Awesome Stars

A curated list of my GitHub stars! Generated by starred.

ai
android
angular
api
aspnet
awesome
awesome-list
aws
azure
bash
bootstrap
c
chrome
chrome-extension
cli
code-quality
code-review
cpp
csharp
css
dart
database
docker
documentation
dotnet
electron
express
firebase
firefox
flutter
framework
git
go
golang
graphql
hacking
hacktoberfest
homebridge
html
http
ios
java
javascript
jekyll
kotlin
kubernetes
latex
library
linux
lua
machine-learning
macos
markdown
material-design
mobile
mongodb
mysql
nextjs
nodejs
nosql
npm
objective-c
open-source
others
p2p
package-manager
perl
powershell
pwa
python
python3
raspberry-pi
react
react-native
reactjs
rest-api
ruby
rust
security
server
serverless
shell
sql
swift
telegram
terminal
testing
typescript
unity
vagrant
vue
web
webapp
windows
wordpress

ai

ghostsecurity/reaper - 💀 Don't fear the Reaper 👻
The-Art-of-Hacking/h4cker - This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artif

android

patrickfav/uber-apk-signer - A cli tool that helps signing and zip aligning single or multiple Android application packages (APKs) with either debug or provided release certificates. It supports v1, v2 and v3 Android signing sche
WithSecureLabs/drozer - The Leading Security Assessment Framework for Android.
androguard/androguard - Reverse engineering and pentesting for Android applications
AzeemIdrisi/PhoneSploit-Pro - An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.
iBotPeaches/Apktool - A tool for reverse engineering Android apk files
requestly/requestly - Requestly was built to save developers time by intercepting and modifying HTTP Requests. It has now developed into an open-source alternative to Charles Proxy and Telerik Fiddler that works directly i
wasabeef/awesome-android-ui - A curated list of awesome Android UI/UX libraries
Hack-with-Github/Awesome-Hacking - A collection of various awesome lists for hackers, pentesters and security researchers
appwrite/appwrite - Your backend, minus the hassle.
Solido/awesome-flutter - An awesome list that curates the best Flutter libraries, tools, tutorials, articles and more.
flutter/flutter - Flutter makes it easy and fast to build beautiful apps for mobile and beyond
skylot/jadx - Dex to Java decompiler
B3nac/InjuredAndroid - A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.
OWASP/owasp-mastg - The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls
n1nj4sec/pupy - Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C

angular

altair-graphql/altair - ✨⚡️ A feature-rich GraphQL Client for all platforms.

api

OWASP/crAPI - completely ridiculous API (crAPI)
OWASP/API-Security - OWASP API Security Project
HolyBugx/HolyTips - A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.
bitwarden/server - Bitwarden infrastructure/backend (API, database, Docker, etc).
shieldfy/API-Security-Checklist - Checklist of the most important security countermeasures when designing, testing, and releasing your API
FlareSolverr/FlareSolverr - Proxy server to bypass Cloudflare protection

aspnet

bitwarden/server - Bitwarden infrastructure/backend (API, database, Docker, etc).

awesome

bhagyas/app-urls - A long list of App URLs for iOS, macOS and Android
vavkamil/awesome-bugbounty-tools - A curated list of various bug bounty tools
tiimgreen/github-cheat-sheet - A list of cool features of Git and GitHub.
vsouza/awesome-ios - A curated list of awesome iOS ecosystem, including Objective-C and Swift Projects
wasabeef/awesome-android-ui - A curated list of awesome Android UI/UX libraries
sindresorhus/awesome-nodejs - ⚡ Delightful Node.js packages and resources
Hack-with-Github/Awesome-Hacking - A collection of various awesome lists for hackers, pentesters and security researchers
sindresorhus/awesome - 😎 Awesome lists about all kinds of interesting topics
vinta/awesome-python - An opinionated list of awesome Python frameworks, libraries, software and resources.
awesome-selfhosted/awesome-selfhosted - A list of Free Software network services and web applications which can be hosted on your own servers
avelino/awesome-go - A curated list of awesome Go frameworks, libraries and software
jaywcjlove/awesome-mac -  Now we have become very big, Different from the original idea. Collect premium software in various categories.
Solido/awesome-flutter - An awesome list that curates the best Flutter libraries, tools, tutorials, articles and more.
djsime1/awesome-flipperzero - 🐬 A collection of awesome resources for the Flipper Zero device.
maguowei/starred - creating your own Awesome List by GitHub stars!
trimstray/the-book-of-secret-knowledge - A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
enaqx/awesome-pentest - A collection of awesome penetration testing resources, tools and other shiny things

awesome-list

bhagyas/app-urls - A long list of App URLs for iOS, macOS and Android
vavkamil/awesome-bugbounty-tools - A curated list of various bug bounty tools
tiimgreen/github-cheat-sheet - A list of cool features of Git and GitHub.
sindresorhus/awesome-nodejs - ⚡ Delightful Node.js packages and resources
sindresorhus/awesome - 😎 Awesome lists about all kinds of interesting topics
awesome-selfhosted/awesome-selfhosted - A list of Free Software network services and web applications which can be hosted on your own servers
avelino/awesome-go - A curated list of awesome Go frameworks, libraries and software
jaywcjlove/awesome-mac -  Now we have become very big, Different from the original idea. Collect premium software in various categories.
ripienaar/free-for-dev - A list of SaaS, PaaS and IaaS offerings that have free tiers of interest to devops and infradev
Solido/awesome-flutter - An awesome list that curates the best Flutter libraries, tools, tutorials, articles and more.
djsime1/awesome-flipperzero - 🐬 A collection of awesome resources for the Flipper Zero device.
maguowei/starred - creating your own Awesome List by GitHub stars!
trimstray/the-book-of-secret-knowledge - A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
enaqx/awesome-pentest - A collection of awesome penetration testing resources, tools and other shiny things
The-Art-of-Hacking/h4cker - This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artif

aws

cloud-custodian/cloud-custodian - Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
marksowell/aws-account-finder - Find an AWS Account ID from any S3 Bucket
WithSecureLabs/awspx - A graph-based tool for visualizing effective access and resource relationships in AWS environments.
nccgroup/ScoutSuite - Multi-Cloud Security Auditing Tool
aws/aws-toolkit-eclipse - (End of life: May 31, 2023) AWS Toolkit for Eclipse
aws/aws-cli - Universal Command Line Interface for Amazon Web Services

azure

cloud-custodian/cloud-custodian - Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
BloodHoundAD/AzureHound - Azure Data Exporter for BloodHound
nccgroup/ScoutSuite - Multi-Cloud Security Auditing Tool

bash

MegaManSec/SSH-Snake - SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.
stateful/vscode-runme - DevOps Notebooks Built with Markdown - VS Code extension
nvm-sh/nvm - Node Version Manager - POSIX-compliant bash script to manage multiple active node.js versions
royalapplications/toolbox - This repository contains various automation scripts for Royal TS (for Windows) and Royal TSX (for macOS). Also included are dynamic folder samples. This collection consists of scripts by the Royal App
RealityNet/ios_triage - Bash script to extract data from a "chekcra1ned" iOS device
hyperupcall/autoenv - Directory-based environments.
v1s1t0r1sh3r3/airgeddon - This is a multi-use bash script for Linux systems to audit wireless networks.
peass-ng/PEASS-ng - PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

bootstrap

honze-net/nmap-bootstrap-xsl - A Nmap XSL implementation with Bootstrap.

c

microsoft/vcpkg - C++ Library Manager for Windows, Linux, and MacOS
radareorg/radare2 - UNIX-like reverse engineering framework and command-line toolset
libimobiledevice/libimobiledevice - A cross-platform protocol library to communicate with iOS devices
OpenIDC/mod_auth_openidc - OpenID Certified™ OpenID Connect Relying Party implementation for Apache HTTP Server 2.x
hashcat/hashcat - World's fastest and most advanced password recovery utility

chrome

sensepost/gowitness - 🔍 gowitness - a golang, web screenshot utility using Chrome Headless
puppeteer/puppeteer - JavaScript API for Chrome and Firefox
AlecBlance/S3BucketList - Chrome extension that lists Amazon S3 Buckets while browsing
FlareSolverr/FlareSolverr - Proxy server to bypass Cloudflare protection

chrome-extension

AlecBlance/S3BucketList - Chrome extension that lists Amazon S3 Buckets while browsing
requestly/requestly - Requestly was built to save developers time by intercepting and modifying HTTP Requests. It has now developed into an open-source alternative to Charles Proxy and Telerik Fiddler that works directly i
LasCC/HackTools - The all-in-one browser extension for offensive security professionals 🛠
altair-graphql/altair - ✨⚡️ A feature-rich GraphQL Client for all platforms.

cli

patrickfav/uber-apk-signer - A cli tool that helps signing and zip aligning single or multiple Android application packages (APKs) with either debug or provided release certificates. It supports v1, v2 and v3 Android signing sche
projectdiscovery/dnsx - dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers.
pypa/pipx - Install and Run Python Applications in Isolated Environments
projectdiscovery/katana - A next-generation crawling and spidering framework.
sharkdp/bat - A cat(1) clone with wings.
asciinema/asciinema - Terminal session recorder 📹
abhijithvijayan/stargazed - 📋 Creating your own Awesome List of GitHub stars!

code-quality

realm/SwiftLint - A tool to enforce Swift style and conventions.

code-review

Cyber-Buddy/APKHunt - APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security testers,

cpp

microsoft/vcpkg - C++ Library Manager for Windows, Linux, and MacOS
Ciphey/Ciphey - ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

csharp

bitwarden/server - Bitwarden infrastructure/backend (API, database, Docker, etc).
dnSpyEx/dnSpy - Unofficial revival of the well known .NET debugger and assembly editor, dnSpy
Aetsu/OffensivePipeline - OfensivePipeline allows you to download and build C# tools, applying certain modifications in order to improve their evasion for Red Team exercises.
peass-ng/PEASS-ng - PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

css

styled-components/styled-components - Visual primitives for the component age. Use the best bits of ES6 and CSS to style your apps without stress 💅

dart

flutter/flutter - Flutter makes it easy and fast to build beautiful apps for mobile and beyond
rustdesk/rustdesk - An open-source remote desktop application designed for self-hosting, as an alternative to TeamViewer.

database

mongodb/mongo - The MongoDB Database
sqlmapproject/sqlmap - Automatic SQL injection and database takeover tool

docker

containrrr/watchtower - A process for automating Docker container base image updates.
dani-garcia/vaultwarden - Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs
appwrite/appwrite - Your backend, minus the hassle.
bitwarden/server - Bitwarden infrastructure/backend (API, database, Docker, etc).
sickcodes/Docker-OSX - Run macOS VM in a Docker! Run near native OSX-KVM in Docker! X11 Forwarding! CI/CD for OS X Security Research! Docker mac Containers.
harshit-budhraja/tor-nginx-proxy - Host your website on the Tor 🧅 network in less than 2 minutes ⌛️ with this tiny 🤏🏻 (less than ~15MB) docker image 🎊
owncloud-docker/server - Docker image for ownCloud community edition
FlareSolverr/FlareSolverr - Proxy server to bypass Cloudflare protection
Hackplayers/evil-winrm - The ultimate WinRM shell for hacking/pentesting
RustScan/RustScan - 🤖 The Modern Port Scanner 🤖

documentation

withastro/starlight - 🌟 Build beautiful, accessible, high-performance documentation websites with Astro
vmware/vsphere-automation-sdk-python - Python samples, language bindings, and API reference documentation for vSphere, VMC, and NSX-T using the VMware REST API
just-the-docs/just-the-docs - A modern, high customizable, responsive Jekyll theme for documentation with built-in search.
mkdocs/mkdocs - Project documentation with Markdown.
squidfunk/mkdocs-material - Documentation that simply works

dotnet

bitwarden/server - Bitwarden infrastructure/backend (API, database, Docker, etc).
dnSpyEx/dnSpy - Unofficial revival of the well known .NET debugger and assembly editor, dnSpy

electron

altair-graphql/altair - ✨⚡️ A feature-rich GraphQL Client for all platforms.
kamranahmedse/pennywise - Cross-platform application to open any website or media in a floating window

express

expressjs/express - Fast, unopinionated, minimalist web framework for node.

firebase

appwrite/appwrite - Your backend, minus the hassle.

firefox

puppeteer/puppeteer - JavaScript API for Chrome and Firefox

flutter

macosui/macos_ui - Flutter widgets and themes implementing the current macOS design language.
appwrite/appwrite - Your backend, minus the hassle.
Solido/awesome-flutter - An awesome list that curates the best Flutter libraries, tools, tutorials, articles and more.
flutter/flutter - Flutter makes it easy and fast to build beautiful apps for mobile and beyond
B3nac/InjuredAndroid - A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.
rustdesk/rustdesk - An open-source remote desktop application designed for self-hosting, as an alternative to TeamViewer.

framework

vapor/vapor - 💧 A server-side Swift HTTP web framework.
rwf2/Rocket - A web framework for Rust.
squidfunk/mkdocs-material - Documentation that simply works

git

gitleaks/gitleaks - Protect and discover secrets using Gitleaks 🔑
tiimgreen/github-cheat-sheet - A list of cool features of Git and GitHub.
sharkdp/bat - A cat(1) clone with wings.

go

gitleaks/gitleaks - Protect and discover secrets using Gitleaks 🔑
traefik/whoami - Tiny Go server that prints os information and HTTP request to output
fatedier/frp - A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
avelino/awesome-go - A curated list of awesome Go frameworks, libraries and software
BloodHoundAD/AzureHound - Azure Data Exporter for BloodHound
haccer/subjack - Subdomain Takeover tool written in Go
netevert/dnsmorph - Domain name permutation engine written in Go
j3ssie/osmedeus - A Workflow Engine for Offensive Security
owasp-amass/amass - In-depth attack surface mapping and asset discovery
syncthing/syncthing - Open Source Continuous File Synchronization
future-architect/vuls - Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
OJ/gobuster - Directory/File, DNS and VHost busting tool written in Go

golang

gitleaks/gitleaks - Protect and discover secrets using Gitleaks 🔑
traefik/whoami - Tiny Go server that prints os information and HTTP request to output
netbirdio/netbird - Connect your devices into a secure WireGuard®-based overlay network with SSO, MFA and granular access controls.
sensepost/gowitness - 🔍 gowitness - a golang, web screenshot utility using Chrome Headless
shellhub-io/shellhub - 💻 Get seamless remote access to any Linux device. Centralized SSH for the edge and cloud computing
avelino/awesome-go - A curated list of awesome Go frameworks, libraries and software
hahwul/dalfox - 🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
haccer/subjack - Subdomain Takeover tool written in Go
netevert/dnsmorph - Domain name permutation engine written in Go
j3ssie/osmedeus - A Workflow Engine for Offensive Security
projectdiscovery/interactsh - An OOB interaction gathering server and client library
raz-varren/xsshell - An XSS reverse shell framework
amine7536/reverse-scan - Perform reverse DNS lookups on huge network ranges
gophish/gophish - Open-Source Phishing Toolkit
owasp-amass/amass - In-depth attack surface mapping and asset discovery
michenriksen/aquatone - A Tool for Domain Flyovers
future-architect/vuls - Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

graphql

graphql-kit/graphql-voyager - 🛰️ Represent any GraphQL API as an interactive graph
swisskyrepo/GraphQLmap - GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. - Do not use for illegal testing ;)
altair-graphql/altair - ✨⚡️ A feature-rich GraphQL Client for all platforms.
dolevf/Black-Hat-GraphQL - The Black Hat GraphQL Book Repository

hacking

MegaManSec/SSH-Snake - SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.
summitt/Nope-Proxy - TCP/UDP Non-HTTP Proxy Extension (NoPE) for Burp Suite.
six2dez/pentest-book -
t3l3machus/Villain - Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share them
infosecn1nja/Red-Teaming-Toolkit - This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
AzeemIdrisi/PhoneSploit-Pro - An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.
ghostsecurity/reaper - 💀 Don't fear the Reaper 👻
LasCC/HackTools - The all-in-one browser extension for offensive security professionals 🛠
Hack-with-Github/Awesome-Hacking - A collection of various awesome lists for hackers, pentesters and security researchers
dolevf/Black-Hat-GraphQL - The Black Hat GraphQL Book Repository
t3l3machus/toxssin - An XSS exploitation command-line interface and payload generator.
nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters - A list of resources for those interested in getting started in bug bounties
OWASP/owasp-mastg - The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls
codingo/NoSQLMap - Automated NoSQL database enumeration and web application exploitation tool.
trimstray/the-book-of-secret-knowledge - A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
chenjj/espoofer - An email spoofing testing tool that aims to bypass SPF/DKIM/DMARC and forge DKIM signatures.🍻
BiZken/PhishMailer - Generate Professional Phishing Emails Fast And Easy
yogeshojha/rengine - reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous mon
j3ssie/osmedeus - A Workflow Engine for Offensive Security
HackTricks-wiki/hacktricks - Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
SpiderLabs/HostHunter - HostHunter a recon tool for discovering hostnames using OSINT techniques.
Ciphey/Ciphey - ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
diego-treitos/linux-smart-enumeration - Linux enumeration tool for pentesting and CTFs with verbosity levels
Hackplayers/evil-winrm - The ultimate WinRM shell for hacking/pentesting
maurosoria/dirsearch - Web path scanner
v1s1t0r1sh3r3/airgeddon - This is a multi-use bash script for Linux systems to audit wireless networks.
samratashok/nishang - Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
RustScan/RustScan - 🤖 The Modern Port Scanner 🤖
juice-shop/juice-shop - OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
The-Art-of-Hacking/h4cker - This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artif
0x00-0x00/ShellPop - Pop shells like a master.
swisskyrepo/PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
mitre/caldera - Automated Adversary Emulation Platform

hacktoberfest

gitleaks/gitleaks - Protect and discover secrets using Gitleaks 🔑
containrrr/watchtower - A process for automating Docker container base image updates.
anuraghazra/github-readme-stats - ⚡ Dynamically generated stats for your github readmes
dani-garcia/vaultwarden - Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs
AzeemIdrisi/PhoneSploit-Pro - An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.
shellhub-io/shellhub - 💻 Get seamless remote access to any Linux device. Centralized SSH for the edge and cloud computing
swisskyrepo/GraphQLmap - GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. - Do not use for illegal testing ;)
realm/SwiftLint - A tool to enforce Swift style and conventions.
badges/shields - Concise, consistent, and legible badges in SVG and raster format
requestly/requestly - Requestly was built to save developers time by intercepting and modifying HTTP Requests. It has now developed into an open-source alternative to Charles Proxy and Telerik Fiddler that works directly i
OWASP/crAPI - completely ridiculous API (crAPI)
akto-api-security/tests-library - Community generated list of API security tests to find OWASP top10, HackerOne top 10 vulnerabilities
akto-api-security/akto - Proactive, Open source API security → API discovery, Testing in CI/CD, Test Library with 150+ Tests, Add custom tests, Sensitive data exposure
avelino/awesome-go - A curated list of awesome Go frameworks, libraries and software
altair-graphql/altair - ✨⚡️ A feature-rich GraphQL Client for all platforms.
appwrite/appwrite - Your backend, minus the hassle.
rahuldkjain/github-profile-readme-generator - 🚀 Generate GitHub profile README easily with the latest add-ons like visitors count, GitHub stats, etc using minimal UI.
kyleboe/zoom_rb - Ruby REST API Wrapper for zoom.us API
radareorg/radare2 - UNIX-like reverse engineering framework and command-line toolset
mineek/sunst0rm - iOS Tether Downgrader
BC-SECURITY/Starkiller - Starkiller is a Frontend for PowerShell Empire.
BC-SECURITY/Empire - Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.
sharkdp/bat - A cat(1) clone with wings.
trufflesecurity/trufflehog - Find, verify, and analyze leaked credentials
rustdesk/rustdesk - An open-source remote desktop application designed for self-hosting, as an alternative to TeamViewer.
codingo/NoSQLMap - Automated NoSQL database enumeration and web application exploitation tool.
hahwul/dalfox - 🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
epi052/feroxbuster - A fast, simple, recursive content discovery tool written in Rust.
projectdiscovery/nuclei - Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the int
noraj/rawsec-cybersecurity-inventory - An inventory of tools and resources about CyberSecurity that aims to help people to find everything related to CyberSecurity.
FlareSolverr/FlareSolverr - Proxy server to bypass Cloudflare protection
horsicq/Detect-It-Easy - Program for determining types of files for Windows, Linux and MacOS.
lc/gau - Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.
Ciphey/Ciphey - ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
zaproxy/zap-extensions - ZAP Add-ons
obsproject/obs-websocket - Remote-control of OBS Studio through WebSocket
rapid7/metasploit-framework - Metasploit Framework
RustScan/RustScan - 🤖 The Modern Port Scanner 🤖
juice-shop/juice-shop - OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
sinfulz/JustTryHarder - JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)
swisskyrepo/PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
secdev/scapy - Scapy: the Python-based interactive packet manipulation program & library.

homebridge

homebridge/homebridge - HomeKit support for the impatient.

html

mixmark-io/turndown - 🛏 An HTML to Markdown converter written in JavaScript

http

rofl0r/proxychains-ng - proxychains ng (new generation) - a preloader which hooks calls to sockets in dynamically linked programs and redirects it through one or more socks/http proxies. continuation of the unmaintained prox
vapor/vapor - 💧 A server-side Swift HTTP web framework.
projectdiscovery/interactsh - An OOB interaction gathering server and client library
carlospolop/fuzzhttpbypass - This tool use fuuzzing to try to bypass unknown authentication methods, who knows...

ios

palera1n/palera1n - Jailbreak for A8 through A11, T2 devices, on iOS/iPadOS/tvOS 15.0, bridgeOS 5.0 and higher.
RealityNet/ios_triage - Bash script to extract data from a "chekcra1ned" iOS device
requestly/requestly - Requestly was built to save developers time by intercepting and modifying HTTP Requests. It has now developed into an open-source alternative to Charles Proxy and Telerik Fiddler that works directly i
vsouza/awesome-ios - A curated list of awesome iOS ecosystem, including Objective-C and Swift Projects
appwrite/appwrite - Your backend, minus the hassle.
Solido/awesome-flutter - An awesome list that curates the best Flutter libraries, tools, tutorials, articles and more.
flutter/flutter - Flutter makes it easy and fast to build beautiful apps for mobile and beyond
noobpk/frida-ios-hook - A tool that helps you easy trace classes, functions, and modify the return values of methods on iOS platform
airsquared/blobsaver - A cross-platform GUI and CLI app for automatically saving SHSH blobs
AloneMonkey/frida-ios-dump - pull decrypted ipa from jailbreak device
nabla-c0d3/ssl-kill-switch2 - Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS and macOS applications.
OWASP/owasp-mastg - The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls
ChiChou/grapefruit - (WIP) Runtime Application Instruments for iOS. Previously Passionfruit
libimobiledevice/libimobiledevice - A cross-platform protocol library to communicate with iOS devices
utmapp/UTM - Virtual machines for iOS and macOS

java

WithSecureLabs/drozer - The Leading Security Assessment Framework for Android.
thingsboard/thingsboard - Open-source IoT Platform - Device management, data collection, processing and visualization.
skylot/jadx - Dex to Java decompiler
airsquared/blobsaver - A cross-platform GUI and CLI app for automatically saving SHSH blobs
aws/aws-toolkit-eclipse - (End of life: May 31, 2023) AWS Toolkit for Eclipse

javascript

Milkdown/milkdown - 🍼 Plugin driven WYSIWYG markdown editor framework.
elsewhencode/project-guidelines - A set of best practices for JavaScript projects
ryanmcdermott/clean-code-javascript - 🛁 Clean Code concepts adapted for JavaScript
sindresorhus/awesome-nodejs - ⚡ Delightful Node.js packages and resources
t3l3machus/toxssin - An XSS exploitation command-line interface and payload generator.
q-nick/npm-gui - Tired of the package.json dependency juggle? Meet npm-gui! We seamlessly integrate with npm, pnpm, or yarn. Managing, installing, and updating dependencies is as easy as it gets. Try npm-gui today and
appwrite/appwrite - Your backend, minus the hassle.
expressjs/express - Fast, unopinionated, minimalist web framework for node.
dsternlicht/RESTool - RESTool is an open source UI tool for managing RESTful APIs. It could save you time developing your own internal tools. A live example:
abhijithvijayan/stargazed - 📋 Creating your own Awesome List of GitHub stars!
lmammino/jwt-cracker - Simple HS256, HS384 & HS512 JWT token brute force cracker.
raz-varren/xsshell - An XSS reverse shell framework
mixmark-io/turndown - 🛏 An HTML to Markdown converter written in JavaScript
juice-shop/juice-shop - OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
fingerprintjs/fingerprintjs - The most advanced browser fingerprinting library.

jekyll

just-the-docs/just-the-docs - A modern, high customizable, responsive Jekyll theme for documentation with built-in search.
jekyll/jekyll-seo-tag - A Jekyll plugin to add metadata tags for search engines and social networks to better index and display your site's content.

kotlin

B3nac/InjuredAndroid - A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.

kubernetes

openappsec/openappsec - open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.

latex

noraj/OSCP-Exam-Report-Template-Markdown - 📙 Markdown Templates for Offensive Security OSCP, OSWE, OSCE, OSEE, OSWP exam report

library

libimobiledevice/libimobiledevice - A cross-platform protocol library to communicate with iOS devices

linux

shellhub-io/shellhub - 💻 Get seamless remote access to any Linux device. Centralized SSH for the edge and cloud computing
royalapplications/toolbox - This repository contains various automation scripts for Royal TS (for Windows) and Royal TSX (for macOS). Also included are dynamic folder samples. This collection consists of scripts by the Royal App
n1nj4sec/pupy - Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C
rustdesk/rustdesk - An open-source remote desktop application designed for self-hosting, as an alternative to TeamViewer.
trimstray/the-book-of-secret-knowledge - A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
htr-tech/nexphisher - Advanced Phishing tool
calebstewart/pwncat - Fancy reverse and bind shell handler
mzfr/gtfo - Search gtfobins and lolbas files from your terminal
v1s1t0r1sh3r3/airgeddon - This is a multi-use bash script for Linux systems to audit wireless networks.
CISOfy/lynis - Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
future-architect/vuls - Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
GTFOBins/GTFOBins.github.io - GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems
peass-ng/PEASS-ng - PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

lua

Hammerspoon/hammerspoon - Staggeringly powerful macOS desktop automation with Lua
scipag/vulscan - Advanced vulnerability scanning with Nmap NSE

machine-learning

SoftDesLab/PIRANHA - Project for Software Design Laboratory -- Topic: Detecting Phishing Website with Machine Learning

macos

jordanbaird/Ice - Powerful menu bar manager for macOS
sieren/WidgetToggler - macOS Sonoma Widget Toggler for the Tray Bar - Easily Show and Hide Widgets
Hammerspoon/hammerspoon - Staggeringly powerful macOS desktop automation with Lua
royalapplications/toolbox - This repository contains various automation scripts for Royal TS (for Windows) and Royal TSX (for macOS). Also included are dynamic folder samples. This collection consists of scripts by the Royal App
macosui/macos_ui - Flutter widgets and themes implementing the current macOS design language.
jaywcjlove/awesome-mac -  Now we have become very big, Different from the original idea. Collect premium software in various categories.
flutter/flutter - Flutter makes it easy and fast to build beautiful apps for mobile and beyond
nabla-c0d3/ssl-kill-switch2 - Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS and macOS applications.
sickcodes/Docker-OSX - Run macOS VM in a Docker! Run near native OSX-KVM in Docker! X11 Forwarding! CI/CD for OS X Security Research! Docker mac Containers.
sethmlarson/truststore - Verify certificates using OS trust stores
utmapp/UTM - Virtual machines for iOS and macOS
macports/macports-ports - The MacPorts ports tree

markdown

Milkdown/milkdown - 🍼 Plugin driven WYSIWYG markdown editor framework.
stateful/vscode-runme - DevOps Notebooks Built with Markdown - VS Code extension
rahuldkjain/github-profile-readme-generator - 🚀 Generate GitHub profile README easily with the latest add-ons like visitors count, GitHub stats, etc using minimal UI.
foambubble/foam - A personal knowledge management and sharing system for VSCode
haiwen/seafile - High performance file syncing and sharing, with also Markdown WYSIWYG editing, Wiki, file label and other knowledge management features.
slidevjs/slidev - Presentation Slides for Developers
noraj/OSCP-Exam-Report-Template-Markdown - 📙 Markdown Templates for Offensive Security OSCP, OSWE, OSCE, OSEE, OSWP exam report
mixmark-io/turndown - 🛏 An HTML to Markdown converter written in JavaScript
mkdocs/mkdocs - Project documentation with Markdown.

material-design

Solido/awesome-flutter - An awesome list that curates the best Flutter libraries, tools, tutorials, articles and more.
flutter/flutter - Flutter makes it easy and fast to build beautiful apps for mobile and beyond
squidfunk/mkdocs-material - Documentation that simply works

mobile

WithSecureLabs/drozer - The Leading Security Assessment Framework for Android.
Solido/awesome-flutter - An awesome list that curates the best Flutter libraries, tools, tutorials, articles and more.
flutter/flutter - Flutter makes it easy and fast to build beautiful apps for mobile and beyond
ChiChou/grapefruit - (WIP) Runtime Application Instruments for iOS. Previously Passionfruit

mongodb

codingo/NoSQLMap - Automated NoSQL database enumeration and web application exploitation tool.
mongodb/mongo - The MongoDB Database

mysql

NetSPI/SQLInjectionWiki - A wiki focusing on aggregating and documenting various SQL injection methods

nextjs

NextAdminHQ/nextjs-admin-dashboard - Next.js admin dashboard template and UI components that come with pre-built elements, components, pages, high-quality design, integrations, and much more.
appwrite/appwrite - Your backend, minus the hassle.

nodejs

nvm-sh/nvm - Node Version Manager - POSIX-compliant bash script to manage multiple active node.js versions
sindresorhus/awesome-nodejs - ⚡ Delightful Node.js packages and resources
q-nick/npm-gui - Tired of the package.json dependency juggle? Meet npm-gui! We seamlessly integrate with npm, pnpm, or yarn. Managing, installing, and updating dependencies is as easy as it gets. Try npm-gui today and
expressjs/express - Fast, unopinionated, minimalist web framework for node.
abhijithvijayan/stargazed - 📋 Creating your own Awesome List of GitHub stars!
lmammino/jwt-cracker - Simple HS256, HS384 & HS512 JWT token brute force cracker.

nosql

codingo/NoSQLMap - Automated NoSQL database enumeration and web application exploitation tool.
mongodb/mongo - The MongoDB Database

npm

q-nick/npm-gui - Tired of the package.json dependency juggle? Meet npm-gui! We seamlessly integrate with npm, pnpm, or yarn. Managing, installing, and updating dependencies is as easy as it gets. Try npm-gui today and

objective-c

Hammerspoon/hammerspoon - Staggeringly powerful macOS desktop automation with Lua
vsouza/awesome-ios - A curated list of awesome iOS ecosystem, including Objective-C and Swift Projects

open-source

t3l3machus/Villain - Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share them
requestly/requestly - Requestly was built to save developers time by intercepting and modifying HTTP Requests. It has now developed into an open-source alternative to Charles Proxy and Telerik Fiddler that works directly i
commixproject/commix - Automated All-in-One OS Command Injection Exploitation Tool.
SpiderLabs/HostHunter - HostHunter a recon tool for discovering hostnames using OSINT techniques.

others

c3llkn1ght/BlindBrute - A blind SQL injection brute forcer
CheckPointSW/Evasions - Evasions encyclopedia gathers methods used by malware to evade detection when run in virtualized environment. Methods are grouped into categories for ease of searching and understanding. Also provided
marksowell/marksowell.github.io - Mark Sowell - Penetration Tester at Check Point Software Technologies Ltd. - CEH Master, CCSM Elite, & Cybersecurity Expert
marksowell/nmap-tailwind-xsl - An XSL stylesheet for rendering Nmap XML output with a modernized UI using Tailwind CSS and DataTables
marksowell/Kali-Linux-to-DigitalOcean - A GitHub Action to convert the Kali Linux Generic Cloud Image and upload it to Custom Images in DigitalOcean.
marksowell/LocalSOCKS5Proxy - LocalSOCKS5Proxy is a minimal, Python-based SOCKS5 proxy server designed for use cases where you need to route traffic through a remote machine or resource. It can be used in conjunction with tools su
marksowell/openwrt-loco5ac-build - Custom OpenWrt 23.05.3 firmware build for the UISP airMAX NanoStation 5AC Loco (LOCO5AC)
marksowell/esp32-web-lora-demo-ota-multi-device - ESP32 Web + LoRa Demo with OTA & Multi-Device Support. This project demonstrates a web interface for ESP32 devices with LoRa communication, Over-the-Air (OTA) updates, and multi-device messaging capab
Stachugit/CatHack -
xnl-h4ck3r/xnLinkFinder - A python tool used to discover endpoints, potential parameters, and a target specific wordlist for a given target
xnl-h4ck3r/waymore - Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan & VirusTotal!
fr0gger/Awesome-GPT-Agents - A curated list of GPT agents for cybersecurity
gentilkiwi/mimikatz - A little tool to play with Windows security
punk-security/smbeagle - SMBeagle - Fileshare auditing tool.
login-securite/lsassy - Extract credentials from lsass remotely
r3motecontrol/Ghostpack-CompiledBinaries - Compiled Binaries for Ghostpack
GhostPack/Certify - Active Directory certificate abuse.
dirkjanm/krbrelayx - Kerberos unconstrained delegation abuse toolkit
SpecterOps/BloodHound - Six Degrees of Domain Admin
microsoft/restler-fuzzer - RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services.
marksowell/praetorian-mastermind - Praetorian Tech Challenge - Mastermind
r0oth3x49/ghauri - An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws
netsecurity-as/subfuz - A subdomain fuzzing tool
marksowell/massdns - A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)
aboul3la/Sublist3r - Fast subdomains enumeration tool for penetration testers
haad/proxychains - proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4, SOCKS5 or HTTP(S) proxy. Supported auth-types: "user/pass" for
ly4k/Certipy - Tool for Active Directory Certificate Services enumeration and abuse
PortSwigger/BChecks - BChecks collection for Burp Suite Professional and Burp Suite Enterprise Edition
RedTeamOperations/RedCloud-OS - RedCloudOS is a Cloud Adversary Simulation Operating System for Red Teams to assess the Cloud Security of Leading Cloud Service Providers (CSPs)
HavocFramework/Havoc - The Havoc Framework
mantvydasb/RedTeaming-Tactics-and-Techniques - Red Teaming Tactics and Techniques
jhaddix/tbhm - The Bug Hunters Methodology
blechschmidt/massdns - A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)
WeAreCloudar/s3-account-search - S3 Account Search
qishibo/AnotherRedisDesktopManager - 🚀🚀🚀A faster, better and more stable Redis desktop manager [GUI client], compatible with Linux, Windows, Mac.
marksowell/burp-collaborator-deploy - Deploy a Private Burp Collaborator server with a wildcard Let's Encrypt SSL certificate including automatic renewal for advanced penetration testing. Includes scripts and guides for a seamless cloud d
googleprojectzero/TinyInst - A lightweight dynamic instrumentation library
oyyd/http-proxy-to-socks - hpts(http-proxy-to-socks) is a nodejs client to convert socks proxy into http proxy
iphelix/dnschef - DNSChef - DNS proxy for Penetration Testers and Malware Analysts
zoom/unsplash-chatbot - Send Unsplash photos in Zoom Team Chat.
mandiant/capa - The FLARE team's open-source tool to identify capabilities in executable files.
stateful/runme - DevOps Notebooks Built with Markdown
bugcrowd/tipjar -
OWASP/www-project-mobile-top-10 -
MobSF/RP4MobSF - a nginx reverse proxy with ssl and auth for MobSF
guerreroag12/keyring_secret_manager -
marksowell/ssl-labs-screenshot-js - Capture a trimmed screenshot of the SSL Labs report for a given domain.
devanshbatham/heaptruffle - Mine URLs from Browser's Heap Snapshot for fun and profit
zoom/team-chat-shortcut-sample - This repository contains a Node.js application that allows you to create a Zoom Team Chat App for managing recordings. Follow the instructions below to set up and run the application.
IvanGlinkin/Fast-Google-Dorks-Scan - The OSINT project, the main idea of which is to collect all the possible Google dorks search combinations and to find the information about the specific web-site: common admin panels, the widespread f
darklotuskdb/ios-reloader - The iOS Reloader is a weaponizing tool for jailbroken iOS devices. It facilitates the installation of a collection of tools on iOS devices (iPhone/iPad) that are essential for penetration testing purp
AppSecExplained/xss-playground - A basic webapp to test XSS payloads.
Syslifters/sysreptor - A customizable and powerful penetration testing reporting platform for offensive security professionals. Simplify, customize, and automate your pentest reports with ease.
zoom/zoom-e2e-whitepaper - Zoom Cryptography Whitepaper
GhostManager/Ghostwriter - The SpecterOps project management and reporting engine
blacklanternsecurity/writehat - A pentest reporting tool written in Python. Free yourself from Microsoft Word.
abrignoni/ALEAPP - Android Logs Events And Protobuf Parser
abrignoni/iLEAPP - iOS Logs, Events, And Plist Parser
christianselig/apollo-backend - Apollo backend server
zoom/zoomapps-serverless-vuejs - A Serverless Zoom App built on Firebase for Zoomtopia 2022 and beyond!
marksowell/SSL-Labs-Screenshot - A Python package to capture a trimmed screenshot of the SSL Labs report for a given domain.
nchah/github-traffic-stats - Get statistics on web traffic to your GitHub repositories.
guerreroag12/SSH_Brute_Force - A simple python ssh brute forcer
marksowell/Findings-Tracker - Burp Suite extension designed to help security professionals manage and track web application security findings
marksowell/Info-Leakage - Burp Suite extension designed to help security professionals search for custom sensitive information in HTTP responses
akto-api-security/akto-burp-extension - A Burp extension to send data to Akto dashboard
Checkmarx/capital - A built-to-be-vulnerable API application based on the OWASP top 10 API vulnerabilities. Use c{api}tal to learn, train and exploit API Security vulnerabilities within your own API Security CTF.
sAjibuu/Upload_Bypass - A simple tool for bypassing file upload restrictions.
projectdiscovery/interactsh-web - Web dashboard for Interactsh client
OWASP/www-members -
Orange-Cyberdefense/ocd-mindmaps - Orange Cyberdefense mindmaps
ReFirmLabs/binwalk - Firmware Analysis Tool
zoom/zoom-sdk-android - Zoom Android SDK
keycastr/keycastr - KeyCastr, an open-source keystroke visualizer
PortSwigger/http-request-smuggler -
tjcim/request_smuggling_calculator -
hax0rgb/InsecureShop - An Intentionally designed Vulnerable Android Application built in Kotlin.
payatu/diva-android - DIVA Android - Damn Insecure and vulnerable App for Android
oversecured/ovaa - Oversecured Vulnerable Android App
OWASP/MASTG-Hacking-Playground -
UberGuidoZ/Flipper - Playground (and dump) of stuff I make or modify for the Flipper Zero
RogueMaster/flipperzero-firmware-wPlugins - RogueMaster Flipper Zero Firmware
DarkFlippers/unleashed-firmware - Flipper Zero Unleashed Firmware
flipperdevices/flipperzero-firmware - Flipper Zero firmware source code
Sambal0x/firebaseEnum - Tool to mass analyse potentially exposed Firebase databases on Android apps
initstring/cloud_enum - Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.
trufflesecurity/Trufflehog-Chrome-Extension -
rofl0r/microsocks - tiny, portable SOCKS5 server with very moderate resource usage
Kris-Sekula/UCS-KVM - Some tips on getting into a UCS KVM without Adobe Flash Installed
ptswarm/reFlutter - Flutter Reverse Engineering Framework
adobe-fonts/source-code-pro - Monospaced font family for user interface and coding environments
romkatv/powerlevel10k - A Zsh theme
thatstraw/Cybersecurity-Roadmap -
microsoft/AttackSurfaceAnalyzer - Attack Surface Analyzer can help you analyze your operating system's security configuration for changes during software installation.
ustayready/fireprox - AWS API Gateway management tool for creating on the fly HTTP pass-through proxies for unique IP rotation
TheCase/IPMIView.app - MacOS App wrapper for Supermicro's IPMIView/iKVM java app
CheckPointSW/ShowPolicyPackage - Check Point ShowPolicyPackage tool shows the content of a policy package (layers, rulebase, objects) over HTML pages.
CheckPointSW/ExportObjects - Check Point ExportObjects tool enables you to export specific types of objects from a R80.10 and above Management database to a .csv file, which can then be imported into any other R80.10 and above Ma
lgandx/Responder - Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication
vulnersCom/nmap-vulners - NSE script based on Vulners.com API
zmap/zmap - ZMap is a fast single packet network scanner designed for Internet-wide network surveys.
hmaverickadams/Practical-Ethical-Hacking-FAQ - FAQ Guide for Practical Ethical Hacking Udemy Course
antonkomarev/github-profile-views-counter - It counts how many times your GitHub profile has been viewed. Free cloud micro-service.
ElioFegh/zoom-jailbreak-detection-bypass - hides jb popup from zoom app
mechanico/Keychain-Dumper - A tool to check which keychain items are available to an attacker once an iOS device has been jailbroken
NVISOsecurity/MagiskTrustUserCerts - A Magisk/KernelSU module that automatically adds user certificates to the system root CA store
newbit1/rootAVD - Script to root AVDs running with QEMU Emulator from Android Studio
mllocs/zoomus - Ruby wrapper gem for zoom.us API.
OWASP/iGoat-Swift - OWASP iGoat (Swift) - A Damn Vulnerable Swift Application for iOS
OWASP/igoat - OWASP iGoat - A Learning Tool for iOS App Pentesting and Security by Swaroop Yermalkar
radareorg/iaito - Official radare2 GUI
littlebyteorg/appledb -
google/ssl_logger - Decrypts and logs a process's SSL traffic.
neil-wu/CatFrida - CatFrida is a macOS tool for inspecting a running iOS app.
zoom/meetingsdk-auth-endpoint-sample - Generate a Meeting SDK JWT to join Zoom meetings and webinars with the Meeting SDK.
zoom/client-sdk-iOS-getting-started -
ios-control/ios-deploy - Install and debug iPhone apps from the command line, without using Xcode
DrDonk/unlocker - VMware macOS utilities
futurerestore/futurerestore - A hacked up idevicerestore wrapper, which allows specifying SEP and Baseband for restoring
MobSF/Mobile-Security-Framework-MobSF - Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and
Karmaz95/crimson - Web Application Security Testing Tools
dafthack/DomainPasswordSpray - DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain. BE VERY CAREFU
RobinMeis/MITMsmtp - MITMsmtp is an Evil SMTP Server for pentesting SMTP clients to catch login credentials and mails sent over plain or SSL encrypted connections.
skelsec/pypykatz - Mimikatz implementation in pure Python
davidbombal/python-keylogger -
AndreMiras/gitpop3 - Find the most popular fork on GitHub
aleen42/badges - 🎴 Standard and acceptable badges list
zeroc00I/AllVideoPocsFromHackerOne - This script grab public report from hacker one and make some folders with poc videos
hmaverickadams/Windows-WiFi-Extractor - Extract Windows Wi-Fi Passwords to Remote URL
snyk/vscode-extension - Snyk extension for Visual Studio Code
frida/frida - Clone this repo to build Frida
punk-security/dnsReaper - dnsReaper - subdomain takeover tool for attackers, bug bounty hunters and the blue team!
zoom/zoomapps-advancedsample-react - This repository contains an Advanced Zoom Apps Sample. It should serve as a starting point for you to build and test your own Zoom App in development.
zoom/zoom-oauth-sample-app - Sample Zoom Oauth App NodeJS app to call Zoom's APIs
0xJs/RedTeaming_CheatSheet - Pentesting cheatsheet with all the commands I learned during my learning journey. Will try to to keep it up-to-date.
RedisInsight/RedisInsight - Redis GUI by Redis
zoom/webhook-sample - Receive Zoom webhooks.
mandiant/Vulnerability-Disclosures -
zoom/zoomapps-texteditor-vuejs - A simple text editor Zoom App that demonstrates Collaborate Mode
zoom/zoomapps-customlayout-js - A simple podcaster Zoom App to demonstrate Immersive Mode through our Layers API
zoom/api - Zoom API Version 2 Documentation
zoom/zoomapps-sample-js - A Hello World Zoom App built with Vanilla JS
OTRF/Security-Datasets - Re-play Security Events
TheParmak/conti-leaks-englished - Google and deepl translated conti leaks, which is shared by a member of the conti ransomware group.
ForbiddenProgrammer/conti-pentester-guide-leak - Leaked pentesting manuals given to Conti ransomware crooks
GossiTheDog/SystemNightmare - Gives you instant SYSTEM command prompt on all supported and legacy versions of Windows
SnaffCon/Snaffler - a tool for pentesters to help find delicious candy, by @l0ss and @Sh3r4 ( Twitter: @/mikeloss and @/sh3r4_hax )
silence-is-best/files -
S1ckB0y1337/Cobalt-Strike-CheatSheet - Some notes and examples for cobalt strike's functionality
soufianetahiri/ContiLeaks -
0xthirteen/MoveKit - Cobalt Strike kit for Lateral Movement
NetSPI/asa_tools - Verification tools for CVE-2016-1287
cathugger/mkp224o - vanity address generator for tor onion v3 (ed25519) hidden services
coder/code-server - VS Code in the browser
clr2of8/GatherContacts - A Burp Suite Extension to pull Employee Names from Google and Bing LinkedIn Search Results
threatexpress/domainhunter - Checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names
NVISOsecurity/pyCobaltHound - pyCobaltHound is an Aggressor script extension for Cobalt Strike which aims to provide a deep integration between Cobalt Strike and Bloodhound.
marksowell/stars - A curated list of my GitHub stars!
marksowell/nishang - Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
marksowell/Ckpt_Mike- -
marksowell/BrightTalk-video-downloader -
marksowell/cf-bypass -
marksowell/marksowell-archive.github.io - Mark Sowell - Penetration Tester at Check Point Software Technologies Ltd. - CEH Master, CCSM Elite, & Cybersecurity Expert
marksowell/docker-compose-osmedeus-traefik - Docker Compose file for Osmedeus behind Traefik Reverse Proxy
marksowell/Harmony-Connect-Corporate-Access-API - Postman Collection for Check Point Harmony Connect Corporate Access API
marksowell/my-stars - A curated list of my GitHub stars by stargazed
dirkjanm/mitm6 - pwning IPv4 via IPv6
hmaverickadams/TCM-Security-Sample-Pentest-Report - Sample pentest report provided by TCM Security
abhijithvijayan/awesome-stars - A curated list of my GitHub stars by stargazed
XalfiE/Sharepoint-URL-Fuzzlist -
Dheerajmadhukar/4-ZERO-3 - 403/401 Bypass Methods + Bash Automation + Your Support ;)
dwisiswant0/apkleaks - Scanning APK file for URIs, endpoints & secrets.
RoseSecurity/Anti-Virus-Evading-Payloads - During the exploitation phase of a pen test or ethical hacking engagement, you will ultimately need to try to cause code to run on target system computers. Here is a simple way to evade anti-virus sof
PhishyAlice/awesome-phishing - Collection of resources related to phishing
htr-tech/zphisher - An automated phishing tool with 30+ templates. This Tool is made for educational purpose only ! Author will not be responsible for any misuse of this toolkit !
Lu3ky13/lu3ky13-SCANNER - tools to find xss in a website
s0md3v/Corsy - CORS Misconfiguration Scanner
highmeh/lure - Lure - User Recon Automation for GoPhish
kgretzky/evilginx2 - Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
kylon/Sharedown - Electron application to download Sharepoint videos (especially meant for students)
HiwinCN/HTran - HTran is a connection bouncer, a kind of proxy server. A “listener” program is hacked stealthily onto an unsuspecting host anywhere on the Internet. When it receives signals from the actual target sys
RedSiege/EyeWitness - EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.
nccgroup/scrying - A tool for collecting RDP, web and VNC screenshots all in one place
royhills/ike-scan - The IKE Scanner
S3cur3Th1sSh1t/Pentest-Tools -
darkoperator/dnsrecon - DNS Enumeration Script
marksowell/marksowell - Penetration Tester at Check Point Software Technologies Ltd. - CEH Master, CCSM Elite, & Cybersecurity Expert
extremenetworks/Virtual_EXOS - EXOS VM images are provided for testing in virtual environments such as Virtualbox or VMware.
sundowndev/phoneinfoga - Information gathering framework for phone numbers
h4wkst3r/InvisibilityCloak - Proof-of-concept obfuscation toolkit for C# post-exploitation tools
allanlw/svg-cheatsheet - A cheatsheet for exploiting server-side SVG processors.
AlexanderPro/SmartSystemMenu - SmartSystemMenu extends system menu of all windows in the system
sansatart/scrapts - Scrapts Scrapts Scrapts
jayphelps/git-blame-someone-else - Blame someone else for your bad code.
curi0usJack/luckystrike - A PowerShell based utility for the creation of malicious Office macro documents.
sevagas/macro_pack - macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments. T
3gstudent/Worse-PDF - Turn a normal PDF file into malicious.Use to steal Net-NTLM Hashes from windows machines.
tihanyin/PSSW100AVB - A list of useful Powershell scripts with 100% AV bypass (At the time of publication).
cornerpirate/JS2PDFInjector - Inject a JS file into a PDF file.
ahmedkhlief/Ninja - Open source C2 server created for stealth red team operations
Arvanaghi/CheckPlease - Sandbox evasion modules written in PowerShell, Python, Go, Ruby, C, C#, Perl, and Rust.
mhaskar/DNSStager - Hide your payload in DNS
CheckPointSW/InviZzzible - InviZzzible is a tool for assessment of your virtual environments in an easy and reliable way. It contains the most recent and up to date detection and evasion techniques as well as fixes for them.
t3hbb/NSGenCS - Extendable payload obfuscation and delivery framework
basharkey/CVE-2022-0847-dirty-pipe-checker - Bash script to check for CVE-2022-0847 "Dirty Pipe"
AlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits - A collection of exploits and documentation that can be used to exploit the Linux Dirty Pipe vulnerability.
arthepsy/ssh-audit - SSH server auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)
lockfale/OSINT-Framework - OSINT Framework
s0md3v/XSStrike - Most advanced XSS scanner.
cujanovic/SSRF-Testing - SSRF (Server Side Request Forgery) testing resources
cyberark/DLLSpy - DLL Hijacking Detection Tool
IFGHou/EtherApe - A graphical network monitor for Unix modeled after etherman.
ambionics/phpggc - PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.
vmware/photon - Minimal Linux container host
LiveOverflow/log4shell - Small example repo for looking into log4j CVE-2021-44228
alfredzou/BrightTalk-video-downloader -
nccgroup/CollaboratorPlusPlus -
xforcered/scan4log4shell - A Burp Pro extension that adds log4shell checks to Burp Scanner.
PortSwigger/log4shell-scanner - Log4Shell scanner for Burp Suite
NCSC-NL/log4shell - Operational information regarding the log4shell vulnerabilities in the Log4j logging library.
EnableSecurity/wafw00f - WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.
redcanaryco/atomic-red-team - Small and highly portable detection tests based on MITRE's ATT&CK.
0x90n/InfoSec-Black-Friday - All the deals for InfoSec related software/tools this Black Friday
Ekultek/WhatWaf - Detect and bypass web application firewalls and protection systems
DigiDNA/Silicon -
dafthack/MailSniper - MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It can b
drwetter/testssl.sh - Testing TLS/SSL encryption anywhere on any port
ernw/nmap-parse-output - Converts/manipulates/extracts data from a Nmap scan output.
plusvic/yara - The pattern matching swiss knife
S3cur3Th1sSh1t/PowerSharpPack -
VirusTotal/yara - The pattern matching swiss knife
mitre-attack/attack-arsenal - A collection of red team and adversary emulation resources developed and released by MITRE.
splunk/attack_range - A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk
whoisflynn/OSCP-Exam-Report-Template - Modified template for the OSCP Exam and Labs. Used during my passing attempt
411Hall/JAWS - JAWS - Just Another Windows (Enum) Script
0xInfection/XSRFProbe - The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.
epinna/tplmap - Server-Side Template Injection and Code Injection Detection and Exploitation Tool
payloadbox/xss-payload-list - 🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
lgandx/PCredz - This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface.
jondonas/linux-exploit-suggester-2 - Next-Generation Linux Kernel Exploit Suggester
The-Z-Labs/linux-exploit-suggester - Linux privilege escalation auditing tool
juliocesarfort/public-pentesting-reports - A list of public penetration test reports published by several consulting firms and academic security groups.
cyberheartmi9/PayloadsAllTheThings -
bugcrowd/HUNT -
spipm/Depix - Recovers passwords from pixelized screenshots
BloodHoundAD/BloodHound - Six Degrees of Domain Admin
GhostPack/Rubeus - Trying to tame the three-headed dog.
ropnop/kerbrute - A tool to perform Kerberos pre-auth bruteforcing
corelan/mona - Corelan Repository for mona.py
TCM-Course-Resources/Open-Source-Intellingence-Resources - Compilation of Resources from TCM's OSINT Course
Tib3rius/Pentest-Cheatsheets -
dievus/threader3000 - Multi-threaded Python Port Scanner with Nmap Integration
itm4n/PrintSpoofer - Abusing impersonation privileges through the "Printer Bug"
blackploit/hash-identifier - Software to identify the different types of hashes used to encrypt data and especially passwords
ShawnDEvans/smbmap - SMBMap is a handy SMB enumeration tool
NetSPI/MicroBurst - A collection of scripts for assessing Microsoft Azure security
WebBreacher/tilde_enum - Takes a URL and checks the system for the tilde enum vuln and then find the files.
lijiejie/IIS_shortname_Scanner - an IIS shortname Scanner
rharder/imagesnap - Capture Images from the Command Line
tomnomnom/httprobe - Take a list of domains and probe for working HTTP and HTTPS servers
beefproject/beef - The Browser Exploitation Framework Project
sullo/nikto - Nikto web server scanner
sirmspencer/vscode-autohide -
irsdl/IIS-ShortName-Scanner - latest version of scanners for IIS short filename (8.3) disclosure vulnerability
hmaverickadams/breach-parse - A tool for parsing breached passwords
fmaida/mkdocs-material-dark-theme - External SCSS/CSS file that can change the appearance of mkdocs-material theme and render it in dark colors.
danielmiessler/RobotsDisallowed - A curated list of the most common and most interesting robots.txt disallowed directories.
NotSoSecure/password_cracking_rules - One rule to crack all passwords. or atleast we hope so.
praetorian-inc/Hob0Rules - Password cracking rules for Hashcat based on statistics and industry patterns
frizb/Windows-Privilege-Escalation - Windows Privilege Escalation Techniques and Scripts
rasta-mouse/Sherlock - PowerShell script to quickly find missing software patches for local privilege escalation vulnerabilities.
hmaverickadams/External-Pentest-Checklist -
hausec/ADAPE-Script - Active Directory Assessment and Privilege Escalation Script
PowerShellEmpire/PowerTools - PowerTools is a collection of PowerShell projects with a focus on offensive operations.
robertdavidgraham/masscan - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
LOLBAS-Project/LOLBAS - Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
danielmiessler/SecLists - SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensi
aysebilgegunduz/Windows-Exploit-Suggester - This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploit
AonCyberLabs/Windows-Exploit-Suggester - This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploit
theGuildHall/pwnbox - Instructions on how to create your very own Pwnbox, originally created by HTB
tomnomnom/waybackurls - Fetch all the URLs that the Wayback Machine knows about for a domain
CiscoCXSecurity/enum4linux - enum4Linux is a Linux alternative to enum.exe for enumerating data from Windows and Samba hosts
TCM-Course-Resources/Windows-Privilege-Escalation-Resources - Compilation of Resources from TCM's Windows Priv Esc Udemy Course
danielbohannon/Invoke-Obfuscation - PowerShell Obfuscator
reduxjs/redux-devtools - DevTools for Redux with hot reloading, action replay, and customizable UI
its-a-feature/Mythic - A collaborative, multi-platform, red teaming framework
Calvin-LL/toggleairport - A script for macOS to turn off WiFi when Ethernet is plugged in, and turn on WiFi when Ethernet is unplugged
21y4d/nmapAutomator - A script that you can run in the background!
PowerShellMafia/PowerSploit - PowerSploit - A PowerShell Post-Exploitation Framework
malwaredllc/byob - An open-source post-exploitation framework for students, researchers and developers.
google/tsunami-security-scanner - Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.
NationalSecurityAgency/ghidra - Ghidra is a software reverse engineering (SRE) framework
axboe/fio - Flexible I/O Tester
CheckPointSW/UsefulManagementApiTools - Check Point Useful Management API Tools contain scripts and tools that were used as solutions for customers.

p2p

fatedier/frp - A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
rustdesk/rustdesk - An open-source remote desktop application designed for self-hosting, as an alternative to TeamViewer.
syncthing/syncthing - Open Source Continuous File Synchronization

package-manager

microsoft/vcpkg - C++ Library Manager for Windows, Linux, and MacOS
q-nick/npm-gui - Tired of the package.json dependency juggle? Meet npm-gui! We seamlessly integrate with npm, pnpm, or yarn. Managing, installing, and updating dependencies is as easy as it gets. Try npm-gui today and
macports/macports-ports - The MacPorts ports tree

perl

royalapplications/toolbox - This repository contains various automation scripts for Royal TS (for Windows) and Royal TSX (for macOS). Also included are dynamic folder samples. This collection consists of scripts by the Royal App

powershell

royalapplications/toolbox - This repository contains various automation scripts for Royal TS (for Windows) and Royal TSX (for macOS). Also included are dynamic folder samples. This collection consists of scripts by the Royal App
jymcheong/AutoTTP - Automated Tactics Techniques & Procedures
byt3bl33d3r/CrackMapExec - A swiss army knife for pentesting networks
Hackplayers/evil-winrm - The ultimate WinRM shell for hacking/pentesting
get-get-get-get/PowerProxy - PowerShell SOCKS proxy with reverse proxy capabilities
samratashok/nishang - Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

pwa

GoogleChrome/lighthouse - Automated auditing, performance metrics, and best practices for the web.

python

MattKeeley/Spoofy - Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
AzeemIdrisi/PhoneSploit-Pro - An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.
jonaslejon/malicious-pdf - 💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh
pypa/pipx - Install and Run Python Applications in Isolated Environments
royalapplications/toolbox - This repository contains various automation scripts for Royal TS (for Windows) and Royal TSX (for macOS). Also included are dynamic folder samples. This collection consists of scripts by the Royal App
vinta/awesome-python - An opinionated list of awesome Python frameworks, libraries, software and resources.
commixproject/commix - Automated All-in-One OS Command Injection Exploitation Tool.
t3l3machus/toxssin - An XSS exploitation command-line interface and payload generator.
vmware/vsphere-automation-sdk-python - Python samples, language bindings, and API reference documentation for vSphere, VMC, and NSX-T using the VMware REST API
n1nj4sec/pupy - Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C
sethmlarson/truststore - Verify certificates using OS trust stores
volatilityfoundation/volatility3 - Volatility 3.0 development
jymcheong/AutoTTP - Automated Tactics Techniques & Procedures
uber-common/metta - An information security preparedness tool to do adversarial simulation.
byt3bl33d3r/CrackMapExec - A swiss army knife for pentesting networks
UndeadSec/SocialFish - Phishing Tool & Information Collector
yt-dlp/yt-dlp - A feature-rich command-line audio/video downloader
OWASP/Nettacker - Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
superhedgy/AttackSurfaceMapper - AttackSurfaceMapper is a tool that aims to automate the reconnaissance process.
laramies/theHarvester - E-mails, subdomains and names Harvester - OSINT
threat9/routersploit - Exploitation Framework for Embedded Devices
Neo23x0/Loki - Loki - Simple IOC and YARA Scanner
aress31/jwtcat - A CPU-based JSON Web Token (JWT) cracker and - to some extent - scanner.
Ciphey/Ciphey - ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
maurosoria/dirsearch - Web path scanner
sqlmapproject/sqlmap - Automatic SQL injection and database takeover tool
mkdocs/mkdocs - Project documentation with Markdown.
s0md3v/Photon - Incredibly fast crawler designed for OSINT.
fortra/impacket - Impacket is a collection of Python classes for working with network protocols.
secdev/scapy - Scapy: the Python-based interactive packet manipulation program & library.

python3

MattKeeley/Spoofy - Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
vmware/vsphere-automation-sdk-python - Python samples, language bindings, and API reference documentation for vSphere, VMC, and NSX-T using the VMware REST API
byt3bl33d3r/WitnessMe - Web Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to make life easier.
SoftDesLab/PIRANHA - Project for Software Design Laboratory -- Topic: Detecting Phishing Website with Machine Learning
Liodeus/swaggerHole - A python3 script searching for secret on swaggerhub
get-get-get-get/PowerProxy - PowerShell SOCKS proxy with reverse proxy capabilities

raspberry-pi

shellhub-io/shellhub - 💻 Get seamless remote access to any Linux device. Centralized SSH for the edge and cloud computing

react

ant-design/ant-design - An enterprise-class UI design language and React UI library
requestly/requestly - Requestly was built to save developers time by intercepting and modifying HTTP Requests. It has now developed into an open-source alternative to Charles Proxy and Telerik Fiddler that works directly i
q-nick/npm-gui - Tired of the package.json dependency juggle? Meet npm-gui! We seamlessly integrate with npm, pnpm, or yarn. Managing, installing, and updating dependencies is as easy as it gets. Try npm-gui today and
styled-components/styled-components - Visual primitives for the component age. Use the best bits of ES6 and CSS to style your apps without stress 💅
appwrite/appwrite - Your backend, minus the hassle.
rahuldkjain/github-profile-readme-generator - 🚀 Generate GitHub profile README easily with the latest add-ons like visitors count, GitHub stats, etc using minimal UI.

react-native

appwrite/appwrite - Your backend, minus the hassle.

reactjs

dsternlicht/RESTool - RESTool is an open source UI tool for managing RESTful APIs. It could save you time developing your own internal tools. A live example:

rest-api

kyleboe/zoom_rb - Ruby REST API Wrapper for zoom.us API
dsternlicht/RESTool - RESTool is an open source UI tool for managing RESTful APIs. It could save you time developing your own internal tools. A live example:

ruby

kyleboe/zoom_rb - Ruby REST API Wrapper for zoom.us API
jekyll/jekyll-sitemap - Jekyll plugin to silently generate a sitemaps.org compliant sitemap for your Jekyll site
Hackplayers/evil-winrm - The ultimate WinRM shell for hacking/pentesting

rust

praetorian-inc/noseyparker - Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.
dani-garcia/vaultwarden - Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs
tauri-apps/tauri - Build smaller, faster, and more secure desktop and mobile applications with a web frontend.
LemmyNet/lemmy - 🐀 A link aggregator and forum for the fediverse
rwf2/Rocket - A web framework for Rust.
bee-san/Ares - Automated decoding of encrypted text without knowing the key or ciphers used
sharkdp/bat - A cat(1) clone with wings.
rustdesk/rustdesk - An open-source remote desktop application designed for self-hosting, as an alternative to TeamViewer.
asciinema/asciinema - Terminal session recorder 📹
epi052/feroxbuster - A fast, simple, recursive content discovery tool written in Rust.
WithSecureLabs/chainsaw - Rapidly Search and Hunt through Windows Forensic Artefacts
RustScan/RustScan - 🤖 The Modern Port Scanner 🤖

security

gitleaks/gitleaks - Protect and discover secrets using Gitleaks 🔑
GitGuardian/ggshield - Find and fix 400+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.
praetorian-inc/noseyparker - Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.
netwrix/pingcastle - PingCastle - Get Active Directory Security at 80% in 20% of the time
WithSecureLabs/drozer - The Leading Security Assessment Framework for Android.
MegaManSec/SSH-Snake - SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.
six2dez/pentest-book -
MattKeeley/Spoofy - Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
infobyte/faraday - Open Source Vulnerability Management Platform
sensepost/gowitness - 🔍 gowitness - a golang, web screenshot utility using Chrome Headless
EdOverflow/can-i-take-over-xyz - "Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
ghostsecurity/reaper - 💀 Don't fear the Reaper 👻
AlecBlance/S3BucketList - Chrome extension that lists Amazon S3 Buckets while browsing
pwndoc/pwndoc - Pentest Report Generator
marksowell/Clickjacking-POC - A Python package for creating a clickjacking proof of concept (POC).
OWASP/API-Security - OWASP API Security Project
inonshk/31-days-of-API-Security-Tips - This challenge is Inon Shkedy's 31 days API Security Tips.
HolyBugx/HolyTips - A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.
akto-api-security/tests-library - Community generated list of API security tests to find OWASP top10, HackerOne top 10 vulnerabilities
akto-api-security/akto - Proactive, Open source API security → API discovery, Testing in CI/CD, Test Library with 150+ Tests, Add custom tests, Sensitive data exposure
Hack-with-Github/Awesome-Hacking - A collection of various awesome lists for hackers, pentesters and security researchers
Cyber-Buddy/APKHunt - APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security testers,
jeremylong/DependencyCheck - OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
radareorg/radare2 - UNIX-like reverse engineering framework and command-line toolset
nabla-c0d3/ssl-kill-switch2 - Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS and macOS applications.
dradis/dradis-ce - Dradis Framework: Collaboration and reporting for IT Security teams
byt3bl33d3r/WitnessMe - Web Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to make life easier.
trufflesecurity/trufflehog - Find, verify, and analyze leaked credentials
shieldfy/API-Security-Checklist - Checklist of the most important security countermeasures when designing, testing, and releasing your API
uber-common/metta - An information security preparedness tool to do adversarial simulation.
hahwul/dalfox - 🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
haccer/subjack - Subdomain Takeover tool written in Go
nccgroup/ScoutSuite - Multi-Cloud Security Auditing Tool
trimstray/the-book-of-secret-knowledge - A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
projectdiscovery/nuclei - Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the int
chenjj/espoofer - An email spoofing testing tool that aims to bypass SPF/DKIM/DMARC and forge DKIM signatures.🍻
CanIPhish/Phishious - An open-source Secure Email Gateway (SEG) evaluation toolkit designed for red-teamers.
noraj/rawsec-cybersecurity-inventory - An inventory of tools and resources about CyberSecurity that aims to help people to find everything related to CyberSecurity.
OWASP/Nettacker - Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
j3ssie/osmedeus - A Workflow Engine for Offensive Security
evilsocket/xray - XRay is a tool for recon, mapping and OSINT gathering from public networks.
MojtabaTajik/Robber - Robber is open source tool for finding executables prone to DLL hijacking
projectdiscovery/interactsh - An OOB interaction gathering server and client library
cisagov/log4j-scanner - log4j-scanner is a project derived from other members of the open-source community by CISA to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities.
google/oss-fuzz - OSS-Fuzz - continuous fuzzing for open source software.
OWASP/CheatSheetSeries - The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
WithSecureLabs/chainsaw - Rapidly Search and Hunt through Windows Forensic Artefacts
threat9/routersploit - Exploitation Framework for Embedded Devices
lc/gau - Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.
lmammino/jwt-cracker - Simple HS256, HS384 & HS512 JWT token brute force cracker.
zaproxy/zap-extensions - ZAP Add-ons
cddmp/enum4linux-ng - A next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for security professionals and CTF players.
EnableSecurity/sipvicious - SIPVicious OSS is a VoIP security testing toolset. It helps security teams, QA and developers test SIP-based VoIP systems and applications. This toolset is useful in simulating VoIP hacking attacks ag
wpscanteam/wpscan - WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via contact@wpscan.com
maurosoria/dirsearch - Web path scanner
andresriancho/w3af - w3af: web application attack and audit framework, the open source web vulnerability scanner.
v1s1t0r1sh3r3/airgeddon - This is a multi-use bash script for Linux systems to audit wireless networks.
gophish/gophish - Open-Source Phishing Toolkit
samratashok/nishang - Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
RustScan/RustScan - 🤖 The Modern Port Scanner 🤖
michenriksen/aquatone - A Tool for Domain Flyovers
juice-shop/juice-shop - OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
scipag/vulscan - Advanced vulnerability scanning with Nmap NSE
future-architect/vuls - Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
swisskyrepo/PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
secdev/scapy - Scapy: the Python-based interactive packet manipulation program & library.

server

vapor/vapor - 💧 A server-side Swift HTTP web framework.
expressjs/express - Fast, unopinionated, minimalist web framework for node.
FlareSolverr/FlareSolverr - Proxy server to bypass Cloudflare protection

serverless

anuraghazra/github-readme-stats - ⚡ Dynamically generated stats for your github readmes
cloud-custodian/cloud-custodian - Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
appwrite/appwrite - Your backend, minus the hassle.

shell

MegaManSec/SSH-Snake - SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.
stateful/vscode-runme - DevOps Notebooks Built with Markdown - VS Code extension
nvm-sh/nvm - Node Version Manager - POSIX-compliant bash script to manage multiple active node.js versions
zsh-users/zsh-autosuggestions - Fish-like autosuggestions for zsh
n1nj4sec/pupy - Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C
hyperupcall/autoenv - Directory-based environments.
Hackplayers/evil-winrm - The ultimate WinRM shell for hacking/pentesting
CISOfy/lynis - Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
0x00-0x00/ShellPop - Pop shells like a master.
peass-ng/PEASS-ng - PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

sql

bitwarden/server - Bitwarden infrastructure/backend (API, database, Docker, etc).
NetSPI/SQLInjectionWiki - A wiki focusing on aggregating and documenting various SQL injection methods

swift

jordanbaird/Ice - Powerful menu bar manager for macOS
vapor/vapor - 💧 A server-side Swift HTTP web framework.
realm/SwiftLint - A tool to enforce Swift style and conventions.
appwrite/appwrite - Your backend, minus the hassle.

telegram

projectdiscovery/notify - Notify is a Go-based assistance package that enables you to stream the output of several tools (or read from a file) and publish it to a variety of supported platforms.

terminal

sharkdp/bat - A cat(1) clone with wings.
hyperupcall/autoenv - Directory-based environments.
asciinema/asciinema - Terminal session recorder 📹
htr-tech/nexphisher - Advanced Phishing tool

testing

puppeteer/puppeteer - JavaScript API for Chrome and Firefox
sinfulz/JustTryHarder - JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)

typescript

ant-design/ant-design - An enterprise-class UI design language and React UI library
NextAdminHQ/nextjs-admin-dashboard - Next.js admin dashboard template and UI components that come with pre-built elements, components, pages, high-quality design, integrations, and much more.
Milkdown/milkdown - 🍼 Plugin driven WYSIWYG markdown editor framework.
stateful/vscode-runme - DevOps Notebooks Built with Markdown - VS Code extension
requestly/requestly - Requestly was built to save developers time by intercepting and modifying HTTP Requests. It has now developed into an open-source alternative to Charles Proxy and Telerik Fiddler that works directly i

unity

dnSpyEx/dnSpy - Unofficial revival of the well known .NET debugger and assembly editor, dnSpy

vagrant

uber-common/metta - An information security preparedness tool to do adversarial simulation.

vue

slidevjs/slidev - Presentation Slides for Developers

web

sensepost/gowitness - 🔍 gowitness - a golang, web screenshot utility using Chrome Headless
puppeteer/puppeteer - JavaScript API for Chrome and Firefox
rwf2/Rocket - A web framework for Rust.
HolyBugx/HolyTips - A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.
appwrite/appwrite - Your backend, minus the hassle.
flutter/flutter - Flutter makes it easy and fast to build beautiful apps for mobile and beyond
GoogleChrome/lighthouse - Automated auditing, performance metrics, and best practices for the web.
epi052/feroxbuster - A fast, simple, recursive content discovery tool written in Rust.
Bo0oM/fuzz.txt - Potentially dangerous files
ffuf/ffuf - Fast web fuzzer written in Go
OJ/gobuster - Directory/File, DNS and VHost busting tool written in Go

webapp

HolyBugx/HolyTips - A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

windows

microsoft/vcpkg - C++ Library Manager for Windows, Linux, and MacOS
royalapplications/toolbox - This repository contains various automation scripts for Royal TS (for Windows) and Royal TSX (for macOS). Also included are dynamic folder samples. This collection consists of scripts by the Royal App
flutter/flutter - Flutter makes it easy and fast to build beautiful apps for mobile and beyond
bitsadmin/wesng - Windows Exploit Suggester - Next Generation
n1nj4sec/pupy - Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C
sethmlarson/truststore - Verify certificates using OS trust stores
byt3bl33d3r/CrackMapExec - A swiss army knife for pentesting networks
calebstewart/pwncat - Fancy reverse and bind shell handler
WithSecureLabs/chainsaw - Rapidly Search and Hunt through Windows Forensic Artefacts
itm4n/PrivescCheck - Privilege Escalation Enumeration Script for Windows
mzfr/gtfo - Search gtfobins and lolbas files from your terminal
ohpe/juicy-potato - A sugared version of RottenPotatoNG, with a bit of juice, i.e. another Local Privilege Escalation tool, from a Windows Service Accounts to NT AUTHORITY\SYSTEM.
SecWiki/windows-kernel-exploits - windows-kernel-exploits Windows平台提权漏洞集合
Aetsu/OffensivePipeline - OfensivePipeline allows you to download and build C# tools, applying certain modifications in order to improve their evasion for Red Team exercises.
peass-ng/PEASS-ng - PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

wordpress

wpscanteam/wpscan - WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via contact@wpscan.com

License

To the extent possible under law, marksowell has waived all copyright and related or neighboring rights to this work.

Name		Name	Last commit message	Last commit date
Latest commit History 42,333 Commits
.github/workflows		.github/workflows
LICENSE		LICENSE
README.md		README.md
_config.yml		_config.yml

License

marksowell/stars

Folders and files

Latest commit

History

Repository files navigation

Awesome Stars

Contents

ai

android

angular

api

aspnet

awesome

awesome-list

aws

azure

bash

bootstrap

c

chrome

chrome-extension

cli

code-quality

code-review

cpp

csharp

css

dart

database

docker

documentation

dotnet

electron

express

firebase

firefox

flutter

framework

git

go

golang

graphql

hacking

hacktoberfest

homebridge

html

http

ios

java

javascript

jekyll

kotlin

kubernetes

latex

library

linux

lua

machine-learning

macos

markdown

material-design

mobile

mongodb

mysql

nextjs

nodejs

nosql

npm

objective-c

open-source

others

p2p

package-manager

perl

powershell

pwa

python

python3

raspberry-pi

Packages