Awesome Stars

A curated list of my GitHub stars! Generated by starred.

github
github-api
markdown
terminal
cli
documentation
nlp
others
shell
hacktoberfest
go
http
docker
golang
iot
windows
linux
git
automation
hacking
security
framework
kubernetes
java
sql
wordpress
js
chrome-extension
awesome-list
cybersecurity
c
monitoring
ruby
powershell
dotnet
python3
python
macos
mobile
android
database
raspberry-pi
pwa
electron
vue
latex
emoji
continuous-integration
code-review
chrome
firefox
web
php
code
operating-system
devops
postgresql
library
awesome
reverse-engineering
cpp
machine-learning
parsing
emulator
discord
javascript
html
twitter
bash
mysql
testing
react
nodejs
software
reactjs
serverless
terraform
aws
bot
telegram
ios
material-design
webapp
express
typescript
qt
azure
csharp
angular
rust
language
algorithm
objective-c
swift
api
open-source
data-structures
programming
design
node
perl
compiler
lua
elixir
homebrew
flask
google
frameworks
ai
pytorch
deep-learning
tensorflow
website
spring-boot
webpack

github

rzashakeri/beautify-github-profile - This repository helps you to have a more beautiful and attractive github profile, and you can access a complete set of tools and guides for beautifying your github profile. 🪄 ⭐
x1sec/commit-stream - #OSINT tool for finding Github repositories by extracting commit logs in real time from the Github event API
eth0izzle/shhgit - Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories: www.shhgit.com
0xbug/Hawkeye - GitHub 泄露监控系统(GitHub Sensitive Information Leakage Monitor Spider)
github/roadmap - GitHub public roadmap
tom0li/collection-document - Collection of quality safety articles. Awesome articles.

github-api

rzashakeri/beautify-github-profile - This repository helps you to have a more beautiful and attractive github profile, and you can access a complete set of tools and guides for beautifying your github profile. 🪄 ⭐
eth0izzle/shhgit - Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories: www.shhgit.com
michenriksen/gitrob - Reconnaissance tool for GitHub organizations

markdown

rzashakeri/beautify-github-profile - This repository helps you to have a more beautiful and attractive github profile, and you can access a complete set of tools and guides for beautifying your github profile. 🪄 ⭐
marktext/marktext - 📝A simple and elegant markdown editor, available for Linux, macOS and Windows.
noraj/OSCP-Exam-Report-Template-Markdown - 📙 Markdown Templates for Offensive Security OSCP, OSWE, OSCE, OSEE, OSWP exam report

terminal

chubin/cheat.sh - the only cheat sheet you need
tldr-pages/tldr - 📚 Collaborative cheatsheets for console commands
microsoft/terminal - The new Windows Terminal and the original Windows console host, all in the same place!
htr-tech/nexphisher - Advanced Phishing tool for Linux & Termux
ohmyzsh/ohmyzsh - 🙃 A delightful community-driven (with 2,000+ contributors) framework for managing your zsh configuration. Includes 300+ optional plugins (rails, git, macOS, hub, docker, homebrew, node, php, python,
jesseduffield/lazygit - simple terminal UI for git commands

cli

chubin/cheat.sh - the only cheat sheet you need
gnebbia/kb - A minimalist command line knowledge base manager
mempodippy/vlany - Linux LD_PRELOAD rootkit (x86 and x86_64 architectures)
alebcay/awesome-shell - A curated list of awesome command-line frameworks, toolkits, guides and gizmos. Inspired by awesome-php.
bitwarden/clients - Bitwarden client applications (web, browser extension, desktop, and cli)
gildas-lormeau/SingleFile - 📷 Web Extension for Firefox/Chrome/MS Edge and CLI tool to save a faithful copy of an entire web page in a single HTML file
ohmyzsh/ohmyzsh - 🙃 A delightful community-driven (with 2,000+ contributors) framework for managing your zsh configuration. Includes 300+ optional plugins (rails, git, macOS, hub, docker, homebrew, node, php, python,
jesseduffield/lazygit - simple terminal UI for git commands
asdf-vm/asdf - Extendable version manager with support for Ruby, Node.js, Elixir, Erlang & more
sherlock-project/sherlock - 🔎 Hunt down social media accounts by username across social networks
trimstray/sandmap - Nmap on steroids. Simple CLI with the ability to run pure Nmap engine, 31 modules with 459 scan profiles.

documentation

chubin/cheat.sh - the only cheat sheet you need
tldr-pages/tldr - 📚 Collaborative cheatsheets for console commands
freeCodeCamp/devdocs - API Documentation Browser
cheat/cheat - cheat allows you to create and view interactive cheatsheets on the command-line. It was designed to help remind *nix system administrators of options for commands that they use frequently, but not fre

nlp

vi3k6i5/flashtext - Extract Keywords from sentence or Replace keywords in sentences.

others

w9w/JSA - Javascript security analysis (JSA) is a program for javascript analysis during web application security assessment.
PortSwigger/param-miner -
s0md3v/Arjun - HTTP parameter discovery suite.
dundunnp/auto_xuexiqiangguo - 每日拿满61分！免root，四人赛双人对战秒答，安卓端学习强国自动化脚本
TechXueXi/techxuexi-js - 油猴等插件的学习强国 js 代码 45分/天
ehrishirajsharma/SwiftnessX - A cross-platform note-taking & target-tracking app for penetration testers.
v0re/dirb - Web Fuzzer
tomnomnom/meg - Fetch many paths for many hosts - without killing the hosts
ShutdownRepo/The-Hacker-Recipes - This project is aimed at freely providing technical guides on various hacking topics: Active Directory services, web services, servers, intelligence gathering, physical intrusion, phishing, mobile app
pentest-a2p2v/pentest-a2p2v-gui - Web based frontend for A2P2V
pentest-a2p2v/pentest-a2p2v-core - Core A2P2V functionality (command line based)
redhuntlabs/Maltego-Scripts -
redhuntlabs/BurpSuite-Asset_Discover - Burp Suite extension to discover assets from HTTP response.
vmware-labs/attack-surface-framework - Tool to discover external and internal network attack surface
microsoft/AttackSurfaceAnalyzer - Attack Surface Analyzer can help you analyze your operating system's security configuration for changes during software installation.
juliocesarfort/public-pentesting-reports - Curated list of public penetration test reports released by several consulting firms and academic security groups
bannedbook/fanqiang - 翻墙-科学上网
harleyQu1nn/AggressorScripts - Collection of Aggressor scripts for Cobalt Strike 3.0+ pulled from multiple sources
B1gM8c/osint - OSINT汉化版
netbiosX/Checklists - Red Teaming & Pentesting checklists for various engagements
PortSwigger/ip-rotate - Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.
byt3bl33d3r/OffensiveNim - My experiments in weaponizing Nim (https://nim-lang.org/)
dloss/python-pentest-tools - Python tools for penetration testers
adon90/pentest_compilation - Compilation of commands, tips and scripts that helped me throughout Vulnhub, Hackthebox, OSCP and real scenarios
l3m0n/pentest_study - 从零开始内网渗透学习
hmaverickadams/Beginner-Network-Pentesting - Notes for Beginner Network Pentesting Course
tanprathan/MobileApp-Pentest-Cheatsheet - The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.
quentinhardy/odat - ODAT: Oracle Database Attacking Tool
cytopia/pwncat - pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)
evilcos/xssor2 - XSS'OR - Hack with JavaScript.
cujanovic/SSRF-Testing - SSRF (Server Side Request Forgery) testing resources
vanhauser-thc/thc-hydra - hydra
arch3rPro/PentestTools - Awesome Pentest Tools Collection
S3cur3Th1sSh1t/Pentest-Tools -
studyhelperhelper/studyhelper - 学习强国 xxqg 助手数独 sudoku
netveil/Awesome-List -
EASY233/Finger - 一款红队在大量的资产中存活探测与重点攻击系统指纹探测工具
s7ckTeam/HackTools - HackTools(如当)为s7ck Team 红队武器库F-Box里的一款汉化的红队浏览器插件。
zerodytrash/Simple-YouTube-Age-Restriction-Bypass - A simple browser extension to bypass YouTube's age verification and watch age restricted videos without having to sign in.
api0cradle/UltimateAppLockerByPassList - The goal of this repository is to document the most common techniques to bypass AppLocker.
LandGrey/SpringBootVulExploit - SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 check list
rebeyond/Behinder - “冰蝎”动态二进制加密网站管理客户端
BeichenDream/Godzilla - 哥斯拉
AntSwordProject/antSword - **蚁剑是一款跨平台的开源网站管理工具。AntSword is a cross-platform website management toolkit.
pureqh/webshell - 免杀webshell生成工具
FunnyWolf/pystinger - Bypass firewall for traffic forwarding using webshell 一款使用webshell进行流量转发的出网工具
nsacyber/Mitigating-Web-Shells - Guidance for mitigation web shells. #nsacyber
zhaojh329/rtty - 🐛 Access your terminal from anywhere via the web.
zhzyker/exphub - Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本，最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-201
d30sa1/RootKits-List-Download - This is the list of all rootkits found so far on github and other sites.
plusvic/yara - The pattern matching swiss knife
tomchop/malcom - Malcom - Malware Communications Analyzer
alphaSeclab/awesome-rat - RAT And C&C Resources. 250+ Open Source Projects, 1200+ RAT/C&C blog/video.
fabrimagic72/malware-samples - A collection of malware samples caught by several honeypots i manage
hasherezade/hollows_hunter - Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
mandiant/flare-fakenet-ng - [Suspended] FakeNet-NG - Next Generation Dynamic Network Analysis Tool
hasherezade/malware_training_vol1 - Materials for Windows Malware Analysis training (volume 1)
hasherezade/pe-sieve - Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
charles2gan/GDA-android-reversing-Tool - GDA is a new fast and powerful decompiler in C++(working without Java VM) for the APK, DEX, ODEX, OAT, JAR, AAR, and CLASS file. which supports malicious behavior detection, privacy leaking detection,
ytisf/theZoo - A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.
optiv/ScareCrow - ScareCrow - Payload creation framework designed around EDR bypass.
0xSobky/HackVault - A container repository for my public web hacks!
daffainfo/AllAboutBugBounty - All about bug bounty (bypasses, payloads, and etc)
geekxh/hello-beginner - github 最全技术类思维导图
cystanford/SQL-XMind - 《SQL必知必会》思维导图
rebootuser/LinEnum - Scripted Local Linux Enumeration & Privilege Escalation Checks
mzet-/linux-exploit-suggester - Linux privilege escalation auditing tool
DominicBreuker/stego-toolkit - Collection of steganography tools - helps with CTF challenges
Hackplayers/hackthebox-writeups - Writeups for HacktheBox 'boot2root' machines
TH3xACE/SUDO_KILLER - A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo for linux privilege escalation.
rewardone/OSCPRepo - A list of commands, scripts, resources, and more that I have gathered and attempted to consolidate for use as OSCP (and more) study material. Commands in 'Usefulcommands' Keepnote. Bookmarks and readi
opsdisk/the_cyber_plumbers_handbook - Free copy of The Cyber Plumber's Handbook
facebookarchive/fbctf - Platform to host Capture the Flag competitions
gh0stkey/HaE - HaE - BurpSuite Highlighter and Extractor
kitabisa/mubeng - An incredibly fast proxy checker & IP rotator with ease.
constverum/ProxyBroker - Proxy [Finder | Checker | Server]. HTTP(S) & SOCKS 🎭
angryip/ipscan - Angry IP Scanner - fast and friendly network scanner
phith0n/Mind-Map - 各种安全相关思维导图整理收集
l2-team/cmsfingers - CMS指纹字典
TideSec/TideFinger - TideFinger——指纹识别小工具，汲取整合了多个web指纹库，结合了多种指纹检测方法，让指纹检测更快捷、准确。
winezer0/whatweb-plus - whatweb 增强版合并多个指纹库 8000+插件（提供exe版）
DominicBreuker/pspy - Monitor linux processes without root permissions
gwen001/pentest-tools - Custom pentesting tools
aptnotes/data - APTnotes data
kbandla/APTnotes - Various public documents, whitepapers and articles about APT campaigns
ngalongc/bug-bounty-reference - Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature
tylerha97/awesome-reversing - A curated list of awesome reversing resources
yeyintminthuhtut/Awesome-Advanced-Windows-Exploitation-References - List of Awesome Advanced Windows Exploitation References
D35m0nd142/LFISuite - Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner
streaak/keyhacks - Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
google/fuzzing - Tutorials, examples, discussions, research proposals, and other resources related to fuzzing
Audi-1/sqli-labs - SQLI labs to test error based, Blind boolean based, Time based.
crifan/explore_underlying_mechanism_binary_security - 探究底层机制：二进制安全
brookhong/KeyCastOW - keystroke visualizer for Windows, lets you easily display your keystrokes while recording screencasts.
psypanda/hashID - Software to identify the different types of hashes -
kmonad/kmonad - An advanced keyboard manager
igrigorik/videospeed - HTML5 video speed controller (for Google Chrome)
rcaelers/workrave - Workrave is a program that assists in the recovery and prevention of Repetitive Strain Injury (RSI). The program frequently alerts you to take micro-pauses, rest breaks and restricts you to your daily
Flangvik/AMSI.fail - C# Azure Function with an HTTP trigger that generates obfuscated PowerShell snippets that break or disable AMSI for the current process.
jgraph/drawio - Source to app.diagrams.net
jgraph/drawio-desktop - Official electron build of diagrams.net
mingrammer/diagrams - 🎨 Diagram as Code for prototyping cloud system architectures
PowerShellMafia/PowerSploit - PowerSploit - A PowerShell Post-Exploitation Framework
cmuratori/meow_hash - Official version of the Meow hash, an extremely fast level 1 hash
google/AFL - american fuzzy lop - a security-oriented fuzzer
MerlionRock/RealAndroidBot -
AHAAAAAAA/PokemonGo-Map - 🌏 Live visualization of all the pokemon in your area... and more! (shutdown)
RocketMap/RocketMap - 🌏 Live visualization of all the pokemon in your area... and more!
AsTryE/QQRedPackHelper - Mac 系统下的QQ抢红包插件,消息防撤回，消息自动回复，红包指定群过滤，红包指定关键字过滤，无需回复-抢文字口令红包，时间随机延迟抢红包
HuskyHacks/PMAT-labs - Labs for Practical Malware Analysis & Triage
riusksk/secbook - 信息安全从业者书单推荐
BluePointLilac/ContextMenuManager - 🖱️ 纯粹的Windows右键菜单管理程序
LandGrey/webshell-detect-bypass - 绕过专业工具检测的Webshell研究文章和免杀的Webshell
eliboa/TegraRcmGUI - C++ GUI for TegraRcmSmash (Fusée Gelée exploit for Nintendo Switch)
arismelachroinos/lscript - The LAZY script will make your life easier, and of course faster.
rapid7/metasploit-payloads - Unified repository for different Metasploit Framework payloads
rapid7/metasploitable3 - Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities.
gentilkiwi/mimikatz - A little tool to play with Windows security
AwesomeTTS/awesometts-anki-addon - AwesomeTTS text-to-speech add-on for Anki
Ignitetch/AdvPhishing - This is Advance Phishing Tool ! OTP PHISHING
trustedsec/social-engineer-toolkit - The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.
drk1wi/Modlishka - Modlishka. Reverse Proxy.
NYAN-x-CAT/AsyncRAT-C-Sharp - Open-Source Remote Administration Tool For Windows C# (RAT)
NickeManarin/ScreenToGif - 🎬 ScreenToGif allows you to record a selected area of your screen, edit and save it as a gif or video.
oneparsec/njRAT - NjRAT is a Remote Administration Tool. This repository contains a Njrat Editions.
TheC0mpany/NjRat-0.7D-Green-Edition-by-im523 - NjRat 0.7D Green Edition by im523
Cgboal/SonarSearch - A rapid API for the Project Sonar dataset
raryelcostasouza/pyTranscriber - pyTranscriber can be used to generate automatic transcription / automatic subtitles for audio/video files through a friendly graphical user interface.
AlexisAhmed/BugBountyToolkit - A multi-platform bug bounty toolkit that can be installed on Debian/Ubuntu or set up with Docker.
TEag1e/BurpCollector - 通过BurpSuite来构建自己的爆破字典，可以通过字典爆破来发现隐藏资产。
maK-/parameth - This tool can be used to brute discover GET and POST parameters
ankitects/anki - Anki for desktop computers
ffffffff0x/Digital-Privacy - Information Protection & OSINT resources | 一个关于数字隐私搜集、保护、清理集一体的方案,外加开源信息收集(OSINT)对抗
VirusTotal/yara - The pattern matching swiss knife
Ascotbe/Medusa - 🐈Medusa是一个红队武器库平台，目前包括XSS平台、协同平台、CVE监控、免杀生成、DNSLOG、钓鱼邮件、文件获取等功能，持续开发中
hisxo/gitGraber - gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...
LOLBAS-Project/LOLBAS - Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
techkie/penetration - 渗透超全面的渗透资料💯 包含：0day，xss，sql注入，提权……
ropnop/kerbrute - A tool to perform Kerberos pre-auth bruteforcing
CiscoCXSecurity/enum4linux - enum4Linux is a Linux alternative to enum.exe for enumerating data from Windows and Samba hosts
tats/w3m - Debian's w3m: WWW browsable pager
praetorian-inc/Hob0Rules - Password cracking rules for Hashcat based on statistics and industry patterns
Veil-Framework/Veil - Veil 3.1.X (Check version info in Veil at runtime)
oddcod3/Phantom-Evasion - Python antivirus evasion tool
g0tmi1k/msfpc - MSFvenom Payload Creator (MSFPC)
trustedsec/unicorn - Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique presented
yeti-platform/yeti - Your Everyday Threat Intelligence
mandiant/flare-floss - FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.
redhuntlabs/RedHunt-OS - Virtual Machine for Adversary Emulation and Threat Hunting
sullo/nikto - Nikto web server scanner
jhaddix/pentest-bookmarks - a collection of handy bookmarks
0x90n/InfoSec-Black-Friday - All the deals for InfoSec related software/tools this Black Friday
chaitin/rad -
n0tr00t/Sreg - Sreg可对使用者通过输入email、phone、username的返回用户注册的所有互联网护照信息。
zmap/zmap - ZMap is a fast single packet network scanner designed for Internet-wide network surveys.
0voice/linux_environment_tools - 总结linux环境开发工具，包含linux，虚拟机，编译器，编辑器，测试工具，加密工具
nagadomi/waifu2x - Image Super-Resolution for Anime-Style Art
bradtraversy/design-resources-for-developers - Curated list of design and UI resources from stock photos, web templates, CSS frameworks, UI libraries, tools and much more
kamranahmedse/developer-roadmap - Roadmap to becoming a developer in 2022
USTC-Hackergame/hackergame2021-writeups - **科学技术大学第八届信息安全大赛的官方与非官方题解
GrrrDog/Java-Deserialization-Cheat-Sheet - The cheat sheet about Java Deserialization vulnerabilities
joaomatosf/jexboss - JexBoss: Jboss (and Java Deserialization Vulnerabilities) verify and EXploitation Tool
rubyhan1314/Golang-100-Days - Golang - 100天从新手到大师
foryujian/yjdirscan - 御剑目录扫描专业版，简单实用的命令行网站目录扫描工具，支持爬虫、fuzz、自定义字典、字典变量、UA修改、假404自动过滤、扫描控速等功能。
tennc/fuzzdb - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
x90skysn3k/brutespray - Brute-Forcing from Nmap output - Automatically attempts default creds on found services.
m4ll0k/BBTz - BBT - Bug Bounty Tools
arkadiyt/bounty-targets-data - This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports
nahamsec/lazyrecon - This script is intended to automate your reconnaissance process in an organized fashion
danielmiessler/RobotsDisallowed - A curated list of the most common and most interesting robots.txt disallowed directories.
joe-shenouda/awesome-cyber-skills - A curated list of hacking environments where you can train your cyber skills legally and safely
djadmin/awesome-bug-bounty - A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups.
epinna/weevely3 - Weaponized web shell
LionSec/xerosploit - Efficient and advanced man in the middle framework
tomnomnom/gf - A wrapper around grep, to help you grep for things
bugcrowd/HUNT -
lwzSoviet/NoXss - Faster xss scanner,support reflected-xss and dom-xss
FlagBrew/PKSM-Scripts - General purpose scripts to use with PKSM.
FlagBrew/PKSM - Gen III to GenVIII save manager.
ziishaned/learn-regex - Learn regex the easy way
Lz1y/xray-crack - xray社区高级版证书生成，仅供学习研究，正常使用请支持正版
alexandreborges/malwoverview - Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, ThreatCrowd, Malware
tomnomnom/qsreplace - Accept URLs on stdin, replace all query string values with a user-supplied value
1ndianl33t/Gf-Patterns - GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grep
Lengso/iplookup - IP反查域名
1120362990/small-scripts - 批量网站存活性测试、网站截图、web压缩文件检测
YYRise/black-hat-go - 《Black.Hat.Go》中文翻译
h3110w0r1d-y/BurpLoaderKeygen - Burp Suite Pro Loader & Keygen ( BurpSuite version v2020.1 - ∞ )
k8gege/LadonGo - LadonGO 4.0 Pentest Scanner framework 全平台Go开源内网渗透扫描器框架,Windows/Linux/Mac内网渗透，使用它可轻松一键批量探测C段、B段、A段存活主机、高危漏洞检测MS17010、SmbGhost，远程执行SSH/Winrm，密码爆破SMB/SSH/FTP/Mysql/Mssql/Oracle/Winrm/HttpBasic/Redis，端口扫
knownsec/ksubdomain - 无状态子域名爆破工具
wafpassproject/wafpass - Analysing parameters with all payloads' bypass methods, aiming at benchmarking security solutions like WAF.
Ekultek/WhatWaf - Detect and bypass web application firewalls and protection systems
lijiejie/BBScan - A fast vulnerability scanner
bit4woo/Summit_PPT - 各种安全大会PPT PDF
bugcrowd/bugcrowd_university - Open source education content for the researcher community
pwntester/ysoserial.net - Deserialization payload generator for a variety of .NET formatters
DanMcInerney/xsscrapy - XSS spider - 66/66 wavsep XSS detected
bowenpay/wechat-spider - 微信公众号爬虫
hanc00l/wooyun_public - This repo is archived. Thanks for wooyun! 乌云公开漏洞、知识库爬虫和搜索 crawl and search for wooyun.org public bug(vulnerability) and drops
google/tsunami-security-scanner - Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.
hannob/snallygaster - Tool to scan for secret files on HTTP servers
assetnote/wordlists - Automated & Manual Wordlists provided by Assetnote
google/grumpy - Grumpy is a Python to Go source code transcompiler and runtime.
LandGrey/pydictor - A powerful and useful hacker dictionary builder for a brute-force attack
drwetter/testssl.sh - Testing TLS/SSL encryption anywhere on any port
pielco11/fav-up - IP lookup by favicon using Shodan
devanshbatham/OpenRedireX - A Fuzzer for OpenRedirect issues
tomnomnom/anew - A tool for adding new lines to files, skipping duplicates
obheda12/GitDorker - A Python program to scrape secrets from GitHub through usage of a large repository of dorks.
Voorivex/pentest-guide - Penetration tests guide based on OWASP including test cases, resources and examples.
devanshbatham/Awesome-Bugbounty-Writeups - A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference
KathanP19/HowToHunt - Tutorials and Things to Do while Hunting Vulnerability.
m4ll0k/Infoga - Infoga - Email OSINT
rootphantomer/Blasting_dictionary - 爆破字典
w-digital-scanner/w13scan - Passive Security Scanner (被动式安全扫描器)
FortyNorthSecurity/EyeWitness - EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.
lockfale/OSINT-Framework - OSINT Framework
liamg/traitor - ⬆️ ☠️ 🔥 Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock
1N3/Findsploit - Find exploits in local and online databases instantly
tomnomnom/waybackurls - Fetch all the URLs that the Wayback Machine knows about for a domain
tomnomnom/httprobe - Take a list of domains and probe for working HTTP and HTTPS servers
haad/proxychains - proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4, SOCKS5 or HTTP(S) proxy. Supported auth-types: "user/pass" for
tismayil/rsdl - Subdomain Scan With Ping Method.
appsecco/the-art-of-subdomain-enumeration - This repository contains all the supplement material for the book "The art of sub-domain enumeration"
al0ne/init.sh - Linux 环境部署脚本，一键配置系统设置，安装常用工具/开发环境/渗透测试工具等
darkoperator/dnsrecon - DNS Enumeration Script
tomnomnom/assetfinder - Find domains and subdomains related to a given domain
mazen160/Firefox-Security-Toolkit - A tool that transforms Firefox browsers into a penetration testing suite
epsylon/cintruder - Captcha Intruder (CIntrud3r) is an automatic pentesting tool to bypass captchas.
s0md3v/ReconDog - Reconnaissance Swiss Army Knife
christophetd/CloudFlair - 🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.
christophetd/censys-subdomain-finder - ⚡ Perform subdomain enumeration using the certificate transparency logs from Censys.
soimort/translate-shell - 💬 Command-line translator using Google Translate, Bing Translator, Yandex.Translate, etc.
hellysmile/fake-useragent - up to date simple useragent faker with real world database
SkyoKen/RasCon_NS - Connect to Nintendo Switch over Bluetooth, emulate amiibo and use script from the web.（蓝牙连接Nintendo Switch，并可通过网页控制和使用脚本与amiibo）
nukieberry/PokemonTycoon -
BullsEye0/google_dork_list - Google Dorks | Google helps you to find Vulnerable Websites that Indexed in Google Search Results. Here is the latest collection of Google Dorks. A collection of 13.760 Dorks. Author: Jolanda de Koff
aleedhillon/7000-Google-Dork-List - 7,000 Dorks for hacking into various sites
robertdavidgraham/masscan - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
heroanswer/XSS_Cheat_Sheet_2020_Edition - xss漏洞模糊测试payload的最佳集合 2020版
s0md3v/AwesomeXSS - Awesome XSS stuff
payloadbox/xss-payload-list - 🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
s0md3v/XSStrike - Most advanced XSS scanner.
SecWiki/sec-chart - 安全思维导图集合
aemkei/jsfuck - Write any JavaScript with 6 Characters: !+
SolomonSklash/chomp-scan - A scripted pipeline of tools to streamline the bug bounty/penetration test reconnaissance phase, so you can focus on chomping bugs.
EvilAnne/2019-Read-article - 2019年网上阅读过的文章记录
zardus/ctf-tools - Some setup scripts for security research tools.
TideSec/BypassAntiVirus - 远控免杀系列文章及配套工具，汇总测试了互联网上的几十种免杀工具、113种白名单免杀方式、8种代码编译免杀、若干免杀实战技术，并对免杀效果进行了一一测试，为远控的免杀和杀软对抗免杀提供参考。
Cc28256/CcRemote - 这是一个基于gh0st远程控制的项目，使自己更深入了解远控的原理，采用VS2017，默认分支hijack还在修改不能执行，master分支的项目可以正常的运行的，你可以切换到该分支查看可以执行的代码
lengjibo/FourEye - AV Evasion Tool For Red Team Ops
seatgeek/fuzzywuzzy - Fuzzy String Matching in Python
xmendez/wfuzz - Web application fuzzer
mschwager/fierce - A DNS reconnaissance tool for locating non-contiguous IP space.
laramies/metagoofil - Metadata harvester
lanmaster53/recon-ng - Open Source Intelligence gathering tool aimed at reducing the time spent harvesting information from open sources.
wgpsec/tig - Threat Intelligence Gathering 威胁情报收集，旨在提高蓝队拿到攻击 IP 后对其进行威胁情报信息收集的效率。
Micropoor/Micro8 - Gitbook
bit4woo/teemo - A Domain Name & Email Address Collection Tool
infosec-au/altdns - Generates permutations, alterations and mutations of subdomains and then resolves them
Qftm/Information_Collection_Handbook - Handbook of information collection for penetration testing and src
GerbenJavado/LinkFinder - A python script that finds endpoints in JavaScript files
guelfoweb/knock - Knock Subdomain Scan
p1g3/JSINFO-SCAN - 递归式寻找域名和api。
ring04h/wydomain - to discover subdomains of your target domain
projectdiscovery/dnsx - dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers.
coco413/DiscoverSubdomain - 前渗透信息探测工具集-子域名
knownsec/RD_Checklist - 知道创宇研发技能表
H4ckForJob/dirmap - An advanced web directory & file scanning tool that will be more powerful than DirBuster, Dirsearch, cansina, and Yu Jian.一个高级web目录、文件扫描工具，功能将会强于DirBuster、Dirsearch、cansina、御剑。
01rabbit/PAKURI - PAKURI has been merged with Python and launched as a new project, PAKURI-THON.
1N3/IntruderPayloads - A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.
mantvydasb/RedTeaming-Tactics-and-Techniques - Red Teaming Tactics and Techniques
redcanaryco/atomic-red-team - Small and highly portable detection tests based on MITRE's ATT&CK.
franccesco/getaltname - Extract subdomains from SSL certificates in HTTPS sites.
DataSploit/datasploit - An #OSINT Framework to perform various recon techniques on Companies, People, Phone Number, Bitcoin Addresses, etc., aggregate all the raw data, and give data in multiple formats.
jonluca/Anubis - 🔓 Subdomain enumeration and information gathering tool
gubertoli/ProbingDataset - Dataset of Probing Attacks (Port Scan) performed with nmap, unicornscan, hping3, zmap and masscan
0xMJ/AI-Security-Learning - 自身学习的安全数据科学和算法的学习资料
ZyxEforce/PenetrationTestNote - 渗透测试笔记copy整理
Wuy1f4n/Sec-Tools-List - 渗透测试中的一些开源工具按照Att&ck 流程进行归类
smallpo1nt/-- - Web安全攻防渗透测试实战指南
gyoisamurai/GyoiThon - GyoiThon is a growing penetration test tool using Machine Learning.
super-l/superl-url - 根据关键词，对搜索引擎内容检索结果的网址内容进行采集的一款程序。可自动从多个搜索引擎采集相关网站的真实地址与标题等信息，可保存为文件，自动去除重复URL。同时，也可以自定义忽略多条域名等。
xiaoy-sec/Pentest_Note - 渗透测试常规操作记录
Leezj9671/Pentest_Interview - 个人准备渗透测试和安全面试的经验之谈，和去部分厂商的面试题，干货真的满满~
Xyntax/POC-T - 渗透测试插件化并发框架 / Open-sourced remote vulnerability PoC/EXP framework
Mr-xn/Penetration_Testing_POC - 渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cm
reallys/pentest - 渗透测试大纲流程
iSafeBlue/TrackRay - 溯光 (TrackRay) 3 beta⚡渗透测试框架（资产扫描|指纹识别|暴力破解|网页爬虫|端口扫描|漏洞扫描|代码审计|AWVS|NMAP|Metasploit|SQLMap）
hongriSec/AI-Machine-Learning-Security - 一个关于人工智能渗透测试分析系列
iSafeBlue/Mind-Map - 超详细的渗透测试思维导图
DeepSpaceHarbor/Awesome-AI-Security - 📁 #AISecurity
yenchenlin/awesome-adversarial-machine-learning - A curated list of awesome adversarial machine learning resources
TonyChen56/HackerTools - 使用MFC编写的病毒技术合集
johnmyleswhite/ML_for_Hackers - Code accompanying the book "Machine Learning for Hackers"
Findomain/Findomain - The complete solution for domain recognition. Supports screenshoting, port scan, HTTP check, data import from other tools, subdomain monitoring, alerts via Discord, Slack and Telegram, multiple API Ke
blechschmidt/massdns - A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)
Threezh1/JSFinder - JSFinder is a tool for quickly extracting URLs and subdomains from JS files on a website.
FeeiCN/ESD - Enumeration sub domains(枚举子域名)
Moham3dRiahi/Th3inspector - Th3Inspector 🕵️ Best Tool For Information Gathering 🔎
pedsm/deepHack - Deep learning hacking predictions
klaussinani/hyper-pokemon - Tailor-made Pokémon themes for your Hyper terminal
sevagas/macro_pack - macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments. T
leiguorui/programming-video-tutorials - 视频教程：Java, 大数据,云计算,Android,Hadoop,Docker,mysql,spark,CRM,OA...
EnableSecurity/wafw00f - WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.
sundowndev/phoneinfoga - Information gathering & OSINT framework for phone numbers
guardicore/monkey - Infection Monkey - An automated pentest tool
projectpokemon/EventsGallery - ProjectPokemon Events Gallery
architdate/PKHeX-Plugins - Plugins for PKHeX
0xInfection/XSRFProbe - The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.
beefproject/beef - The Browser Exploitation Framework Project
0xInfection/TIDoS-Framework - The Offensive Manual Web Application Penetration Testing Framework.
fuzzdb-project/fuzzdb - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
summitt/Burp-Non-HTTP-Extension - Non-HTTP Protocol Extension (NoPE) Proxy and DNS for Burp Suite.
Greenwolf/social_mapper - A Social Media Enumeration & Correlation Tool by Jacob Wilkin(Greenwolf)
vulmon/Vulmap - Vulmap Online Local Vulnerability Scanners Project
0x09AL/raven - raven is a Linkedin information gathering tool that can be used by pentesters to gather information about an organization employees using Linkedin.
ElevenPaths/FOCA - Tool to find metadata and hidden information in the documents.
coffeehb/Some-PoC-oR-ExP - 各种漏洞poc、Exp的收集或编写
appsecco/bugcrowd-levelup-subdomain-enumeration - This repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bugcrowd LevelUp 2017 virtual conference
ctfs/resources - A general collection of information, tools, and tips regarding CTFs and similar security competitions
Bhaviktutorials/shark - Future Of Phishing With less delay
zeroc00I/AllVideoPocsFromHackerOne - This script grab public report from hacker one and make some folders with poc videos
TheKingOfDuck/fuzzDicts - Web Pentesting Fuzz 字典,一个就够了。
urbanadventurer/bing-ip2hosts - bingip2hosts is a Bing.com web scraper that discovers websites by IP address
achillean/shodan-python - The official Python library for Shodan
vulscanteam/vulscan - vulscan 扫描系统：最新的poc&exp漏洞扫描，redis未授权、敏感文件、java反序列化、tomcat命令执行及各种未授权扫描等...
tanjiti/sec_profile - 爬取secwiki和xuanwu.github.io/sec.today,分析安全信息站点、安全趋势、提取安全工作者账号(twitter,weixin,github等)
404notf0und/CVE-Flow - CVE Data Analysis, CVE Monitor, CVE EXP Prediction Based on Deep Learning. 1999-2020年存量CVE数据分析、监控CVE增量更新、基于深度学习的CVE EXP预测和自动化推送
berzerk0/Probable-Wordlists - Version 2 is live! Wordlists sorted by probability originally created for password generation and testing - make sure your passwords aren't popular!
danielmiessler/SecLists - SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensi
Alvin9999/new-pac - 翻墙-科学上网、免费翻墙、免费科学上网、VPN、一键翻墙浏览器，vps一键搭建翻墙服务器脚本/教程，免费shadowsocks/ss/ssr/v2ray/goflyway账号/节点，免费自由上网、fanqiang、翻墙梯子，电脑、手机、iOS、安卓、windows、Mac、Linux、路由器翻墙
yeyintminthuhtut/Awesome-Red-Teaming - List of Awesome Red Teaming Resources
alphaSeclab/awesome-cyber-security - [Draft]Awesome Cyber Security Resource Collection. Currently contains 8000+ open source repositories, and not very well classified. For each repository, extra info included: star count, commit count,
shr3ddersec/Shr3dKit - Red Team Tool Kit
shmilylty/awesome-hacking - awesome hacking chinese version
TheRook/subbrute - A DNS meta-query spider that enumerates DNS records, and subdomains.
aboul3la/Sublist3r - Fast subdomains enumeration tool for penetration testers
lijiejie/subDomainsBrute - A fast sub domain brute tool for pentesters
xiaoZ-hc/redtool - 日常积累的一些红队工具及自己写的脚本，更偏向于一些diy的好用的工具，并不是一些比较常用的msf/awvs/xray这种
13o-bbr-bbq/machine_learning_security - Source code about machine learning and security.
Kayzaks/HackingNeuralNetworks - A small course on exploiting and defending neural networks
shellinabox/shellinabox - Official-ish Fork of Shell In A Box
PacktPublishing/Python-3-For-Offensive-PenTest-A-Complete-Practical-Course - Python 3 For Offensive PenTest: A Complete Practical Course, published by Packt
sting8k/BurpSuite_403Bypasser - Burpsuite Extension to bypass 403 restricted directory
LuaDist/Repository - Repository of LuaDist modules available for installation using the luadist-git command line tool
QS20199/paino - 一个帮助练习记忆五线谱与钢琴键位的工具
bit4woo/knife - A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅
d3vilbug/HackBar - HackBar plugin for Burpsuite

shell

tldr-pages/tldr - 📚 Collaborative cheatsheets for console commands
Hackplayers/evil-winrm - The ultimate WinRM shell for hacking/pentesting
xl7dev/WebShell - Webshell && Backdoor Collection
alebcay/awesome-shell - A curated list of awesome command-line frameworks, toolkits, guides and gizmos. Inspired by awesome-php.
CISOfy/lynis - Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
carlospolop/PEASS-ng - PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
ohmyzsh/ohmyzsh - 🙃 A delightful community-driven (with 2,000+ contributors) framework for managing your zsh configuration. Includes 300+ optional plugins (rails, git, macOS, hub, docker, homebrew, node, php, python,
n1nj4sec/pupy - Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python
asdf-vm/asdf - Extendable version manager with support for Ruby, Node.js, Elixir, Erlang & more
rbenv/rbenv - Manage your app's Ruby environment
pyenv/pyenv - Simple Python version management
PowerShell/PowerShell - PowerShell for every system!
backdoorhub/shell-backdoor-list - 🎯 PHP / ASP - Shell Backdoor List 🎯

hacktoberfest

tldr-pages/tldr - 📚 Collaborative cheatsheets for console commands
CedArctic/DigiSpark-Scripts - USB Rubber Ducky type scripts written for the DigiSpark.
freeCodeCamp/devdocs - API Documentation Browser
intelowlproject/IntelOwl - Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale
radareorg/radare2 - UNIX-like reverse engineering framework and command-line toolset
juice-shop/juice-shop - OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
HashPals/Name-That-Hash - 🔗 Don't know what type of hash it is? Name That Hash will name that hash type! 🤖 Identify MD5, SHA256 and 300+ other hashes ☄ Comes with a neat web app 🔥
003random/getJS - A tool to fastly get all javascript sources/files
rmusser01/Infosec_Reference - An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
lirantal/awesome-nodejs-security - Awesome Node.js Security resources
BC-SECURITY/Starkiller - Starkiller is a Frontend for PowerShell Empire.
BC-SECURITY/Empire - Empire is a PowerShell and Python 3.x post-exploitation framework.
rapid7/metasploit-framework - Metasploit Framework
mitmproxy/mitmproxy - An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
anchore/grype - A vulnerability scanner for container images and filesystems
Ciphey/Ciphey - ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
bee-san/pyWhat - 🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙‍♀️
starship/starship - ☄🌌️ The minimal, blazing-fast, and infinitely customizable prompt for any shell!
tiagorlampert/CHAOS - 🔥 CHAOS is a free and open-source Remote Administration Tool that allow generate binaries to control remote operating systems.
ohmyzsh/ohmyzsh - 🙃 A delightful community-driven (with 2,000+ contributors) framework for managing your zsh configuration. Includes 300+ optional plugins (rails, git, macOS, hub, docker, homebrew, node, php, python,
EbookFoundation/free-programming-books - 📚 Freely available programming books
epi052/feroxbuster - A fast, simple, recursive content discovery tool written in Rust.
Gallopsled/pwntools - CTF framework and exploit development library
lc/gau - Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.
projectdiscovery/naabu - A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests
swisskyrepo/SSRFmap - Automatic SSRF fuzzer and exploitation tool
six2dez/reconftw - reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
swisskyrepo/PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
ivre/ivre - Network recon framework, published by @cea-sec & @ANSSI-FR. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, coll
projectdiscovery/httpx - httpx is a fast and multi-purpose HTTP toolkit allows to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads.
sherlock-project/sherlock - 🔎 Hunt down social media accounts by username across social networks
projectdiscovery/shuffledns - MassDNS wrapper written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support.
PowerShell/PowerShell - PowerShell for every system!
spearow/juice - The Hacker's Machine Learning Engine
hslatman/awesome-threat-intelligence - A curated list of Awesome Threat Intelligence resources
prowler-cloud/prowler - Prowler is an Open Source security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 2
RustScan/RustScan - 🤖 The Modern Port Scanner 🤖

go

ehang-io/nps - 一款轻量级、高性能、功能强大的内网穿透代理服务器。支持tcp、udp、socks5、http等几乎所有流量转发，可用来访问内网网站、本地支付接口调试、ssh访问、远程桌面，内网dns解析、内网socks5代理等等……，并带有功能强大的web管理端。a lightweight, high-performance, powerful intranet penetration proxy server,
future-architect/vuls - Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
j3ssie/osmedeus - A Workflow Engine for Offensive Security
zricethezav/gitleaks - Protect and discover secrets using Gitleaks 🔑
anchore/grype - A vulnerability scanner for container images and filesystems
aquasecurity/tfsec - Security scanner for your Terraform code
fatedier/frp - A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
parsiya/Hacking-with-Go - Golang for Security Professionals
youngyangyang04/leetcode-master - 《代码随想录》LeetCode 刷题攻略：200道经典题目刷题顺序，共60w字的详细图解，视频难点剖析，50余张思维导图，支持C++，Java，Python，Go，JavaScript等多语言版本，从此算法学习不再迷茫！🔥🔥 来看看，你会发现相见恨晚！🚀
halfrost/LeetCode-Go - ✅ Solutions to LeetCode by Go, 100% test coverage, runtime beats 100% / LeetCode 题解
halfrost/Halfrost-Field - ✍🏻 这里是写博客的地方 —— Halfrost-Field 冰霜之地
panjf2000/ants - 🐜🐜🐜 ants is a high-performance and low-cost goroutine pool in Go, inspired by fasthttp./ ants 是一个高性能且低损耗的 goroutine 池。
dreddsa5dies/goHackTools - Hacker tools on Go (Golang)
crawlab-team/crawlab - Distributed web crawler admin platform for spiders management regardless of languages and frameworks. 分布式爬虫管理平台，支持任何语言和框架
dwisiswant0/crlfuzz - A fast tool to scan CRLF vulnerability written in Go
jaeles-project/gospider - Gospider - Fast web spider written in Go
OJ/gobuster - Directory/File, DNS and VHost busting tool written in Go
syndbg/goenv - 🚙 Like pyenv and rbenv, but for Go.
golang/go - The Go programming language
haccer/subjack - Subdomain Takeover tool written in Go
LearnGolang/365Golang - 《365天深入理解Go语言》Deep understanding of Golang.
caffix/amass - In-depth Attack Surface Mapping and Asset Discovery
OWASP/Amass - In-depth Attack Surface Mapping and Asset Discovery

http

ehang-io/nps - 一款轻量级、高性能、功能强大的内网穿透代理服务器。支持tcp、udp、socks5、http等几乎所有流量转发，可用来访问内网网站、本地支付接口调试、ssh访问、远程桌面，内网dns解析、内网socks5代理等等……，并带有功能强大的web管理端。a lightweight, high-performance, powerful intranet penetration proxy server,
snail007/goproxy - 🔥 Proxy is a high performance HTTP(S) proxies, SOCKS5 proxies,WEBSOCKET, TCP, UDP proxy server implemented by golang. Now, it supports chain-style proxies,nat forwarding in different lan,TCP/UDP port
mitmproxy/mitmproxy - An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
projectdiscovery/interactsh - An OOB interaction gathering server and client library
projectdiscovery/httpx - httpx is a fast and multi-purpose HTTP toolkit allows to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads.

docker

IceWhaleTech/CasaOS - CasaOS - A simple, easy-to-use, elegant open-source Home Cloud system.
koutto/jok3r - Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework
Hackplayers/evil-winrm - The ultimate WinRM shell for hacking/pentesting
TechXueXi/TechXueXi - 强国通科技强国学习强国 xuexiqiangguo 全网最好用开源网页学习强国助手：TechXueXi （懒人刷分工具自动学习）技术强国，支持答题，支持 docker 45分/天
stepchowfun/toast - Containerize your development and continuous integration environments. 🥂
esrrhs/pingtunnel - Pingtunnel is a tool that send TCP/UDP traffic over ICMP
maliceio/malice - VirusTotal Wanna Be - Now with 100% more Hipster
PokemonGoF/PokemonGo-Bot - The Pokemon Go Bot, baking with community.
anchore/grype - A vulnerability scanner for container images and filesystems
FunnyWolf/Viper - Redteam operation platform with webui 图形化红队行动辅助平台
gildas-lormeau/SingleFile - 📷 Web Extension for Firefox/Chrome/MS Edge and CLI tool to save a faithful copy of an entire web page in a single HTML file
crawlab-team/crawlab - Distributed web crawler admin platform for spiders management regardless of languages and frameworks. 分布式爬虫管理平台，支持任何语言和框架
jaywcjlove/docker-tutorial - 🐳 Docker入门学习笔记
Medicean/VulApps - 快速搭建各种漏洞环境(Various vulnerability environment)
cdk-team/CDK - 📦 Make security testing of K8s, Docker, and Containerd easier.
RustScan/RustScan - 🤖 The Modern Port Scanner 🤖

golang

IceWhaleTech/CasaOS - CasaOS - A simple, easy-to-use, elegant open-source Home Cloud system.
x1sec/commit-stream - #OSINT tool for finding Github repositories by extracting commit logs in real time from the Github event API
eth0izzle/shhgit - Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories: www.shhgit.com
cyberark/kubesploit - Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang, focused on containerized environments.
future-architect/vuls - Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
yaklang/yakit - Cyber Security ALL-IN-ONE Platform
Adminisme/ServerScan - ServerScan一款使用Golang开发的高并发网络扫描、服务探测工具。
ph4ntonn/Stowaway - 👻Stowaway -- Multi-hop Proxy Tool for pentesters
j3ssie/osmedeus - A Workflow Engine for Offensive Security
maliceio/malice - VirusTotal Wanna Be - Now with 100% more Hipster
zricethezav/gitleaks - Protect and discover secrets using Gitleaks 🔑
anchore/grype - A vulnerability scanner for container images and filesystems
geemion/Khepri - Free,Open-Source,Cross-platform agent and Post-exploiton tool written in Golang and C++ like CobaltStrike.
tiagorlampert/CHAOS - 🔥 CHAOS is a free and open-source Remote Administration Tool that allow generate binaries to control remote operating systems.
halfrost/LeetCode-Go - ✅ Solutions to LeetCode by Go, 100% test coverage, runtime beats 100% / LeetCode 题解
halfrost/Halfrost-Field - ✍🏻 这里是写博客的地方 —— Halfrost-Field 冰霜之地
0voice/Introduction-to-Golang - 【未来服务器端编程语言】最全空降golang资料补给包（满血战斗），包含文章，书籍，作者论文，理论分析，开源框架，云原生，大佬视频，大厂实战分享ppt
hoanhan101/ultimate-go - The Ultimate Go Study Guide
KathanP19/Gxss - A tool to check a bunch of URLs that contain reflecting params.
rfyiamcool/share_ppt - 🚗 我个人曾经做过的技术分享...
dreddsa5dies/goHackTools - Hacker tools on Go (Golang)
Dliv3/Venom - Venom - A Multi-hop Proxy for Penetration Testers
jaeles-project/jaeles - The Swiss Army knife for automated Web Application Testing
dwisiswant0/crlfuzz - A fast tool to scan CRLF vulnerability written in Go
sensepost/gowitness - 🔍 gowitness - a golang, web screenshot utility using Chrome Headless
gophish/gophish - Open-Source Phishing Toolkit
Qianlitp/crawlergo - A powerful browser crawler for web vulnerability scanners
Dreamacro/clash - A rule-based tunnel in Go.
v2ray/v2ray-core - A platform for building proxies to bypass network restrictions.
moovweb/gvm - Go Version Manager
syndbg/goenv - 🚙 Like pyenv and rbenv, but for Go.
golang/go - The Go programming language
haccer/subjack - Subdomain Takeover tool written in Go
hahwul/dalfox - 🌙🦊 DalFox is an powerful open source XSS scanning tool and parameter analyzer, utility
AV1080p/Hacking-With-Golang - Golang安全资源合集
LearnGolang/365Golang - 《365天深入理解Go语言》Deep understanding of Golang.
michenriksen/aquatone - A Tool for Domain Flyovers
b1gcat/DarkEye - 渗透测试情报收集工具
michenriksen/gitrob - Reconnaissance tool for GitHub organizations

iot

IceWhaleTech/CasaOS - CasaOS - A simple, easy-to-use, elegant open-source Home Cloud system.
0xricksanchez/paper_collection - Academic papers related to fuzzing, binary analysis, and exploit dev, which I want to read or have already read

windows

henrypp/memreduct - Lightweight real-time memory management application to monitor and clean system memory on your computer.
processhacker/processhacker - A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware.
Ascotbe/Kernelhub - 🌴Kernel privilege escalation vulnerability collection, with compilation environment, demo GIF map, vulnerability details, executable file (提权漏洞合集)
byt3bl33d3r/CrackMapExec - A swiss army knife for pentesting networks
itm4n/PrivescCheck - Privilege Escalation Enumeration Script for Windows
marktext/marktext - 📝A simple and elegant markdown editor, available for Linux, macOS and Windows.
M2Team/NSudo - Series of System Administration Tools
nccgroup/Winpayloads - Undetectable Windows Payload Generation
XiphosResearch/exploits - Miscellaneous exploit code
vxunderground/VX-API - Collection of various WINAPI tricks / features used or abused by Malware
mentebinaria/retoolkit - Reverse Engineer's Toolkit
JKornev/hidden - 🇺🇦 Windows driver with usermode interface which can hide processes, file-system and registry objects, protect processes and etc
1N3/PrivEsc - A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.
rmusser01/Infosec_Reference - An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
xianyukang/MyKeymap - MyKeymap: 我的按键映射工具
xanderfrangos/twinkle-tray - Easily manage the brightness of your monitors in Windows from the system tray
rubickCenter/rubick - 🔧 Electron based open source toolbox, free integration of rich plug-ins. 基于 electron 的开源工具箱，自由集成丰富插件。
Ch0pin/AVIator - Antivirus evasion project
nathanlopez/Stitch - Python Remote Administration Tool (RAT)
SecWiki/windows-kernel-exploits - windows-kernel-exploits Windows平台提权漏洞集合
huiyadanli/RevokeMsgPatcher - A hex editor for WeChat/QQ/TIM - PC版微信/QQ/TIM防撤回补丁（我已经看到了，撤回也没用了）
geemion/Khepri - Free,Open-Source,Cross-platform agent and Post-exploiton tool written in Golang and C++ like CobaltStrike.
carlospolop/PEASS-ng - PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
quasar/Quasar - Remote Administration Tool for Windows
txthinking/brook - A cross-platform network tool designed for developers. 一个为开发者设计的跨平台网络工具.
S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet - A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
n1nj4sec/pupy - Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python
nmap/nmap - Nmap - the Network Mapper. Github mirror of official SVN repository.
sherlock-project/sherlock - 🔎 Hunt down social media accounts by username across social networks
PowerShell/PowerShell - PowerShell for every system!
blaCCkHatHacEEkr/PENTESTING-BIBLE - Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.

linux

man-pages-zh/manpages-zh - Chinese Manual Pages
future-architect/vuls - Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
haydenjames/bench-scripts - A compilation of Linux server benchmarking scripts.
Adminisme/ServerScan - ServerScan一款使用Golang开发的高并发网络扫描、服务探测工具。
D4Vinci/One-Lin3r - Gives you one-liners that aids in penetration testing operations, privilege escalation and more
marktext/marktext - 📝A simple and elegant markdown editor, available for Linux, macOS and Windows.
screetsec/Vegile - This tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process,unlimited your session in metasploit and transparent. Even when it killed, it will
jm33-m0/emp3r0r - Linux/Windows post-exploitation framework made by linux user
mempodippy/vlany - Linux LD_PRELOAD rootkit (x86 and x86_64 architectures)
milabs/awesome-linux-rootkits - awesome-linux-rootkits
m0nad/Diamorphine - LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)
hugsy/gef - GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging features for exploit developers & reverse engineers
1N3/PrivEsc - A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.
rmusser01/Infosec_Reference - An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
imarvinle/awesome-cs-books - 经典编程书籍大全，涵盖：计算机系统与网络、系统架构、算法与数据结构、前端开发、后端开发、移动开发、数据库、测试、项目与团队、程序员职业修炼、求职面试等
rosehgal/BinExp - Linux Binary Exploitation
nathanlopez/Stitch - Python Remote Administration Tool (RAT)
CISOfy/lynis - Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
htr-tech/nexphisher - Advanced Phishing tool for Linux & Termux
SecWiki/linux-kernel-exploits - linux-kernel-exploits Linux平台提权漏洞集合
geemion/Khepri - Free,Open-Source,Cross-platform agent and Post-exploiton tool written in Golang and C++ like CobaltStrike.
GTFOBins/GTFOBins.github.io - GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems
carlospolop/PEASS-ng - PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
screetsec/TheFatRat - Thefatrat a massive exploiting tool : Easy tool to generate backdoor and easy tool to post exploitation attack like browser attack and etc . This tool compiles a malware with popular payload and then
ShutdownRepo/Exegol - Fully featured and community-driven hacking environment
htr-tech/zphisher - An automated phishing tool with 30+ templates. This Tool is made for educational purpose only ! Author will not be responsible for any misuse of this toolkit !
thehackingsage/hacktronian - Tools for Pentesting
Gallopsled/pwntools - CTF framework and exploit development library
txthinking/brook - A cross-platform network tool designed for developers. 一个为开发者设计的跨平台网络工具.
n1nj4sec/pupy - Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python
nmap/nmap - Nmap - the Network Mapper. Github mirror of official SVN repository.
v2rayA/v2rayA - A web GUI client of Project V which supports V2Ray, Xray, SS, SSR, Trojan and Pingtunnel 🚀
sherlock-project/sherlock - 🔎 Hunt down social media accounts by username across social networks
PowerShell/PowerShell - PowerShell for every system!
trimstray/sandmap - Nmap on steroids. Simple CLI with the ability to run pure Nmap engine, 31 modules with 459 scan profiles.
cdk-team/CDK - 📦 Make security testing of K8s, Docker, and Containerd easier.
ckjbug/Hacking - 🌐Collate and develop network security, Hackers technical documentation and tools, code.
wuseman/EMAGNET - Automated hacking tool that will find leaked databases with 97.1% accurate to grab mail + password together from recent uploads from https://pastebin.com. Bruteforce support for spotify accounts, inst
trimstray/the-book-of-secret-knowledge - A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
Ascotbe/HackerMind - 渗透步骤，web安全，CTF，业务安全，人工智能，区块链安全，安全开发，无线安全，社会工程学，二进制安全，移动安全，红蓝对抗，运维安全，风控安全，linux安全
OpenCyberTranslationProject/Linux-Basics-for-Hackers - 书籍《Linux Basics for Hackers》2019版中文翻译版
0xricksanchez/paper_collection - Academic papers related to fuzzing, binary analysis, and exploit dev, which I want to read or have already read
blaCCkHatHacEEkr/PENTESTING-BIBLE - Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.
Z4nzu/hackingtool - ALL IN ONE Hacking Tool For Hackers

git

x1sec/commit-stream - #OSINT tool for finding Github repositories by extracting commit logs in real time from the Github event API
zricethezav/gitleaks - Protect and discover secrets using Gitleaks 🔑
jesseduffield/lazygit - simple terminal UI for git commands

automation

koutto/jok3r - Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework
S3cur3Th1sSh1t/WinPwn - Automation for internal Windows Penetrationtest / AD-Security
OWASP/Nettacker - Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
Pulover/PuloversMacroCreator - Automation Utility - Recorder & Script Generator
PokemonGoF/PokemonGo-Bot - The Pokemon Go Bot, baking with community.
NullArray/AutoSploit - Automated Mass Exploiter

hacking

koutto/jok3r - Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework
mitre/caldera - Automated Adversary Emulation Platform
Hackplayers/evil-winrm - The ultimate WinRM shell for hacking/pentesting
yaklang/yakit - Cyber Security ALL-IN-ONE Platform
D4Vinci/One-Lin3r - Gives you one-liners that aids in penetration testing operations, privilege escalation and more
j3ssie/osmedeus - A Workflow Engine for Offensive Security
XiphosResearch/exploits - Miscellaneous exploit code
gquere/pwn_jenkins - Notes about attacking Jenkins servers
m0nad/Diamorphine - LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)
gh0stkey/Web-Fuzzing-Box - Web Fuzzing Box - Web 模糊测试字典与一些Payloads，主要包含：弱口令暴力破解、目录以及文件枚举、Web漏洞...字典运用于实战案例：https://gh0st.cn/archives/2019-11-11/1
aydinnyunus/Keylogger - Get Keyboard,Mouse,ScreenShot,Microphone Inputs from Target Computer and Send to your Mail.
carlospolop/hacktricks - Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
TryCatchHCF/Cloakify - CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting C
KuroLabs/stegcloak - Hide secrets with invisible characters in plain text securely using passwords 🧙🏻‍♂️⭐
Ignitetechnologies/Privilege-Escalation - This cheasheet is aimed at the CTF Players and Beginners to help them understand the fundamentals of Privilege Escalation with examples.
juice-shop/juice-shop - OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
HashPals/Name-That-Hash - 🔗 Don't know what type of hash it is? Name That Hash will name that hash type! 🤖 Identify MD5, SHA256 and 300+ other hashes ☄ Comes with a neat web app 🔥
0dayCTF/reverse-shell-generator - Hosted Reverse Shell generator with a ton of functionality. -- (Great for CTFs)
003random/getJS - A tool to fastly get all javascript sources/files
1N3/PrivEsc - A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.
diego-treitos/linux-smart-enumeration - Linux enumeration tool for pentesting and CTFs with verbosity levels
mgeeky/Penetration-Testing-Tools - A collection of more than 170+ tools, scripts, cheatsheets and other loots that I have developed over years for Red Teaming/Pentesting/IT Security audits purposes. Most of them came handy on at least
nixawk/pentest-wiki - PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.
rmusser01/Infosec_Reference - An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
The-Art-of-Hacking/h4cker - This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerabil
six2dez/pentest-book -
antonio-morales/Fuzzing101 - An step by step fuzzing tutorial. A GitHub Security Lab initiative
RhinoSecurityLabs/IPRotate_Burp_Extension - Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.
payloadbox/sql-injection-payload-list - 🎯 SQL Injection Payload List
nil0x42/phpsploit - Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor
bettercap/bettercap - The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.
infosecn1nja/Red-Teaming-Toolkit - This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
urbanadventurer/WhatWeb - Next generation web scanner
k8gege/K8tools - K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke
screetsec/TheFatRat - Thefatrat a massive exploiting tool : Easy tool to generate backdoor and easy tool to post exploitation attack like browser attack and etc . This tool compiles a malware with popular payload and then
ShutdownRepo/Exegol - Fully featured and community-driven hacking environment
Ciphey/Ciphey - ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
bee-san/pyWhat - 🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙‍♀️
jekil/awesome-hacking - Awesome hacking is an awesome collection of hacking tools.
Datalux/Osintgram - Osintgram is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname
tiagorlampert/CHAOS - 🔥 CHAOS is a free and open-source Remote Administration Tool that allow generate binaries to control remote operating systems.
yogeshojha/rengine - reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous mon
nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters - A list of resources for those interested in getting started in bug bounties
ffffffff0x/1earn - ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet - A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
k8gege/Ladon - 大型内网渗透扫描器&Cobalt Strike，Ladon9.1.4内置150个模块，包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2，密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB
jaeles-project/jaeles - The Swiss Army knife for automated Web Application Testing
foospidy/payloads - Git All the Payloads! A collection of web attack payloads.
six2dez/reconftw - reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
swisskyrepo/PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
hakluke/hakrawler - Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application
D4Vinci/Cr3dOv3r - Know the dangers of credential reuse attacks.
yassineaboukir/sublert - Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.
bhavsec/reconspider - 🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.
khast3x/h8mail - Email OSINT & Password breach hunting tool, locally or using premium services. Supports chasing down related email
jofpin/trape - People tracker on the Internet: OSINT analysis and research tool by Jose Pino
blaCCkHatHacEEkr/OSINT_TIPS - OSINT
UnaPibaGeek/ctfr - Abusing Certificate Transparency logs for getting HTTPS websites subdomains.
maurosoria/dirsearch - Web path scanner
projectdiscovery/subfinder - Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.
anouarbensaad/vulnx - vulnx 🕷️ an intelligent Bot, Shell can achieve automatic injection, and help researchers detect security vulnerabilities CMS system. It can perform a quick CMS security detection, information collecti
kelvinBen/AppInfoScanner - 一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具，可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如：Title、Domain、CDN、指纹信息、状态信息等。
sundowndev/hacker-roadmap - A collection of hacking tools, resources and references to practice ethical hacking.
hahwul/WebHackersWeapons - ⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
D4Vinci/Dr0p1t-Framework - A framework that create an advanced stealthy dropper that bypass most AVs and have a lot of tricks
trimstray/sandmap - Nmap on steroids. Simple CLI with the ability to run pure Nmap engine, 31 modules with 459 scan profiles.
SofianeHamlaoui/Lockdoor-Framework - 🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources
wuseman/EMAGNET - Automated hacking tool that will find leaked databases with 97.1% accurate to grab mail + password together from recent uploads from https://pastebin.com. Bruteforce support for spotify accounts, inst
trimstray/the-book-of-secret-knowledge - A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
Hack-with-Github/Free-Security-eBooks - Free Security and Hacking eBooks
toolswatch/blackhat-arsenal-tools - Official Black Hat Arsenal Security Tools Repository
OlivierLaflamme/Cheatsheet-God - Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet
evyatarmeged/Raccoon - A high performance offensive security tool for reconnaissance and vulnerability scanning
smicallef/spiderfoot - SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
hahwul/a2sv - Auto Scanning to SSL Vulnerability
aaaguirrep/offensive-docker - Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.
LasCC/Hack-Tools - The all-in-one Red Team extension for Web Pentester 🛠
We5ter/Scanners-Box - A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑
tom0li/collection-document - Collection of quality safety articles. Awesome articles.
vitalysim/Awesome-Hacking-Resources - A collection of hacking / penetration testing resources to make you better!
Hack-with-Github/Awesome-Hacking - A collection of various awesome lists for hackers, pentesters and security researchers
backdoorhub/shell-backdoor-list - 🎯 PHP / ASP - Shell Backdoor List 🎯
Hacker0x01/hacker101 - Source code for Hacker101.com - a free online web and mobile security class.
husnainfareed/Awesome-Ethical-Hacking-Resources - 🔗 All the resources I could find for learning Ethical Hacking and Penetration Testing.
infoslack/awesome-web-hacking - A list of web application security
samratashok/nishang - Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
blaCCkHatHacEEkr/PENTESTING-BIBLE - Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.
RustScan/RustScan - 🤖 The Modern Port Scanner 🤖
rtcatc/Packer-Fuzzer - Packer Fuzzer is a fast and efficient scanner for security detection of websites constructed by javascript module bundler such as Webpack.
Z4nzu/hackingtool - ALL IN ONE Hacking Tool For Hackers

security

koutto/jok3r - Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework
eth0izzle/shhgit - Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories: www.shhgit.com
cyberark/kubesploit - Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang, focused on containerized environments.
intrigueio/intrigue-core - Discover Your Attack Surface!
momenbasel/keyFinder - Keyfinder🔑 is a tool that let you find keys while surfing the web!
arainho/awesome-api-security - A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.
future-architect/vuls - Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
snyk/cli - Snyk CLI scans and monitors your projects for security vulnerabilities.
processhacker/processhacker - A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware.
utkusen/urlhunter - a recon tool that allows searching on URLs that are exposed via shortener services
yaklang/yakit - Cyber Security ALL-IN-ONE Platform
lutfumertceylan/top25-parameter - For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙
Viralmaniar/Passhunt - Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.
jeffzh3ng/fuxi - Penetration Testing Platform
ph4ntonn/Stowaway - 👻Stowaway -- Multi-hop Proxy Tool for pentesters
j3ssie/osmedeus - A Workflow Engine for Offensive Security
OWASP/Nettacker - Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
XiphosResearch/exploits - Miscellaneous exploit code
JoyChou93/java-sec-code - Java web common vulnerabilities and security code which is base on springboot and spring security
cilium/cilium - eBPF-based Networking, Security, and Observability
m0nad/Diamorphine - LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)
decalage2/oletools - oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.
MISP/MISP - MISP (core software) - Open Source Threat Intelligence and Sharing Platform
radareorg/radare2 - UNIX-like reverse engineering framework and command-line toolset
JKornev/hidden - 🇺🇦 Windows driver with usermode interface which can hide processes, file-system and registry objects, protect processes and etc
TryCatchHCF/Cloakify - CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting C
KuroLabs/stegcloak - Hide secrets with invisible characters in plain text securely using passwords 🧙🏻‍♂️⭐
sleventyeleven/linuxprivchecker - linuxprivchecker.py -- a Linux Privilege Escalation Check Script
juice-shop/juice-shop - OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
HashPals/Name-That-Hash - 🔗 Don't know what type of hash it is? Name That Hash will name that hash type! 🤖 Identify MD5, SHA256 and 300+ other hashes ☄ Comes with a neat web app 🔥
0dayCTF/reverse-shell-generator - Hosted Reverse Shell generator with a ton of functionality. -- (Great for CTFs)
andresriancho/w3af - w3af: web application attack and audit framework, the open source web vulnerability scanner.
apsdehal/awesome-ctf - A curated list of CTF frameworks, libraries, resources and softwares
nixawk/pentest-wiki - PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.
xairy/linux-kernel-exploitation - A collection of links related to Linux kernel security and exploitation
six2dez/pentest-book -
antonio-morales/Fuzzing101 - An step by step fuzzing tutorial. A GitHub Security Lab initiative
OpenCTI-Platform/opencti - Open Cyber Threat Intelligence Platform
lirantal/awesome-nodejs-security - Awesome Node.js Security resources
airbnb/binaryalert - BinaryAlert: Serverless, Real-time & Retroactive Malware Detection.
googleprojectzero/winafl - A fork of AFL for fuzzing Windows binaries
jonasstrehle/supercookie - ⚠️ Browser fingerprinting via favicon!
aircrack-ng/aircrack-ng - WiFi security auditing tools suite
zricethezav/gitleaks - Protect and discover secrets using Gitleaks 🔑
mitmproxy/mitmproxy - An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
arkenfox/user.js - Firefox privacy, security and anti-tracking: a comprehensive user.js template for configuration and hardening
anchore/grype - A vulnerability scanner for container images and filesystems
zer0yu/Awesome-CobaltStrike - cobaltstrike的相关资源汇总 / List of Awesome CobaltStrike Resources
bettercap/bettercap - The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.
urbanadventurer/WhatWeb - Next generation web scanner
aquasecurity/tfsec - Security scanner for your Terraform code
0xbug/Hawkeye - GitHub 泄露监控系统(GitHub Sensitive Information Leakage Monitor Spider)
cddmp/enum4linux-ng - A next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for security professionals and CTF players.
0x4D31/awesome-threat-detection - A curated list of awesome threat detection and hunting resources
bee-san/pyWhat - 🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙‍♀️
jekil/awesome-hacking - Awesome hacking is an awesome collection of hacking tools.
quasar/Quasar - Remote Administration Tool for Windows
parsiya/Hacking-with-Go - Golang for Security Professionals
ajinabraham/nodejsscan - nodejsscan is a static security code scanner for Node.js applications.
coreb1t/awesome-pentest-cheat-sheets - Collection of the cheat sheets useful for pentesting
projectdiscovery/nuclei-templates - Community curated list of templates for the nuclei engine to find security vulnerabilities.
ffffffff0x/1earn - ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
lc/gau - Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.
chaitin/xray - 一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档
S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet - A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
k8gege/Ladon - 大型内网渗透扫描器&Cobalt Strike，Ladon9.1.4内置150个模块，包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2，密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB
dreddsa5dies/goHackTools - Hacker tools on Go (Golang)
Dliv3/Venom - Venom - A Multi-hop Proxy for Penetration Testers
projectdiscovery/nuclei - Fast and customizable vulnerability scanner based on simple YAML based DSL.
nomi-sec/PoC-in-GitHub - 📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
projectdiscovery/interactsh - An OOB interaction gathering server and client library
nmap/nmap - Nmap - the Network Mapper. Github mirror of official SVN repository.
EdOverflow/bugbounty-cheatsheet - A list of interesting payloads, tips and tricks for bug bounty hunters.
swisskyrepo/PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
sensepost/gowitness - 🔍 gowitness - a golang, web screenshot utility using Chrome Headless
rsmusllp/king-phisher - Phishing Campaign Toolkit
gophish/gophish - Open-Source Phishing Toolkit
ivre/ivre - Network recon framework, published by @cea-sec & @ANSSI-FR. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, coll
infobyte/faraday - Collaborative Penetration Test and Vulnerability Management Platform
Nekmo/dirhunt - Find web directories without bruteforce
EdOverflow/can-i-take-over-xyz - "Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
haccer/subjack - Subdomain Takeover tool written in Go
hahwul/dalfox - 🌙🦊 DalFox is an powerful open source XSS scanning tool and parameter analyzer, utility
nsonaniya2010/SubDomainizer - A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.
yassineaboukir/sublert - Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.
NullArray/AutoSploit - Automated Mass Exploiter
cure53/DOMPurify - DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
bhavsec/reconspider - 🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.
google/oss-fuzz - OSS-Fuzz - continuous fuzzing for open source software.
evilsocket/xray - XRay is a tool for recon, mapping and OSINT gathering from public networks.
jofpin/trape - People tracker on the Internet: OSINT analysis and research tool by Jose Pino
blark/aiodnsbrute - Python 3.5+ DNS asynchronous brute force utility
AV1080p/Hacking-With-Golang - Golang安全资源合集
maurosoria/dirsearch - Web path scanner
michenriksen/aquatone - A Tool for Domain Flyovers
projectdiscovery/dnsprobe - DNSProb is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers.
kelvinBen/AppInfoScanner - 一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具，可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如：Title、Domain、CDN、指纹信息、状态信息等。
knownsec/404StarLink - 404StarLink - 推荐优质、有意义、有趣、坚持维护的安全开源项目
sundowndev/hacker-roadmap - A collection of hacking tools, resources and references to practice ethical hacking.
hahwul/WebHackersWeapons - ⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
onlurking/awesome-infosec - A curated list of awesome infosec courses and training resources.
fabacab/awesome-cybersecurity-blueteam - 💻🛡️ A curated collection of awesome resources, tools, and other shiny things for cybersecurity blue teams.
cleverhans-lab/cleverhans - An adversarial example library for constructing attacks, building defenses, and benchmarking both
trimstray/the-book-of-secret-knowledge - A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
Ascotbe/HackerMind - 渗透步骤，web安全，CTF，业务安全，人工智能，区块链安全，安全开发，无线安全，社会工程学，二进制安全，移动安全，红蓝对抗，运维安全，风控安全，linux安全
hslatman/awesome-threat-intelligence - A curated list of Awesome Threat Intelligence resources
Hack-with-Github/Free-Security-eBooks - Free Security and Hacking eBooks
OlivierLaflamme/Cheatsheet-God - Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet
flipkart-incubator/Astra - Automated Security Testing For REST API's
michenriksen/gitrob - Reconnaissance tool for GitHub organizations
prowler-cloud/prowler - Prowler is an Open Source security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 2
hahwul/a2sv - Auto Scanning to SSL Vulnerability
Metnew/uxss-db - 🔪Browser logic vulnerabilities ☠️
scipag/vulscan - Advanced vulnerability scanning with Nmap NSE
tom0li/collection-document - Collection of quality safety articles. Awesome articles.
Hack-with-Github/Awesome-Hacking - A collection of various awesome lists for hackers, pentesters and security researchers
wpscanteam/wpscan - WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites.
qazbnm456/awesome-web-security - 🐶 A curated list of Web Security materials and resources.
findneo/Newbie-Security-List - 网络安全学习资料，欢迎补充
Hacker0x01/hacker101 - Source code for Hacker101.com - a free online web and mobile security class.
samratashok/nishang - Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
RustScan/RustScan - 🤖 The Modern Port Scanner 🤖

framework

koutto/jok3r - Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework
ExpLife0011/awesome-windows-kernel-security-development - windows kernel security development
screetsec/Sudomy - Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
bhavsec/reconspider - 🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.
spearow/juice - The Hacker's Machine Learning Engine

kubernetes

cyberark/kubesploit - Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang, focused on containerized environments.
cilium/cilium - eBPF-based Networking, Security, and Observability
cdk-team/CDK - 📦 Make security testing of K8s, Docker, and Containerd easier.

java

apache/drill - Apache Drill is a distributed MPP query layer for self describing data
JoyChou93/java-sec-code - Java web common vulnerabilities and security code which is base on springboot and spring security
CalebFenton/simplify - Android virtual machine and deobfuscator
imarvinle/awesome-cs-books - 经典编程书籍大全，涵盖：计算机系统与网络、系统架构、算法与数据结构、前端开发、后端开发、移动开发、数据库、测试、项目与团队、程序员职业修炼、求职面试等
rememberber/WePush - 专注批量推送的小而美的工具，目前支持：模板消息-公众号、模板消息-小程序、微信客服消息、微信企业号/企业微信消息、阿里云短信、阿里大于模板短信、腾讯云短信、云片网短信、E-Mail、HTTP请求、钉钉、华为云短信、百度云短信、又拍云短信、七牛云短信
youngyangyang04/leetcode-master - 《代码随想录》LeetCode 刷题攻略：200道经典题目刷题顺序，共60w字的详细图解，视频难点剖析，50余张思维导图，支持C++，Java，Python，Go，JavaScript等多语言版本，从此算法学习不再迷茫！🔥🔥 来看看，你会发现相见恨晚！🚀
frohoff/ysoserial - A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
tom0li/collection-document - Collection of quality safety articles. Awesome articles.

sql

apache/drill - Apache Drill is a distributed MPP query layer for self describing data
1N3/PrivEsc - A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.

wordpress

Tuhinshubhra/RED_HAWK - All in one tool for Information Gathering, Vulnerability Scanning and Crawling. A must have tool for all penetration testers
Tuhinshubhra/CMSeeK - CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and over 180 other CMSs
wpscanteam/wpscan - WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites.

js

momenbasel/keyFinder - Keyfinder🔑 is a tool that let you find keys while surfing the web!

chrome-extension

momenbasel/keyFinder - Keyfinder🔑 is a tool that let you find keys while surfing the web!
iamadamdev/bypass-paywalls-chrome - Bypass Paywalls web browser extension for Chrome and Firefox.
Kenshin/simpread - 简悦 ( SimpRead ) - 让你瞬间进入沉浸式阅读的扩展
gongjunhao/seckill - Chrome浏览器抢购、秒杀插件，秒杀助手，定时自动点击
gildas-lormeau/SingleFile - 📷 Web Extension for Firefox/Chrome/MS Edge and CLI tool to save a faithful copy of an entire web page in a single HTML file
crimx/ext-saladict - 🥗 All-in-one professional pop-up dictionary and page translator which supports multiple search modes, page translations, new word notebook and PDF selection searching.
LasCC/Hack-Tools - The all-in-one Red Team extension for Web Pentester 🛠

awesome-list

arainho/awesome-api-security - A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.
milabs/awesome-linux-rootkits - awesome-linux-rootkits
rshipp/awesome-malware-analysis - Defund the Police.
maguowei/starred - creating your own Awesome List by GitHub stars!
alebcay/awesome-shell - A curated list of awesome command-line frameworks, toolkits, guides and gizmos. Inspired by awesome-php.
The-Art-of-Hacking/h4cker - This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerabil
InQuest/awesome-yara - A curated list of awesome YARA rules, tools, and people.
secfigo/Awesome-Fuzzing - A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Developme
jaywcjlove/awesome-mac -  Now we have become very big, Different from the original idea. Collect premium software in various categories.
0x4D31/awesome-threat-detection - A curated list of awesome threat detection and hunting resources
codecrafters-io/build-your-own-x - Master programming by recreating your favorite technologies from scratch.
sindresorhus/awesome - 😎 Awesome lists about all kinds of interesting topics
ossu/computer-science - 🎓 Path to a free self-taught education in Computer Science!
joho/awesome-code-review - An "Awesome" list of code review resources - articles, papers, tools, etc
redhuntlabs/Awesome-Asset-Discovery - List of Awesome Asset Discovery Resources
hahwul/WebHackersWeapons - ⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
0x4D31/awesome-oscp - A curated list of awesome OSCP resources
enaqx/awesome-pentest - A collection of awesome penetration testing resources, tools and other shiny things
fabacab/awesome-cybersecurity-blueteam - 💻🛡️ A curated collection of awesome resources, tools, and other shiny things for cybersecurity blue teams.
trimstray/the-book-of-secret-knowledge - A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
jivoi/awesome-osint - 😱 A curated list of amazingly awesome OSINT
jivoi/awesome-ml-for-cybersecurity - Machine Learning for Cyber Security
qazbnm456/awesome-web-security - 🐶 A curated list of Web Security materials and resources.
blaCCkHatHacEEkr/PENTESTING-BIBLE - Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.

cybersecurity

mitre/caldera - Automated Adversary Emulation Platform
future-architect/vuls - Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
Viralmaniar/Passhunt - Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.
maliceio/malice - VirusTotal Wanna Be - Now with 100% more Hipster
MISP/MISP - MISP (core software) - Open Source Threat Intelligence and Sharing Platform
aydinnyunus/Keylogger - Get Keyboard,Mouse,ScreenShot,Microphone Inputs from Target Computer and Send to your Mail.
The-Art-of-Hacking/h4cker - This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerabil
OpenCTI-Platform/opencti - Open Cyber Threat Intelligence Platform
lirantal/awesome-nodejs-security - Awesome Node.js Security resources
0xCyberY/ehtk - Ethical Hacking Toolkit is a collection of tools, cheat sheets, and resources for Ethical hackers, Penetration Tester, and Security Researchers etc. It contains almost all tools mentioned in CEH, OSCP
bee-san/pyWhat - 🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙‍♀️
ihebski/DefaultCreds-cheat-sheet - One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
foospidy/payloads - Git All the Payloads! A collection of web attack payloads.
Viralmaniar/BigBountyRecon - BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.
1N3/Sn1per - Attack Surface Management Platform | Sn1perSecurity LLC
projectdiscovery/httpx - httpx is a fast and multi-purpose HTTP toolkit allows to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads.
bhavsec/reconspider - 🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.
SofianeHamlaoui/Lockdoor-Framework - 🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources
fabacab/awesome-cybersecurity-blueteam - 💻🛡️ A curated collection of awesome resources, tools, and other shiny things for cybersecurity blue teams.
smicallef/spiderfoot - SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
LasCC/Hack-Tools - The all-in-one Red Team extension for Web Pentester 🛠
rtcatc/Packer-Fuzzer - Packer Fuzzer is a fast and efficient scanner for security detection of websites constructed by javascript module bundler such as Webpack.

c

processhacker/processhacker - A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware.
s-matyukevich/raspberry-pi-os - Learning operating system development using Linux kernel and Raspberry Pi
mempodippy/vlany - Linux LD_PRELOAD rootkit (x86 and x86_64 architectures)
m0nad/Diamorphine - LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)
vxunderground/VX-API - Collection of various WINAPI tricks / features used or abused by Malware
radareorg/radare2 - UNIX-like reverse engineering framework and command-line toolset
ihack4falafel/OSCP - Collection of things made during my OSCP journey
Cyan4973/xxHash - Extremely fast non-cryptographic hash algorithm
hashcat/hashcat - World's fastest and most advanced password recovery utility

monitoring

processhacker/processhacker - A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware.
cilium/cilium - eBPF-based Networking, Security, and Observability
bettercap/bettercap - The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.

ruby

Hackplayers/evil-winrm - The ultimate WinRM shell for hacking/pentesting
postalserver/postal - ✉️ A fully featured open source mail delivery platform for incoming & outgoing e-mail
urbanadventurer/WhatWeb - Next generation web scanner
asdf-vm/asdf - Extendable version manager with support for Ruby, Node.js, Elixir, Erlang & more
rbenv/rbenv - Manage your app's Ruby environment

powershell

Hackplayers/evil-winrm - The ultimate WinRM shell for hacking/pentesting
byt3bl33d3r/CrackMapExec - A swiss army knife for pentesting networks
S3cur3Th1sSh1t/WinPwn - Automation for internal Windows Penetrationtest / AD-Security
nccgroup/Winpayloads - Undetectable Windows Payload Generation
starship/starship - ☄🌌️ The minimal, blazing-fast, and infinitely customizable prompt for any shell!
D4Vinci/Dr0p1t-Framework - A framework that create an advanced stealthy dropper that bypass most AVs and have a lot of tricks
PowerShell/PowerShell - PowerShell for every system!
rootclay/Powershell-Attack-Guide - Powershell攻击指南----黑客后渗透之道
samratashok/nishang - Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

dotnet

byt3bl33d3r/SILENTTRINITY - An asynchronous, collaborative post-exploitation agent powered by Python and .NET's DLR
cobbr/Covenant - Covenant is a collaborative .NET C2 framework for red teamers.
quasar/Quasar - Remote Administration Tool for Windows

python3

byt3bl33d3r/SILENTTRINITY - An asynchronous, collaborative post-exploitation agent powered by Python and .NET's DLR
aydinnyunus/Keylogger - Get Keyboard,Mouse,ScreenShot,Microphone Inputs from Target Computer and Send to your Mail.
Marten4n6/EvilOSX - An evil RAT (Remote Administration Tool) for macOS / OS X.
Datalux/Osintgram - Osintgram is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname
Gallopsled/pwntools - CTF framework and exploit development library
thewhiteh4t/FinalRecon - The Last Web Recon Tool You'll Need
m8r0wn/subscraper - Perform subdomain enumeration through various techniques and retrieve detailed output to aid in further testing.
nsonaniya2010/SubDomainizer - A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.
sherlock-project/sherlock - 🔎 Hunt down social media accounts by username across social networks
kelvinBen/AppInfoScanner - 一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具，可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如：Title、Domain、CDN、指纹信息、状态信息等。
Jack-Cherish/PythonPark - Python 开源项目之「自学编程之路」，保姆级教程：AI实验室、宝藏视频、数据结构、学习指南、机器学习实战、深度学习实战、网络爬虫、大厂面经、程序人生、资源分享。
rtcatc/Packer-Fuzzer - Packer Fuzzer is a fast and efficient scanner for security detection of websites constructed by javascript module bundler such as Webpack.

python

byt3bl33d3r/CrackMapExec - A swiss army knife for pentesting networks
jivoi/pentest - ⛔ offsec batteries included
OWASP/Nettacker - Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
Manisso/fsociety - fsociety Hacking Tools Pack – A Penetration Testing Framework
nccgroup/Winpayloads - Undetectable Windows Payload Generation
1N3/BlackWidow - A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
XiphosResearch/exploits - Miscellaneous exploit code
tennc/webshell - This is a webshell open source project
Neo23x0/yarGen - yarGen is a generator for YARA rules
decalage2/oletools - oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.
intelowlproject/IntelOwl - Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale
lief-project/LIEF - LIEF - Library to Instrument Executable Formats
hugsy/gef - GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging features for exploit developers & reverse engineers
aydinnyunus/Keylogger - Get Keyboard,Mouse,ScreenShot,Microphone Inputs from Target Computer and Send to your Mail.
HashPals/Name-That-Hash - 🔗 Don't know what type of hash it is? Name That Hash will name that hash type! 🤖 Identify MD5, SHA256 and 300+ other hashes ☄ Comes with a neat web app 🔥
ihack4falafel/OSCP - Collection of things made during my OSCP journey
vinta/awesome-python - A curated list of awesome Python frameworks, libraries, software and resources
imarvinle/awesome-cs-books - 经典编程书籍大全，涵盖：计算机系统与网络、系统架构、算法与数据结构、前端开发、后端开发、移动开发、数据库、测试、项目与团队、程序员职业修炼、求职面试等
PokemonGoF/PokemonGo-Bot - The Pokemon Go Bot, baking with community.
boto/boto3 - AWS SDK for Python
sqlmapproject/sqlmap - Automatic SQL injection and database takeover tool
nathanlopez/Stitch - Python Remote Administration Tool (RAT)
dashingsoft/pyarmor - A tool used to obfuscate python scripts, bind obfuscated scripts to fixed machine or expire obfuscated scripts.
mitmproxy/mitmproxy - An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
bhattsameer/Bombers - SMS/Email/Whatsapp/Twitter/Instagram bombers Collection 💣💣💣 💥 Also added collection of some Fake SMS utilities which helps in skip phone number based SMS verification by using a te
Marten4n6/EvilOSX - An evil RAT (Remote Administration Tool) for macOS / OS X.
Ciphey/Ciphey - ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
bee-san/pyWhat - 🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙‍♀️
Datalux/Osintgram - Osintgram is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname
UndeadSec/SocialFish - Phishing Tool & Information Collector
youngyangyang04/leetcode-master - 《代码随想录》LeetCode 刷题攻略：200道经典题目刷题顺序，共60w字的详细图解，视频难点剖析，50余张思维导图，支持C++，Java，Python，Go，JavaScript等多语言版本，从此算法学习不再迷茫！🔥🔥 来看看，你会发现相见恨晚！🚀
donnemartin/system-design-primer - Learn how to design large-scale systems. Prep for the system design interview. Includes Anki flashcards.
thehackingsage/hacktronian - Tools for Pentesting
Gallopsled/pwntools - CTF framework and exploit development library
facert/awesome-spider - 爬虫集合
rfyiamcool/share_ppt - 🚗 我个人曾经做过的技术分享...
n1nj4sec/pupy - Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python
s0md3v/Hash-Buster - Crack hashes in seconds.
rsmusllp/king-phisher - Phishing Campaign Toolkit
ivre/ivre - Network recon framework, published by @cea-sec & @ANSSI-FR. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, coll
Nekmo/dirhunt - Find web directories without bruteforce
pyenv/pyenv - Simple Python version management
yassineaboukir/sublert - Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.
opsdisk/pagodo - pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching
TebbaaX/Katana - Python Tool that gives you the ability to run Advanced Google Queries (Known as Google Dorks - Google Dorking)
NullArray/AutoSploit - Automated Mass Exploiter
bhavsec/reconspider - 🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.
jofpin/trape - People tracker on the Internet: OSINT analysis and research tool by Jose Pino
blark/aiodnsbrute - Python 3.5+ DNS asynchronous brute force utility
maurosoria/dirsearch - Web path scanner
NikolaiT/GoogleScraper - A Python module to scrape several search engines (like Google, Yandex, Bing, Duckduckgo, ...). Including asynchronous networking support.
Trusted-AI/adversarial-robustness-toolbox - Adversarial Robustness Toolbox (ART) - Python Library for Machine Learning Security - Evasion, Poisoning, Extraction, Inference - Red and Blue Teams
MobSF/Mobile-Security-Framework-MobSF - Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and
Jack-Cherish/PythonPark - Python 开源项目之「自学编程之路」，保姆级教程：AI实验室、宝藏视频、数据结构、学习指南、机器学习实战、深度学习实战、网络爬虫、大厂面经、程序人生、资源分享。
TophantTechnology/ARL - ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。
curiousily/Deep-Learning-For-Hackers - Machine Learning tutorials with TensorFlow 2 and Keras in Python (Jupyter notebooks included) - (LSTMs, Hyperameter tuning, Data preprocessing, Bias-variance tradeoff, Anomaly Detection, Autoencoders,
shmilylty/OneForAll - OneForAll是一款功能强大的子域收集工具
flipkart-incubator/Astra - Automated Security Testing For REST API's
s0md3v/Photon - Incredibly fast crawler designed for OSINT.
smicallef/spiderfoot - SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
commixproject/commix - Automated All-in-One OS Command Injection Exploitation Tool.
toolswatch/vFeed - The Correlated CVE Vulnerability And Threat Intelligence Database API
laramies/theHarvester - E-mails, subdomains and names Harvester - OSINT

macos

Adminisme/ServerScan - ServerScan一款使用Golang开发的高并发网络扫描、服务探测工具。
marktext/marktext - 📝A simple and elegant markdown editor, available for Linux, macOS and Windows.
jaywcjlove/awesome-mac -  Now we have become very big, Different from the original idea. Collect premium software in various categories.
rubickCenter/rubick - 🔧 Electron based open source toolbox, free integration of rich plug-ins. 基于 electron 的开源工具箱，自由集成丰富插件。
neoneggplant/EggShell - iOS/macOS/Linux Remote Administration Tool
Marten4n6/EvilOSX - An evil RAT (Remote Administration Tool) for macOS / OS X.
geemion/Khepri - Free,Open-Source,Cross-platform agent and Post-exploiton tool written in Golang and C++ like CobaltStrike.
txthinking/brook - A cross-platform network tool designed for developers. 一个为开发者设计的跨平台网络工具.
sherlock-project/sherlock - 🔎 Hunt down social media accounts by username across social networks
PowerShell/PowerShell - PowerShell for every system!

mobile

nccgroup/house - A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python.
ctf-wiki/ctf-wiki - Come and join us, we need you!

android

nccgroup/house - A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python.
APKLab/APKLab - Android Reverse-Engineering Workbench for VS Code
rednaga/APKiD - Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android
lief-project/LIEF - LIEF - Library to Instrument Executable Formats
CalebFenton/simplify - Android virtual machine and deobfuscator
quasarframework/quasar - Quasar Framework - Build high-performance VueJS user interfaces in record time
AhMyth/AhMyth-Android-RAT - Android Remote Administration Tool
txthinking/brook - A cross-platform network tool designed for developers. 一个为开发者设计的跨平台网络工具.
n1nj4sec/pupy - Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python
kelvinBen/AppInfoScanner - 一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具，可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如：Title、Domain、CDN、指纹信息、状态信息等。
Hack-with-Github/Awesome-Hacking - A collection of various awesome lists for hackers, pentesters and security researchers

database

D4Vinci/One-Lin3r - Gives you one-liners that aids in penetration testing operations, privilege escalation and more
sqlmapproject/sqlmap - Automatic SQL injection and database takeover tool
k8gege/K8tools - K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke
wuseman/EMAGNET - Automated hacking tool that will find leaked databases with 97.1% accurate to grab mail + password together from recent uploads from https://pastebin.com. Bruteforce support for spotify accounts, inst
insightglacier/Dictionary-Of-Pentesting - Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。
kwsch/PKHeX - Pokémon Save File Editor

raspberry-pi

ZerBea/hcxtools - Portable (that doesn't include proprietary/commercial operating systems) solution for conversion of cap/pcap/pcapng (gz compressed) WiFi dump files to hashcat formats (recommended by hashcat) and to J
s-matyukevich/raspberry-pi-os - Learning operating system development using Linux kernel and Raspberry Pi

pwa

freeCodeCamp/devdocs - API Documentation Browser
quasarframework/quasar - Quasar Framework - Build high-performance VueJS user interfaces in record time

electron

marktext/marktext - 📝A simple and elegant markdown editor, available for Linux, macOS and Windows.
rubickCenter/rubick - 🔧 Electron based open source toolbox, free integration of rich plug-ins. 基于 electron 的开源工具箱，自由集成丰富插件。
quasarframework/quasar - Quasar Framework - Build high-performance VueJS user interfaces in record time
bitwarden/clients - Bitwarden client applications (web, browser extension, desktop, and cli)

vue

marktext/marktext - 📝A simple and elegant markdown editor, available for Linux, macOS and Windows.
ganlvtech/down_52pojie_cn - A single page file explorer that can be hosted on static website. 吾爱破解论坛爱盘 https://down.52pojie.cn/ 页面的源代码
quasarframework/quasar - Quasar Framework - Build high-performance VueJS user interfaces in record time

latex

marktext/marktext - 📝A simple and elegant markdown editor, available for Linux, macOS and Windows.
noraj/OSCP-Exam-Report-Template-Markdown - 📙 Markdown Templates for Offensive Security OSCP, OSWE, OSCE, OSEE, OSWP exam report

emoji

marktext/marktext - 📝A simple and elegant markdown editor, available for Linux, macOS and Windows.

continuous-integration

stepchowfun/toast - Containerize your development and continuous integration environments. 🥂

code-review

gitpod-io/gitpod - Gitpod automates the provisioning of ready-to-code development environments.
joho/awesome-code-review - An "Awesome" list of code review resources - articles, papers, tools, etc
ajinabraham/nodejsscan - nodejsscan is a static security code scanner for Node.js applications.

chrome

iamadamdev/bypass-paywalls-chrome - Bypass Paywalls web browser extension for Chrome and Firefox.
Mr-xn/hackbar2.1.3 - the free firefox extions of hackbar v2.1.3 v2.2.9 v2.3.1,hackbar 插件未收费的免费版本。适用于chrome浏览器的HackBar-v2.2.6.zip,HackBar-v2.3.1.zip
Kenshin/simpread - 简悦 ( SimpRead ) - 让你瞬间进入沉浸式阅读的扩展
jonasstrehle/supercookie - ⚠️ Browser fingerprinting via favicon!
bitwarden/clients - Bitwarden client applications (web, browser extension, desktop, and cli)
gildas-lormeau/SingleFile - 📷 Web Extension for Firefox/Chrome/MS Edge and CLI tool to save a faithful copy of an entire web page in a single HTML file
crimx/ext-saladict - 🥗 All-in-one professional pop-up dictionary and page translator which supports multiple search modes, page translations, new word notebook and PDF selection searching.
sensepost/gowitness - 🔍 gowitness - a golang, web screenshot utility using Chrome Headless

firefox

iamadamdev/bypass-paywalls-chrome - Bypass Paywalls web browser extension for Chrome and Firefox.
Kenshin/simpread - 简悦 ( SimpRead ) - 让你瞬间进入沉浸式阅读的扩展
jonasstrehle/supercookie - ⚠️ Browser fingerprinting via favicon!
arkenfox/user.js - Firefox privacy, security and anti-tracking: a comprehensive user.js template for configuration and hardening
bitwarden/clients - Bitwarden client applications (web, browser extension, desktop, and cli)
gildas-lormeau/SingleFile - 📷 Web Extension for Firefox/Chrome/MS Edge and CLI tool to save a faithful copy of an entire web page in a single HTML file
crimx/ext-saladict - 🥗 All-in-one professional pop-up dictionary and page translator which supports multiple search modes, page translations, new word notebook and PDF selection searching.

web

1N3/BlackWidow - A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
JoyChou93/java-sec-code - Java web common vulnerabilities and security code which is base on springboot and spring security
ctf-wiki/ctf-wiki - Come and join us, we need you!
urbanadventurer/WhatWeb - Next generation web scanner
Bo0oM/fuzz.txt - Potentially dangerous files
donnemartin/system-design-primer - Learn how to design large-scale systems. Prep for the system design interview. Includes Anki flashcards.
epi052/feroxbuster - A fast, simple, recursive content discovery tool written in Rust.
OJ/gobuster - Directory/File, DNS and VHost busting tool written in Go
ffuf/ffuf - Fast web fuzzer written in Go
tom0li/collection-document - Collection of quality safety articles. Awesome articles.
qazbnm456/awesome-web-security - 🐶 A curated list of Web Security materials and resources.
backdoorhub/shell-backdoor-list - 🎯 PHP / ASP - Shell Backdoor List 🎯

php

XiphosResearch/exploits - Miscellaneous exploit code
jvoisin/php-malware-finder - Detect potentially malicious PHP files
bartblaze/PHP-backdoors - A collection of PHP backdoors. For educational or testing purposes only.
tennc/webshell - This is a webshell open source project
ziadoz/awesome-php - A curated list of amazingly awesome PHP libraries, resources and shiny things.
backdoorhub/shell-backdoor-list - 🎯 PHP / ASP - Shell Backdoor List 🎯

code

JoyChou93/java-sec-code - Java web common vulnerabilities and security code which is base on springboot and spring security

operating-system

s-matyukevich/raspberry-pi-os - Learning operating system development using Linux kernel and Raspberry Pi

devops

openspug/spug - 开源运维平台：面向中小型企业设计的轻量级无Agent的自动化运维平台，整合了主机管理、主机批量执行、主机在线终端、文件在线上传下载、应用发布部署、在线任务计划、配置中心、监控、报警等一系列功能。
CISOfy/lynis - Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
aquasecurity/tfsec - Security scanner for your Terraform code
infobyte/faraday - Collaborative Penetration Test and Vulnerability Management Platform
trimstray/the-book-of-secret-knowledge - A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.

postgresql

screetsec/Vegile - This tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process,unlimited your session in metasploit and transparent. Even when it killed, it will
tarunkant/Gopherus - This tool generates gopher link for exploiting SSRF and gaining RCE in various servers

library

mempodippy/vlany - Linux LD_PRELOAD rootkit (x86 and x86_64 architectures)

awesome

milabs/awesome-linux-rootkits - awesome-linux-rootkits
rshipp/awesome-malware-analysis - Defund the Police.
maguowei/starred - creating your own Awesome List by GitHub stars!
alebcay/awesome-shell - A curated list of awesome command-line frameworks, toolkits, guides and gizmos. Inspired by awesome-php.
apsdehal/awesome-ctf - A curated list of CTF frameworks, libraries, resources and softwares
vinta/awesome-python - A curated list of awesome Python frameworks, libraries, software and resources
ziadoz/awesome-php - A curated list of amazingly awesome PHP libraries, resources and shiny things.
InQuest/awesome-yara - A curated list of awesome YARA rules, tools, and people.
secfigo/Awesome-Fuzzing - A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Developme
jaywcjlove/awesome-mac -  Now we have become very big, Different from the original idea. Collect premium software in various categories.
BruceDone/awesome-crawler - A collection of awesome web crawler,spider in different languages
SecWiki/linux-kernel-exploits - linux-kernel-exploits Linux平台提权漏洞集合
0x4D31/awesome-threat-detection - A curated list of awesome threat detection and hunting resources
sindresorhus/awesome - 😎 Awesome lists about all kinds of interesting topics
joho/awesome-code-review - An "Awesome" list of code review resources - articles, papers, tools, etc
coreb1t/awesome-pentest-cheat-sheets - Collection of the cheat sheets useful for pentesting
facert/awesome-spider - 爬虫集合
enaqx/awesome-pentest - A collection of awesome penetration testing resources, tools and other shiny things
onlurking/awesome-infosec - A curated list of awesome infosec courses and training resources.
trimstray/the-book-of-secret-knowledge - A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
hslatman/awesome-threat-intelligence - A curated list of Awesome Threat Intelligence resources
OlivierLaflamme/Cheatsheet-God - Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet
qazbnm456/awesome-cve-poc - ✍️ A curated list of CVE PoCs.
tom0li/collection-document - Collection of quality safety articles. Awesome articles.
Hack-with-Github/Awesome-Hacking - A collection of various awesome lists for hackers, pentesters and security researchers
qazbnm456/awesome-web-security - 🐶 A curated list of Web Security materials and resources.
blaCCkHatHacEEkr/PENTESTING-BIBLE - Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.

reverse-engineering

APKLab/APKLab - Android Reverse-Engineering Workbench for VS Code
a0rtega/pafish - Pafish is a testing tool that uses different techniques to detect virtual machines and malware analysis environments in the same way that malware families do
mandiant/capa - The FLARE team's open-source tool to identify capabilities in executable files.
lief-project/LIEF - LIEF - Library to Instrument Executable Formats
mentebinaria/retoolkit - Reverse Engineer's Toolkit
CalebFenton/simplify - Android virtual machine and deobfuscator
hugsy/gef - GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging features for exploit developers & reverse engineers
radareorg/radare2 - UNIX-like reverse engineering framework and command-line toolset
rmusser01/Infosec_Reference - An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
mandiant/flare-vm -
vitalysim/Awesome-Hacking-Resources - A collection of hacking / penetration testing resources to make you better!
Hack-with-Github/Awesome-Hacking - A collection of various awesome lists for hackers, pentesters and security researchers

cpp

vxunderground/VX-API - Collection of various WINAPI tricks / features used or abused by Malware
Ciphey/Ciphey - ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
youngyangyang04/leetcode-master - 《代码随想录》LeetCode 刷题攻略：200道经典题目刷题顺序，共60w字的详细图解，视频难点剖析，50余张思维导图，支持C++，Java，Python，Go，JavaScript等多语言版本，从此算法学习不再迷茫！🔥🔥 来看看，你会发现相见恨晚！🚀
Qv2ray/Qv2ray - ⭐ Linux / Windows / macOS 跨平台 V2Ray 客户端 | 支持 VMess / VLESS / SSR / Trojan / Trojan-Go / NaiveProxy / HTTP / HTTPS / SOCKS5 | 使用 C++ / Qt 开发 | 可拓展插件式设计 ⭐

machine-learning

rednaga/APKiD - Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android
halfrost/Halfrost-Field - ✍🏻 这里是写博客的地方 —— Halfrost-Field 冰霜之地
nmap/nmap - Nmap - the Network Mapper. Github mirror of official SVN repository.
Trusted-AI/adversarial-robustness-toolbox - Adversarial Robustness Toolbox (ART) - Python Library for Machine Learning Security - Evasion, Poisoning, Extraction, Inference - Red and Blue Teams
curiousily/Deep-Learning-For-Hackers - Machine Learning tutorials with TensorFlow 2 and Keras in Python (Jupyter notebooks included) - (LSTMs, Hyperameter tuning, Data preprocessing, Bias-variance tradeoff, Anomaly Detection, Autoencoders,
spearow/juice - The Hacker's Machine Learning Engine
cleverhans-lab/cleverhans - An adversarial example library for constructing attacks, building defenses, and benchmarking both
BishopFox/deephack - PoC code from DEF CON 25 presentation
jivoi/awesome-ml-for-cybersecurity - Machine Learning for Cyber Security

parsing

lief-project/LIEF - LIEF - Library to Instrument Executable Formats

emulator

CalebFenton/simplify - Android virtual machine and deobfuscator

discord

hugsy/gef - GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging features for exploit developers & reverse engineers
MobBotTeam/PokeMobBot - a Pokemon Go Bot by PokeMobBot Team - Discord: https://discord.gg/8msqsWV | Forums:

javascript

terjanq/Tiny-XSS-Payloads - A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me
KuroLabs/stegcloak - Hide secrets with invisible characters in plain text securely using passwords 🧙🏻‍♂️⭐
juice-shop/juice-shop - OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
003random/getJS - A tool to fastly get all javascript sources/files
rubickCenter/rubick - 🔧 Electron based open source toolbox, free integration of rich plug-ins. 基于 electron 的开源工具箱，自由集成丰富插件。
quasarframework/quasar - Quasar Framework - Build high-performance VueJS user interfaces in record time
jonasstrehle/supercookie - ⚠️ Browser fingerprinting via favicon!
fingerprintjs/fingerprintjs - Browser fingerprinting library with the highest accuracy and stability.
bitwarden/clients - Bitwarden client applications (web, browser extension, desktop, and cli)
gildas-lormeau/SingleFile - 📷 Web Extension for Firefox/Chrome/MS Edge and CLI tool to save a faithful copy of an entire web page in a single HTML file
youngyangyang04/leetcode-master - 《代码随想录》LeetCode 刷题攻略：200道经典题目刷题顺序，共60w字的详细图解，视频难点剖析，50余张思维导图，支持C++，Java，Python，Go，JavaScript等多语言版本，从此算法学习不再迷茫！🔥🔥 来看看，你会发现相见恨晚！🚀
halfrost/Halfrost-Field - ✍🏻 这里是写博客的地方 —— Halfrost-Field 冰霜之地
ajinabraham/nodejsscan - nodejsscan is a static security code scanner for Node.js applications.
cure53/DOMPurify - DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
Metnew/uxss-db - 🔪Browser logic vulnerabilities ☠️
tunz/js-vuln-db - A collection of JavaScript engine CVEs with PoCs

html

terjanq/Tiny-XSS-Payloads - A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me
jonasstrehle/supercookie - ⚠️ Browser fingerprinting via favicon!
cure53/DOMPurify - DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

twitter

DavidBuchanan314/tweetable-polyglot-png - Pack up to 3MB of data into a tweetable PNG polyglot file.
GorvGoyl/Clone-Wars - 100+ open-source clones of popular sites like Airbnb, Amazon, Instagram, Netflix, Tiktok, Spotify, Whatsapp, Youtube etc. See source code, demo links, tech stack, github stars.

bash

ihack4falafel/OSCP - Collection of things made during my OSCP journey
alebcay/awesome-shell - A curated list of awesome command-line frameworks, toolkits, guides and gizmos. Inspired by awesome-php.
carlospolop/PEASS-ng - PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
starship/starship - ☄🌌️ The minimal, blazing-fast, and infinitely customizable prompt for any shell!
syndbg/goenv - 🚙 Like pyenv and rbenv, but for Go.
rbenv/rbenv - Manage your app's Ruby environment
screetsec/Sudomy - Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
leebaird/discover - Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.

mysql

1N3/PrivEsc - A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.
tarunkant/Gopherus - This tool generates gopher link for exploiting SSRF and gaining RCE in various servers
dahuoyzs/javapdf - 🍣100本 Java电子书技术书籍PDF(以下载阅读为荣，以点赞收藏为耻)

testing

mgeeky/Penetration-Testing-Tools - A collection of more than 170+ tools, scripts, cheatsheets and other loots that I have developed over years for Red Teaming/Pentesting/IT Security audits purposes. Most of them came handy on at least
antonio-morales/Fuzzing101 - An step by step fuzzing tutorial. A GitHub Security Lab initiative

react

Kenshin/simpread - 简悦 ( SimpRead ) - 让你瞬间进入沉浸式阅读的扩展
xanderfrangos/twinkle-tray - Easily manage the brightness of your monitors in Windows from the system tray
crimx/ext-saladict - 🥗 All-in-one professional pop-up dictionary and page translator which supports multiple search modes, page translations, new word notebook and PDF selection searching.

nodejs

lirantal/awesome-nodejs-security - Awesome Node.js Security resources
xanderfrangos/twinkle-tray - Easily manage the brightness of your monitors in Windows from the system tray
rubickCenter/rubick - 🔧 Electron based open source toolbox, free integration of rich plug-ins. 基于 electron 的开源工具箱，自由集成丰富插件。
denghongcai/forsaken-mail - a self-hosted disposable mail service
jonasstrehle/supercookie - ⚠️ Browser fingerprinting via favicon!
bitwarden/clients - Bitwarden client applications (web, browser extension, desktop, and cli)
ajinabraham/nodejsscan - nodejsscan is a static security code scanner for Node.js applications.
asdf-vm/asdf - Extendable version manager with support for Ruby, Node.js, Elixir, Erlang & more

software

jaywcjlove/awesome-mac -  Now we have become very big, Different from the original idea. Collect premium software in various categories.
public-apis/public-apis - A collective list of free APIs

reactjs

xanderfrangos/twinkle-tray - Easily manage the brightness of your monitors in Windows from the system tray

serverless

airbnb/binaryalert - BinaryAlert: Serverless, Real-time & Retroactive Malware Detection.

terraform

airbnb/binaryalert - BinaryAlert: Serverless, Real-time & Retroactive Malware Detection.
aquasecurity/tfsec - Security scanner for your Terraform code

aws

airbnb/binaryalert - BinaryAlert: Serverless, Real-time & Retroactive Malware Detection.
boto/boto3 - AWS SDK for Python
aquasecurity/tfsec - Security scanner for your Terraform code
sa7mon/S3Scanner - Scan for open S3 buckets and dump the contents
prowler-cloud/prowler - Prowler is an Open Source security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 2

bot

MobBotTeam/PokeMobBot - a Pokemon Go Bot by PokeMobBot Team - Discord: https://discord.gg/8msqsWV | Forums:
PokemonGoF/PokemonGo-Bot - The Pokemon Go Bot, baking with community.
anouarbensaad/vulnx - vulnx 🕷️ an intelligent Bot, Shell can achieve automatic injection, and help researchers detect security vulnerabilities CMS system. It can perform a quick CMS security detection, information collecti

PokemonGoF/PokemonGo-Bot - The Pokemon Go Bot, baking with community.

ios

neoneggplant/EggShell - iOS/macOS/Linux Remote Administration Tool
quasarframework/quasar - Quasar Framework - Build high-performance VueJS user interfaces in record time
halfrost/Halfrost-Field - ✍🏻 这里是写博客的地方 —— Halfrost-Field 冰霜之地
txthinking/brook - A cross-platform network tool designed for developers. 一个为开发者设计的跨平台网络工具.

material-design

quasarframework/quasar - Quasar Framework - Build high-performance VueJS user interfaces in record time

webapp

RhinoSecurityLabs/IPRotate_Burp_Extension - Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.
donnemartin/system-design-primer - Learn how to design large-scale systems. Prep for the system design interview. Includes Anki flashcards.
toolswatch/blackhat-arsenal-tools - Official Black Hat Arsenal Security Tools Repository

express

jonasstrehle/supercookie - ⚠️ Browser fingerprinting via favicon!

typescript

jonasstrehle/supercookie - ⚠️ Browser fingerprinting via favicon!
le5le-com/topology - A diagram (topology, UML) framework uses canvas and typescript. 一个轻量（100k左右）、功能丰富的绘图工具（微服务架构图、拓扑图、流程图、类图等UML图、脑图，动画、视频支持）。【在线使用】：
bitwarden/clients - Bitwarden client applications (web, browser extension, desktop, and cli)
crimx/ext-saladict - 🥗 All-in-one professional pop-up dictionary and page translator which supports multiple search modes, page translations, new word notebook and PDF selection searching.

qt

geemion/Khepri - Free,Open-Source,Cross-platform agent and Post-exploiton tool written in Golang and C++ like CobaltStrike.

azure

aquasecurity/tfsec - Security scanner for your Terraform code

csharp

carlospolop/PEASS-ng - PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
dotnetcore/DotnetSpider - DotnetSpider, a .NET standard web crawling library. It is lightweight, efficient and fast high-level web crawling & scraping framework
kwsch/PKHeX - Pokémon Save File Editor

angular

bitwarden/clients - Bitwarden client applications (web, browser extension, desktop, and cli)

rust

starship/starship - ☄🌌️ The minimal, blazing-fast, and infinitely customizable prompt for any shell!
rust-lang/rustlings - 🦀 Small exercises to get you used to reading and writing Rust code!
epi052/feroxbuster - A fast, simple, recursive content discovery tool written in Rust.
spearow/juice - The Hacker's Machine Learning Engine
RustScan/RustScan - 🤖 The Modern Port Scanner 🤖

language

pfusik/cito - Ć programming language. Translated automatically to C, C++, C#, Java, JavaScript, Python, Swift, TypeScript and OpenCL C.
golang/go - The Go programming language

algorithm

youngyangyang04/leetcode-master - 《代码随想录》LeetCode 刷题攻略：200道经典题目刷题顺序，共60w字的详细图解，视频难点剖析，50余张思维导图，支持C++，Java，Python，Go，JavaScript等多语言版本，从此算法学习不再迷茫！🔥🔥 来看看，你会发现相见恨晚！🚀
halfrost/LeetCode-Go - ✅ Solutions to LeetCode by Go, 100% test coverage, runtime beats 100% / LeetCode 题解
halfrost/Halfrost-Field - ✍🏻 这里是写博客的地方 —— Halfrost-Field 冰霜之地
jwasham/coding-interview-university - A complete computer science study plan to become a software engineer.
yangshun/tech-interview-handbook - 💯 Curated interview preparation materials for busy engineers

objective-c

halfrost/Halfrost-Field - ✍🏻 这里是写博客的地方 —— Halfrost-Field 冰霜之地

swift

halfrost/Halfrost-Field - ✍🏻 这里是写博客的地方 —— Halfrost-Field 冰霜之地

api

public-apis/public-apis - A collective list of free APIs

open-source

public-apis/public-apis - A collective list of free APIs

data-structures

jwasham/coding-interview-university - A complete computer science study plan to become a software engineer.

programming

donnemartin/system-design-primer - Learn how to design large-scale systems. Prep for the system design interview. Includes Anki flashcards.
codecrafters-io/build-your-own-x - Master programming by recreating your favorite technologies from scratch.
hoanhan101/ultimate-go - The Ultimate Go Study Guide

design

donnemartin/system-design-primer - Learn how to design large-scale systems. Prep for the system design interview. Includes Anki flashcards.

node

ajinabraham/nodejsscan - nodejsscan is a static security code scanner for Node.js applications.

perl

htrgouvea/nipe - An engine to make Tor network your default gateway

compiler

r00t-3xp10it/venom - venom - C2 shellcode generator/compiler/handler

lua

nmap/nmap - Nmap - the Network Mapper. Github mirror of official SVN repository.
scipag/vulscan - Advanced vulnerability scanning with Nmap NSE

elixir

asdf-vm/asdf - Extendable version manager with support for Ruby, Node.js, Elixir, Erlang & more

homebrew

syndbg/goenv - 🚙 Like pyenv and rbenv, but for Go.

flask

jhao104/proxy_pool - Python爬虫代理IP池(proxy pool)
jofpin/trape - People tracker on the Internet: OSINT analysis and research tool by Jose Pino

google

opsdisk/pagodo - pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching
mxrch/GHunt - 🕵️‍♂️ Offensive Google framework.

frameworks

sundowndev/hacker-roadmap - A collection of hacking tools, resources and references to practice ethical hacking.

ai

Trusted-AI/adversarial-robustness-toolbox - Adversarial Robustness Toolbox (ART) - Python Library for Machine Learning Security - Evasion, Poisoning, Extraction, Inference - Red and Blue Teams
BishopFox/deephack - PoC code from DEF CON 25 presentation

pytorch

Jack-Cherish/PythonPark - Python 开源项目之「自学编程之路」，保姆级教程：AI实验室、宝藏视频、数据结构、学习指南、机器学习实战、深度学习实战、网络爬虫、大厂面经、程序人生、资源分享。

deep-learning

Jack-Cherish/PythonPark - Python 开源项目之「自学编程之路」，保姆级教程：AI实验室、宝藏视频、数据结构、学习指南、机器学习实战、深度学习实战、网络爬虫、大厂面经、程序人生、资源分享。
curiousily/Deep-Learning-For-Hackers - Machine Learning tutorials with TensorFlow 2 and Keras in Python (Jupyter notebooks included) - (LSTMs, Hyperameter tuning, Data preprocessing, Bias-variance tradeoff, Anomaly Detection, Autoencoders,

tensorflow

curiousily/Deep-Learning-For-Hackers - Machine Learning tutorials with TensorFlow 2 and Keras in Python (Jupyter notebooks included) - (LSTMs, Hyperameter tuning, Data preprocessing, Bias-variance tradeoff, Anomaly Detection, Autoencoders,
BishopFox/deephack - PoC code from DEF CON 25 presentation

website

jivoi/awesome-osint - 😱 A curated list of amazingly awesome OSINT

spring-boot

insightglacier/Dictionary-Of-Pentesting - Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

webpack

rtcatc/Packer-Fuzzer - Packer Fuzzer is a fast and efficient scanner for security detection of websites constructed by javascript module bundler such as Webpack.

License

To the extent possible under law, netveil has waived all copyright and related or neighboring rights to this work.

Awesome Stars

Contents

github

github-api

markdown

terminal

cli

documentation

nlp

others

shell

hacktoberfest

go

http

docker

golang

iot

windows

linux

git

automation

hacking

security

framework

kubernetes

java

sql

wordpress

js

chrome-extension

awesome-list

cybersecurity

c

monitoring

ruby

powershell

dotnet

python3

python

macos

mobile

android

database

raspberry-pi

pwa

electron

vue

latex

emoji

continuous-integration

code-review

chrome

firefox

web

php

code

operating-system

devops

postgresql

library

awesome

reverse-engineering

cpp

machine-learning

parsing

emulator

discord

javascript

html

twitter

bash

mysql

testing

react

nodejs

software

reactjs

serverless

terraform

aws