Awesome Stars

A curated list of my GitHub stars! Generated by starred.

Contents

• ai
• android
• angular
• api
• aspnet
• awesome
• awesome-list
• aws
• azure
• bash
• c
• chrome
• chrome-extension
• cli
• code-quality
• code-review
• cpp
• csharp
• css
• dart
• database
• docker
• documentation
• dotnet
• electron
• express
• firebase
• flutter
• framework
• git
• go
• golang
• graphql
• hacking
• hacktoberfest
• homebridge
• html
• http
• ios
• java
• javascript
• jekyll
• kotlin
• kubernetes
• latex
• library
• linux
• lua
• machine-learning
• macos
• markdown
• material-design
• mobile
• mongodb
• mysql
• nextjs
• nodejs
• nosql
• npm
• objective-c
• open-source
• others
• p2p
• package-manager
• perl
• powershell
• pwa
• python
• python3
• raspberry-pi
• react
• react-native
• reactjs
• rest-api
• ruby
• rust
• security
• server
• serverless
• shell
• sql
• swift
• telegram
• terminal
• testing
• typescript
• unity
• vagrant
• vue
• web
• webapp
• windows
• wordpress

ai

• The-Art-of-Hacking/h4cker - This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artif

android

• WithSecureLabs/drozer - The Leading Security Assessment Framework for Android.
• androguard/androguard - Reverse engineering and pentesting for Android applications
• AzeemIdrisi/PhoneSploit-Pro - An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.
• iBotPeaches/Apktool - A tool for reverse engineering Android apk files
• requestly/requestly - Requestly was built to save developers time by intercepting and modifying HTTP Requests. It has now developed into an open-source alternative to Charles Proxy and Telerik Fiddler that works directly i
• wasabeef/awesome-android-ui - A curated list of awesome Android UI/UX libraries
• Hack-with-Github/Awesome-Hacking - A collection of various awesome lists for hackers, pentesters and security researchers
• appwrite/appwrite - Your backend, minus the hassle.
• Solido/awesome-flutter - An awesome list that curates the best Flutter libraries, tools, tutorials, articles and more.
• flutter/flutter - Flutter makes it easy and fast to build beautiful apps for mobile and beyond
• skylot/jadx - Dex to Java decompiler
• B3nac/InjuredAndroid - A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.
• OWASP/owasp-mastg - The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls
• n1nj4sec/pupy - Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C

angular

• altair-graphql/altair - ✨⚡️ A beautiful feature-rich GraphQL Client for all platforms.

api

• OWASP/crAPI - completely ridiculous API (crAPI)
• OWASP/API-Security - OWASP API Security Project
• HolyBugx/HolyTips - A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.
• bitwarden/server - The core infrastructure backend (API, database, Docker, etc).
• shieldfy/API-Security-Checklist - Checklist of the most important security countermeasures when designing, testing, and releasing your API
• FlareSolverr/FlareSolverr - Proxy server to bypass Cloudflare protection

aspnet

• bitwarden/server - The core infrastructure backend (API, database, Docker, etc).

awesome

• vavkamil/awesome-bugbounty-tools - A curated list of various bug bounty tools
• tiimgreen/github-cheat-sheet - A list of cool features of Git and GitHub.
• vsouza/awesome-ios - A curated list of awesome iOS ecosystem, including Objective-C and Swift Projects
• wasabeef/awesome-android-ui - A curated list of awesome Android UI/UX libraries
• sindresorhus/awesome-nodejs - ⚡ Delightful Node.js packages and resources
• Hack-with-Github/Awesome-Hacking - A collection of various awesome lists for hackers, pentesters and security researchers
• sindresorhus/awesome - 😎 Awesome lists about all kinds of interesting topics
• vinta/awesome-python - An opinionated list of awesome Python frameworks, libraries, software and resources.
• awesome-selfhosted/awesome-selfhosted - A list of Free Software network services and web applications which can be hosted on your own servers
• avelino/awesome-go - A curated list of awesome Go frameworks, libraries and software
• jaywcjlove/awesome-mac -  Now we have become very big, Different from the original idea. Collect premium software in various categories.
• Solido/awesome-flutter - An awesome list that curates the best Flutter libraries, tools, tutorials, articles and more.
• djsime1/awesome-flipperzero - 🐬 A collection of awesome resources for the Flipper Zero device.
• maguowei/starred - creating your own Awesome List by GitHub stars!
• trimstray/the-book-of-secret-knowledge - A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
• enaqx/awesome-pentest - A collection of awesome penetration testing resources, tools and other shiny things

awesome-list

• vavkamil/awesome-bugbounty-tools - A curated list of various bug bounty tools
• tiimgreen/github-cheat-sheet - A list of cool features of Git and GitHub.
• sindresorhus/awesome-nodejs - ⚡ Delightful Node.js packages and resources
• sindresorhus/awesome - 😎 Awesome lists about all kinds of interesting topics
• awesome-selfhosted/awesome-selfhosted - A list of Free Software network services and web applications which can be hosted on your own servers
• avelino/awesome-go - A curated list of awesome Go frameworks, libraries and software
• jaywcjlove/awesome-mac -  Now we have become very big, Different from the original idea. Collect premium software in various categories.
• ripienaar/free-for-dev - A list of SaaS, PaaS and IaaS offerings that have free tiers of interest to devops and infradev
• Solido/awesome-flutter - An awesome list that curates the best Flutter libraries, tools, tutorials, articles and more.
• djsime1/awesome-flipperzero - 🐬 A collection of awesome resources for the Flipper Zero device.
• maguowei/starred - creating your own Awesome List by GitHub stars!
• trimstray/the-book-of-secret-knowledge - A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
• enaqx/awesome-pentest - A collection of awesome penetration testing resources, tools and other shiny things
• The-Art-of-Hacking/h4cker - This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artif

aws

• cloud-custodian/cloud-custodian - Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
• marksowell/aws-account-finder - Find an AWS Account ID from any S3 Bucket
• WithSecureLabs/awspx - A graph-based tool for visualizing effective access and resource relationships in AWS environments.
• nccgroup/ScoutSuite - Multi-Cloud Security Auditing Tool
• aws/aws-toolkit-eclipse - (End of life: May 31, 2023) AWS Toolkit for Eclipse
• aws/aws-cli - Universal Command Line Interface for Amazon Web Services

azure

• cloud-custodian/cloud-custodian - Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
• BloodHoundAD/AzureHound - Azure Data Exporter for BloodHound
• nccgroup/ScoutSuite - Multi-Cloud Security Auditing Tool

bash

• MegaManSec/SSH-Snake - SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.
• stateful/vscode-runme - DevOps Workflows Built with Markdown for VS Code
• nvm-sh/nvm - Node Version Manager - POSIX-compliant bash script to manage multiple active node.js versions
• royalapplications/toolbox - This repository contains various automation scripts for Royal TS (for Windows) and Royal TSX (for macOS). Also included are dynamic folder samples. This collection consists of scripts by the Royal App
• RealityNet/ios_triage - Bash script to extract data from a "chekcra1ned" iOS device
• hyperupcall/autoenv - Directory-based environments.
• v1s1t0r1sh3r3/airgeddon - This is a multi-use bash script for Linux systems to audit wireless networks.
• peass-ng/PEASS-ng - PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

c

• radareorg/radare2 - UNIX-like reverse engineering framework and command-line toolset
• libimobiledevice/libimobiledevice - A cross-platform protocol library to communicate with iOS devices
• OpenIDC/mod_auth_openidc - OpenID Certified™ OpenID Connect Relying Party implementation for Apache HTTP Server 2.x
• hashcat/hashcat - World's fastest and most advanced password recovery utility

chrome

• sensepost/gowitness - 🔍 gowitness - a golang, web screenshot utility using Chrome Headless
• puppeteer/puppeteer - Node.js API for Chrome
• AlecBlance/S3BucketList - Chrome extension that lists Amazon S3 Buckets while browsing
• FlareSolverr/FlareSolverr - Proxy server to bypass Cloudflare protection

chrome-extension

• AlecBlance/S3BucketList - Chrome extension that lists Amazon S3 Buckets while browsing
• requestly/requestly - Requestly was built to save developers time by intercepting and modifying HTTP Requests. It has now developed into an open-source alternative to Charles Proxy and Telerik Fiddler that works directly i
• LasCC/HackTools - The all-in-one browser extension for offensive security professionals 🛠
• altair-graphql/altair - ✨⚡️ A beautiful feature-rich GraphQL Client for all platforms.

cli

• projectdiscovery/dnsx - dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers.
• pypa/pipx - Install and Run Python Applications in Isolated Environments
• projectdiscovery/katana - A next-generation crawling and spidering framework.
• sharkdp/bat - A cat(1) clone with wings.
• asciinema/asciinema - Terminal session recorder 📹
• abhijithvijayan/stargazed - 📋 Creating your own Awesome List of GitHub stars!

code-quality

• realm/SwiftLint - A tool to enforce Swift style and conventions.

code-review

• Cyber-Buddy/APKHunt - APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security testers,

cpp

• Ciphey/Ciphey - ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

csharp

• bitwarden/server - The core infrastructure backend (API, database, Docker, etc).
• dnSpyEx/dnSpy - Unofficial revival of the well known .NET debugger and assembly editor, dnSpy
• Aetsu/OffensivePipeline - OfensivePipeline allows you to download and build C# tools, applying certain modifications in order to improve their evasion for Red Team exercises.
• peass-ng/PEASS-ng - PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

css

• styled-components/styled-components - Visual primitives for the component age. Use the best bits of ES6 and CSS to style your apps without stress 💅

dart

• flutter/flutter - Flutter makes it easy and fast to build beautiful apps for mobile and beyond
• rustdesk/rustdesk - An open-source remote desktop, and alternative to TeamViewer.

database

• mongodb/mongo - The MongoDB Database
• sqlmapproject/sqlmap - Automatic SQL injection and database takeover tool

docker

• dani-garcia/vaultwarden - Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs
• appwrite/appwrite - Your backend, minus the hassle.
• bitwarden/server - The core infrastructure backend (API, database, Docker, etc).
• sickcodes/Docker-OSX - Run macOS VM in a Docker! Run near native OSX-KVM in Docker! X11 Forwarding! CI/CD for OS X Security Research! Docker mac Containers.
• harshit-budhraja/tor-nginx-proxy - Host your website on the Tor 🧅 network in less than 2 minutes ⌛️ with this tiny 🤏🏻 (less than ~15MB) docker image 🎊
• owncloud-docker/server - Docker image for ownCloud community edition
• FlareSolverr/FlareSolverr - Proxy server to bypass Cloudflare protection
• Hackplayers/evil-winrm - The ultimate WinRM shell for hacking/pentesting
• RustScan/RustScan - 🤖 The Modern Port Scanner 🤖

documentation

• withastro/starlight - 🌟 Build beautiful, accessible, high-performance documentation websites with Astro
• vmware/vsphere-automation-sdk-python - Python samples, language bindings, and API reference documentation for vSphere, VMC, and NSX-T using the VMware REST API
• just-the-docs/just-the-docs - A modern, high customizable, responsive Jekyll theme for documentation with built-in search.
• mkdocs/mkdocs - Project documentation with Markdown.
• squidfunk/mkdocs-material - Documentation that simply works

dotnet

• bitwarden/server - The core infrastructure backend (API, database, Docker, etc).
• dnSpyEx/dnSpy - Unofficial revival of the well known .NET debugger and assembly editor, dnSpy

electron

• altair-graphql/altair - ✨⚡️ A beautiful feature-rich GraphQL Client for all platforms.
• kamranahmedse/pennywise - Cross-platform application to open any website or media in a floating window

express

• expressjs/express - Fast, unopinionated, minimalist web framework for node.

firebase

• appwrite/appwrite - Your backend, minus the hassle.

flutter

• macosui/macos_ui - Flutter widgets and themes implementing the current macOS design language.
• appwrite/appwrite - Your backend, minus the hassle.
• Solido/awesome-flutter - An awesome list that curates the best Flutter libraries, tools, tutorials, articles and more.
• flutter/flutter - Flutter makes it easy and fast to build beautiful apps for mobile and beyond
• B3nac/InjuredAndroid - A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.
• rustdesk/rustdesk - An open-source remote desktop, and alternative to TeamViewer.

framework

• vapor/vapor - 💧 A server-side Swift HTTP web framework.
• rwf2/Rocket - A web framework for Rust.
• squidfunk/mkdocs-material - Documentation that simply works

git

• tiimgreen/github-cheat-sheet - A list of cool features of Git and GitHub.
• sharkdp/bat - A cat(1) clone with wings.

go

• fatedier/frp - A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
• avelino/awesome-go - A curated list of awesome Go frameworks, libraries and software
• BloodHoundAD/AzureHound - Azure Data Exporter for BloodHound
• haccer/subjack - Subdomain Takeover tool written in Go
• netevert/dnsmorph - Domain name permutation engine written in Go
• j3ssie/osmedeus - A Workflow Engine for Offensive Security
• owasp-amass/amass - In-depth attack surface mapping and asset discovery
• syncthing/syncthing - Open Source Continuous File Synchronization
• future-architect/vuls - Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
• OJ/gobuster - Directory/File, DNS and VHost busting tool written in Go

golang

• netbirdio/netbird - Connect your devices into a single secure private WireGuard®-based mesh network with SSO/MFA and simple access controls.
• sensepost/gowitness - 🔍 gowitness - a golang, web screenshot utility using Chrome Headless
• shellhub-io/shellhub - 💻 Get seamless remote access to any Linux device. Centralized SSH for the edge and cloud computing
• avelino/awesome-go - A curated list of awesome Go frameworks, libraries and software
• hahwul/dalfox - 🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
• haccer/subjack - Subdomain Takeover tool written in Go
• netevert/dnsmorph - Domain name permutation engine written in Go
• j3ssie/osmedeus - A Workflow Engine for Offensive Security
• projectdiscovery/interactsh - An OOB interaction gathering server and client library
• raz-varren/xsshell - An XSS reverse shell framework
• amine7536/reverse-scan - Perform reverse DNS lookups on huge network ranges
• gophish/gophish - Open-Source Phishing Toolkit
• owasp-amass/amass - In-depth attack surface mapping and asset discovery
• michenriksen/aquatone - A Tool for Domain Flyovers
• future-architect/vuls - Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

graphql

• swisskyrepo/GraphQLmap - GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. - Do not use for illegal testing ;)
• altair-graphql/altair - ✨⚡️ A beautiful feature-rich GraphQL Client for all platforms.
• dolevf/Black-Hat-GraphQL - The Black Hat GraphQL Book Repository

hacking

• MegaManSec/SSH-Snake - SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.
• summitt/Nope-Proxy - TCP/UDP Non-HTTP Proxy Extension (NoPE) for Burp Suite.
• six2dez/pentest-book -
• t3l3machus/Villain - Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities etc) and share them among conn
• infosecn1nja/Red-Teaming-Toolkit - This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
• AzeemIdrisi/PhoneSploit-Pro - An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.
• ghostsecurity/reaper - 💀 Don't fear the Reaper 👻
• LasCC/HackTools - The all-in-one browser extension for offensive security professionals 🛠
• Hack-with-Github/Awesome-Hacking - A collection of various awesome lists for hackers, pentesters and security researchers
• dolevf/Black-Hat-GraphQL - The Black Hat GraphQL Book Repository
• t3l3machus/toxssin - An XSS exploitation command-line interface and payload generator.
• nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters - A list of resources for those interested in getting started in bug bounties
• OWASP/owasp-mastg - The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls
• codingo/NoSQLMap - Automated NoSQL database enumeration and web application exploitation tool.
• trimstray/the-book-of-secret-knowledge - A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
• chenjj/espoofer - An email spoofing testing tool that aims to bypass SPF/DKIM/DMARC and forge DKIM signatures.🍻
• BiZken/PhishMailer - Generate Professional Phishing Emails Fast And Easy
• yogeshojha/rengine - reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous mon
• j3ssie/osmedeus - A Workflow Engine for Offensive Security
• HackTricks-wiki/hacktricks - Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
• SpiderLabs/HostHunter - HostHunter a recon tool for discovering hostnames using OSINT techniques.
• Ciphey/Ciphey - ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
• diego-treitos/linux-smart-enumeration - Linux enumeration tool for pentesting and CTFs with verbosity levels
• Hackplayers/evil-winrm - The ultimate WinRM shell for hacking/pentesting
• maurosoria/dirsearch - Web path scanner
• v1s1t0r1sh3r3/airgeddon - This is a multi-use bash script for Linux systems to audit wireless networks.
• samratashok/nishang - Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
• RustScan/RustScan - 🤖 The Modern Port Scanner 🤖
• juice-shop/juice-shop - OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
• The-Art-of-Hacking/h4cker - This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artif
• 0x00-0x00/ShellPop - Pop shells like a master.
• swisskyrepo/PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
• mitre/caldera - Automated Adversary Emulation Platform

hacktoberfest

• dani-garcia/vaultwarden - Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs
• AzeemIdrisi/PhoneSploit-Pro - An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.
• shellhub-io/shellhub - 💻 Get seamless remote access to any Linux device. Centralized SSH for the edge and cloud computing
• swisskyrepo/GraphQLmap - GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. - Do not use for illegal testing ;)
• tauri-apps/tauri - Build smaller, faster, and more secure desktop applications with a web frontend.
• realm/SwiftLint - A tool to enforce Swift style and conventions.
• requestly/requestly - Requestly was built to save developers time by intercepting and modifying HTTP Requests. It has now developed into an open-source alternative to Charles Proxy and Telerik Fiddler that works directly i
• OWASP/crAPI - completely ridiculous API (crAPI)
• akto-api-security/tests-library - Community generated list of API security tests to find OWASP top10, HackerOne top 10 vulnerabilities
• akto-api-security/akto - Proactive, Open source API security → API discovery, Testing in CI/CD, Test Library with 150+ Tests, Add custom tests, Sensitive data exposure
• avelino/awesome-go - A curated list of awesome Go frameworks, libraries and software
• altair-graphql/altair - ✨⚡️ A beautiful feature-rich GraphQL Client for all platforms.
• appwrite/appwrite - Your backend, minus the hassle.
• rahuldkjain/github-profile-readme-generator - 🚀 Generate GitHub profile README easily with the latest add-ons like visitors count, GitHub stats, etc using minimal UI.
• kyleboe/zoom_rb - Ruby REST API Wrapper for zoom.us API
• radareorg/radare2 - UNIX-like reverse engineering framework and command-line toolset
• mineek/sunst0rm - iOS Tether Downgrader
• BC-SECURITY/Starkiller - Starkiller is a Frontend for PowerShell Empire.
• BC-SECURITY/Empire - Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.
• sharkdp/bat - A cat(1) clone with wings.
• trufflesecurity/trufflehog - Find and verify secrets
• rustdesk/rustdesk - An open-source remote desktop, and alternative to TeamViewer.
• codingo/NoSQLMap - Automated NoSQL database enumeration and web application exploitation tool.
• hahwul/dalfox - 🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
• epi052/feroxbuster - A fast, simple, recursive content discovery tool written in Rust.
• projectdiscovery/nuclei - Fast and customizable vulnerability scanner based on simple YAML based DSL.
• noraj/rawsec-cybersecurity-inventory - An inventory of tools and resources about CyberSecurity that aims to help people to find everything related to CyberSecurity.
• FlareSolverr/FlareSolverr - Proxy server to bypass Cloudflare protection
• horsicq/Detect-It-Easy - Program for determining types of files for Windows, Linux and MacOS.
• lc/gau - Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.
• Ciphey/Ciphey - ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
• zaproxy/zap-extensions - ZAP Add-ons
• obsproject/obs-websocket - Remote-control of OBS Studio through WebSocket
• rapid7/metasploit-framework - Metasploit Framework
• RustScan/RustScan - 🤖 The Modern Port Scanner 🤖
• juice-shop/juice-shop - OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
• sinfulz/JustTryHarder - JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)
• swisskyrepo/PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
• secdev/scapy - Scapy: the Python-based interactive packet manipulation program & library.

homebridge

• homebridge/homebridge - HomeKit support for the impatient.

html

• mixmark-io/turndown - 🛏 An HTML to Markdown converter written in JavaScript

http

• rofl0r/proxychains-ng - proxychains ng (new generation) - a preloader which hooks calls to sockets in dynamically linked programs and redirects it through one or more socks/http proxies. continuation of the unmaintained prox
• vapor/vapor - 💧 A server-side Swift HTTP web framework.
• projectdiscovery/interactsh - An OOB interaction gathering server and client library
• carlospolop/fuzzhttpbypass - This tool use fuuzzing to try to bypass unknown authentication methods, who knows...

ios

• palera1n/palera1n - Jailbreak for A8 through A11, T2 devices, on iOS/iPadOS/tvOS 15.0, bridgeOS 5.0 and higher.
• RealityNet/ios_triage - Bash script to extract data from a "chekcra1ned" iOS device
• requestly/requestly - Requestly was built to save developers time by intercepting and modifying HTTP Requests. It has now developed into an open-source alternative to Charles Proxy and Telerik Fiddler that works directly i
• vsouza/awesome-ios - A curated list of awesome iOS ecosystem, including Objective-C and Swift Projects
• appwrite/appwrite - Your backend, minus the hassle.
• Solido/awesome-flutter - An awesome list that curates the best Flutter libraries, tools, tutorials, articles and more.
• flutter/flutter - Flutter makes it easy and fast to build beautiful apps for mobile and beyond
• noobpk/frida-ios-hook - A tool that helps you easy trace classes, functions, and modify the return values of methods on iOS platform
• airsquared/blobsaver - A cross-platform GUI and CLI app for automatically saving SHSH blobs
• AloneMonkey/frida-ios-dump - pull decrypted ipa from jailbreak device
• nabla-c0d3/ssl-kill-switch2 - Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS and macOS applications.
• OWASP/owasp-mastg - The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls
• ChiChou/grapefruit - (WIP) Runtime Application Instruments for iOS. Previously Passionfruit
• libimobiledevice/libimobiledevice - A cross-platform protocol library to communicate with iOS devices
• utmapp/UTM - Virtual machines for iOS and macOS

java

• WithSecureLabs/drozer - The Leading Security Assessment Framework for Android.
• thingsboard/thingsboard - Open-source IoT Platform - Device management, data collection, processing and visualization.
• skylot/jadx - Dex to Java decompiler
• airsquared/blobsaver - A cross-platform GUI and CLI app for automatically saving SHSH blobs
• aws/aws-toolkit-eclipse - (End of life: May 31, 2023) AWS Toolkit for Eclipse

javascript

• Milkdown/milkdown - 🍼 Plugin driven WYSIWYG markdown editor framework.
• elsewhencode/project-guidelines - A set of best practices for JavaScript projects
• ryanmcdermott/clean-code-javascript - 🛁 Clean Code concepts adapted for JavaScript
• sindresorhus/awesome-nodejs - ⚡ Delightful Node.js packages and resources
• t3l3machus/toxssin - An XSS exploitation command-line interface and payload generator.
• q-nick/npm-gui - Tired of the package.json dependency juggle? Meet npm-gui! We seamlessly integrate with npm, pnpm, or yarn. Managing, installing, and updating dependencies is as easy as it gets. Try npm-gui today and
• appwrite/appwrite - Your backend, minus the hassle.
• expressjs/express - Fast, unopinionated, minimalist web framework for node.
• dsternlicht/RESTool - RESTool is an open source UI tool for managing RESTful APIs. It could save you time developing your own internal tools. A live example:
• abhijithvijayan/stargazed - 📋 Creating your own Awesome List of GitHub stars!
• lmammino/jwt-cracker - Simple HS256, HS384 & HS512 JWT token brute force cracker.
• raz-varren/xsshell - An XSS reverse shell framework
• mixmark-io/turndown - 🛏 An HTML to Markdown converter written in JavaScript
• juice-shop/juice-shop - OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
• fingerprintjs/fingerprintjs - Browser fingerprinting library. Accuracy of this version is 40-60%, accuracy of the commercial Fingerprint Identification is 99.5%. V4 of this library is BSL licensed.

jekyll

• just-the-docs/just-the-docs - A modern, high customizable, responsive Jekyll theme for documentation with built-in search.
• jekyll/jekyll-seo-tag - A Jekyll plugin to add metadata tags for search engines and social networks to better index and display your site's content.

kotlin

• B3nac/InjuredAndroid - A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.

kubernetes

• openappsec/openappsec - open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.

latex

• noraj/OSCP-Exam-Report-Template-Markdown - 📙 Markdown Templates for Offensive Security OSCP, OSWE, OSCE, OSEE, OSWP exam report

library

• libimobiledevice/libimobiledevice - A cross-platform protocol library to communicate with iOS devices

linux

• shellhub-io/shellhub - 💻 Get seamless remote access to any Linux device. Centralized SSH for the edge and cloud computing
• royalapplications/toolbox - This repository contains various automation scripts for Royal TS (for Windows) and Royal TSX (for macOS). Also included are dynamic folder samples. This collection consists of scripts by the Royal App
• n1nj4sec/pupy - Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C
• rustdesk/rustdesk - An open-source remote desktop, and alternative to TeamViewer.
• trimstray/the-book-of-secret-knowledge - A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
• htr-tech/nexphisher - Advanced Phishing tool
• calebstewart/pwncat - Fancy reverse and bind shell handler
• mzfr/gtfo - Search gtfobins and lolbas files from your terminal
• v1s1t0r1sh3r3/airgeddon - This is a multi-use bash script for Linux systems to audit wireless networks.
• CISOfy/lynis - Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
• future-architect/vuls - Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
• GTFOBins/GTFOBins.github.io - GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems
• peass-ng/PEASS-ng - PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

lua

• Hammerspoon/hammerspoon - Staggeringly powerful macOS desktop automation with Lua
• scipag/vulscan - Advanced vulnerability scanning with Nmap NSE

machine-learning

• SoftDesLab/PIRANHA - Project for Software Design Laboratory -- Topic: Detecting Phishing Website with Machine Learning

macos

• jordanbaird/Ice - Powerful menu bar manager for macOS
• sieren/WidgetToggler - macOS Sonoma Widget Toggler for the Tray Bar - Easily Show and Hide Widgets
• Hammerspoon/hammerspoon - Staggeringly powerful macOS desktop automation with Lua
• royalapplications/toolbox - This repository contains various automation scripts for Royal TS (for Windows) and Royal TSX (for macOS). Also included are dynamic folder samples. This collection consists of scripts by the Royal App
• macosui/macos_ui - Flutter widgets and themes implementing the current macOS design language.
• jaywcjlove/awesome-mac -  Now we have become very big, Different from the original idea. Collect premium software in various categories.
• flutter/flutter - Flutter makes it easy and fast to build beautiful apps for mobile and beyond
• nabla-c0d3/ssl-kill-switch2 - Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS and macOS applications.
• sickcodes/Docker-OSX - Run macOS VM in a Docker! Run near native OSX-KVM in Docker! X11 Forwarding! CI/CD for OS X Security Research! Docker mac Containers.
• sethmlarson/truststore - Verify certificates using OS trust stores
• utmapp/UTM - Virtual machines for iOS and macOS
• macports/macports-ports - The MacPorts ports tree

markdown

• Milkdown/milkdown - 🍼 Plugin driven WYSIWYG markdown editor framework.
• stateful/vscode-runme - DevOps Workflows Built with Markdown for VS Code
• rahuldkjain/github-profile-readme-generator - 🚀 Generate GitHub profile README easily with the latest add-ons like visitors count, GitHub stats, etc using minimal UI.
• foambubble/foam - A personal knowledge management and sharing system for VSCode
• haiwen/seafile - High performance file syncing and sharing, with also Markdown WYSIWYG editing, Wiki, file label and other knowledge management features.
• slidevjs/slidev - Presentation Slides for Developers
• noraj/OSCP-Exam-Report-Template-Markdown - 📙 Markdown Templates for Offensive Security OSCP, OSWE, OSCE, OSEE, OSWP exam report
• mixmark-io/turndown - 🛏 An HTML to Markdown converter written in JavaScript
• mkdocs/mkdocs - Project documentation with Markdown.

material-design

• Solido/awesome-flutter - An awesome list that curates the best Flutter libraries, tools, tutorials, articles and more.
• flutter/flutter - Flutter makes it easy and fast to build beautiful apps for mobile and beyond
• squidfunk/mkdocs-material - Documentation that simply works

mobile

• WithSecureLabs/drozer - The Leading Security Assessment Framework for Android.
• Solido/awesome-flutter - An awesome list that curates the best Flutter libraries, tools, tutorials, articles and more.
• flutter/flutter - Flutter makes it easy and fast to build beautiful apps for mobile and beyond
• ChiChou/grapefruit - (WIP) Runtime Application Instruments for iOS. Previously Passionfruit

mongodb

• codingo/NoSQLMap - Automated NoSQL database enumeration and web application exploitation tool.
• mongodb/mongo - The MongoDB Database

mysql

• NetSPI/SQLInjectionWiki - A wiki focusing on aggregating and documenting various SQL injection methods

nextjs

• appwrite/appwrite - Your backend, minus the hassle.

nodejs

• nvm-sh/nvm - Node Version Manager - POSIX-compliant bash script to manage multiple active node.js versions
• sindresorhus/awesome-nodejs - ⚡ Delightful Node.js packages and resources
• q-nick/npm-gui - Tired of the package.json dependency juggle? Meet npm-gui! We seamlessly integrate with npm, pnpm, or yarn. Managing, installing, and updating dependencies is as easy as it gets. Try npm-gui today and
• expressjs/express - Fast, unopinionated, minimalist web framework for node.
• abhijithvijayan/stargazed - 📋 Creating your own Awesome List of GitHub stars!
• lmammino/jwt-cracker - Simple HS256, HS384 & HS512 JWT token brute force cracker.

nosql

• codingo/NoSQLMap - Automated NoSQL database enumeration and web application exploitation tool.
• mongodb/mongo - The MongoDB Database

npm

• q-nick/npm-gui - Tired of the package.json dependency juggle? Meet npm-gui! We seamlessly integrate with npm, pnpm, or yarn. Managing, installing, and updating dependencies is as easy as it gets. Try npm-gui today and

objective-c

• Hammerspoon/hammerspoon - Staggeringly powerful macOS desktop automation with Lua
• vsouza/awesome-ios - A curated list of awesome iOS ecosystem, including Objective-C and Swift Projects

open-source

• t3l3machus/Villain - Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities etc) and share them among conn
• requestly/requestly - Requestly was built to save developers time by intercepting and modifying HTTP Requests. It has now developed into an open-source alternative to Charles Proxy and Telerik Fiddler that works directly i
• commixproject/commix - Automated All-in-One OS Command Injection Exploitation Tool.
• SpiderLabs/HostHunter - HostHunter a recon tool for discovering hostnames using OSINT techniques.

others

• gentilkiwi/mimikatz - A little tool to play with Windows security
• punk-security/smbeagle - SMBeagle - Fileshare auditing tool.
• login-securite/lsassy - Extract credentials from lsass remotely
• r3motecontrol/Ghostpack-CompiledBinaries - Compiled Binaries for Ghostpack (.NET v4.0)
• GhostPack/Certify - Active Directory certificate abuse.
• dirkjanm/krbrelayx - Kerberos unconstrained delegation abuse toolkit
• SpecterOps/BloodHound - Six Degrees of Domain Admin
• microsoft/restler-fuzzer - RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services.
• r0oth3x49/ghauri - An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws
• netsecurity-as/subfuz - A subdomain fuzzing tool
• marksowell/massdns - A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)
• aboul3la/Sublist3r - Fast subdomains enumeration tool for penetration testers
• haad/proxychains - proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4, SOCKS5 or HTTP(S) proxy. Supported auth-types: "user/pass" for
• ly4k/Certipy - Tool for Active Directory Certificate Services enumeration and abuse
• PortSwigger/BChecks - BChecks collection for Burp Suite Professional and Burp Suite Enterprise Edition
• RedTeamOperations/RedCloud-OS - RedCloudOS is a Cloud Adversary Simulation Operating System for Red Teams to assess the Cloud Security of Leading Cloud Service Providers (CSPs)
• HavocFramework/Havoc - The Havoc Framework.
• mantvydasb/RedTeaming-Tactics-and-Techniques - Red Teaming Tactics and Techniques
• jhaddix/tbhm - The Bug Hunters Methodology
• blechschmidt/massdns - A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)
• WeAreCloudar/s3-account-search - S3 Account Search
• qishibo/AnotherRedisDesktopManager - 🚀🚀🚀A faster, better and more stable Redis desktop manager [GUI client], compatible with Linux, Windows, Mac.
• marksowell/burp-collaborator-deploy - Deploy a Private Burp Collaborator server with a wildcard Let's Encrypt SSL certificate including automatic renewal for advanced penetration testing. Includes scripts and guides for a seamless cloud d
• googleprojectzero/TinyInst - A lightweight dynamic instrumentation library
• oyyd/http-proxy-to-socks - hpts(http-proxy-to-socks) is a nodejs client to convert socks proxy into http proxy
• iphelix/dnschef - DNSChef - DNS proxy for Penetration Testers and Malware Analysts
• zoom/unsplash-chatbot - Send Unsplash photos in Zoom Team Chat.
• mandiant/capa - The FLARE team's open-source tool to identify capabilities in executable files.
• stateful/runme - DevOps Workflows Built with Markdown
• bugcrowd/tipjar -
• OWASP/www-project-mobile-top-10 -
• MobSF/RP4MobSF - a nginx reverse proxy with ssl and auth for MobSF
• guerreroag12/keyring_secret_manager -
• marksowell/ssl-labs-screenshot-js - Capture a trimmed screenshot of the SSL Labs report for a given domain.
• devanshbatham/heaptruffle - Mine URLs from Browser's Heap Snapshot for fun and profit
• zoom/team-chat-shortcut-sample - This repository contains a Node.js application that allows you to create a Zoom Team Chat App for managing recordings. Follow the instructions below to set up and run the application.
• IvanGlinkin/Fast-Google-Dorks-Scan - The OSINT project, the main idea of which is to collect all the possible Google dorks search combinations and to find the information about the specific web-site: common admin panels, the widespread f
• darklotuskdb/ios-reloader - The iOS Reloader is a weaponizing tool for jailbroken iOS devices. It facilitates the installation of a collection of tools on iOS devices (iPhone/iPad) that are essential for penetration testing purp
• AppSecExplained/xss-playground - A basic webapp to test XSS payloads.
• Syslifters/sysreptor - Fully customisable, offensive security reporting solution designed for pentesters, red teamers and other security-related people alike.
• zoom/zoom-e2e-whitepaper - Zoom Cryptography Whitepaper
• GhostManager/Ghostwriter - The SpecterOps project management and reporting engine
• blacklanternsecurity/writehat - A pentest reporting tool written in Python. Free yourself from Microsoft Word.
• abrignoni/ALEAPP - Android Logs Events And Protobuf Parser
• abrignoni/iLEAPP - iOS Logs, Events, And Plist Parser
• christianselig/apollo-backend - Apollo backend server
• zoom/zoom-bot-demo - Please visit our new vote-chatbot NPM sample app.
• zoom/zoomapps-serverless-vuejs - A Serverless Zoom App built on Firebase for Zoomtopia 2022 and beyond!
• marksowell/SSL-Labs-Screenshot - A Python package to capture a trimmed screenshot of the SSL Labs report for a given domain.
• nchah/github-traffic-stats - Get statistics on web traffic to your GitHub repositories.
• guerreroag12/SSH_Brute_Force - A simple python ssh brute forcer
• marksowell/Findings-Tracker - Burp Suite extension designed to help security professionals manage and track web application security findings
• badges/shields - Concise, consistent, and legible badges in SVG and raster format
• marksowell/Info-Leakage - Burp Suite extension designed to help security professionals search for custom sensitive information in HTTP responses
• akto-api-security/akto-burp-extension - A Burp extension to send data to Akto dashboard
• Checkmarx/capital - A built-to-be-vulnerable API application based on the OWASP top 10 API vulnerabilities. Use c{api}tal to learn, train and exploit API Security vulnerabilities within your own API Security CTF.
• HolyBugx/Demystifying-Cookies-and-Tokens-Security - Learn Cookies and Tokens Security in Practice.
• sAjibuu/Upload_Bypass - A simple tool for bypassing file upload restrictions.
• projectdiscovery/interactsh-web - Web dashboard for Interactsh client
• OWASP/www-members -
• Orange-Cyberdefense/ocd-mindmaps - Orange Cyberdefense mindmaps
• ReFirmLabs/binwalk - Firmware Analysis Tool
• zoom/zoom-sdk-android - Zoom Android SDK
• keycastr/keycastr - KeyCastr, an open-source keystroke visualizer
• PortSwigger/http-request-smuggler -
• tjcim/request_smuggling_calculator -
• hax0rgb/InsecureShop - An Intentionally designed Vulnerable Android Application built in Kotlin.
• payatu/diva-android - DIVA Android - Damn Insecure and vulnerable App for Android
• oversecured/ovaa - Oversecured Vulnerable Android App
• OWASP/MASTG-Hacking-Playground -
• UberGuidoZ/Flipper - Playground (and dump) of stuff I make or modify for the Flipper Zero
• RogueMaster/flipperzero-firmware-wPlugins - RogueMaster Flipper Zero Firmware
• DarkFlippers/unleashed-firmware - Flipper Zero Unleashed Firmware
• flipperdevices/flipperzero-firmware - Flipper Zero firmware source code
• Sambal0x/firebaseEnum - Tool to mass analyse potentially exposed Firebase databases on Android apps
• initstring/cloud_enum - Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.
• trufflesecurity/Trufflehog-Chrome-Extension -
• rofl0r/microsocks - tiny, portable SOCKS5 server with very moderate resource usage
• Kris-Sekula/UCS-KVM - Some tips on getting into a UCS KVM without Adobe Flash Installed
• ptswarm/reFlutter - Flutter Reverse Engineering Framework
• adobe-fonts/source-code-pro - Monospaced font family for user interface and coding environments
• romkatv/powerlevel10k - A Zsh theme
• thatstraw/Cybersecurity-Roadmap -
• microsoft/AttackSurfaceAnalyzer - Attack Surface Analyzer can help you analyze your operating system's security configuration for changes during software installation.
• ustayready/fireprox - AWS API Gateway management tool for creating on the fly HTTP pass-through proxies for unique IP rotation
• TheCase/IPMIView.app - MacOS App wrapper for Supermicro's IPMIView/iKVM java app
• CheckPointSW/ShowPolicyPackage - Check Point ShowPolicyPackage tool shows the content of a policy package (layers, rulebase, objects) over HTML pages.
• CheckPointSW/ExportObjects - Check Point ExportObjects tool enables you to export specific types of objects from a R80.10 and above Management database to a .csv file, which can then be imported into any other R80.10 and above Ma
• lgandx/Responder - Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication
• vulnersCom/nmap-vulners - NSE script based on Vulners.com API
• zmap/zmap - ZMap is a fast single packet network scanner designed for Internet-wide network surveys.
• hmaverickadams/Practical-Ethical-Hacking-FAQ - FAQ Guide for Practical Ethical Hacking Udemy Course
• antonkomarev/github-profile-views-counter - It counts how many times your GitHub profile has been viewed. Free cloud micro-service.
• ElioFegh/zoom-jailbreak-detection-bypass - hides jb popup from zoom app
• mechanico/Keychain-Dumper - A tool to check which keychain items are available to an attacker once an iOS device has been jailbroken
• NVISOsecurity/MagiskTrustUserCerts - A Magisk/KernelSU module that automatically adds user certificates to the system root CA store
• newbit1/rootAVD - Script to root AVDs running with QEMU Emulator from Android Studio
• mllocs/zoomus - Ruby wrapper gem for zoom.us API.
• OWASP/iGoat-Swift - OWASP iGoat (Swift) - A Damn Vulnerable Swift Application for iOS
• OWASP/igoat - OWASP iGoat - A Learning Tool for iOS App Pentesting and Security by Swaroop Yermalkar
• radareorg/iaito - Official QT frontend of radare2
• littlebyteorg/appledb -
• google/ssl_logger - Decrypts and logs a process's SSL traffic.
• neil-wu/CatFrida - CatFrida is a macOS tool for inspecting a running iOS app.
• zoom/meetingsdk-auth-endpoint-sample - Generate a Meeting SDK JWT to join Zoom meetings and webinars with the Meeting SDK.
• zoom/client-sdk-iOS-getting-started -
• ios-control/ios-deploy - Install and debug iPhone apps from the command line, without using Xcode
• DrDonk/unlocker - VMware macOS utilities
• futurerestore/futurerestore - A hacked up idevicerestore wrapper, which allows specifying SEP and Baseband for restoring
• MobSF/Mobile-Security-Framework-MobSF - Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and
• Karmaz95/crimson - Web Application Security Testing Tools
• dafthack/DomainPasswordSpray - DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain. BE VERY CAREFU
• RobinMeis/MITMsmtp - MITMsmtp is an Evil SMTP Server for pentesting SMTP clients to catch login credentials and mails sent over plain or SSL encrypted connections.
• skelsec/pypykatz - Mimikatz implementation in pure Python
• davidbombal/python-keylogger -
• AndreMiras/gitpop3 - Find the most popular fork on GitHub
• aleen42/badges - 🎴 Standard and acceptable badges list
• zeroc00I/AllVideoPocsFromHackerOne - This script grab public report from hacker one and make some folders with poc videos
• hmaverickadams/Windows-WiFi-Extractor - Extract Windows Wi-Fi Passwords to Remote URL
• snyk/vscode-extension - Snyk extension for Visual Studio Code
• frida/frida - Clone this repo to build Frida
• punk-security/dnsReaper - dnsReaper - subdomain takeover tool for attackers, bug bounty hunters and the blue team!
• zoom/zoomapps-advancedsample-react - This repository contains an Advanced Zoom Apps Sample. It should serve as a starting point for you to build and test your own Zoom App in development.
• zoom/zoom-oauth-sample-app - Sample Zoom Oauth App NodeJS app to call Zoom's APIs
• 0xJs/RedTeaming_CheatSheet - Pentesting cheatsheet with all the commands I learned during my learning journey. Will try to to keep it up-to-date.
• RedisInsight/RedisInsight - Redis GUI by Redis
• zoom/webhook-sample - Receive Zoom webhooks.
• mandiant/Vulnerability-Disclosures -
• zoom/zoomapps-texteditor-vuejs - A simple text editor Zoom App that demonstrates Collaborate Mode
• zoom/zoomapps-customlayout-js - A simple podcaster Zoom App to demonstrate Immersive Mode through our Layers API
• zoom/api - Zoom API Version 2 Documentation
• zoom/zoomapps-sample-js - A Hello World Zoom App built with Vanilla JS
• OTRF/Security-Datasets - Re-play Security Events
• TheParmak/conti-leaks-englished - Google and deepl translated conti leaks, which is shared by a member of the conti ransomware group.
• ForbiddenProgrammer/conti-pentester-guide-leak - Leaked pentesting manuals given to Conti ransomware crooks
• GossiTheDog/SystemNightmare - Gives you instant SYSTEM command prompt on all supported and legacy versions of Windows
• SnaffCon/Snaffler - a tool for pentesters to help find delicious candy, by @l0ss and @Sh3r4 ( Twitter: @/mikeloss and @/sh3r4_hax )
• silence-is-best/files -
• S1ckB0y1337/Cobalt-Strike-CheatSheet - Some notes and examples for cobalt strike's functionality
• soufianetahiri/ContiLeaks -
• 0xthirteen/MoveKit - Cobalt Strike kit for Lateral Movement
• NetSPI/asa_tools - Verification tools for CVE-2016-1287
• cathugger/mkp224o - vanity address generator for tor onion v3 (ed25519) hidden services
• coder/code-server - VS Code in the browser
• clr2of8/GatherContacts - A Burp Suite Extension to pull Employee Names from Google and Bing LinkedIn Search Results
• threatexpress/domainhunter - Checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names
• NVISOsecurity/pyCobaltHound - pyCobaltHound is an Aggressor script extension for Cobalt Strike which aims to provide a deep integration between Cobalt Strike and Bloodhound.
• marksowell/stars - A curated list of my GitHub stars!
• marksowell/nishang - Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
• marksowell/Ckpt_Mike- -
• marksowell/BrightTalk-video-downloader -
• marksowell/cf-bypass -
• marksowell/marksowell.github.io - Mark Sowell - Penetration Tester at Check Point Software Technologies Ltd. - CEH Master, CCSM Elite, & Cybersecurity Expert
• marksowell/docker-compose-osmedeus-traefik - Docker Compose file for Osmedeus behind Traefik Reverse Proxy
• marksowell/Harmony-Connect-Corporate-Access-API - Postman Collection for Check Point Harmony Connect Corporate Access API
• marksowell/my-stars - A curated list of my GitHub stars by stargazed
• dirkjanm/mitm6 - pwning IPv4 via IPv6
• hmaverickadams/TCM-Security-Sample-Pentest-Report - Sample pentest report provided by TCM Security
• abhijithvijayan/awesome-stars - A curated list of my GitHub stars by stargazed
• XalfiE/Sharepoint-URL-Fuzzlist -
• Dheerajmadhukar/4-ZERO-3 - 403/401 Bypass Methods + Bash Automation + Your Support ;)
• dwisiswant0/apkleaks - Scanning APK file for URIs, endpoints & secrets.
• RoseSecurity/Anti-Virus-Evading-Payloads - During the exploitation phase of a pen test or ethical hacking engagement, you will ultimately need to try to cause code to run on target system computers. Whether accomplished by phishing emails, del
• PhishyAlice/awesome-phishing - Collection of resources related to phishing
• htr-tech/zphisher - An automated phishing tool with 30+ templates. This Tool is made for educational purpose only ! Author will not be responsible for any misuse of this toolkit !
• Lu3ky13/lu3ky13-SCANNER - tools to find xss in a website
• s0md3v/Corsy - CORS Misconfiguration Scanner
• highmeh/lure - Lure - User Recon Automation for GoPhish
• kgretzky/evilginx2 - Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
• kylon/Sharedown - Electron application to download Sharepoint videos (especially meant for students)
• HiwinCN/HTran - HTran is a connection bouncer, a kind of proxy server. A “listener” program is hacked stealthily onto an unsuspecting host anywhere on the Internet. When it receives signals from the actual target sys
• RedSiege/EyeWitness - EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.
• nccgroup/scrying - A tool for collecting RDP, web and VNC screenshots all in one place
• royhills/ike-scan - The IKE Scanner
• S3cur3Th1sSh1t/Pentest-Tools -
• darkoperator/dnsrecon - DNS Enumeration Script
• marksowell/marksowell -
• extremenetworks/Virtual_EXOS - EXOS VM images are provided for testing in virtual environments such as Virtualbox or VMware.
• sundowndev/phoneinfoga - Information gathering framework for phone numbers
• h4wkst3r/InvisibilityCloak - Proof-of-concept obfuscation toolkit for C# post-exploitation tools
• allanlw/svg-cheatsheet - A cheatsheet for exploiting server-side SVG processors.
• AlexanderPro/SmartSystemMenu - SmartSystemMenu extends system menu of all windows in the system
• sansatart/scrapts - Scrapts Scrapts Scrapts
• jayphelps/git-blame-someone-else - Blame someone else for your bad code.
• curi0usJack/luckystrike - A PowerShell based utility for the creation of malicious Office macro documents.
• sevagas/macro_pack - macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments. T
• 3gstudent/Worse-PDF - Turn a normal PDF file into malicious.Use to steal Net-NTLM Hashes from windows machines.
• tihanyin/PSSW100AVB - A list of useful Powershell scripts with 100% AV bypass (At the time of publication).
• cornerpirate/JS2PDFInjector - Inject a JS file into a PDF file.
• ahmedkhlief/Ninja - Open source C2 server created for stealth red team operations
• Arvanaghi/CheckPlease - Sandbox evasion modules written in PowerShell, Python, Go, Ruby, C, C#, Perl, and Rust.
• mhaskar/DNSStager - Hide your payload in DNS
• CheckPointSW/InviZzzible - InviZzzible is a tool for assessment of your virtual environments in an easy and reliable way. It contains the most recent and up to date detection and evasion techniques as well as fixes for them.
• t3hbb/NSGenCS - Extendable payload obfuscation and delivery framework
• basharkey/CVE-2022-0847-dirty-pipe-checker - Bash script to check for CVE-2022-0847 "Dirty Pipe"
• AlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits - A collection of exploits and documentation that can be used to exploit the Linux Dirty Pipe vulnerability.
• arthepsy/ssh-audit - SSH server auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)
• lockfale/OSINT-Framework - OSINT Framework
• s0md3v/XSStrike - Most advanced XSS scanner.
• cujanovic/SSRF-Testing - SSRF (Server Side Request Forgery) testing resources
• cyberark/DLLSpy - DLL Hijacking Detection Tool
• IFGHou/EtherApe - A graphical network monitor for Unix modeled after etherman.
• ambionics/phpggc - PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.
• vmware/photon - Minimal Linux container host
• LiveOverflow/log4shell - Small example repo for looking into log4j CVE-2021-44228
• alfredzou/BrightTalk-video-downloader -
• nccgroup/CollaboratorPlusPlus -
• xforcered/scan4log4shell - A Burp Pro extension that adds log4shell checks to Burp Scanner.
• PortSwigger/log4shell-scanner - Log4Shell scanner for Burp Suite
• NCSC-NL/log4shell - Operational information regarding the log4shell vulnerabilities in the Log4j logging library.
• EnableSecurity/wafw00f - WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.
• redcanaryco/atomic-red-team - Small and highly portable detection tests based on MITRE's ATT&CK.
• 0x90n/InfoSec-Black-Friday - All the deals for InfoSec related software/tools this Black Friday
• Ekultek/WhatWaf - Detect and bypass web application firewalls and protection systems
• DigiDNA/Silicon -
• dafthack/MailSniper - MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It can b
• drwetter/testssl.sh - Testing TLS/SSL encryption anywhere on any port
• ernw/nmap-parse-output - Converts/manipulates/extracts data from a Nmap scan output.
• plusvic/yara - The pattern matching swiss knife
• S3cur3Th1sSh1t/PowerSharpPack -
• VirusTotal/yara - The pattern matching swiss knife
• mitre-attack/attack-arsenal - A collection of red team and adversary emulation resources developed and released by MITRE.
• splunk/attack_range - A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk
• whoisflynn/OSCP-Exam-Report-Template - Modified template for the OSCP Exam and Labs. Used during my passing attempt
• 411Hall/JAWS - JAWS - Just Another Windows (Enum) Script
• 0xInfection/XSRFProbe - The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.
• epinna/tplmap - Server-Side Template Injection and Code Injection Detection and Exploitation Tool
• payloadbox/xss-payload-list - 🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
• lgandx/PCredz - This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface.
• jondonas/linux-exploit-suggester-2 - Next-Generation Linux Kernel Exploit Suggester
• The-Z-Labs/linux-exploit-suggester - Linux privilege escalation auditing tool
• juliocesarfort/public-pentesting-reports - A list of public penetration test reports published by several consulting firms and academic security groups.
• cyberheartmi9/PayloadsAllTheThings -
• bugcrowd/HUNT -
• spipm/Depix - Recovers passwords from pixelized screenshots
• BloodHoundAD/BloodHound - Six Degrees of Domain Admin
• GhostPack/Rubeus - Trying to tame the three-headed dog.
• ropnop/kerbrute - A tool to perform Kerberos pre-auth bruteforcing
• corelan/mona - Corelan Repository for mona.py
• TCM-Course-Resources/Open-Source-Intellingence-Resources - Compilation of Resources from TCM's OSINT Course
• Tib3rius/Pentest-Cheatsheets -
• dievus/threader3000 - Multi-threaded Python Port Scanner with Nmap Integration
• itm4n/PrintSpoofer - Abusing impersonation privileges through the "Printer Bug"
• blackploit/hash-identifier - Software to identify the different types of hashes used to encrypt data and especially passwords
• ShawnDEvans/smbmap - SMBMap is a handy SMB enumeration tool
• NetSPI/MicroBurst - A collection of scripts for assessing Microsoft Azure security
• WebBreacher/tilde_enum - Takes a URL and checks the system for the tilde enum vuln and then find the files.
• lijiejie/IIS_shortname_Scanner - an IIS shortname Scanner
• rharder/imagesnap - Capture Images from the Command Line
• tomnomnom/httprobe - Take a list of domains and probe for working HTTP and HTTPS servers
• beefproject/beef - The Browser Exploitation Framework Project
• sullo/nikto - Nikto web server scanner
• sirmspencer/vscode-autohide -
• irsdl/IIS-ShortName-Scanner - latest version of scanners for IIS short filename (8.3) disclosure vulnerability
• hmaverickadams/breach-parse - A tool for parsing breached passwords
• fmaida/mkdocs-material-dark-theme - External SCSS/CSS file that can change the appearance of mkdocs-material theme and render it in dark colors.
• danielmiessler/RobotsDisallowed - A curated list of the most common and most interesting robots.txt disallowed directories.
• NotSoSecure/password_cracking_rules - One rule to crack all passwords. or atleast we hope so.
• praetorian-inc/Hob0Rules - Password cracking rules for Hashcat based on statistics and industry patterns
• frizb/Windows-Privilege-Escalation - Windows Privilege Escalation Techniques and Scripts
• rasta-mouse/Sherlock - PowerShell script to quickly find missing software patches for local privilege escalation vulnerabilities.
• hmaverickadams/External-Pentest-Checklist -
• hausec/ADAPE-Script - Active Directory Assessment and Privilege Escalation Script
• PowerShellEmpire/PowerTools - PowerTools is a collection of PowerShell projects with a focus on offensive operations.
• robertdavidgraham/masscan - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
• LOLBAS-Project/LOLBAS - Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
• danielmiessler/SecLists - SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensi
• aysebilgegunduz/Windows-Exploit-Suggester - This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploit
• AonCyberLabs/Windows-Exploit-Suggester - This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploit
• theGuildHall/pwnbox - Instructions on how to create your very own Pwnbox, originally created by HTB
• tomnomnom/waybackurls - Fetch all the URLs that the Wayback Machine knows about for a domain
• CiscoCXSecurity/enum4linux - enum4Linux is a Linux alternative to enum.exe for enumerating data from Windows and Samba hosts
• TCM-Course-Resources/Windows-Privilege-Escalation-Resources - Compilation of Resources from TCM's Windows Priv Esc Udemy Course
• danielbohannon/Invoke-Obfuscation - PowerShell Obfuscator
• reduxjs/redux-devtools - DevTools for Redux with hot reloading, action replay, and customizable UI
• its-a-feature/Mythic - A collaborative, multi-platform, red teaming framework
• Calvin-LL/toggleairport - A script for macOS to turn off WiFi when Ethernet is plugged in, and turn on WiFi when Ethernet is unplugged
• 21y4d/nmapAutomator - A script that you can run in the background!
• PowerShellMafia/PowerSploit - PowerSploit - A PowerShell Post-Exploitation Framework
• malwaredllc/byob - An open-source post-exploitation framework for students, researchers and developers.
• google/tsunami-security-scanner - Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.
• NationalSecurityAgency/ghidra - Ghidra is a software reverse engineering (SRE) framework
• axboe/fio - Flexible I/O Tester
• CheckPointSW/UsefulManagementApiTools - Check Point Useful Management API Tools contain scripts and tools that were used as solutions for customers.

p2p

• fatedier/frp - A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
• rustdesk/rustdesk - An open-source remote desktop, and alternative to TeamViewer.
• syncthing/syncthing - Open Source Continuous File Synchronization

package-manager

• q-nick/npm-gui - Tired of the package.json dependency juggle? Meet npm-gui! We seamlessly integrate with npm, pnpm, or yarn. Managing, installing, and updating dependencies is as easy as it gets. Try npm-gui today and
• macports/macports-ports - The MacPorts ports tree

perl

• royalapplications/toolbox - This repository contains various automation scripts for Royal TS (for Windows) and Royal TSX (for macOS). Also included are dynamic folder samples. This collection consists of scripts by the Royal App

powershell

• royalapplications/toolbox - This repository contains various automation scripts for Royal TS (for Windows) and Royal TSX (for macOS). Also included are dynamic folder samples. This collection consists of scripts by the Royal App
• jymcheong/AutoTTP - Automated Tactics Techniques & Procedures
• byt3bl33d3r/CrackMapExec - A swiss army knife for pentesting networks
• Hackplayers/evil-winrm - The ultimate WinRM shell for hacking/pentesting
• get-get-get-get/PowerProxy - PowerShell SOCKS proxy with reverse proxy capabilities
• samratashok/nishang - Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

pwa

• GoogleChrome/lighthouse - Automated auditing, performance metrics, and best practices for the web.

python

• MattKeeley/Spoofy - Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
• AzeemIdrisi/PhoneSploit-Pro - An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.
• jonaslejon/malicious-pdf - 💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh
• pypa/pipx - Install and Run Python Applications in Isolated Environments
• royalapplications/toolbox - This repository contains various automation scripts for Royal TS (for Windows) and Royal TSX (for macOS). Also included are dynamic folder samples. This collection consists of scripts by the Royal App
• vinta/awesome-python - An opinionated list of awesome Python frameworks, libraries, software and resources.
• commixproject/commix - Automated All-in-One OS Command Injection Exploitation Tool.
• t3l3machus/toxssin - An XSS exploitation command-line interface and payload generator.
• vmware/vsphere-automation-sdk-python - Python samples, language bindings, and API reference documentation for vSphere, VMC, and NSX-T using the VMware REST API
• n1nj4sec/pupy - Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C
• sethmlarson/truststore - Verify certificates using OS trust stores
• volatilityfoundation/volatility3 - Volatility 3.0 development
• jymcheong/AutoTTP - Automated Tactics Techniques & Procedures
• uber-common/metta - An information security preparedness tool to do adversarial simulation.
• byt3bl33d3r/CrackMapExec - A swiss army knife for pentesting networks
• UndeadSec/SocialFish - Phishing Tool & Information Collector
• yt-dlp/yt-dlp - A feature-rich command-line audio/video downloader
• OWASP/Nettacker - Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
• superhedgy/AttackSurfaceMapper - AttackSurfaceMapper is a tool that aims to automate the reconnaissance process.
• laramies/theHarvester - E-mails, subdomains and names Harvester - OSINT
• threat9/routersploit - Exploitation Framework for Embedded Devices
• Neo23x0/Loki - Loki - Simple IOC and YARA Scanner
• aress31/jwtcat - A CPU-based JSON Web Token (JWT) cracker and - to some extent - scanner.
• Ciphey/Ciphey - ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
• maurosoria/dirsearch - Web path scanner
• sqlmapproject/sqlmap - Automatic SQL injection and database takeover tool
• mkdocs/mkdocs - Project documentation with Markdown.
• s0md3v/Photon - Incredibly fast crawler designed for OSINT.
• fortra/impacket - Impacket is a collection of Python classes for working with network protocols.
• secdev/scapy - Scapy: the Python-based interactive packet manipulation program & library.

python3

• MattKeeley/Spoofy - Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
• vmware/vsphere-automation-sdk-python - Python samples, language bindings, and API reference documentation for vSphere, VMC, and NSX-T using the VMware REST API
• byt3bl33d3r/WitnessMe - Web Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to make life easier.
• SoftDesLab/PIRANHA - Project for Software Design Laboratory -- Topic: Detecting Phishing Website with Machine Learning
• Liodeus/swaggerHole - A python3 script searching for secret on swaggerhub
• get-get-get-get/PowerProxy - PowerShell SOCKS proxy with reverse proxy capabilities

raspberry-pi

• shellhub-io/shellhub - 💻 Get seamless remote access to any Linux device. Centralized SSH for the edge and cloud computing

react

• requestly/requestly - Requestly was built to save developers time by intercepting and modifying HTTP Requests. It has now developed into an open-source alternative to Charles Proxy and Telerik Fiddler that works directly i
• q-nick/npm-gui - Tired of the package.json dependency juggle? Meet npm-gui! We seamlessly integrate with npm, pnpm, or yarn. Managing, installing, and updating dependencies is as easy as it gets. Try npm-gui today and
• styled-components/styled-components - Visual primitives for the component age. Use the best bits of ES6 and CSS to style your apps without stress 💅
• appwrite/appwrite - Your backend, minus the hassle.
• rahuldkjain/github-profile-readme-generator - 🚀 Generate GitHub profile README easily with the latest add-ons like visitors count, GitHub stats, etc using minimal UI.

react-native

• appwrite/appwrite - Your backend, minus the hassle.

reactjs

• dsternlicht/RESTool - RESTool is an open source UI tool for managing RESTful APIs. It could save you time developing your own internal tools. A live example:

rest-api

• kyleboe/zoom_rb - Ruby REST API Wrapper for zoom.us API
• dsternlicht/RESTool - RESTool is an open source UI tool for managing RESTful APIs. It could save you time developing your own internal tools. A live example:

ruby

• kyleboe/zoom_rb - Ruby REST API Wrapper for zoom.us API
• jekyll/jekyll-sitemap - Jekyll plugin to silently generate a sitemaps.org compliant sitemap for your Jekyll site
• Hackplayers/evil-winrm - The ultimate WinRM shell for hacking/pentesting

rust

• dani-garcia/vaultwarden - Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs
• tauri-apps/tauri - Build smaller, faster, and more secure desktop applications with a web frontend.
• LemmyNet/lemmy - 🐀 A link aggregator and forum for the fediverse
• rwf2/Rocket - A web framework for Rust.
• bee-san/Ares - Automated decoding of encrypted text without knowing the key or ciphers used
• sharkdp/bat - A cat(1) clone with wings.
• rustdesk/rustdesk - An open-source remote desktop, and alternative to TeamViewer.
• asciinema/asciinema - Terminal session recorder 📹
• epi052/feroxbuster - A fast, simple, recursive content discovery tool written in Rust.
• WithSecureLabs/chainsaw - Rapidly Search and Hunt through Windows Forensic Artefacts
• RustScan/RustScan - 🤖 The Modern Port Scanner 🤖

security

• vletoux/pingcastle - PingCastle - Get Active Directory Security at 80% in 20% of the time
• WithSecureLabs/drozer - The Leading Security Assessment Framework for Android.
• MegaManSec/SSH-Snake - SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.
• six2dez/pentest-book -
• MattKeeley/Spoofy - Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
• infobyte/faraday - Open Source Vulnerability Management Platform
• sensepost/gowitness - 🔍 gowitness - a golang, web screenshot utility using Chrome Headless
• EdOverflow/can-i-take-over-xyz - "Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
• ghostsecurity/reaper - 💀 Don't fear the Reaper 👻
• AlecBlance/S3BucketList - Chrome extension that lists Amazon S3 Buckets while browsing
• pwndoc/pwndoc - Pentest Report Generator
• marksowell/Clickjacking-POC - A Python package for creating a clickjacking proof of concept (POC).
• OWASP/API-Security - OWASP API Security Project
• inonshk/31-days-of-API-Security-Tips - This challenge is Inon Shkedy's 31 days API Security Tips.
• HolyBugx/HolyTips - A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.
• akto-api-security/tests-library - Community generated list of API security tests to find OWASP top10, HackerOne top 10 vulnerabilities
• akto-api-security/akto - Proactive, Open source API security → API discovery, Testing in CI/CD, Test Library with 150+ Tests, Add custom tests, Sensitive data exposure
• Hack-with-Github/Awesome-Hacking - A collection of various awesome lists for hackers, pentesters and security researchers
• Cyber-Buddy/APKHunt - APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security testers,
• jeremylong/DependencyCheck - OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
• radareorg/radare2 - UNIX-like reverse engineering framework and command-line toolset
• nabla-c0d3/ssl-kill-switch2 - Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS and macOS applications.
• dradis/dradis-ce - Dradis Framework: Collaboration and reporting for IT Security teams
• byt3bl33d3r/WitnessMe - Web Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to make life easier.
• trufflesecurity/trufflehog - Find and verify secrets
• shieldfy/API-Security-Checklist - Checklist of the most important security countermeasures when designing, testing, and releasing your API
• uber-common/metta - An information security preparedness tool to do adversarial simulation.
• hahwul/dalfox - 🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
• haccer/subjack - Subdomain Takeover tool written in Go
• nccgroup/ScoutSuite - Multi-Cloud Security Auditing Tool
• trimstray/the-book-of-secret-knowledge - A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
• projectdiscovery/nuclei - Fast and customizable vulnerability scanner based on simple YAML based DSL.
• chenjj/espoofer - An email spoofing testing tool that aims to bypass SPF/DKIM/DMARC and forge DKIM signatures.🍻
• CanIPhish/Phishious - An open-source Secure Email Gateway (SEG) evaluation toolkit designed for red-teamers.
• noraj/rawsec-cybersecurity-inventory - An inventory of tools and resources about CyberSecurity that aims to help people to find everything related to CyberSecurity.
• OWASP/Nettacker - Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
• j3ssie/osmedeus - A Workflow Engine for Offensive Security
• evilsocket/xray - XRay is a tool for recon, mapping and OSINT gathering from public networks.
• MojtabaTajik/Robber - Robber is open source tool for finding executables prone to DLL hijacking
• projectdiscovery/interactsh - An OOB interaction gathering server and client library
• cisagov/log4j-scanner - log4j-scanner is a project derived from other members of the open-source community by CISA to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities.
• google/oss-fuzz - OSS-Fuzz - continuous fuzzing for open source software.
• OWASP/CheatSheetSeries - The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
• WithSecureLabs/chainsaw - Rapidly Search and Hunt through Windows Forensic Artefacts
• threat9/routersploit - Exploitation Framework for Embedded Devices
• lc/gau - Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.
• lmammino/jwt-cracker - Simple HS256, HS384 & HS512 JWT token brute force cracker.
• zaproxy/zap-extensions - ZAP Add-ons
• cddmp/enum4linux-ng - A next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for security professionals and CTF players.
• EnableSecurity/sipvicious - SIPVicious OSS is a VoIP security testing toolset. It helps security teams, QA and developers test SIP-based VoIP systems and applications. This toolset is useful in simulating VoIP hacking attacks ag
• wpscanteam/wpscan - WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via [email protected]
• maurosoria/dirsearch - Web path scanner
• andresriancho/w3af - w3af: web application attack and audit framework, the open source web vulnerability scanner.
• v1s1t0r1sh3r3/airgeddon - This is a multi-use bash script for Linux systems to audit wireless networks.
• gophish/gophish - Open-Source Phishing Toolkit
• samratashok/nishang - Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
• RustScan/RustScan - 🤖 The Modern Port Scanner 🤖
• michenriksen/aquatone - A Tool for Domain Flyovers
• juice-shop/juice-shop - OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
• scipag/vulscan - Advanced vulnerability scanning with Nmap NSE
• future-architect/vuls - Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
• swisskyrepo/PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
• secdev/scapy - Scapy: the Python-based interactive packet manipulation program & library.

server

• vapor/vapor - 💧 A server-side Swift HTTP web framework.
• expressjs/express - Fast, unopinionated, minimalist web framework for node.
• FlareSolverr/FlareSolverr - Proxy server to bypass Cloudflare protection

serverless

• cloud-custodian/cloud-custodian - Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
• appwrite/appwrite - Your backend, minus the hassle.

shell

• MegaManSec/SSH-Snake - SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.
• stateful/vscode-runme - DevOps Workflows Built with Markdown for VS Code
• nvm-sh/nvm - Node Version Manager - POSIX-compliant bash script to manage multiple active node.js versions
• zsh-users/zsh-autosuggestions - Fish-like autosuggestions for zsh
• n1nj4sec/pupy - Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C
• hyperupcall/autoenv - Directory-based environments.
• Hackplayers/evil-winrm - The ultimate WinRM shell for hacking/pentesting
• CISOfy/lynis - Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
• 0x00-0x00/ShellPop - Pop shells like a master.
• peass-ng/PEASS-ng - PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

sql

• bitwarden/server - The core infrastructure backend (API, database, Docker, etc).
• NetSPI/SQLInjectionWiki - A wiki focusing on aggregating and documenting various SQL injection methods

swift

• jordanbaird/Ice - Powerful menu bar manager for macOS
• vapor/vapor - 💧 A server-side Swift HTTP web framework.
• realm/SwiftLint - A tool to enforce Swift style and conventions.
• appwrite/appwrite - Your backend, minus the hassle.

telegram

• projectdiscovery/notify - Notify is a Go-based assistance package that enables you to stream the output of several tools (or read from a file) and publish it to a variety of supported platforms.

terminal

• sharkdp/bat - A cat(1) clone with wings.
• hyperupcall/autoenv - Directory-based environments.
• asciinema/asciinema - Terminal session recorder 📹
• htr-tech/nexphisher - Advanced Phishing tool

testing

• puppeteer/puppeteer - Node.js API for Chrome
• sinfulz/JustTryHarder - JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)

typescript

• Milkdown/milkdown - 🍼 Plugin driven WYSIWYG markdown editor framework.
• stateful/vscode-runme - DevOps Workflows Built with Markdown for VS Code
• requestly/requestly - Requestly was built to save developers time by intercepting and modifying HTTP Requests. It has now developed into an open-source alternative to Charles Proxy and Telerik Fiddler that works directly i

unity

• dnSpyEx/dnSpy - Unofficial revival of the well known .NET debugger and assembly editor, dnSpy

vagrant

• uber-common/metta - An information security preparedness tool to do adversarial simulation.

vue

• slidevjs/slidev - Presentation Slides for Developers

web

• sensepost/gowitness - 🔍 gowitness - a golang, web screenshot utility using Chrome Headless
• puppeteer/puppeteer - Node.js API for Chrome
• rwf2/Rocket - A web framework for Rust.
• HolyBugx/HolyTips - A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.
• appwrite/appwrite - Your backend, minus the hassle.
• flutter/flutter - Flutter makes it easy and fast to build beautiful apps for mobile and beyond
• GoogleChrome/lighthouse - Automated auditing, performance metrics, and best practices for the web.
• epi052/feroxbuster - A fast, simple, recursive content discovery tool written in Rust.
• Bo0oM/fuzz.txt - Potentially dangerous files
• ffuf/ffuf - Fast web fuzzer written in Go
• OJ/gobuster - Directory/File, DNS and VHost busting tool written in Go

webapp

• HolyBugx/HolyTips - A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

windows

• royalapplications/toolbox - This repository contains various automation scripts for Royal TS (for Windows) and Royal TSX (for macOS). Also included are dynamic folder samples. This collection consists of scripts by the Royal App
• flutter/flutter - Flutter makes it easy and fast to build beautiful apps for mobile and beyond
• bitsadmin/wesng - Windows Exploit Suggester - Next Generation
• n1nj4sec/pupy - Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C
• sethmlarson/truststore - Verify certificates using OS trust stores
• byt3bl33d3r/CrackMapExec - A swiss army knife for pentesting networks
• calebstewart/pwncat - Fancy reverse and bind shell handler
• WithSecureLabs/chainsaw - Rapidly Search and Hunt through Windows Forensic Artefacts
• itm4n/PrivescCheck - Privilege Escalation Enumeration Script for Windows
• mzfr/gtfo - Search gtfobins and lolbas files from your terminal
• ohpe/juicy-potato - A sugared version of RottenPotatoNG, with a bit of juice, i.e. another Local Privilege Escalation tool, from a Windows Service Accounts to NT AUTHORITY\SYSTEM.
• SecWiki/windows-kernel-exploits - windows-kernel-exploits Windows平台提权漏洞集合
• Aetsu/OffensivePipeline - OfensivePipeline allows you to download and build C# tools, applying certain modifications in order to improve their evasion for Red Team exercises.
• peass-ng/PEASS-ng - PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

wordpress

• wpscanteam/wpscan - WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via [email protected]

License

To the extent possible under law, marksowell has waived all copyright and related or neighboring rights to this work.