A curated list of my GitHub stars! Generated by starred.
- C
- C#
- C++
- CMake
- Go
- HCL
- HTML
- Java
- JavaScript
- Jinja
- Kotlin
- MATLAB
- Meson
- Nim
- OCaml
- Objective-C
- Others
- PHP
- Pascal
- Perl
- PowerShell
- Python
- Ruby
- Rust
- Shell
- Solidity
- Swift
- TypeScript
- VBA
- samhocevar/zzuf - 🌪️ Application fuzzer
- zgzhang/cve-2024-6387-poc - a signal handler race condition in OpenSSH's server (sshd)
- 1N3/PrivEsc - A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.
- Siguza/iokit-utils - Dev tools for probing IOKit
- libimobiledevice/libirecovery - Library and utility to talk to iBoot/iBSS via USB on Mac OS X, Windows, and Linux
- iDroid-Project/openiBoot - Collaborative development of openiBoot for the iDroid Project
- planetbeing/ios-jailbreak-patchfinder - Analyzes a binary iOS kernel to determine function offsets and where to apply the canonical jailbreak patches.
- ufrisk/pcileech - Direct Memory Access (DMA) Attack Software
- n0xa/m5stick-nemo - M5 Stick C firmware for high-tech pranks
- m5stack/M5StickC - M5StickC Arduino Library
- m5stack/M5StickC-Plus - M5StickCPlus Arduino Library
- telekom-security/tpotce - 🍯 T-Pot - The All In One Multi Honeypot Platform 🐝
- yasukata/zpoline - system call hook for Linux
- semigodking/redsocks - transparent redirector of any TCP/UDP connection to proxy
- darkk/redsocks - transparent TCP-to-proxy redirector
- carloslack/KoviD - Linux kernel rootkit
- x64dbg/x64dbgpy - Automating x64dbg using Python, Snapshots:
- iqiyi/xHook - 🔥 A PLT hook library for Android native ELF.
- brownbelt/defcon-25-workshop - Windows Post-Exploitation / Malware Forward Engineering DEF CON 25 Workshop
- maycon/AFLplusplus - The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!
- maycon/jakshoo - LD_PRELOAD rootkit
- flipperdevices/flipperzero-firmware - Flipper Zero firmware source code
- tsl0922/ttyd - Share your terminal over the web
- gerasdf/InsecureProgramming - Insecure Programming by Example - Teach yourself how buffer overflows, format strings, numeric bugs, and other binary security bugs work and how to exploit them
- Siguza/iometa - arm64 IOKit class dumper
- otavioarj/SHook - Simple Linux Kernel >=4 syscall hooking
- xmrig/xmrig - RandomX, KawPow, CryptoNight and GhostRider unified CPU/GPU miner and RandomX benchmark
- trezor/trezor-firmware - 🔒 Trezor Firmware Monorepo
- djkaty/Il2CppInspector - Powerful automated tool for reverse engineering Unity IL2CPP binaries
- julioverne/screendump -
- hacksysteam/HackSysExtremeVulnerableDriver - HackSys Extreme Vulnerable Driver (HEVD) - Windows & Linux
- SinaKarvandi/Hypervisor-From-Scratch - Source code of a multiple series of tutorials about the hypervisor. Available at: https://rayanfam.com/tutorials
- f0rb1dd3n/Reptile - LKM Linux rootkit
- bdamele/shellcodeexec - Script to execute in memory a sequence of opcodes
- maycon/kernel-101 - A single kernel to learn how to write a kernel. :-)
- DhavalKapil/heap-exploitation - This book on heap exploitation is a guide to understanding the internals of glibc's heap and various attacks possible on the heap structure.
- openwall/john - John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs
- radareorg/radare2 - UNIX-like reverse engineering framework and command-line toolset
- Billy-Ellis/Exploit-Challenges - A collection of vulnerable ARM binaries for practicing exploit development
- philipl/pifs - πfs - the data-free filesystem!
- evilwombat/gopro-usb-tools - Tools for booting an otherwise hard-bricked GoPro Hero2 / Hero3+Black / Hero4 camera using its built-in USB command mode, to its RTOS or to a standalone Linux environment.
- dnSpy/dnSpy - .NET debugger and assembly editor
- Nassim-Asrir/CVE-2023-36424 - Windows Kernel Pool (clfs.sys) Corruption Privilege Escalation
- futurerestore/futurerestore - A hacked up idevicerestore wrapper, which allows specifying SEP and Baseband for restoring
- AGWA/git-crypt - Transparent file encryption in git
- shaka-project/shaka-packager - A media packaging and development framework for VOD and Live DASH and HLS applications, supporting Common Encryption for Widevine and other DRM Systems.
- topjohnwu/Magisk - The Magic Mask for Android
- yanfengwu-syser/syserdebugger -
- QBDI/QBDI - A Dynamic Binary Instrumentation framework based on LLVM.
- x64dbg/ScyllaHide - Advanced usermode anti-anti-debugger. Forked from https://bitbucket.org/NtQuery/scyllahide
- x64dbg/x64dbg - An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
- x64dbg/TitanEngine - TitanEngine Community Edition. Debug engine used by x64dbg.
- microsoft/Detours - Detours is a software package for monitoring and instrumenting API calls on Windows. It is distributed in source code form.
- maycon/Magisk - The Magic Mask for Android
- lief-project/LIEF - LIEF - Library to Instrument Executable Formats
- S2E/s2e - S2E: A platform for multi-path program analysis with selective symbolic execution.
- talos-vulndev/afl-dyninst - American Fuzzy Lop + Dyninst == AFL Fuzzing blackbox binaries
- REhints/HexRaysCodeXplorer - Hex-Rays Decompiler plugin for better code navigation
- otavioarj/KiInjector - Kindly Win x86/x64 DLL Injector
- dryark/stf_ios_support - Central repo to connect and document components/repos needed for IOS stf support
- hack-different/ipsw - iOS/macOS Research Swiss Army Knife
- codesenberg/bombardier - Fast cross-platform HTTP benchmarking tool written in Go
- acouvreur/traefik-modsecurity-plugin - Traefik plugin to proxy requests to owasp/modsecurity-crs:apache container
- containerd/containerd - An open and reliable container runtime
- moby/swarmkit - A toolkit for orchestrating distributed systems at any scale. It includes primitives for node discovery, raft-based consensus, task scheduling and more.
- moby/moby - The Moby Project - a collaborative project for the container ecosystem to assemble container-based systems
- FleexSecurity/fleex - Fleex makes it easy to create multiple VPS on cloud providers and use them to distribute workloads.
- gitleaks/gitleaks - Protect and discover secrets using Gitleaks 🔑
- majd/ipatool - Command-line tool that allows searching and downloading app packages (known as ipa files) from the iOS App Store
- cybozu-go/usocksd - SOCKS4/5 server library and command in Go
- cybozu-go/transocks - Transparent SOCKS5 / HTTP proxy in Go
- KingOfBugbounty/KingOfBugBountyTips - Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wish t
- globocom/huskyCI - Performing security tests inside your CI
- jpillora/chisel - A fast TCP/UDP tunnel over HTTP
- kgretzky/evilginx2 - Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
- michenriksen/aquatone - A Tool for Domain Flyovers
- do-community/terraform-sample-digitalocean-architectures - Deployable Production Cloud Architectures for use on DigitalOcean via Terraform
- yogeshojha/rengine - reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous mon
- subspacecloud/subspace - A simple WireGuard VPN server GUI
- sleeyax/burp-awesome-tls - Burp extension to evade TLS fingerprinting. Bypass WAF, spoof any browser.
- JackOfMostTrades/gadgetinspector - A byte code analyzer for finding deserialization gadget chains in Java applications
- cckuailong/JNDI-Injection-Exploit-Plus - 80+ Gadgets(30 More than ysoserial). JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and provide background services by starting RMI server,LDAP server and HTTP server.
- gabrielemariotti/androiddev - Quick tips/tutorials for Android developers
- maycon/ysoserial - A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
- martinpaljak/GlobalPlatformPro - 🌐 🔐 Manage applets and keys on JavaCard-s like a pro (via command line or from your Java project)
- hneemann/Digital - A digital logic designer and circuit simulator.
- ikarus23/MifareClassicTool - An Android NFC app for reading, writing, analyzing, etc. MIFARE Classic RFID tags.
- spotbugs/spotbugs - SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.
- joaomatosf/JavaDeserH2HC - Sample codes written for the Hackers to Hackers Conference magazine 2017 (H2HC).
- DeviceFarmer/stf - Control and manage Android devices from your browser.
- horsicq/Detect-It-Easy - Program for determining types of files for Windows, Linux and MacOS.
- novnc/noVNC - VNC client web application
- OpenZeppelin/openzeppelin-contracts - OpenZeppelin Contracts is a library for secure smart contract development.
- viniciuspereiras/zap - Whatsapp Bot model using whatsapp-web.js
- webhooksite/webhook.site - ⚓️ Easily test HTTP webhooks with this handy tool that displays requests instantly.
- m0bilesecurity/RMS-Runtime-Mobile-Security - Runtime Mobile Security (RMS) 📱🔥 - is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime
- shaka-project/shaka-player - JavaScript player library / DASH & HLS client / MSE-EME player
- videojs/videojs-contrib-eme - Supports Encrypted Media Extensions for playback of encrypted content in Video.js
- MobSF/Mobile-Security-Framework-MobSF - Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and
- RobinHerbots/Inputmask - Input Mask plugin
- felamos/weirdhta - A tool to create obfuscated HTA script.
- ivanseidel/IAMDinosaur - 🦄 An Artificial Inteligence to teach Google's Dinosaur to jump cactus
- splunk/attack_range - A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk
- simondankelmann/Bluetooth-LE-Spam -
- hax0rgb/InsecureShop - An Intentionally designed Vulnerable Android Application built in Kotlin.
- aeolianine/octave-networks-toolbox - A set of graph/networks analysis functions in Octave
- frida/frida - Clone this repo to build Frida
- byt3bl33d3r/OffensiveNim - My experiments in weaponizing Nim (https://nim-lang.org/)
- BinaryAnalysisPlatform/bap - Binary Analysis Platform
- maycon/Pacman - A very buggy Pacman game written in C with OpenGL
- Siguza/ios-resources - Useful resources for iOS hacking
- xybp888/iOS-SDKs - iOS 9 - iOS 17 SDK including symbols for private frameworks.
- maguowei/awesome-stars - My Awesome List
- Dr-TSNG/ZygiskNext - Standalone implementation of Zygisk
- shanzson/Smart-Contract-Auditor-Tools-and-Techniques - This repo contains a comprehensive list of smart contract auditor tools and techniques that can be utilized by both smart contract auditors and blockchain developers for developing secure smart contra
- razzorsec/AuditorsRoadmap -
- Stankye/Tuts4You-Tutorials - Collection of Tutorials from Tuts4You
- 0x90n/InfoSec-Black-Friday - All the deals for InfoSec related software/tools this Black Friday
- GorvGoyl/Clone-Wars - 100+ open-source clones of popular sites like Airbnb, Amazon, Instagram, Netflix, Tiktok, Spotify, Whatsapp, Youtube etc. See source code, demo links, tech stack, github stars.
- daffainfo/AllAboutBugBounty - All about bug bounty (bypasses, payloads, and etc)
- obfuscator-llvm/obfuscator -
- BecodoExploit-mrCAT/RedTeamOPS-bootcamp101 - Material do Bootcamp de Red Team - by Victor de Queiroz
- Peter-Easton/android-debug-cable-howto - This is a simple how-to to create your own android kernel debugging cable using commercially available parts.
- mammon/mammon.github.com - Papers on reverse engineering and assembly language programming
- mauri870/linux-insides - Um pouco sobre o kernel linux
- GrrrDog/Java-Deserialization-Cheat-Sheet - The cheat sheet about Java Deserialization vulnerabilities
- 10up/wp-scrubber - BETA: This plugin provides a command-line interface for scrubbing sensitive user and comment data from a WordPress installation.
- projectsend/projectsend - ProjectSend is a free, open source software that lets you share files with your clients, focused on ease of use and privacy. It supports clients groups, system users roles, statistics, multiple langua
- DiogoMRSilva/websitesVulnerableToSSTI - Simple websites vulnerable to Server Side Template Injections(SSTI)
- DarkCoderSc/SubSeven - SubSeven Legacy Official Source Code Repository
- htrgouvea/zarn - A lightweight static security analysis tool for modern Perl Apps
- samratashok/nishang - Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
- maycon/DropDoc - A small project to automate the creation of Microsoft Word malicious documents.
- ferreirasc/redteam-arsenal - Some binaries/scripts that may be useful in red team/pentest exercises
- p3nt4/Invoke-SocksProxy - Socks proxy, and reverse socks server using powershell.
- maycon/BloodHound - Six Degrees of Domain Admin
- api0cradle/UltimateAppLockerByPassList - The goal of this repository is to document the most common techniques to bypass AppLocker.
- PowerShellMafia/PowerSploit - PowerSploit - A PowerShell Post-Exploitation Framework
- rtcatc/Packer-Fuzzer - Packer Fuzzer is a fast and efficient scanner for security detection of websites constructed by javascript module bundler such as Webpack.
- corkami/collisions - Hash collisions and exploitations
- ccxt/ccxt - A JavaScript / TypeScript / Python / C# / PHP cryptocurrency trading API with support for more than 100 bitcoin/altcoin exchanges
- JeffLIrion/adb_shell - A Python implementation of ADB with shell and FileSync functionality.
- google/python-adb - Python ADB + Fastboot implementation
- justfoxing/ghidra_bridge - Python 3 bridge to Ghidra's Python scripting
- Pennyw0rth/NetExec - The Network Execution Tool
- RhinoSecurityLabs/CVEs - A collection of proof-of-concept exploit scripts written by the team at Rhino Security Labs for various CVEs.
- f0cker/crackq - CrackQ: A Python Hashcat cracking queue system
- lk-geimfari/mimesis - Mimesis is a robust data generator for Python that can produce a wide range of fake data in multiple languages.
- pallets/flask - The Python micro framework for building web applications.
- sintezcs/flask-threads - A helper library to work with threads in Flask
- google/android-emulator-container-scripts -
- cosad3s/hfinder - Help recon of hostnames from specific ASN or CIDR, thanks to Robtex and BGP.HE
- kubernetes-client/python - Official Python client library for kubernetes
- dpgaspar/Flask-AppBuilder - Simple and rapid application development framework, built on top of Flask. includes detailed security, auto CRUD generation for your models, google charts and much more. Demo (login with guest/welcome
- SK-CERT/Taranis-NG - Taranis NG is an OSINT gathering and analysis tool for CSIRT teams and organisations. It allows team-to-team collaboration, and contains a user portal for simple self asset management. Taranis NG was
- sensity-ai/dot - The Deepfake Offensive Toolkit
- MandConsultingGroup/porch-pirate - Porch Pirate is the most comprehensive Postman recon / OSINT client and framework that facilitates the automated discovery and exploitation of API endpoints and secrets committed to workspaces, collec
- mushorg/conpot - ICS/SCADA honeypot
- androguard/androguard - Reverse engineering and pentesting for Android applications
- fyoorer/ShadowClone - Unleash the power of cloud
- honoki/bbrf-client - The Bug Bounty Reconnaissance Framework (BBRF) can help you coordinate your reconnaissance workflows across multiple devices
- Ciphey/Ciphey - ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
- crytic/slither - Static Analyzer for Solidity and Vyper
- ansible-collections/community.docker - Community Docker Collection for Ansible: modules and plugins for working with Docker
- ashutosh1206/Crypton - Library consisting of explanation and implementation of all the existing attacks on various Encryption Systems, Digital Signatures, Key Exchange, Authentication methods along with example challenges f
- maycon/fastapi-microservices - Fully Python async FastAPI project! 🚀
- maycon/freqtrade - Free, open source crypto trading bot
- dhondta/dronesploit - Drone pentesting framework console
- racerxdl/h2hc-rfvillage - H2HC 2022 - Radio Frequency Village
- nccgroup/ScoutSuite - Multi-Cloud Security Auditing Tool
- knownsec/pocsuite3 - pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.
- ansible/ansible - Ansible is a radically simple IT automation platform that makes your applications and systems easier to deploy and maintain. Automate everything from code deployment to network configuration to cloud
- paurakhsharma/python-microservice-fastapi - Learn to build your own microservice using Python and FastAPI
- christophetd/CloudFlair - 🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.
- bazad/ida_kernelcache - An IDA Toolkit for analyzing iOS kernelcaches.
- 0x36/ghidra_kernelcache - a Ghidra framework for iOS kernelcache reverse engineering
- meolu/walle-web - walle - 瓦力 Devops开源项目代码部署平台
- nginx-proxy/nginx-proxy - Automated nginx proxy for Docker containers using docker-gen
- Allen7D/mini-shop-server - 基于 Flask 框架开发的微信小程序后端项目,用于构建小程序商城后台 (电商相关;rbac权限管理;附带自动生成Swagger 风格的API 文档;可作「Python 项目毕设」)---- 相关博客链接:🌟
- tonyseek/simple-rbac - A simple role based access control utility for Python.
- Rikj000/MoniGoMani - Isn't that what we all want? Our money to go many? Well that's what this framework/strategy hopes to do for you! By giving you & HyperOpt a lot of signals to alter the weights from.
- werkkrew/freqtrade-strategies - Trading Strategies for Freqtrade
- froggleston/cryptofrog-strategies - Strategies for freqtrade
- jaungiers/LSTM-Neural-Network-for-Time-Series-Prediction - LSTM built using Keras Python package to predict time series steps and sequences. Includes sin wave and stock market data
- caioluders/DPWO - DPWO
- freqtrade/freqtrade-strategies - Free trading strategies for Freqtrade bot
- freqtrade/freqtrade - Free, open source crypto trading bot
- angr/angr - A powerful and user-friendly binary analysis platform!
- umermansoor/microservices - Example of Microservices written using Flask.
- hummingbot/hummingbot - Open source software that helps you create and deploy high-frequency crypto trading bots
- yasinkuyu/binance-trader - 💰 Cryptocurrency Trading Bot for Binance (Experimental)
- sensepost/objection - 📱 objection - runtime mobile exploration
- OWASP/owasp-mastg - The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls
- nccgroup/keimpx - Check for valid credentials across a network over SMB
- SECFORCE/Tunna - Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP. It can be used to bypass network restrictions in fully firewalled environments.
- m8sec/nullinux - Internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.
- sensepost/reGeorg - The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.
- ReFirmLabs/binwalk - Firmware Analysis Tool
- lgandx/Responder - Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication
- hugsy/gef - GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux
- maycon/grinder - Grinder is a system to automate the fuzzing of web browsers and the management of a large number of crashes.
- stephenfewer/grinder - Grinder is a system to automate the fuzzing of web browsers and the management of a large number of crashes.
- joaoviictorti/RustRedOps - 🦀 | RustRedOps is a repository for advanced Red Team techniques and offensive malware, focused on Rust
- ergrelet/windiff - Web-based tool that allows comparing symbol, type and syscall information of Microsoft Windows binaries across different versions of the OS.
- skerkour/black-hat-rust - Applied offensive security with Rust - https://kerkour.com/black-hat-rust
- qemus/qemu-docker - QEMU in a Docker container.
- sknux/extractSplittedApps -
- writeups/iOS - Here you can find write ups for iOS Vulnerabilities that have been released.
- linuxserver/docker-baseimage-kasmvnc - Base Images for remote web based Linux desktops using KasmVNC for many popular distros.
- MegaManSec/SSH-Snake - SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.
- six2dez/reconftw - reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
- bruzistico/zigwaf - The purpose of this tool is to try to validate if real IPs (predefined list) resolve to the site behind the WAF.
- screetsec/Sudomy - Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
- chesteroni/kitgen - Linux bootkit generator
- trimstray/multitor - Create multiple TOR instances with a load-balancing.
- pry0cc/axiom - The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!
- maycon/mikrotik-tools - Tools for Mikrotik devices
- dockcross/dockcross - Cross compiling toolchains in Docker images
- devttys0/sasquatch -
- OpenZeppelin/ethernaut - Web3/Solidity based wargame
- PumpkingWok/CTFGym - List of CTF related to Ethereum world (solidity smart contracts)
- vira-lata/viralatafinance-contracts -
- r3ggi/electroniz3r - Take over macOS Electron apps' TCC permissions
- nhn/tui.editor - 🍞📝 Markdown WYSIWYG Editor. GFM Standard + Chart & UML Extensible.
- modagavr/pancake-wizard - 🐱🪄🥞 Bot for PancakeSwap Prediction – 26 technical indicators. Make smarter predictions with Pancake Wizard – trust math, not emotions!
- mdsecactivebreach/SharpShooter - Payload Generation Framework
To the extent possible under law, maycon has waived all copyright and related or neighboring rights to this work.