx/WAZUH-OSSEC - WAZUH - The Open Source Security Platform Installation
- johnnykv/heralding - Credentials catching honeypot
- stamparm/maltrail - Malicious traffic detection system
- usableprivacy/upribox - Usable Privacy Box
- das-labor/panopticon - A libre cross-platform disassembler.
- decalage2/oletools - oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.
- gophish/gophish - Open-Source Phishing Toolkit
- rsmusllp/king-phisher - Phishing Campaign Toolkit
- Graylog2/graylog2-server - Free and open log management
- future-architect/vuls - Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
- meirwah/awesome-incident-response - A curated list of tools for incident response
- ashishb/android-security-awesome - A collection of android security related resources
- apsdehal/awesome-ctf - A curated list of CTF frameworks, libraries, resources and softwares
- sbilly/awesome-security - A collection of awesome software, libraries, documents, books, resources and cools stuffs about security.
- paragonie/awesome-appsec - A curated list of resources for learning about application security
- RD17/ambar - 🔍 Ambar: Document Search Engine
- matanolabs/matano - Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
- zarkones/XENA - XENA is the managed remote administration platform for botnet creation & development powered by blockchain and machine learning. Aiming to provide an ecosystem which serves the bot herders. Favoring s
- PowerShell/PowerShell - PowerShell for every system!
- n1nj4sec/pupy - Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C
- mitchellkrogza/Phishing.Database - Phishing Domains, urls websites and threats database. We use the PyFunceble testing tool to validate the status of all known Phishing domains and provide stats to reveal how many unique domains used f
- tejado/telegram-nearby-map - Discover the location of nearby Telegram users 📡🌍
- ItIsMeCall911/Awesome-Telegram-OSINT - 📚 A Curated List of Awesome Telegram OSINT Tools, Sites & Resources
- BishopFox/eyeballer - Convolutional neural network for analyzing pentest screenshots
- CorentinJ/Real-Time-Voice-Cloning - Clone a voice in 5 seconds to generate arbitrary speech in real-time
- jarun/ddgr - 🦆 DuckDuckGo from the terminal
- termuxhackers-id/SIGIT - SIGIT - Simple Information Gathering Toolkit
- devXprite/infoooze - A OSINT tool which helps you to quickly find information effectively. All you need is to input and it will take take care of rest.
- Lucksi/Mr.Holmes - A Complete Osint Tool 🔍
- jaykali/maskphish - Introducing "URL Making Technology" to the world for the very FIRST TIME. Give a Mask to Phishing URL like a PRO.. A MUST have tool for Phishing.
- Lucksi/Mr.Holmes - A Complete Osint Tool 🔍
- jaykali/maskphish - Introducing "URL Making Technology" to the world for the very FIRST TIME. Give a Mask to Phishing URL like a PRO.. A MUST have tool for Phishing.
- GorvGoyl/Clone-Wars - 100+ open-source clones of popular sites like Airbnb, Amazon, Instagram, Netflix, Tiktok, Spotify, Whatsapp, Youtube etc. See source code, demo links, tech stack, github stars.
- FlowiseAI/Flowise - Drag & drop UI to build your customized LLM flow
- mayooear/gpt4-pdf-chatbot-langchain - GPT4 & LangChain Chatbot for large PDF docs
- zarkones/XENA - XENA is the managed remote administration platform for botnet creation & development powered by blockchain and machine learning. Aiming to provide an ecosystem which serves the bot herders. Favoring s
- phuocng/csslayout - A collection of popular layouts and patterns made with CSS. Now it has 100+ patterns and continues growing!
- GoSecure/malboxes - Builds malware analysis Windows VMs so that you don't have to.
- JS-Encoder/JS-Encoder - JS-Encoder is an online front-end code editor(前端在线代码编辑器)built with vue and codemirror. If you want to support JS-Encoder, click star 💗 to support it!
- AUTOMATIC1111/stable-diffusion-webui - Stable Diffusion web UI
- AvalZ/WAF-A-MoLE - A guided mutation-based fuzzer for ML-based Web Application Firewalls
- JS-Encoder/JS-Encoder - JS-Encoder is an online front-end code editor(前端在线代码编辑器)built with vue and codemirror. If you want to support JS-Encoder, click star 💗 to support it!
- emalderson/ThePhish - ThePhish: an automated phishing email analysis tool
- phuocng/csslayout - A collection of popular layouts and patterns made with CSS. Now it has 100+ patterns and continues growing!
- senran101604/sagemode - 👀Sagemode: Track and Unveil Online identities across social media platforms🕵️♂️
- A-poc/RedTeam-Tools - Tools and Techniques for Red Team / Penetration Testing
- WithSecureLabs/chainsaw - Rapidly Search and Hunt through Windows Forensic Artefacts
- mentebinaria/retoolkit - Reverse Engineer's Toolkit
- Idov31/MrKaplan - MrKaplan is a tool aimed to help red teamers to stay hidden by clearing evidence of execution.
- Lucksi/Mr.Holmes - A Complete Osint Tool 🔍
- PhrozenIO/win-brute-logon - Crack any Microsoft Windows users password without any privilege (Guest account included)
- nccgroup/Winpayloads - Undetectable Windows Payload Generation
- calebstewart/pwncat - Fancy reverse and bind shell handler
- VoidSec/Exploit-Development - Exploit Development - Weaponized Exploit and Proof of Concepts (PoC)
- SwiftOnSecurity/sysmon-config - Sysmon configuration file template with default high-quality event tracing
- PowerShell/PowerShell - PowerShell for every system!
- nathanlopez/Stitch - Python Remote Administration Tool (RAT)
- quasar/Quasar - Remote Administration Tool for Windows
- nccgroup/redsnarf - RedSnarf is a pen-testing / red-teaming tool for Windows environments
- winsiderss/systeminformer - A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Brought to you by Winsider Seminars & Solutions, Inc. @ http://www.windows-internals.co
- byt3bl33d3r/CrackMapExec - A swiss army knife for pentesting networks
- n1nj4sec/pupy - Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C
- rastating/wordpress-exploit-framework - A Ruby framework designed to aid in the penetration testing of WordPress systems.
To the extent possible under law, andr6 has waived all copyright and related or neighboring rights to this work.