Skip to content

andr6/awesome-stars

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
README.md
README.md
 
 

Repository files navigation

Awesome Stars Awesome

A curated list of my GitHub stars! Generated by starred.

Contents

ai

  • upscayl/upscayl - 🆙 Upscayl - Free and Open Source AI Image Upscaler for Linux, MacOS and Windows built with Linux-First philosophy.
  • aorumbayev/autogpt4all - 🛠️ User-friendly bash script for setting up and configuring your LocalAI server with the GPT4All for free! 💸
  • mudler/LocalAI - 🤖 The free, Open Source OpenAI alternative. Self-hosted, community-driven and local-first. Drop-in replacement for OpenAI running on consumer-grade hardware. No GPU required. Runs ggml, gguf, GP
  • Significant-Gravitas/AutoGPT - AutoGPT is the vision of accessible AI for everyone, to use and to build on. Our mission is to provide the tools, so that you can focus on what matters.
  • BishopFox/eyeballer - Convolutional neural network for analyzing pentest screenshots
  • AUTOMATIC1111/stable-diffusion-webui - Stable Diffusion web UI
  • zetavg/LLaMA-LoRA-Tuner - UI tool for fine-tuning and testing your own LoRA models base on LLaMA, GPT-J and more. One-click run on Google Colab. + A Gradio ChatGPT-like Chat UI to demonstrate your language models.
  • ParisNeo/lollms-webui - Lord of Large Language Models Web User Interface

analytics

  • nsacyber/WALKOFF - A flexible, easy to use, automation framework allowing users to integrate their capabilities and devices to cut through the repetitive, tedious tasks slowing them down. #nsacyber
  • activecm/rita - Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis.
  • DefectDojo/django-DefectDojo - DevSecOps, ASPM, Vulnerability Management. All on one platform.

android

  • Th30neAnd0nly/AIRAVAT - A multifunctional Android RAT with GUI based Web Panel without port forwarding.
  • P0cL4bs/Nanobrok - Web Service write in Python for control and protect your android device remotely.
  • droidefense/engine - Droidefense: Advance Android Malware Analysis Framework
  • gloxec/CrossC2 - generate CobaltStrike's cross-platform payload
  • laurent22/joplin - Joplin - the secure note taking and to-do app with synchronisation capabilities for Windows, macOS, Linux, Android and iOS.
  • AhMyth/AhMyth-Android-RAT - Android Remote Administration Tool
  • ashishb/android-security-awesome - A collection of android security related resources
  • n1nj4sec/pupy - Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C

angular

ansible

api

  • mudler/LocalAI - 🤖 The free, Open Source OpenAI alternative. Self-hosted, community-driven and local-first. Drop-in replacement for OpenAI running on consumer-grade hardware. No GPU required. Runs ggml, gguf, GP
  • TheHive-Project/TheHive - TheHive: a Scalable, Open Source and Free Security Incident Response Platform

arduino

  • screetsec/Brutal - Payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy . Brutal is a toolkit to quickly create various payload,powers

artificial-intelligence

  • FlowiseAI/Flowise - Drag & drop UI to build your customized LLM flow
  • Significant-Gravitas/AutoGPT - AutoGPT is the vision of accessible AI for everyone, to use and to build on. Our mission is to provide the tools, so that you can focus on what matters.
  • Ciphey/Ciphey - ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

automation

  • OWASP/Nettacker - Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
  • medpaf/hawk - Network, recon and offensive-security tool for Linux.
  • ksharinarayanan/SourceWolf - Amazingly fast response crawler to find juicy stuff in the source code! 😎🔥
  • gokulapap/Reconator - Automated Recon for Pentesting & Bug Bounty
  • nsacyber/WALKOFF - A flexible, easy to use, automation framework allowing users to integrate their capabilities and devices to cut through the repetitive, tedious tasks slowing them down. #nsacyber
  • DefectDojo/django-DefectDojo - DevSecOps, ASPM, Vulnerability Management. All on one platform.
  • nheijmans/malzoo - Mass static malware analysis tool

awesome

awesome-list

aws

  • matanolabs/matano - Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS

azure

bash

  • aorumbayev/autogpt4all - 🛠️ User-friendly bash script for setting up and configuring your LocalAI server with the GPT4All for free! 💸
  • D3Ext/WEF - Wi-Fi Exploitation Framework
  • drak3hft7/Subscan4 - Script that performs a scan of a specific domain, using the following tools: Subfinder, assetfinder, amass and httpx. The result is merged into one file.
  • leebaird/discover - Custom bash scripts used to automate various penetration testing tasks including recon, scanning, enumeration, and malicious payload creation using Metasploit. For use with Kali Linux.

blockchain

  • zarkones/XENA - XENA is the managed remote administration platform for botnet creation & development powered by blockchain and machine learning. Aiming to provide an ecosystem which serves the bot herders. Favoring s

c

  • fluent/fluent-bit - Fast and Lightweight Logs and Metrics processor for Linux, BSD, OSX and Windows
  • arkime/arkime - Arkime is an open source, large scale, full packet capturing, indexing, and database system.

chatgpt

  • FlowiseAI/Flowise - Drag & drop UI to build your customized LLM flow
  • OpenLMLab/MOSS - An open-source tool-augmented conversational language model from Fudan University

chrome-extension

  • LasCC/HackTools - The all-in-one browser extension for offensive security professionals 🛠

cli

  • senran101604/sagemode - 👀Sagemode: Track and Unveil Online identities across social media platforms🕵️‍♂️
  • freedmand/semantra - Multi-tool for semantic search
  • jarun/ddgr - 🦆 DuckDuckGo from the terminal
  • ronin-rb/ronin - Ronin is a Free and Open Source Ruby Toolkit for Security Research and Development. Ronin also allows for the rapid development and distribution of code, exploits, payloads, etc, via 3rd party git rep
  • asciimoo/wuzz - Interactive cli tool for HTTP inspection

code

  • JS-Encoder/JS-Encoder - JS-Encoder is an online front-end code editor(前端在线代码编辑器)built with vue and codemirror. If you want to support JS-Encoder, click star 💗 to support it!

compiler

  • ziglang/zig - General-purpose programming language and toolchain for maintaining robust, optimal, and reusable software.
  • JS-Encoder/JS-Encoder - JS-Encoder is an online front-end code editor(前端在线代码编辑器)built with vue and codemirror. If you want to support JS-Encoder, click star 💗 to support it!
  • r00t-3xp10it/venom - venom - C2 shellcode generator/compiler/handler

cpp

  • Ciphey/Ciphey - ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

csharp

  • GhostPack/Seatbelt - Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.

css

  • phuocng/csslayout - A collection of popular layouts and patterns made with CSS. Now it has 100+ patterns and continues growing!
  • JS-Encoder/JS-Encoder - JS-Encoder is an online front-end code editor(前端在线代码编辑器)built with vue and codemirror. If you want to support JS-Encoder, click star 💗 to support it!

cybersecurity

  • senran101604/sagemode - 👀Sagemode: Track and Unveil Online identities across social media platforms🕵️‍♂️
  • A-poc/RedTeam-Tools - Tools and Techniques for Red Team / Penetration Testing
  • mturhanlar/turme - This is a repository for Penetration Test, Purple Team Exercise and Red Team
  • cisagov/decider - A web application that assists network defenders, analysts, and researchers in the process of mapping adversary behaviors to the MITRE ATT&CK® framework.
  • Purp1eW0lf/Blue-Team-Notes - You didn't think I'd go and leave the blue team out, right?
  • matanolabs/matano - Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
  • t3l3machus/Villain - Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities etc) and share them among conn
  • atenreiro/opensquat - The openSquat project is an open-source solution for detecting domain look-alikes by searching for newly registered domains that might be impersonating other legit domains.
  • devXprite/httpfy - A fast and powerful http toolkit that take a list of domains to find active domains and other information such as status-code, title, response-time , server, content-type and many other
  • Cyb3r-Monk/Threat-Hunting-and-Detection - Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
  • Azure/Azure-Sentinel - Cloud-native SIEM for intelligent security analytics for your entire enterprise.
  • GamehunterKaan/AutoPWN-Suite - AutoPWN Suite is a project for scanning vulnerabilities and exploiting systems automatically.
  • p1ngul1n0/blackbird - An OSINT tool to search for accounts by username in social networks.
  • abdulkadir-gungor/JPGtoMalware - It embeds the executable file or payload inside the jpg file. The method the program uses isn't exactly called one of the steganography methods. For this reason, it does not cause any distortion in t
  • medpaf/hawk - Network, recon and offensive-security tool for Linux.
  • offensive-hub/black-widow - GUI based offensive penetration testing tool (Open Source)
  • devXprite/infoooze - A OSINT tool which helps you to quickly find information effectively. All you need is to input and it will take take care of rest.
  • Idov31/MrKaplan - MrKaplan is a tool aimed to help red teamers to stay hidden by clearing evidence of execution.
  • danieldurnea/FBI-tools - 🕵️ OSINT Tools for gathering information and actions forensics 🕵️
  • noraj/rawsec-cybersecurity-inventory - An inventory of tools and resources about CyberSecurity that aims to help people to find everything related to CyberSecurity.
  • cipher387/osint_stuff_tool_collection - A collection of several hundred online tools for OSINT
  • emalderson/ThePhish - ThePhish: an automated phishing email analysis tool
  • undergroundwires/privacy.sexy - Open-source tool to enforce privacy & security best-practices on Windows, macOS and Linux, because privacy is sexy
  • nsacyber/WALKOFF - A flexible, easy to use, automation framework allowing users to integrate their capabilities and devices to cut through the repetitive, tedious tasks slowing them down. #nsacyber
  • alexandreborges/malwoverview - Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, Threa
  • mitre/caldera - Automated Adversary Emulation Platform
  • intelowlproject/IntelOwl - IntelOwl: manage your Threat Intelligence at scale
  • 1N3/Sn1per - Attack Surface Management Platform
  • keithjjones/hostintel - A modular Python application to collect intelligence for malicious hosts.
  • maliceio/malice - VirusTotal Wanna Be - Now with 100% more Hipster
  • future-architect/vuls - Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
  • meirwah/awesome-incident-response - A curated list of tools for incident response

data

  • brimdata/zui - Zui is a powerful desktop application for exploring and working with data. The official front-end to the Zed lake.

data-analysis

data-visualization

database

  • ronin-rb/ronin - Ronin is a Free and Open Source Ruby Toolkit for Security Research and Development. Ronin also allows for the rapid development and distribution of code, exploits, payloads, etc, via 3rd party git rep
  • netdata/netdata - The open-source observability platform everyone needs!

deep-learning

devops

  • ANSSI-FR/DFIR-O365RC - PowerShell module for Office 365 and Azure log collection
  • trimstray/the-book-of-secret-knowledge - A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
  • nsacyber/WALKOFF - A flexible, easy to use, automation framework allowing users to integrate their capabilities and devices to cut through the repetitive, tedious tasks slowing them down. #nsacyber
  • netdata/netdata - The open-source observability platform everyone needs!

discord

django

docker

dotnet

electron

  • upscayl/upscayl - 🆙 Upscayl - Free and Open Source AI Image Upscaler for Linux, MacOS and Windows built with Linux-First philosophy.
  • laurent22/joplin - Joplin - the secure note taking and to-do app with synchronisation capabilities for Windows, macOS, Linux, Android and iOS.

english

  • Ebazhanov/linkedin-skill-assessments-quizzes - Full reference of LinkedIn answers 2023 for skill assessments (aws-lambda, rest-api, javascript, react, git, html, jquery, mongodb, java, Go, python, machine-learning, power-point) linkedin excel test

firefox

flask

  • jofpin/trape - People tracker on the Internet: OSINT analysis and research tool by Jose Pino

framework

  • nsacyber/WALKOFF - A flexible, easy to use, automation framework allowing users to integrate their capabilities and devices to cut through the repetitive, tedious tasks slowing them down. #nsacyber
  • certsocietegenerale/fame - FAME Automates Malware Evaluation
  • PUNCH-Cyber/stoq - An open source framework for enterprise level automated analysis.
  • byt3bl33d3r/MITMf - Framework for Man-In-The-Middle attacks

github

  • devXprite/infoooze - A OSINT tool which helps you to quickly find information effectively. All you need is to input and it will take take care of rest.

go

  • j3ssie/osmedeus - A Workflow Engine for Offensive Security
  • aquasecurity/trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
  • gravitational/teleport - Protect access to all of your infrastructure
  • kitabisa/teler - Real-time HTTP Intrusion Detection
  • asciimoo/wuzz - Interactive cli tool for HTTP inspection
  • future-architect/vuls - Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

golang

  • j3ssie/osmedeus - A Workflow Engine for Offensive Security
  • aquasecurity/trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
  • gravitational/teleport - Protect access to all of your infrastructure
  • zarkones/XENA - XENA is the managed remote administration platform for botnet creation & development powered by blockchain and machine learning. Aiming to provide an ecosystem which serves the bot herders. Favoring s
  • kitabisa/teler - Real-time HTTP Intrusion Detection
  • kensh1ro/Willie-C2 - A Golang implant that uses Discord as a C2 team server
  • BishopFox/sliver - Adversary Emulation Framework
  • Ebazhanov/linkedin-skill-assessments-quizzes - Full reference of LinkedIn answers 2023 for skill assessments (aws-lambda, rest-api, javascript, react, git, html, jquery, mongodb, java, Go, python, machine-learning, power-point) linkedin excel test
  • asciimoo/wuzz - Interactive cli tool for HTTP inspection
  • Genetic-Malware/Ebowla - Framework for Making Environmental Keyed Payloads (NO LONGER SUPPORTED)
  • maliceio/malice - VirusTotal Wanna Be - Now with 100% more Hipster
  • EgeBalci/HERCULES - HERCULES is a special payload generator that can bypass antivirus softwares.
  • gophish/gophish - Open-Source Phishing Toolkit
  • future-architect/vuls - Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

google

hacking

  • six2dez/reconftw - reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
  • j3ssie/osmedeus - A Workflow Engine for Offensive Security
  • lucthienphong1120/AIO-Pentesting - All in one Pentest methodologies - Tools and commands | Where compiled all common materials for pentester
  • A-poc/RedTeam-Tools - Tools and Techniques for Red Team / Penetration Testing
  • yogeshojha/rengine - reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous mon
  • jofpin/trape - People tracker on the Internet: OSINT analysis and research tool by Jose Pino
  • trickest/cve - Gather and update all available and newest CVEs with their PoC.
  • edoardottt/awesome-hacker-search-engines - A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
  • t3l3machus/Villain - Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities etc) and share them among conn
  • devXprite/httpfy - A fast and powerful http toolkit that take a list of domains to find active domains and other information such as status-code, title, response-time , server, content-type and many other
  • GamehunterKaan/AutoPWN-Suite - AutoPWN Suite is a project for scanning vulnerabilities and exploiting systems automatically.
  • DavidProbinsky/RedTeam-Physical-Tools - Red Team Toolkit - A curated list of tools that are commonly used in the field for Physical Security, Red Teaming, and Tactical Covert Entry.
  • Th30neAnd0nly/AIRAVAT - A multifunctional Android RAT with GUI based Web Panel without port forwarding.
  • ronin-rb/ronin - Ronin is a Free and Open Source Ruby Toolkit for Security Research and Development. Ronin also allows for the rapid development and distribution of code, exploits, payloads, etc, via 3rd party git rep
  • k8gege/PowerLadon - Ladon hacking Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL/ORACLE/VNC
  • medpaf/hawk - Network, recon and offensive-security tool for Linux.
  • devXprite/infoooze - A OSINT tool which helps you to quickly find information effectively. All you need is to input and it will take take care of rest.
  • danieldurnea/FBI-tools - 🕵️ OSINT Tools for gathering information and actions forensics 🕵️
  • kurogai/deepweb-scappering - Discover hidden deepweb pages
  • vil/H4X-Tools - Open source toolkit for scraping, OSINT and more.
  • cipher387/osint_stuff_tool_collection - A collection of several hundred online tools for OSINT
  • trimstray/the-book-of-secret-knowledge - A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
  • LasCC/HackTools - The all-in-one browser extension for offensive security professionals 🛠
  • six2dez/pentest-book -
  • jaykali/maskphish - Introducing "URL Making Technology" to the world for the very FIRST TIME. Give a Mask to Phishing URL like a PRO.. A MUST have tool for Phishing.
  • diego-treitos/linux-smart-enumeration - Linux enumeration tool for pentesting and CTFs with verbosity levels
  • Raikia/FiercePhish - FiercePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns, schedule sending of emails, and much more.
  • jakejarvis/awesome-shodan-queries - 🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻
  • khast3x/h8mail - Email OSINT & Password breach hunting tool, locally or using premium services. Supports chasing down related email
  • mitre/caldera - Automated Adversary Emulation Platform
  • payloadbox/sql-injection-payload-list - 🎯 SQL Injection Payload List
  • Ciphey/Ciphey - ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
  • infosecn1nja/Red-Teaming-Toolkit - This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
  • D4Vinci/Dr0p1t-Framework - A framework that create an advanced stealthy dropper that bypass most AVs and have a lot of tricks
  • samratashok/nishang - Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
  • 1N3/Sn1per - Attack Surface Management Platform
  • swisskyrepo/PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
  • screetsec/TheFatRat - Thefatrat a massive exploiting tool : Easy tool to generate backdoor and easy tool to post exploitation attack like browser attack and etc . This tool compiles a malware with popular payload and then
  • screetsec/Brutal - Payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy . Brutal is a toolkit to quickly create various payload,powers
  • EgeBalci/HERCULES - HERCULES is a special payload generator that can bypass antivirus softwares.
  • averagesecurityguy/scripts - Scripts I use during pentest engagements.
  • pentestgeek/phishing-frenzy - Ruby on Rails Phishing Framework
  • carpedm20/awesome-hacking - A curated list of awesome Hacking tutorials, tools and resources

hacktoberfest

  • aquasecurity/trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
  • edoardottt/awesome-hacker-search-engines - A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
  • projectdiscovery/nuclei - Fast and customizable vulnerability scanner based on simple YAML based DSL.
  • LDO-CERT/orochi - The Volatility Collaborative GUI
  • ronin-rb/ronin - Ronin is a Free and Open Source Ruby Toolkit for Security Research and Development. Ronin also allows for the rapid development and distribution of code, exploits, payloads, etc, via 3rd party git rep
  • noraj/rawsec-cybersecurity-inventory - An inventory of tools and resources about CyberSecurity that aims to help people to find everything related to CyberSecurity.
  • horsicq/Detect-It-Easy - Program for determining types of files for Windows, Linux and MacOS.
  • jaykali/maskphish - Introducing "URL Making Technology" to the world for the very FIRST TIME. Give a Mask to Phishing URL like a PRO.. A MUST have tool for Phishing.
  • Ebazhanov/linkedin-skill-assessments-quizzes - Full reference of LinkedIn answers 2023 for skill assessments (aws-lambda, rest-api, javascript, react, git, html, jquery, mongodb, java, Go, python, machine-learning, power-point) linkedin excel test
  • BC-SECURITY/Starkiller - Starkiller is a Frontend for PowerShell Empire.
  • BC-SECURITY/Empire - Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.
  • Ciphey/Ciphey - ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
  • pwnlandia/mhn - Modern Honey Network
  • intelowlproject/IntelOwl - IntelOwl: manage your Threat Intelligence at scale
  • mushorg/glutton - Generic Low Interaction Honeypot
  • DefectDojo/django-DefectDojo - DevSecOps, ASPM, Vulnerability Management. All on one platform.
  • PowerShell/PowerShell - PowerShell for every system!
  • swisskyrepo/PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
  • ivre/ivre - Network recon framework. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, collect and analyse network intelligenc
  • GoSecure/malboxes - Builds malware analysis Windows VMs so that you don't have to.
  • danluu/post-mortems - A collection of postmortems. Sorry for the delay in merging PRs!
  • Graylog2/graylog2-server - Free and open log management

html

  • JS-Encoder/JS-Encoder - JS-Encoder is an online front-end code editor(前端在线代码编辑器)built with vue and codemirror. If you want to support JS-Encoder, click star 💗 to support it!

http

  • devXprite/httpfy - A fast and powerful http toolkit that take a list of domains to find active domains and other information such as status-code, title, response-time , server, content-type and many other
  • BishopFox/sliver - Adversary Emulation Framework
  • asciimoo/wuzz - Interactive cli tool for HTTP inspection

image-processing

ios

iot

java

javascript

  • FlowiseAI/Flowise - Drag & drop UI to build your customized LLM flow
  • JS-Encoder/JS-Encoder - JS-Encoder is an online front-end code editor(前端在线代码编辑器)built with vue and codemirror. If you want to support JS-Encoder, click star 💗 to support it!
  • laurent22/joplin - Joplin - the secure note taking and to-do app with synchronisation capabilities for Windows, macOS, Linux, Android and iOS.
  • arkime/arkime - Arkime is an open source, large scale, full packet capturing, indexing, and database system.
  • HynekPetrak/malware-jail - Sandbox for semi-automatic Javascript malware analysis, deobfuscation and payload extraction. Written for Node.js

js

  • JS-Encoder/JS-Encoder - JS-Encoder is an online front-end code editor(前端在线代码编辑器)built with vue and codemirror. If you want to support JS-Encoder, click star 💗 to support it!

json

kubernetes

  • cilium/tetragon - eBPF-based Security Observability and Runtime Enforcement
  • mudler/LocalAI - 🤖 The free, Open Source OpenAI alternative. Self-hosted, community-driven and local-first. Drop-in replacement for OpenAI running on consumer-grade hardware. No GPU required. Runs ggml, gguf, GP
  • aquasecurity/trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
  • gravitational/teleport - Protect access to all of your infrastructure
  • DefectDojo/django-DefectDojo - DevSecOps, ASPM, Vulnerability Management. All on one platform.
  • netdata/netdata - The open-source observability platform everyone needs!

language

  • ziglang/zig - General-purpose programming language and toolchain for maintaining robust, optimal, and reusable software.

library

linux

  • senran101604/sagemode - 👀Sagemode: Track and Unveil Online identities across social media platforms🕵️‍♂️
  • A-poc/RedTeam-Tools - Tools and Techniques for Red Team / Penetration Testing
  • owerdogan/whoami-project - Whoami provides enhanced privacy, anonymity for Debian and Arch based linux distributions
  • vil/H4X-Tools - Open source toolkit for scraping, OSINT and more.
  • trimstray/the-book-of-secret-knowledge - A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
  • Lucksi/Mr.Holmes - A Complete Osint Tool 🔍
  • jaykali/maskphish - Introducing "URL Making Technology" to the world for the very FIRST TIME. Give a Mask to Phishing URL like a PRO.. A MUST have tool for Phishing.
  • undergroundwires/privacy.sexy - Open-source tool to enforce privacy & security best-practices on Windows, macOS and Linux, because privacy is sexy
  • calebstewart/pwncat - Fancy reverse and bind shell handler
  • gloxec/CrossC2 - generate CobaltStrike's cross-platform payload
  • netdata/netdata - The open-source observability platform everyone needs!
  • epam/nfstrace - Network file system monitor and analyzer
  • PowerShell/PowerShell - PowerShell for every system!
  • nathanlopez/Stitch - Python Remote Administration Tool (RAT)
  • screetsec/TheFatRat - Thefatrat a massive exploiting tool : Easy tool to generate backdoor and easy tool to post exploitation attack like browser attack and etc . This tool compiles a malware with popular payload and then
  • brndnmtthws/conky - Light-weight system monitor for X, Wayland, and other things, too
  • future-architect/vuls - Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
  • n1nj4sec/pupy - Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C

low-code

lua

  • brndnmtthws/conky - Light-weight system monitor for X, Wayland, and other things, too

machine-learning

  • mlabonne/llm-course - Course to get into Large Language Models (LLMs) with roadmaps and Colab notebooks.
  • BishopFox/eyeballer - Convolutional neural network for analyzing pentest screenshots
  • freedmand/semantra - Multi-tool for semantic search
  • zetavg/LLaMA-LoRA-Tuner - UI tool for fine-tuning and testing your own LoRA models base on LLaMA, GPT-J and more. One-click run on Google Colab. + A Gradio ChatGPT-like Chat UI to demonstrate your language models.
  • zarkones/XENA - XENA is the managed remote administration platform for botnet creation & development powered by blockchain and machine learning. Aiming to provide an ecosystem which serves the bot herders. Favoring s
  • AvalZ/WAF-A-MoLE - A guided mutation-based fuzzer for ML-based Web Application Firewalls
  • iperov/DeepFaceLive - Real-time face swap for PC streaming or video calls
  • jonaswinkler/paperless-ng - A supercharged version of paperless: scan, index and archive all your physical documents
  • netdata/netdata - The open-source observability platform everyone needs!

macos

mongodb

monitoring

mysql

nextjs

nlp

  • AutoGPTQ/AutoGPTQ - An easy-to-use LLMs quantization package with user-friendly apis, based on GPTQ algorithm.

node

nodejs

  • devXprite/httpfy - A fast and powerful http toolkit that take a list of domains to find active domains and other information such as status-code, title, response-time , server, content-type and many other
  • devXprite/infoooze - A OSINT tool which helps you to quickly find information effectively. All you need is to input and it will take take care of rest.
  • tejado/telegram-nearby-map - Discover the location of nearby Telegram users 📡🌍
  • laurent22/joplin - Joplin - the secure note taking and to-do app with synchronisation capabilities for Windows, macOS, Linux, Android and iOS.
  • hawkeyesec/scanner-cli - A project security/vulnerability/risk scanning tool

npm

  • devXprite/httpfy - A fast and powerful http toolkit that take a list of domains to find active domains and other information such as status-code, title, response-time , server, content-type and many other
  • devXprite/infoooze - A OSINT tool which helps you to quickly find information effectively. All you need is to input and it will take take care of rest.
  • hawkeyesec/scanner-cli - A project security/vulnerability/risk scanning tool

open-source

  • t3l3machus/Villain - Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities etc) and share them among conn
  • devXprite/httpfy - A fast and powerful http toolkit that take a list of domains to find active domains and other information such as status-code, title, response-time , server, content-type and many other
  • offensive-hub/black-widow - GUI based offensive penetration testing tool (Open Source)
  • devXprite/infoooze - A OSINT tool which helps you to quickly find information effectively. All you need is to input and it will take take care of rest.
  • TheHive-Project/TheHive - TheHive: a Scalable, Open Source and Free Security Incident Response Platform

osint

  • six2dez/reconftw - reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
  • senran101604/sagemode - 👀Sagemode: Track and Unveil Online identities across social media platforms🕵️‍♂️
  • j3ssie/osmedeus - A Workflow Engine for Offensive Security
  • r1cksec/thoth - Automate recon for red team assessments.
  • alephdata/aleph - Search and browse documents and data; find the people and companies you look for.
  • yogeshojha/rengine - reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous mon
  • jofpin/trape - People tracker on the Internet: OSINT analysis and research tool by Jose Pino
  • soxoj/maigret - 🕵️‍♂️ Collect a dossier on a person by username from thousands of sites
  • CScorza/OSINTAnonymous - Creazione d'identità Fake - Impostazione Privacy Profili Social - Creazione Ambiente di Lavoro
  • wssheldon/osintui - OSINT from your favorite services in a friendly terminal user interface - integrations for Virustotal, Shodan, and Censys
  • edoardottt/awesome-hacker-search-engines - A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
  • atenreiro/opensquat - The openSquat project is an open-source solution for detecting domain look-alikes by searching for newly registered domains that might be impersonating other legit domains.
  • devXprite/httpfy - A fast and powerful http toolkit that take a list of domains to find active domains and other information such as status-code, title, response-time , server, content-type and many other
  • termuxhackers-id/SIGIT - SIGIT - Simple Information Gathering Toolkit
  • p1ngul1n0/blackbird - An OSINT tool to search for accounts by username in social networks.
  • j3ssie/metabigor - OSINT tools and more but without API ke
  • ksharinarayanan/SourceWolf - Amazingly fast response crawler to find juicy stuff in the source code! 😎🔥
  • devXprite/infoooze - A OSINT tool which helps you to quickly find information effectively. All you need is to input and it will take take care of rest.
  • Malfrats/OSINT-Map - 🗺 A map of OSINT tools.
  • danieldurnea/FBI-tools - 🕵️ OSINT Tools for gathering information and actions forensics 🕵️
  • vil/H4X-Tools - Open source toolkit for scraping, OSINT and more.
  • cipher387/osint_stuff_tool_collection - A collection of several hundred online tools for OSINT
  • Lucksi/Mr.Holmes - A Complete Osint Tool 🔍
  • v4d1/Dome - Dome - Subdomain Enumeration Tool. Fast and reliable python script that makes active and/or passive scan to obtain subdomains and search for open ports.
  • ItIsMeCall911/Awesome-Telegram-OSINT - 📚 A Curated List of Awesome Telegram OSINT Tools, Sites & Resources
  • khast3x/h8mail - Email OSINT & Password breach hunting tool, locally or using premium services. Supports chasing down related email
  • intelowlproject/IntelOwl - IntelOwl: manage your Threat Intelligence at scale
  • s0md3v/Photon - Incredibly fast crawler designed for OSINT.
  • leebaird/discover - Custom bash scripts used to automate various penetration testing tasks including recon, scanning, enumeration, and malicious payload creation using Metasploit. For use with Kali Linux.
  • lockfale/OSINT-Framework - OSINT Framework
  • ivre/ivre - Network recon framework. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, collect and analyse network intelligenc

others

parsing

  • soxoj/maigret - 🕵️‍♂️ Collect a dossier on a person by username from thousands of sites
  • log2timeline/plaso - Super timeline all the things
  • gchq/CyberChef - The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis

penetration-testing

  • six2dez/reconftw - reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
  • j3ssie/osmedeus - A Workflow Engine for Offensive Security
  • lucthienphong1120/AIO-Pentesting - All in one Pentest methodologies - Tools and commands | Where compiled all common materials for pentester
  • crond-jaist/AutoPentest-DRL - AutoPentest-DRL: Automated Penetration Testing Using Deep Reinforcement Learning
  • A-poc/RedTeam-Tools - Tools and Techniques for Red Team / Penetration Testing
  • yogeshojha/rengine - reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous mon
  • trickest/cve - Gather and update all available and newest CVEs with their PoC.
  • baguswiratmaadi/reverie - Automated Pentest Tools Designed For Parrot Linux
  • t3l3machus/Villain - Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities etc) and share them among conn
  • eslam3kl/3klCon - Automation Recon tool which works with Large & Medium scopes. It performs a lot of tasks and gets back all the results in separated files.
  • OWASP/Nettacker - Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
  • GamehunterKaan/AutoPWN-Suite - AutoPWN Suite is a project for scanning vulnerabilities and exploiting systems automatically.
  • moeinfatehi/Backup-Finder - A burp suite extension that reviews backup, old, temporary and unreferenced files on web server for sensitive information (OWASP WSTG-CONF-04, OTG-CONFIG-004)
  • offensive-hub/black-widow - GUI based offensive penetration testing tool (Open Source)
  • danieldurnea/FBI-tools - 🕵️ OSINT Tools for gathering information and actions forensics 🕵️
  • signorrayan/RedTeam_toolkit - Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools used in the red-teaming together.
  • v4d1/Dome - Dome - Subdomain Enumeration Tool. Fast and reliable python script that makes active and/or passive scan to obtain subdomains and search for open ports.
  • knassar702/scant3r - ScanT3r - Module based Bug Bounty Automation Tool ( use Lotus instead github.com/bugBlocker/lotus )
  • jakejarvis/awesome-shodan-queries - 🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻
  • samratashok/nishang - Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
  • 1N3/Sn1per - Attack Surface Management Platform
  • swisskyrepo/PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
  • screetsec/Brutal - Payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy . Brutal is a toolkit to quickly create various payload,powers
  • averagesecurityguy/scripts - Scripts I use during pentest engagements.
  • pentestgeek/phishing-frenzy - Ruby on Rails Phishing Framework

pentesting

  • six2dez/reconftw - reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
  • j3ssie/osmedeus - A Workflow Engine for Offensive Security
  • lucthienphong1120/AIO-Pentesting - All in one Pentest methodologies - Tools and commands | Where compiled all common materials for pentester
  • yogeshojha/rengine - reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous mon
  • trickest/cve - Gather and update all available and newest CVEs with their PoC.
  • zarkones/XENA - XENA is the managed remote administration platform for botnet creation & development powered by blockchain and machine learning. Aiming to provide an ecosystem which serves the bot herders. Favoring s
  • t3l3machus/Villain - Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities etc) and share them among conn
  • OWASP/Nettacker - Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
  • GamehunterKaan/AutoPWN-Suite - AutoPWN Suite is a project for scanning vulnerabilities and exploiting systems automatically.
  • moeinfatehi/Backup-Finder - A burp suite extension that reviews backup, old, temporary and unreferenced files on web server for sensitive information (OWASP WSTG-CONF-04, OTG-CONFIG-004)
  • DavidProbinsky/RedTeam-Physical-Tools - Red Team Toolkit - A curated list of tools that are commonly used in the field for Physical Security, Red Teaming, and Tactical Covert Entry.
  • p1ngul1n0/blackbird - An OSINT tool to search for accounts by username in social networks.
  • j3ssie/metabigor - OSINT tools and more but without API ke
  • danieldurnea/FBI-tools - 🕵️ OSINT Tools for gathering information and actions forensics 🕵️
  • UndeadSec/SocialFish - Phishing Tool & Information Collector
  • v4d1/Dome - Dome - Subdomain Enumeration Tool. Fast and reliable python script that makes active and/or passive scan to obtain subdomains and search for open ports.
  • six2dez/pentest-book -
  • hak5/bashbunny-payloads - The Official Bash Bunny Payload Repository
  • knassar702/scant3r - ScanT3r - Module based Bug Bounty Automation Tool ( use Lotus instead github.com/bugBlocker/lotus )
  • knownsec/pocsuite3 - pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.
  • diego-treitos/linux-smart-enumeration - Linux enumeration tool for pentesting and CTFs with verbosity levels
  • jakejarvis/awesome-shodan-queries - 🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻
  • Ciphey/Ciphey - ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
  • mantvydasb/RedTeaming-Tactics-and-Techniques - Red Teaming Tactics and Techniques
  • infosecn1nja/Red-Teaming-Toolkit - This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
  • vesche/scanless - online port scan scraper
  • leebaird/discover - Custom bash scripts used to automate various penetration testing tasks including recon, scanning, enumeration, and malicious payload creation using Metasploit. For use with Kali Linux.
  • 1N3/Sn1per - Attack Surface Management Platform
  • bluscreenofjeff/Red-Team-Infrastructure-Wiki - Wiki to collect Red Team infrastructure hardening resources
  • nccgroup/redsnarf - RedSnarf is a pen-testing / red-teaming tool for Windows environments
  • byt3bl33d3r/CrackMapExec - A swiss army knife for pentesting networks
  • pentestgeek/phishing-frenzy - Ruby on Rails Phishing Framework
  • n1nj4sec/pupy - Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C

php

postgresql

powershell

privacy

python

  • senran101604/sagemode - 👀Sagemode: Track and Unveil Online identities across social media platforms🕵️‍♂️
  • Significant-Gravitas/AutoGPT - AutoGPT is the vision of accessible AI for everyone, to use and to build on. Our mission is to provide the tools, so that you can focus on what matters.
  • BishopFox/eyeballer - Convolutional neural network for analyzing pentest screenshots
  • alephdata/aleph - Search and browse documents and data; find the people and companies you look for.
  • jofpin/trape - People tracker on the Internet: OSINT analysis and research tool by Jose Pino
  • soxoj/maigret - 🕵️‍♂️ Collect a dossier on a person by username from thousands of sites
  • zarkones/XENA - XENA is the managed remote administration platform for botnet creation & development powered by blockchain and machine learning. Aiming to provide an ecosystem which serves the bot herders. Favoring s
  • atenreiro/opensquat - The openSquat project is an open-source solution for detecting domain look-alikes by searching for newly registered domains that might be impersonating other legit domains.
  • OWASP/Nettacker - Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
  • GamehunterKaan/AutoPWN-Suite - AutoPWN Suite is a project for scanning vulnerabilities and exploiting systems automatically.
  • SubGlitch1/OSRipper - AV evading OSX Backdoor and Crypter Framework
  • p1ngul1n0/blackbird - An OSINT tool to search for accounts by username in social networks.
  • offensive-hub/black-widow - GUI based offensive penetration testing tool (Open Source)
  • signorrayan/RedTeam_toolkit - Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools used in the red-teaming together.
  • vil/H4X-Tools - Open source toolkit for scraping, OSINT and more.
  • tasos-py/Search-Engines-Scraper - Search google, bing, yahoo, and other search engines with python
  • UndeadSec/SocialFish - Phishing Tool & Information Collector
  • emalderson/ThePhish - ThePhish: an automated phishing email analysis tool
  • gokulapap/Reconator - Automated Recon for Pentesting & Bug Bounty
  • Lucksi/Mr.Holmes - A Complete Osint Tool 🔍
  • fortra/impacket - Impacket is a collection of Python classes for working with network protocols.
  • CorentinJ/Real-Time-Voice-Cloning - Clone a voice in 5 seconds to generate arbitrary speech in real-time
  • nccgroup/Winpayloads - Undetectable Windows Payload Generation
  • knownsec/pocsuite3 - pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.
  • nsacyber/WALKOFF - A flexible, easy to use, automation framework allowing users to integrate their capabilities and devices to cut through the repetitive, tedious tasks slowing them down. #nsacyber
  • 0xZDH/o365spray - Username enumeration and password spraying tool aimed at Microsoft O365.
  • Ciphey/Ciphey - ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
  • buffer/thug - Python low-interaction honeyclient
  • intelowlproject/IntelOwl - IntelOwl: manage your Threat Intelligence at scale
  • s0md3v/Photon - Incredibly fast crawler designed for OSINT.
  • foospidy/HoneyPy - A low to medium interaction honeypot.
  • DefectDojo/django-DefectDojo - DevSecOps, ASPM, Vulnerability Management. All on one platform.
  • SpamScope/spamscope - Fast Advanced Spam Analysis Tool
  • netzob/netzob - Netzob: Protocol Reverse Engineering, Modeling and Fuzzing
  • HarryR/maltrieve - A tool to retrieve malware directly from the source for security researchers.
  • Neo23x0/Loki - Loki - Simple IOC and YARA Scanner
  • mandiant/flare-wmi -
  • nathanlopez/Stitch - Python Remote Administration Tool (RAT)
  • Veil-Framework/Veil-Evasion - Veil Evasion is no longer supported, use Veil 3.0!
  • wifiphisher/wifiphisher - The Rogue Access Point Framework
  • StevenBlack/hosts - 🔒 Consolidating and extending hosts files from several well-curated sources. Optionally pick extensions for porn, social media, and other categories.
  • nccgroup/redsnarf - RedSnarf is a pen-testing / red-teaming tool for Windows environments
  • Genetic-Malware/Ebowla - Framework for Making Environmental Keyed Payloads (NO LONGER SUPPORTED)
  • ivre/ivre - Network recon framework. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, collect and analyse network intelligenc
  • mozilla/MozDef - DEPRECATED - MozDef: Mozilla Enterprise Defense Platform
  • decalage2/ViperMonkey - A VBA parser and emulation engine to analyze malicious macros.
  • secrary/SSMA - SSMA - Simple Static Malware Analyzer [This project is not maintained anymore by me]
  • nheijmans/malzoo - Mass static malware analysis tool
  • byt3bl33d3r/CrackMapExec - A swiss army knife for pentesting networks
  • stamparm/maltrail - Malicious traffic detection system
  • secretsquirrel/the-backdoor-factory - Patch PE, ELF, Mach-O binaries with shellcode new version in development, available only to sponsors
  • rfunix/Pompem - Find exploit tool
  • averagesecurityguy/scripts - Scripts I use during pentest engagements.
  • decalage2/olefile - olefile is a Python package to parse, read and write Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), such as Microsoft Office 97-20
  • decalage2/oletools - oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.
  • rsmusllp/king-phisher - Phishing Campaign Toolkit
  • Neo23x0/yarGen - yarGen is a generator for YARA rules
  • n1nj4sec/pupy - Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C
  • byt3bl33d3r/MITMf - Framework for Man-In-The-Middle attacks

python3

  • soxoj/maigret - 🕵️‍♂️ Collect a dossier on a person by username from thousands of sites
  • byt3bl33d3r/SILENTTRINITY - An asynchronous, collaborative post-exploitation agent powered by Python and .NET's DLR
  • GamehunterKaan/AutoPWN-Suite - AutoPWN Suite is a project for scanning vulnerabilities and exploiting systems automatically.
  • signorrayan/RedTeam_toolkit - Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools used in the red-teaming together.
  • kurogai/deepweb-scappering - Discover hidden deepweb pages
  • vil/H4X-Tools - Open source toolkit for scraping, OSINT and more.
  • 0xZDH/o365spray - Username enumeration and password spraying tool aimed at Microsoft O365.
  • doomedraven/VirusTotalApi - VirusTotal Full api
  • GoSecure/malboxes - Builds malware analysis Windows VMs so that you don't have to.
  • decalage2/olefile - olefile is a Python package to parse, read and write Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), such as Microsoft Office 97-20
  • openwpm/OpenWPM - A web privacy measurement framework

pytorch

rails

raspberry-pi

react

react-native

  • laurent22/joplin - Joplin - the secure note taking and to-do app with synchronisation capabilities for Windows, macOS, Linux, Android and iOS.

reactjs

  • phuocng/csslayout - A collection of popular layouts and patterns made with CSS. Now it has 100+ patterns and continues growing!

reverse-engineering

  • mentebinaria/retoolkit - Reverse Engineer's Toolkit
  • horsicq/Detect-It-Easy - Program for determining types of files for Windows, Linux and MacOS.
  • cytopia/badchars - Bad char generator to instruct encoders such as shikata-ga-nai to transform those to other chars.
  • netzob/netzob - Netzob: Protocol Reverse Engineering, Modeling and Fuzzing
  • a0rtega/pafish - Pafish is a testing tool that uses different techniques to detect virtual machines and malware analysis environments in the same way that malware families do
  • panda-re/panda - Platform for Architecture-Neutral Dynamic Analysis
  • das-labor/panopticon - A libre cross-platform disassembler.

ruby

  • ronin-rb/ronin - Ronin is a Free and Open Source Ruby Toolkit for Security Research and Development. Ronin also allows for the rapid development and distribution of code, exploits, payloads, etc, via 3rd party git rep
  • hawkeyesec/scanner-cli - A project security/vulnerability/risk scanning tool
  • presidentbeef/brakeman - A static analysis security vulnerability scanner for Ruby on Rails applications
  • pentestgeek/phishing-frenzy - Ruby on Rails Phishing Framework

rust

  • wssheldon/osintui - OSINT from your favorite services in a friendly terminal user interface - integrations for Virustotal, Shodan, and Censys
  • matanolabs/matano - Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
  • WithSecureLabs/chainsaw - Rapidly Search and Hunt through Windows Forensic Artefacts
  • das-labor/panopticon - A libre cross-platform disassembler.

scala

security

  • six2dez/reconftw - reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
  • cilium/tetragon - eBPF-based Security Observability and Runtime Enforcement
  • j3ssie/osmedeus - A Workflow Engine for Offensive Security
  • aquasecurity/trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
  • gravitational/teleport - Protect access to all of your infrastructure
  • jofpin/trape - People tracker on the Internet: OSINT analysis and research tool by Jose Pino
  • trickest/cve - Gather and update all available and newest CVEs with their PoC.
  • wssheldon/osintui - OSINT from your favorite services in a friendly terminal user interface - integrations for Virustotal, Shodan, and Censys
  • matanolabs/matano - Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
  • edoardottt/awesome-hacker-search-engines - A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
  • sublime-security/sublime-platform - A free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing. Gain visibility and control, hunt for advanced threats, collaborate with the community,
  • projectdiscovery/nuclei - Fast and customizable vulnerability scanner based on simple YAML based DSL.
  • OWASP/Nettacker - Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
  • GamehunterKaan/AutoPWN-Suite - AutoPWN Suite is a project for scanning vulnerabilities and exploiting systems automatically.
  • WithSecureLabs/chainsaw - Rapidly Search and Hunt through Windows Forensic Artefacts
  • google/oss-fuzz - OSS-Fuzz - continuous fuzzing for open source software.
  • j3ssie/metabigor - OSINT tools and more but without API ke
  • ronin-rb/ronin - Ronin is a Free and Open Source Ruby Toolkit for Security Research and Development. Ronin also allows for the rapid development and distribution of code, exploits, payloads, etc, via 3rd party git rep
  • k8gege/PowerLadon - Ladon hacking Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL/ORACLE/VNC
  • offensive-hub/black-widow - GUI based offensive penetration testing tool (Open Source)
  • Idov31/MrKaplan - MrKaplan is a tool aimed to help red teamers to stay hidden by clearing evidence of execution.
  • danieldurnea/FBI-tools - 🕵️ OSINT Tools for gathering information and actions forensics 🕵️
  • noraj/rawsec-cybersecurity-inventory - An inventory of tools and resources about CyberSecurity that aims to help people to find everything related to CyberSecurity.
  • DinoTools/dionaea - Home of the dionaea honeypot
  • trimstray/the-book-of-secret-knowledge - A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
  • six2dez/pentest-book -
  • undergroundwires/privacy.sexy - Open-source tool to enforce privacy & security best-practices on Windows, macOS and Linux, because privacy is sexy
  • knownsec/pocsuite3 - pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.
  • P0cL4bs/Nanobrok - Web Service write in Python for control and protect your android device remotely.
  • tristanlatr/burpa - Burp Automator - A Burp Suite Automation Tool. It provides a high level CLI and Python interfaces to Burp Suite scanner and can be used to setup Dynamic Application Security Testing (DAST).
  • droidefense/engine - Droidefense: Advance Android Malware Analysis Framework
  • dreadl0ck/netcap - A framework for secure and scalable network traffic analysis - https://netcap.io
  • nsacyber/WALKOFF - A flexible, easy to use, automation framework allowing users to integrate their capabilities and devices to cut through the repetitive, tedious tasks slowing them down. #nsacyber
  • Raikia/FiercePhish - FiercePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns, schedule sending of emails, and much more.
  • 0xZDH/o365spray - Username enumeration and password spraying tool aimed at Microsoft O365.
  • jakejarvis/awesome-shodan-queries - 🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻
  • mushorg/tanner - He who flays the hide
  • telekom-security/tpotce - 🍯 T-Pot - The All In One Honeypot Platform 🐝
  • activecm/rita - Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis.
  • zeek/packages - The default package source of the Zeek Package Manager. Wrote a package? See the README for how to get it included.
  • DefectDojo/django-DefectDojo - DevSecOps, ASPM, Vulnerability Management. All on one platform.
  • hawkeyesec/scanner-cli - A project security/vulnerability/risk scanning tool
  • SpamScope/spamscope - Fast Advanced Spam Analysis Tool
  • SySS-Research/Seth - Perform a MitM attack and extract clear text credentials from RDP connections
  • t4d/PhishingKitHunter - Find phishing kits which use your brand/organization's files and image.
  • samratashok/nishang - Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
  • 1N3/Sn1per - Attack Surface Management Platform
  • SigmaHQ/sigma - Main Sigma Rule Repository
  • rastating/wordpress-exploit-framework - A Ruby framework designed to aid in the penetration testing of WordPress systems.
  • swisskyrepo/PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
  • quasar/Quasar - Remote Administration Tool for Windows
  • wifiphisher/wifiphisher - The Rogue Access Point Framework
  • StevenBlack/hosts - 🔒 Consolidating and extending hosts files from several well-curated sources. Optionally pick extensions for porn, social media, and other categories.
  • arkime/arkime - Arkime is an open source, large scale, full packet capturing, indexing, and database system.
  • presidentbeef/brakeman - A static analysis security vulnerability scanner for Ruby on Rails applications
  • ivre/ivre - Network recon framework. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, collect and analyse network intelligenc
  • mozilla/MozDef - DEPRECATED - MozDef: Mozilla Enterprise Defense Platform
  • winsiderss/systeminformer - A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Brought to you by Winsider Seminars & Solutions, Inc. @ http://www.windows-internals.co
  • decalage2/ViperMonkey - A VBA parser and emulation engine to analyze malicious macros.
  • magenx/WAZUH-OSSEC - WAZUH - The Open Source Security Platform Installation
  • johnnykv/heralding - Credentials catching honeypot
  • stamparm/maltrail - Malicious traffic detection system
  • usableprivacy/upribox - Usable Privacy Box
  • das-labor/panopticon - A libre cross-platform disassembler.
  • decalage2/oletools - oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.
  • gophish/gophish - Open-Source Phishing Toolkit
  • rsmusllp/king-phisher - Phishing Campaign Toolkit
  • Graylog2/graylog2-server - Free and open log management
  • future-architect/vuls - Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
  • meirwah/awesome-incident-response - A curated list of tools for incident response
  • ashishb/android-security-awesome - A collection of android security related resources
  • apsdehal/awesome-ctf - A curated list of CTF frameworks, libraries, resources and softwares
  • sbilly/awesome-security - A collection of awesome software, libraries, documents, books, resources and cools stuffs about security.
  • paragonie/awesome-appsec - A curated list of resources for learning about application security

self-hosted

serverless

  • matanolabs/matano - Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS

shell

  • zarkones/XENA - XENA is the managed remote administration platform for botnet creation & development powered by blockchain and machine learning. Aiming to provide an ecosystem which serves the bot herders. Favoring s
  • PowerShell/PowerShell - PowerShell for every system!
  • n1nj4sec/pupy - Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C

statistics

  • mitchellkrogza/Phishing.Database - Phishing Domains, urls websites and threats database. We use the PyFunceble testing tool to validate the status of all known Phishing domains and provide stats to reveal how many unique domains used f

telegram

tensorflow

terminal

termux

  • termuxhackers-id/SIGIT - SIGIT - Simple Information Gathering Toolkit
  • devXprite/infoooze - A OSINT tool which helps you to quickly find information effectively. All you need is to input and it will take take care of rest.
  • Lucksi/Mr.Holmes - A Complete Osint Tool 🔍
  • jaykali/maskphish - Introducing "URL Making Technology" to the world for the very FIRST TIME. Give a Mask to Phishing URL like a PRO.. A MUST have tool for Phishing.

termux-hacking

  • Lucksi/Mr.Holmes - A Complete Osint Tool 🔍
  • jaykali/maskphish - Introducing "URL Making Technology" to the world for the very FIRST TIME. Give a Mask to Phishing URL like a PRO.. A MUST have tool for Phishing.

twitter

  • GorvGoyl/Clone-Wars - 100+ open-source clones of popular sites like Airbnb, Amazon, Instagram, Netflix, Tiktok, Spotify, Whatsapp, Youtube etc. See source code, demo links, tech stack, github stars.

typescript

  • FlowiseAI/Flowise - Drag & drop UI to build your customized LLM flow
  • mayooear/gpt4-pdf-chatbot-langchain - GPT4 & LangChain Chatbot for large PDF docs
  • zarkones/XENA - XENA is the managed remote administration platform for botnet creation & development powered by blockchain and machine learning. Aiming to provide an ecosystem which serves the bot herders. Favoring s
  • phuocng/csslayout - A collection of popular layouts and patterns made with CSS. Now it has 100+ patterns and continues growing!

vagrant

vue

  • JS-Encoder/JS-Encoder - JS-Encoder is an online front-end code editor(前端在线代码编辑器)built with vue and codemirror. If you want to support JS-Encoder, click star 💗 to support it!

web

webapp

webpack

  • phuocng/csslayout - A collection of popular layouts and patterns made with CSS. Now it has 100+ patterns and continues growing!

windows

wordpress

License

CC0

To the extent possible under law, andr6 has waived all copyright and related or neighboring rights to this work.

About

A curated list of my GitHub stars!

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published