A curated list of my GitHub stars! Generated by starred.
- github
- github-api
- markdown
- terminal
- cli
- documentation
- nlp
- others
- shell
- hacktoberfest
- go
- http
- docker
- golang
- iot
- windows
- linux
- git
- automation
- hacking
- security
- framework
- kubernetes
- java
- sql
- wordpress
- js
- chrome-extension
- awesome-list
- cybersecurity
- c
- monitoring
- ruby
- powershell
- dotnet
- python3
- python
- macos
- mobile
- android
- database
- raspberry-pi
- pwa
- electron
- vue
- latex
- emoji
- continuous-integration
- code-review
- chrome
- firefox
- web
- php
- code
- operating-system
- devops
- postgresql
- library
- awesome
- reverse-engineering
- cpp
- machine-learning
- parsing
- emulator
- discord
- javascript
- html
- bash
- mysql
- testing
- react
- nodejs
- software
- reactjs
- serverless
- terraform
- aws
- bot
- telegram
- ios
- material-design
- webapp
- express
- typescript
- qt
- azure
- csharp
- angular
- rust
- language
- algorithm
- objective-c
- swift
- api
- open-source
- data-structures
- programming
- design
- node
- perl
- compiler
- lua
- elixir
- homebrew
- flask
- frameworks
- ai
- pytorch
- deep-learning
- tensorflow
- website
- spring-boot
- webpack
- rzashakeri/beautify-github-profile - This repository helps you to have a more beautiful and attractive github profile, and you can access a complete set of tools and guides for beautifying your github profile. 🪄 ⭐
- x1sec/commit-stream - #OSINT tool for finding Github repositories by extracting commit logs in real time from the Github event API
- eth0izzle/shhgit - Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories: www.shhgit.com
- 0xbug/Hawkeye - GitHub 泄露监控系统(GitHub Sensitive Information Leakage Monitor Spider)
- github/roadmap - GitHub public roadmap
- tom0li/collection-document - Collection of quality safety articles. Awesome articles.
- rzashakeri/beautify-github-profile - This repository helps you to have a more beautiful and attractive github profile, and you can access a complete set of tools and guides for beautifying your github profile. 🪄 ⭐
- eth0izzle/shhgit - Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories: www.shhgit.com
- michenriksen/gitrob - Reconnaissance tool for GitHub organizations
- rzashakeri/beautify-github-profile - This repository helps you to have a more beautiful and attractive github profile, and you can access a complete set of tools and guides for beautifying your github profile. 🪄 ⭐
- marktext/marktext - 📝A simple and elegant markdown editor, available for Linux, macOS and Windows.
- noraj/OSCP-Exam-Report-Template-Markdown - 📙 Markdown Templates for Offensive Security OSCP, OSWE, OSCE, OSEE, OSWP exam report
- chubin/cheat.sh - the only cheat sheet you need
- tldr-pages/tldr - 📚 Collaborative cheatsheets for console commands
- microsoft/terminal - The new Windows Terminal and the original Windows console host, all in the same place!
- htr-tech/nexphisher - Advanced Phishing tool for Linux & Termux
- ohmyzsh/ohmyzsh - 🙃 A delightful community-driven (with 2,000+ contributors) framework for managing your zsh configuration. Includes 300+ optional plugins (rails, git, macOS, hub, docker, homebrew, node, php, python,
- jesseduffield/lazygit - simple terminal UI for git commands
- chubin/cheat.sh - the only cheat sheet you need
- gnebbia/kb - A minimalist command line knowledge base manager
- mempodippy/vlany - Linux LD_PRELOAD rootkit (x86 and x86_64 architectures)
- alebcay/awesome-shell - A curated list of awesome command-line frameworks, toolkits, guides and gizmos. Inspired by awesome-php.
- bitwarden/clients - Bitwarden client applications (web, browser extension, desktop, and cli)
- gildas-lormeau/SingleFile - 📷 Web Extension for Firefox/Chrome/MS Edge and CLI tool to save a faithful copy of an entire web page in a single HTML file
- ohmyzsh/ohmyzsh - 🙃 A delightful community-driven (with 2,000+ contributors) framework for managing your zsh configuration. Includes 300+ optional plugins (rails, git, macOS, hub, docker, homebrew, node, php, python,
- jesseduffield/lazygit - simple terminal UI for git commands
- asdf-vm/asdf - Extendable version manager with support for Ruby, Node.js, Elixir, Erlang & more
- sherlock-project/sherlock - 🔎 Hunt down social media accounts by username across social networks
- trimstray/sandmap - Nmap on steroids. Simple CLI with the ability to run pure Nmap engine, 31 modules with 459 scan profiles.
- chubin/cheat.sh - the only cheat sheet you need
- tldr-pages/tldr - 📚 Collaborative cheatsheets for console commands
- freeCodeCamp/devdocs - API Documentation Browser
- cheat/cheat - cheat allows you to create and view interactive cheatsheets on the command-line. It was designed to help remind *nix system administrators of options for commands that they use frequently, but not fre
- vi3k6i5/flashtext - Extract Keywords from sentence or Replace keywords in sentences.
- w9w/JSA - Javascript security analysis (JSA) is a program for javascript analysis during web application security assessment.
- PortSwigger/param-miner -
- s0md3v/Arjun - HTTP parameter discovery suite.
- dundunnp/auto_xuexiqiangguo - 每日拿满61分!免root,四人赛双人对战秒答,安卓端学习强国自动化脚本
- TechXueXi/techxuexi-js - 油猴等插件的 学习强国 js 代码 45分/天
- ehrishirajsharma/SwiftnessX - A cross-platform note-taking & target-tracking app for penetration testers.
- v0re/dirb - Web Fuzzer
- tomnomnom/meg - Fetch many paths for many hosts - without killing the hosts
- ShutdownRepo/The-Hacker-Recipes - This project is aimed at freely providing technical guides on various hacking topics: Active Directory services, web services, servers, intelligence gathering, physical intrusion, phishing, mobile app
- pentest-a2p2v/pentest-a2p2v-gui - Web based frontend for A2P2V
- pentest-a2p2v/pentest-a2p2v-core - Core A2P2V functionality (command line based)
- redhuntlabs/Maltego-Scripts -
- redhuntlabs/BurpSuite-Asset_Discover - Burp Suite extension to discover assets from HTTP response.
- vmware-labs/attack-surface-framework - Tool to discover external and internal network attack surface
- microsoft/AttackSurfaceAnalyzer - Attack Surface Analyzer can help you analyze your operating system's security configuration for changes during software installation.
- juliocesarfort/public-pentesting-reports - Curated list of public penetration test reports released by several consulting firms and academic security groups
- bannedbook/fanqiang - 翻墙-科学上网
- harleyQu1nn/AggressorScripts - Collection of Aggressor scripts for Cobalt Strike 3.0+ pulled from multiple sources
- B1gM8c/osint - OSINT汉化版
- netbiosX/Checklists - Red Teaming & Pentesting checklists for various engagements
- PortSwigger/ip-rotate - Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.
- byt3bl33d3r/OffensiveNim - My experiments in weaponizing Nim (https://nim-lang.org/)
- dloss/python-pentest-tools - Python tools for penetration testers
- adon90/pentest_compilation - Compilation of commands, tips and scripts that helped me throughout Vulnhub, Hackthebox, OSCP and real scenarios
- l3m0n/pentest_study - 从零开始内网渗透学习
- hmaverickadams/Beginner-Network-Pentesting - Notes for Beginner Network Pentesting Course
- tanprathan/MobileApp-Pentest-Cheatsheet - The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.
- quentinhardy/odat - ODAT: Oracle Database Attacking Tool
- cytopia/pwncat - pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)
- evilcos/xssor2 - XSS'OR - Hack with JavaScript.
- cujanovic/SSRF-Testing - SSRF (Server Side Request Forgery) testing resources
- vanhauser-thc/thc-hydra - hydra
- arch3rPro/PentestTools - Awesome Pentest Tools Collection
- S3cur3Th1sSh1t/Pentest-Tools -
- studyhelperhelper/studyhelper - 学习强国 xxqg 助手 数独 sudoku
- netveil/Awesome-List -
- EASY233/Finger - 一款红队在大量的资产中存活探测与重点攻击系统指纹探测工具
- s7ckTeam/HackTools - HackTools(如当)为s7ck Team 红队武器库F-Box里的一款汉化的红队浏览器插件。
- zerodytrash/Simple-YouTube-Age-Restriction-Bypass - A simple browser extension to bypass YouTube's age verification and watch age restricted videos without having to sign in.
- api0cradle/UltimateAppLockerByPassList - The goal of this repository is to document the most common techniques to bypass AppLocker.
- LandGrey/SpringBootVulExploit - SpringBoot 相关漏洞学习资料,利用方法和技巧合集,黑盒安全评估 check list
- rebeyond/Behinder - “冰蝎”动态二进制加密网站管理客户端
- BeichenDream/Godzilla - 哥斯拉
- AntSwordProject/antSword - **蚁剑是一款跨平台的开源网站管理工具。AntSword is a cross-platform website management toolkit.
- pureqh/webshell - 免杀webshell生成工具
- FunnyWolf/pystinger - Bypass firewall for traffic forwarding using webshell 一款使用webshell进行流量转发的出网工具
- nsacyber/Mitigating-Web-Shells - Guidance for mitigation web shells. #nsacyber
- zhaojh329/rtty - 🐛 Access your terminal from anywhere via the web.
- zhzyker/exphub - Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本,最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-201
- d30sa1/RootKits-List-Download - This is the list of all rootkits found so far on github and other sites.
- plusvic/yara - The pattern matching swiss knife
- tomchop/malcom - Malcom - Malware Communications Analyzer
- alphaSeclab/awesome-rat - RAT And C&C Resources. 250+ Open Source Projects, 1200+ RAT/C&C blog/video.
- fabrimagic72/malware-samples - A collection of malware samples caught by several honeypots i manage
- hasherezade/hollows_hunter - Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
- mandiant/flare-fakenet-ng - [Suspended] FakeNet-NG - Next Generation Dynamic Network Analysis Tool
- hasherezade/malware_training_vol1 - Materials for Windows Malware Analysis training (volume 1)
- hasherezade/pe-sieve - Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
- charles2gan/GDA-android-reversing-Tool - GDA is a new fast and powerful decompiler in C++(working without Java VM) for the APK, DEX, ODEX, OAT, JAR, AAR, and CLASS file. which supports malicious behavior detection, privacy leaking detection,
- ytisf/theZoo - A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.
- optiv/ScareCrow - ScareCrow - Payload creation framework designed around EDR bypass.
- 0xSobky/HackVault - A container repository for my public web hacks!
- daffainfo/AllAboutBugBounty - All about bug bounty (bypasses, payloads, and etc)
- geekxh/hello-beginner - github 最全技术类思维导图
- cystanford/SQL-XMind - 《SQL必知必会》思维导图
- rebootuser/LinEnum - Scripted Local Linux Enumeration & Privilege Escalation Checks
- mzet-/linux-exploit-suggester - Linux privilege escalation auditing tool
- DominicBreuker/stego-toolkit - Collection of steganography tools - helps with CTF challenges
- Hackplayers/hackthebox-writeups - Writeups for HacktheBox 'boot2root' machines
- TH3xACE/SUDO_KILLER - A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo for linux privilege escalation.
- rewardone/OSCPRepo - A list of commands, scripts, resources, and more that I have gathered and attempted to consolidate for use as OSCP (and more) study material. Commands in 'Usefulcommands' Keepnote. Bookmarks and readi
- opsdisk/the_cyber_plumbers_handbook - Free copy of The Cyber Plumber's Handbook
- facebookarchive/fbctf - Platform to host Capture the Flag competitions
- gh0stkey/HaE - HaE - BurpSuite Highlighter and Extractor
- kitabisa/mubeng - An incredibly fast proxy checker & IP rotator with ease.
- constverum/ProxyBroker - Proxy [Finder | Checker | Server]. HTTP(S) & SOCKS 🎭
- angryip/ipscan - Angry IP Scanner - fast and friendly network scanner
- phith0n/Mind-Map - 各种安全相关思维导图整理收集
- l2-team/cmsfingers - CMS指纹字典
- TideSec/TideFinger - TideFinger——指纹识别小工具,汲取整合了多个web指纹库,结合了多种指纹检测方法,让指纹检测更快捷、准确。
- winezer0/whatweb-plus - whatweb 增强版 合并多个指纹库 8000+插件(提供exe版)
- DominicBreuker/pspy - Monitor linux processes without root permissions
- gwen001/pentest-tools - Custom pentesting tools
- aptnotes/data - APTnotes data
- kbandla/APTnotes - Various public documents, whitepapers and articles about APT campaigns
- ngalongc/bug-bounty-reference - Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature
- tylerha97/awesome-reversing - A curated list of awesome reversing resources
- yeyintminthuhtut/Awesome-Advanced-Windows-Exploitation-References - List of Awesome Advanced Windows Exploitation References
- D35m0nd142/LFISuite - Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner
- streaak/keyhacks - Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
- google/fuzzing - Tutorials, examples, discussions, research proposals, and other resources related to fuzzing
- Audi-1/sqli-labs - SQLI labs to test error based, Blind boolean based, Time based.
- crifan/explore_underlying_mechanism_binary_security - 探究底层机制:二进制安全
- brookhong/KeyCastOW - keystroke visualizer for Windows, lets you easily display your keystrokes while recording screencasts.
- psypanda/hashID - Software to identify the different types of hashes -
- kmonad/kmonad - An advanced keyboard manager
- igrigorik/videospeed - HTML5 video speed controller (for Google Chrome)
- rcaelers/workrave - Workrave is a program that assists in the recovery and prevention of Repetitive Strain Injury (RSI). The program frequently alerts you to take micro-pauses, rest breaks and restricts you to your daily
- Flangvik/AMSI.fail - C# Azure Function with an HTTP trigger that generates obfuscated PowerShell snippets that break or disable AMSI for the current process.
- jgraph/drawio - Source to app.diagrams.net
- jgraph/drawio-desktop - Official electron build of diagrams.net
- mingrammer/diagrams - 🎨 Diagram as Code for prototyping cloud system architectures
- PowerShellMafia/PowerSploit - PowerSploit - A PowerShell Post-Exploitation Framework
- cmuratori/meow_hash - Official version of the Meow hash, an extremely fast level 1 hash
- google/AFL - american fuzzy lop - a security-oriented fuzzer
- MerlionRock/RealAndroidBot -
- AHAAAAAAA/PokemonGo-Map - 🌏 Live visualization of all the pokemon in your area... and more! (shutdown)
- RocketMap/RocketMap - 🌏 Live visualization of all the pokemon in your area... and more!
- AsTryE/QQRedPackHelper - Mac 系统下的QQ抢红包插件,消息防撤回,消息自动回复,红包指定群过滤,红包指定关键字过滤,无需回复-抢文字口令红包,时间随机延迟抢红包
- HuskyHacks/PMAT-labs - Labs for Practical Malware Analysis & Triage
- riusksk/secbook - 信息安全从业者书单推荐
- BluePointLilac/ContextMenuManager - 🖱️ 纯粹的Windows右键菜单管理程序
- LandGrey/webshell-detect-bypass - 绕过专业工具检测的Webshell研究文章和免杀的Webshell
- eliboa/TegraRcmGUI - C++ GUI for TegraRcmSmash (Fusée Gelée exploit for Nintendo Switch)
- arismelachroinos/lscript - The LAZY script will make your life easier, and of course faster.
- rapid7/metasploit-payloads - Unified repository for different Metasploit Framework payloads
- rapid7/metasploitable3 - Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities.
- gentilkiwi/mimikatz - A little tool to play with Windows security
- AwesomeTTS/awesometts-anki-addon - AwesomeTTS text-to-speech add-on for Anki
- Ignitetch/AdvPhishing - This is Advance Phishing Tool ! OTP PHISHING
- trustedsec/social-engineer-toolkit - The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.
- drk1wi/Modlishka - Modlishka. Reverse Proxy.
- NYAN-x-CAT/AsyncRAT-C-Sharp - Open-Source Remote Administration Tool For Windows C# (RAT)
- NickeManarin/ScreenToGif - 🎬 ScreenToGif allows you to record a selected area of your screen, edit and save it as a gif or video.
- oneparsec/njRAT - NjRAT is a Remote Administration Tool. This repository contains a Njrat Editions.
- TheC0mpany/NjRat-0.7D-Green-Edition-by-im523 - NjRat 0.7D Green Edition by im523
- Cgboal/SonarSearch - A rapid API for the Project Sonar dataset
- raryelcostasouza/pyTranscriber - pyTranscriber can be used to generate automatic transcription / automatic subtitles for audio/video files through a friendly graphical user interface.
- AlexisAhmed/BugBountyToolkit - A multi-platform bug bounty toolkit that can be installed on Debian/Ubuntu or set up with Docker.
- TEag1e/BurpCollector - 通过BurpSuite来构建自己的爆破字典,可以通过字典爆破来发现隐藏资产。
- maK-/parameth - This tool can be used to brute discover GET and POST parameters
- ankitects/anki - Anki for desktop computers
- ffffffff0x/Digital-Privacy - Information Protection & OSINT resources | 一个关于数字隐私搜集、保护、清理集一体的方案,外加开源信息收集(OSINT)对抗
- VirusTotal/yara - The pattern matching swiss knife
- Ascotbe/Medusa - 🐈Medusa是一个红队武器库平台,目前包括XSS平台、协同平台、CVE监控、免杀生成、DNSLOG、钓鱼邮件、文件获取等功能,持续开发中
- hisxo/gitGraber - gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...
- LOLBAS-Project/LOLBAS - Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
- techkie/penetration - 渗透 超全面的渗透资料💯 包含:0day,xss,sql注入,提权……
- ropnop/kerbrute - A tool to perform Kerberos pre-auth bruteforcing
- CiscoCXSecurity/enum4linux - enum4Linux is a Linux alternative to enum.exe for enumerating data from Windows and Samba hosts
- tats/w3m - Debian's w3m: WWW browsable pager
- praetorian-inc/Hob0Rules - Password cracking rules for Hashcat based on statistics and industry patterns
- Veil-Framework/Veil - Veil 3.1.X (Check version info in Veil at runtime)
- oddcod3/Phantom-Evasion - Python antivirus evasion tool
- g0tmi1k/msfpc - MSFvenom Payload Creator (MSFPC)
- trustedsec/unicorn - Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique presented
- yeti-platform/yeti - Your Everyday Threat Intelligence
- mandiant/flare-floss - FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.
- redhuntlabs/RedHunt-OS - Virtual Machine for Adversary Emulation and Threat Hunting
- sullo/nikto - Nikto web server scanner
- jhaddix/pentest-bookmarks - a collection of handy bookmarks
- 0x90n/InfoSec-Black-Friday - All the deals for InfoSec related software/tools this Black Friday
- chaitin/rad -
- n0tr00t/Sreg - Sreg可对使用者通过输入email、phone、username的返回用户注册的所有互联网护照信息。
- zmap/zmap - ZMap is a fast single packet network scanner designed for Internet-wide network surveys.
- 0voice/linux_environment_tools - 总结linux环境开发工具,包含linux,虚拟机,编译器,编辑器,测试工具,加密工具
- nagadomi/waifu2x - Image Super-Resolution for Anime-Style Art
- bradtraversy/design-resources-for-developers - Curated list of design and UI resources from stock photos, web templates, CSS frameworks, UI libraries, tools and much more
- kamranahmedse/developer-roadmap - Roadmap to becoming a developer in 2022
- USTC-Hackergame/hackergame2021-writeups - **科学技术大学第八届信息安全大赛的官方与非官方题解
- GrrrDog/Java-Deserialization-Cheat-Sheet - The cheat sheet about Java Deserialization vulnerabilities
- joaomatosf/jexboss - JexBoss: Jboss (and Java Deserialization Vulnerabilities) verify and EXploitation Tool
- rubyhan1314/Golang-100-Days - Golang - 100天从新手到大师
- foryujian/yjdirscan - 御剑目录扫描专业版,简单实用的命令行网站目录扫描工具,支持爬虫、fuzz、自定义字典、字典变量、UA修改、假404自动过滤、扫描控速等功能。
- tennc/fuzzdb - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
- x90skysn3k/brutespray - Brute-Forcing from Nmap output - Automatically attempts default creds on found services.
- m4ll0k/BBTz - BBT - Bug Bounty Tools
- arkadiyt/bounty-targets-data - This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports
- nahamsec/lazyrecon - This script is intended to automate your reconnaissance process in an organized fashion
- danielmiessler/RobotsDisallowed - A curated list of the most common and most interesting robots.txt disallowed directories.
- joe-shenouda/awesome-cyber-skills - A curated list of hacking environments where you can train your cyber skills legally and safely
- djadmin/awesome-bug-bounty - A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups.
- epinna/weevely3 - Weaponized web shell
- LionSec/xerosploit - Efficient and advanced man in the middle framework
- tomnomnom/gf - A wrapper around grep, to help you grep for things
- bugcrowd/HUNT -
- lwzSoviet/NoXss - Faster xss scanner,support reflected-xss and dom-xss
- FlagBrew/PKSM-Scripts - General purpose scripts to use with PKSM.
- FlagBrew/PKSM - Gen III to GenVIII save manager.
- ziishaned/learn-regex - Learn regex the easy way
- Lz1y/xray-crack - xray社区高级版证书生成,仅供学习研究,正常使用请支持正版
- alexandreborges/malwoverview - Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, ThreatCrowd, Malware
- tomnomnom/qsreplace - Accept URLs on stdin, replace all query string values with a user-supplied value
- 1ndianl33t/Gf-Patterns - GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grep
- Lengso/iplookup - IP反查域名
- 1120362990/small-scripts - 批量网站存活性测试、网站截图、web压缩文件检测
- YYRise/black-hat-go - 《Black.Hat.Go》中文翻译
- h3110w0r1d-y/BurpLoaderKeygen - Burp Suite Pro Loader & Keygen ( BurpSuite version v2020.1 - ∞ )
- k8gege/LadonGo - LadonGO 4.0 Pentest Scanner framework 全平台Go开源内网渗透扫描器框架,Windows/Linux/Mac内网渗透,使用它可轻松一键批量探测C段、B段、A段存活主机、高危漏洞检测MS17010、SmbGhost,远程执行SSH/Winrm,密码爆破SMB/SSH/FTP/Mysql/Mssql/Oracle/Winrm/HttpBasic/Redis,端口扫
- knownsec/ksubdomain - 无状态子域名爆破工具
- wafpassproject/wafpass - Analysing parameters with all payloads' bypass methods, aiming at benchmarking security solutions like WAF.
- Ekultek/WhatWaf - Detect and bypass web application firewalls and protection systems
- lijiejie/BBScan - A fast vulnerability scanner
- bit4woo/Summit_PPT - 各种安全大会PPT PDF
- bugcrowd/bugcrowd_university - Open source education content for the researcher community
- pwntester/ysoserial.net - Deserialization payload generator for a variety of .NET formatters
- DanMcInerney/xsscrapy - XSS spider - 66/66 wavsep XSS detected
- bowenpay/wechat-spider - 微信公众号爬虫
- hanc00l/wooyun_public - This repo is archived. Thanks for wooyun! 乌云公开漏洞、知识库爬虫和搜索 crawl and search for wooyun.org public bug(vulnerability) and drops
- google/tsunami-security-scanner - Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.
- hannob/snallygaster - Tool to scan for secret files on HTTP servers
- assetnote/wordlists - Automated & Manual Wordlists provided by Assetnote
- google/grumpy - Grumpy is a Python to Go source code transcompiler and runtime.
- LandGrey/pydictor - A powerful and useful hacker dictionary builder for a brute-force attack
- drwetter/testssl.sh - Testing TLS/SSL encryption anywhere on any port
- pielco11/fav-up - IP lookup by favicon using Shodan
- devanshbatham/OpenRedireX - A Fuzzer for OpenRedirect issues
- tomnomnom/anew - A tool for adding new lines to files, skipping duplicates
- obheda12/GitDorker - A Python program to scrape secrets from GitHub through usage of a large repository of dorks.
- Voorivex/pentest-guide - Penetration tests guide based on OWASP including test cases, resources and examples.
- devanshbatham/Awesome-Bugbounty-Writeups - A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference
- KathanP19/HowToHunt - Tutorials and Things to Do while Hunting Vulnerability.
- m4ll0k/Infoga - Infoga - Email OSINT
- rootphantomer/Blasting_dictionary - 爆破字典
- w-digital-scanner/w13scan - Passive Security Scanner (被动式安全扫描器)
- FortyNorthSecurity/EyeWitness - EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.
- lockfale/OSINT-Framework - OSINT Framework
- liamg/traitor - ⬆️ ☠️ 🔥 Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock
- 1N3/Findsploit - Find exploits in local and online databases instantly
- tomnomnom/waybackurls - Fetch all the URLs that the Wayback Machine knows about for a domain
- tomnomnom/httprobe - Take a list of domains and probe for working HTTP and HTTPS servers
- haad/proxychains - proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4, SOCKS5 or HTTP(S) proxy. Supported auth-types: "user/pass" for
- tismayil/rsdl - Subdomain Scan With Ping Method.
- appsecco/the-art-of-subdomain-enumeration - This repository contains all the supplement material for the book "The art of sub-domain enumeration"
- al0ne/init.sh - Linux 环境部署脚本,一键配置系统设置,安装常用工具/开发环境/渗透测试工具等
- darkoperator/dnsrecon - DNS Enumeration Script
- tomnomnom/assetfinder - Find domains and subdomains related to a given domain
- mazen160/Firefox-Security-Toolkit - A tool that transforms Firefox browsers into a penetration testing suite
- epsylon/cintruder - Captcha Intruder (CIntrud3r) is an automatic pentesting tool to bypass captchas.
- s0md3v/ReconDog - Reconnaissance Swiss Army Knife
- christophetd/CloudFlair - 🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.
- christophetd/censys-subdomain-finder - ⚡ Perform subdomain enumeration using the certificate transparency logs from Censys.
- soimort/translate-shell - 💬 Command-line translator using Google Translate, Bing Translator, Yandex.Translate, etc.
- hellysmile/fake-useragent - up to date simple useragent faker with real world database
- SkyoKen/RasCon_NS - Connect to Nintendo Switch over Bluetooth, emulate amiibo and use script from the web.(蓝牙连接Nintendo Switch,并可通过网页控制和使用脚本与amiibo)
- nukieberry/PokemonTycoon -
- BullsEye0/google_dork_list - Google Dorks | Google helps you to find Vulnerable Websites that Indexed in Google Search Results. Here is the latest collection of Google Dorks. A collection of 13.760 Dorks. Author: Jolanda de Koff
- aleedhillon/7000-Google-Dork-List - 7,000 Dorks for hacking into various sites
- robertdavidgraham/masscan - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
- heroanswer/XSS_Cheat_Sheet_2020_Edition - xss漏洞模糊测试payload的最佳集合 2020版
- s0md3v/AwesomeXSS - Awesome XSS stuff
- payloadbox/xss-payload-list - 🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
- s0md3v/XSStrike - Most advanced XSS scanner.
- SecWiki/sec-chart - 安全思维导图集合
- aemkei/jsfuck - Write any JavaScript with 6 Characters: !+
- SolomonSklash/chomp-scan - A scripted pipeline of tools to streamline the bug bounty/penetration test reconnaissance phase, so you can focus on chomping bugs.
- EvilAnne/2019-Read-article - 2019年网上阅读过的文章记录
- zardus/ctf-tools - Some setup scripts for security research tools.
- TideSec/BypassAntiVirus - 远控免杀系列文章及配套工具,汇总测试了互联网上的几十种免杀工具、113种白名单免杀方式、8种代码编译免杀、若干免杀实战技术,并对免杀效果进行了一一测试,为远控的免杀和杀软对抗免杀提供参考。
- Cc28256/CcRemote - 这是一个基于gh0st远程控制的项目,使自己更深入了解远控的原理,采用VS2017,默认分支hijack还在修改不能执行,master分支的项目可以正常的运行的,你可以切换到该分支查看可以执行的代码
- lengjibo/FourEye - AV Evasion Tool For Red Team Ops
- seatgeek/fuzzywuzzy - Fuzzy String Matching in Python
- xmendez/wfuzz - Web application fuzzer
- mschwager/fierce - A DNS reconnaissance tool for locating non-contiguous IP space.
- laramies/metagoofil - Metadata harvester
- lanmaster53/recon-ng - Open Source Intelligence gathering tool aimed at reducing the time spent harvesting information from open sources.
- wgpsec/tig - Threat Intelligence Gathering 威胁情报收集,旨在提高蓝队拿到攻击 IP 后对其进行威胁情报信息收集的效率。
- Micropoor/Micro8 - Gitbook
- bit4woo/teemo - A Domain Name & Email Address Collection Tool
- infosec-au/altdns - Generates permutations, alterations and mutations of subdomains and then resolves them
- Qftm/Information_Collection_Handbook - Handbook of information collection for penetration testing and src
- GerbenJavado/LinkFinder - A python script that finds endpoints in JavaScript files
- guelfoweb/knock - Knock Subdomain Scan
- p1g3/JSINFO-SCAN - 递归式寻找域名和api。
- ring04h/wydomain - to discover subdomains of your target domain
- projectdiscovery/dnsx - dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers.
- coco413/DiscoverSubdomain - 前渗透信息探测工具集-子域名
- knownsec/RD_Checklist - 知道创宇研发技能表
- H4ckForJob/dirmap - An advanced web directory & file scanning tool that will be more powerful than DirBuster, Dirsearch, cansina, and Yu Jian.一个高级web目录、文件扫描工具,功能将会强于DirBuster、Dirsearch、cansina、御剑。
- 01rabbit/PAKURI - PAKURI has been merged with Python and launched as a new project, PAKURI-THON.
- 1N3/IntruderPayloads - A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.
- mantvydasb/RedTeaming-Tactics-and-Techniques - Red Teaming Tactics and Techniques
- redcanaryco/atomic-red-team - Small and highly portable detection tests based on MITRE's ATT&CK.
- franccesco/getaltname - Extract subdomains from SSL certificates in HTTPS sites.
- DataSploit/datasploit - An #OSINT Framework to perform various recon techniques on Companies, People, Phone Number, Bitcoin Addresses, etc., aggregate all the raw data, and give data in multiple formats.
- jonluca/Anubis - 🔓 Subdomain enumeration and information gathering tool
- gubertoli/ProbingDataset - Dataset of Probing Attacks (Port Scan) performed with nmap, unicornscan, hping3, zmap and masscan
- 0xMJ/AI-Security-Learning - 自身学习的安全数据科学和算法的学习资料
- ZyxEforce/PenetrationTestNote - 渗透测试笔记copy整理
- Wuy1f4n/Sec-Tools-List - 渗透测试中的一些开源工具按照Att&ck 流程进行归类
- smallpo1nt/-- - Web安全攻防渗透测试实战指南
- gyoisamurai/GyoiThon - GyoiThon is a growing penetration test tool using Machine Learning.
- super-l/superl-url - 根据关键词,对搜索引擎内容检索结果的网址内容进行采集的一款程序。可自动从多个搜索引擎采集相关网站的真实地址与标题等信息,可保存为文件,自动去除重复URL。同时,也可以自定义忽略多条域名等。
- xiaoy-sec/Pentest_Note - 渗透测试常规操作记录
- Leezj9671/Pentest_Interview - 个人准备渗透测试和安全面试的经验之谈,和去部分厂商的面试题,干货真的满满~
- Xyntax/POC-T - 渗透测试插件化并发框架 / Open-sourced remote vulnerability PoC/EXP framework
- Mr-xn/Penetration_Testing_POC - 渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cm
- reallys/pentest - 渗透测试大纲流程
- iSafeBlue/TrackRay - 溯光 (TrackRay) 3 beta⚡渗透测试框架(资产扫描|指纹识别|暴力破解|网页爬虫|端口扫描|漏洞扫描|代码审计|AWVS|NMAP|Metasploit|SQLMap)
- hongriSec/AI-Machine-Learning-Security - 一个关于人工智能渗透测试分析系列
- iSafeBlue/Mind-Map - 超详细的渗透测试思维导图
- DeepSpaceHarbor/Awesome-AI-Security - 📁 #AISecurity
- yenchenlin/awesome-adversarial-machine-learning - A curated list of awesome adversarial machine learning resources
- TonyChen56/HackerTools - 使用MFC编写的病毒技术合集
- johnmyleswhite/ML_for_Hackers - Code accompanying the book "Machine Learning for Hackers"
- Findomain/Findomain - The complete solution for domain recognition. Supports screenshoting, port scan, HTTP check, data import from other tools, subdomain monitoring, alerts via Discord, Slack and Telegram, multiple API Ke
- blechschmidt/massdns - A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)
- Threezh1/JSFinder - JSFinder is a tool for quickly extracting URLs and subdomains from JS files on a website.
- FeeiCN/ESD - Enumeration sub domains(枚举子域名)
- Moham3dRiahi/Th3inspector - Th3Inspector 🕵️ Best Tool For Information Gathering 🔎
- pedsm/deepHack - Deep learning hacking predictions
- klaussinani/hyper-pokemon - Tailor-made Pokémon themes for your Hyper terminal
- sevagas/macro_pack - macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments. T
- leiguorui/programming-video-tutorials - 视频教程:Java, 大数据,云计算,Android,Hadoop,Docker,mysql,spark,CRM,OA...
- EnableSecurity/wafw00f - WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.
- sundowndev/phoneinfoga - Information gathering & OSINT framework for phone numbers
- guardicore/monkey - Infection Monkey - An automated pentest tool
- projectpokemon/EventsGallery - ProjectPokemon Events Gallery
- architdate/PKHeX-Plugins - Plugins for PKHeX
- 0xInfection/XSRFProbe - The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.
- beefproject/beef - The Browser Exploitation Framework Project
- 0xInfection/TIDoS-Framework - The Offensive Manual Web Application Penetration Testing Framework.
- fuzzdb-project/fuzzdb - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
- summitt/Burp-Non-HTTP-Extension - Non-HTTP Protocol Extension (NoPE) Proxy and DNS for Burp Suite.
- Greenwolf/social_mapper - A Social Media Enumeration & Correlation Tool by Jacob Wilkin(Greenwolf)
- vulmon/Vulmap - Vulmap Online Local Vulnerability Scanners Project
- 0x09AL/raven - raven is a Linkedin information gathering tool that can be used by pentesters to gather information about an organization employees using Linkedin.
- ElevenPaths/FOCA - Tool to find metadata and hidden information in the documents.
- coffeehb/Some-PoC-oR-ExP - 各种漏洞poc、Exp的收集或编写
- appsecco/bugcrowd-levelup-subdomain-enumeration - This repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bugcrowd LevelUp 2017 virtual conference
- ctfs/resources - A general collection of information, tools, and tips regarding CTFs and similar security competitions
- Bhaviktutorials/shark - Future Of Phishing With less delay
- zeroc00I/AllVideoPocsFromHackerOne - This script grab public report from hacker one and make some folders with poc videos
- TheKingOfDuck/fuzzDicts - Web Pentesting Fuzz 字典,一个就够了。
- urbanadventurer/bing-ip2hosts - bingip2hosts is a Bing.com web scraper that discovers websites by IP address
- achillean/shodan-python - The official Python library for Shodan
- vulscanteam/vulscan - vulscan 扫描系统:最新的poc&exp漏洞扫描,redis未授权、敏感文件、java反序列化、tomcat命令执行及各种未授权扫描等...
- tanjiti/sec_profile - 爬取secwiki和xuanwu.github.io/sec.today,分析安全信息站点、安全趋势、提取安全工作者账号(twitter,weixin,github等)
- 404notf0und/CVE-Flow - CVE Data Analysis, CVE Monitor, CVE EXP Prediction Based on Deep Learning. 1999-2020年存量CVE数据分析、监控CVE增量更新、基于深度学习的CVE EXP预测和自动化推送
- berzerk0/Probable-Wordlists - Version 2 is live! Wordlists sorted by probability originally created for password generation and testing - make sure your passwords aren't popular!
- danielmiessler/SecLists - SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensi
- Alvin9999/new-pac - 翻墙-科学上网、免费翻墙、免费科学上网、VPN、一键翻墙浏览器,vps一键搭建翻墙服务器脚本/教程,免费shadowsocks/ss/ssr/v2ray/goflyway账号/节点,免费自由上网、fanqiang、翻墙梯子,电脑、手机、iOS、安卓、windows、Mac、Linux、路由器翻墙
- yeyintminthuhtut/Awesome-Red-Teaming - List of Awesome Red Teaming Resources
- alphaSeclab/awesome-cyber-security - [Draft]Awesome Cyber Security Resource Collection. Currently contains 8000+ open source repositories, and not very well classified. For each repository, extra info included: star count, commit count,
- shr3ddersec/Shr3dKit - Red Team Tool Kit
- shmilylty/awesome-hacking - awesome hacking chinese version
- TheRook/subbrute - A DNS meta-query spider that enumerates DNS records, and subdomains.
- aboul3la/Sublist3r - Fast subdomains enumeration tool for penetration testers
- lijiejie/subDomainsBrute - A fast sub domain brute tool for pentesters
- xiaoZ-hc/redtool - 日常积累的一些红队工具及自己写的脚本,更偏向于一些diy的好用的工具,并不是一些比较常用的msf/awvs/xray这种
- 13o-bbr-bbq/machine_learning_security - Source code about machine learning and security.
- Kayzaks/HackingNeuralNetworks - A small course on exploiting and defending neural networks
- shellinabox/shellinabox - Official-ish Fork of Shell In A Box
- PacktPublishing/Python-3-For-Offensive-PenTest-A-Complete-Practical-Course - Python 3 For Offensive PenTest: A Complete Practical Course, published by Packt
- sting8k/BurpSuite_403Bypasser - Burpsuite Extension to bypass 403 restricted directory
- LuaDist/Repository - Repository of LuaDist modules available for installation using the luadist-git command line tool
- QS20199/paino - 一个帮助练习记忆五线谱与钢琴键位的工具
- bit4woo/knife - A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅
- d3vilbug/HackBar - HackBar plugin for Burpsuite
- tldr-pages/tldr - 📚 Collaborative cheatsheets for console commands
- Hackplayers/evil-winrm - The ultimate WinRM shell for hacking/pentesting
- xl7dev/WebShell - Webshell && Backdoor Collection
- alebcay/awesome-shell - A curated list of awesome command-line frameworks, toolkits, guides and gizmos. Inspired by awesome-php.
- CISOfy/lynis - Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
- carlospolop/PEASS-ng - PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
- ohmyzsh/ohmyzsh - 🙃 A delightful community-driven (with 2,000+ contributors) framework for managing your zsh configuration. Includes 300+ optional plugins (rails, git, macOS, hub, docker, homebrew, node, php, python,
- n1nj4sec/pupy - Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python
- asdf-vm/asdf - Extendable version manager with support for Ruby, Node.js, Elixir, Erlang & more
- rbenv/rbenv - Manage your app's Ruby environment
- pyenv/pyenv - Simple Python version management
- PowerShell/PowerShell - PowerShell for every system!
- backdoorhub/shell-backdoor-list - 🎯 PHP / ASP - Shell Backdoor List 🎯
- tldr-pages/tldr - 📚 Collaborative cheatsheets for console commands
- CedArctic/DigiSpark-Scripts - USB Rubber Ducky type scripts written for the DigiSpark.
- freeCodeCamp/devdocs - API Documentation Browser
- intelowlproject/IntelOwl - Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale
- radareorg/radare2 - UNIX-like reverse engineering framework and command-line toolset
- juice-shop/juice-shop - OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
- HashPals/Name-That-Hash - 🔗 Don't know what type of hash it is? Name That Hash will name that hash type! 🤖 Identify MD5, SHA256 and 300+ other hashes ☄ Comes with a neat web app 🔥
- 003random/getJS - A tool to fastly get all javascript sources/files
- rmusser01/Infosec_Reference - An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
- lirantal/awesome-nodejs-security - Awesome Node.js Security resources
- BC-SECURITY/Starkiller - Starkiller is a Frontend for PowerShell Empire.
- BC-SECURITY/Empire - Empire is a PowerShell and Python 3.x post-exploitation framework.
- rapid7/metasploit-framework - Metasploit Framework
- mitmproxy/mitmproxy - An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
- anchore/grype - A vulnerability scanner for container images and filesystems
- Ciphey/Ciphey - ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
- bee-san/pyWhat - 🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙♀️
- starship/starship - ☄🌌️ The minimal, blazing-fast, and infinitely customizable prompt for any shell!
- tiagorlampert/CHAOS - 🔥 CHAOS is a free and open-source Remote Administration Tool that allow generate binaries to control remote operating systems.
- ohmyzsh/ohmyzsh - 🙃 A delightful community-driven (with 2,000+ contributors) framework for managing your zsh configuration. Includes 300+ optional plugins (rails, git, macOS, hub, docker, homebrew, node, php, python,
- EbookFoundation/free-programming-books - 📚 Freely available programming books
- epi052/feroxbuster - A fast, simple, recursive content discovery tool written in Rust.
- Gallopsled/pwntools - CTF framework and exploit development library
- lc/gau - Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.
- projectdiscovery/naabu - A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests
- swisskyrepo/SSRFmap - Automatic SSRF fuzzer and exploitation tool
- six2dez/reconftw - reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
- swisskyrepo/PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
- ivre/ivre - Network recon framework, published by @cea-sec & @ANSSI-FR. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, coll
- projectdiscovery/httpx - httpx is a fast and multi-purpose HTTP toolkit allows to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads.
- sherlock-project/sherlock - 🔎 Hunt down social media accounts by username across social networks
- projectdiscovery/shuffledns - MassDNS wrapper written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support.
- PowerShell/PowerShell - PowerShell for every system!
- spearow/juice - The Hacker's Machine Learning Engine
- hslatman/awesome-threat-intelligence - A curated list of Awesome Threat Intelligence resources
- prowler-cloud/prowler - Prowler is an Open Source security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 2
- RustScan/RustScan - 🤖 The Modern Port Scanner 🤖
- ehang-io/nps - 一款轻量级、高性能、功能强大的内网穿透代理服务器。支持tcp、udp、socks5、http等几乎所有流量转发,可用来访问内网网站、本地支付接口调试、ssh访问、远程桌面,内网dns解析、内网socks5代理等等……,并带有功能强大的web管理端。a lightweight, high-performance, powerful intranet penetration proxy server,
- future-architect/vuls - Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
- j3ssie/osmedeus - A Workflow Engine for Offensive Security
- zricethezav/gitleaks - Protect and discover secrets using Gitleaks 🔑
- anchore/grype - A vulnerability scanner for container images and filesystems
- aquasecurity/tfsec - Security scanner for your Terraform code
- fatedier/frp - A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
- parsiya/Hacking-with-Go - Golang for Security Professionals
- youngyangyang04/leetcode-master - 《代码随想录》LeetCode 刷题攻略:200道经典题目刷题顺序,共60w字的详细图解,视频难点剖析,50余张思维导图,支持C++,Java,Python,Go,JavaScript等多语言版本,从此算法学习不再迷茫!🔥🔥 来看看,你会发现相见恨晚!🚀
- halfrost/LeetCode-Go - ✅ Solutions to LeetCode by Go, 100% test coverage, runtime beats 100% / LeetCode 题解
- halfrost/Halfrost-Field - ✍🏻 这里是写博客的地方 —— Halfrost-Field 冰霜之地
- panjf2000/ants - 🐜🐜🐜 ants is a high-performance and low-cost goroutine pool in Go, inspired by fasthttp./ ants 是一个高性能且低损耗的 goroutine 池。
- dreddsa5dies/goHackTools - Hacker tools on Go (Golang)
- crawlab-team/crawlab - Distributed web crawler admin platform for spiders management regardless of languages and frameworks. 分布式爬虫管理平台,支持任何语言和框架
- dwisiswant0/crlfuzz - A fast tool to scan CRLF vulnerability written in Go
- jaeles-project/gospider - Gospider - Fast web spider written in Go
- OJ/gobuster - Directory/File, DNS and VHost busting tool written in Go
- syndbg/goenv - 🚙 Like pyenv and rbenv, but for Go.
- golang/go - The Go programming language
- haccer/subjack - Subdomain Takeover tool written in Go
- LearnGolang/365Golang - 《365天深入理解Go语言》Deep understanding of Golang.
- caffix/amass - In-depth Attack Surface Mapping and Asset Discovery
- OWASP/Amass - In-depth Attack Surface Mapping and Asset Discovery
- ehang-io/nps - 一款轻量级、高性能、功能强大的内网穿透代理服务器。支持tcp、udp、socks5、http等几乎所有流量转发,可用来访问内网网站、本地支付接口调试、ssh访问、远程桌面,内网dns解析、内网socks5代理等等……,并带有功能强大的web管理端。a lightweight, high-performance, powerful intranet penetration proxy server,
- snail007/goproxy - 🔥 Proxy is a high performance HTTP(S) proxies, SOCKS5 proxies,WEBSOCKET, TCP, UDP proxy server implemented by golang. Now, it supports chain-style proxies,nat forwarding in different lan,TCP/UDP port
- mitmproxy/mitmproxy - An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
- projectdiscovery/interactsh - An OOB interaction gathering server and client library
- projectdiscovery/httpx - httpx is a fast and multi-purpose HTTP toolkit allows to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads.
- IceWhaleTech/CasaOS - CasaOS - A simple, easy-to-use, elegant open-source Home Cloud system.
- koutto/jok3r - Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework
- Hackplayers/evil-winrm - The ultimate WinRM shell for hacking/pentesting
- TechXueXi/TechXueXi - 强国通 科技强国 学习强国 xuexiqiangguo 全网最好用开源网页学习强国助手:TechXueXi (懒人刷分工具 自动学习)技术强国,支持答题,支持 docker 45分/天
- stepchowfun/toast - Containerize your development and continuous integration environments. 🥂
- esrrhs/pingtunnel - Pingtunnel is a tool that send TCP/UDP traffic over ICMP
- maliceio/malice - VirusTotal Wanna Be - Now with 100% more Hipster
- PokemonGoF/PokemonGo-Bot - The Pokemon Go Bot, baking with community.
- anchore/grype - A vulnerability scanner for container images and filesystems
- FunnyWolf/Viper - Redteam operation platform with webui 图形化红队行动辅助平台
- gildas-lormeau/SingleFile - 📷 Web Extension for Firefox/Chrome/MS Edge and CLI tool to save a faithful copy of an entire web page in a single HTML file
- crawlab-team/crawlab - Distributed web crawler admin platform for spiders management regardless of languages and frameworks. 分布式爬虫管理平台,支持任何语言和框架
- jaywcjlove/docker-tutorial - 🐳 Docker入门学习笔记
- Medicean/VulApps - 快速搭建各种漏洞环境(Various vulnerability environment)
- cdk-team/CDK - 📦 Make security testing of K8s, Docker, and Containerd easier.
- RustScan/RustScan - 🤖 The Modern Port Scanner 🤖
- IceWhaleTech/CasaOS - CasaOS - A simple, easy-to-use, elegant open-source Home Cloud system.
- x1sec/commit-stream - #OSINT tool for finding Github repositories by extracting commit logs in real time from the Github event API
- eth0izzle/shhgit - Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories: www.shhgit.com
- cyberark/kubesploit - Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang, focused on containerized environments.
- future-architect/vuls - Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
- yaklang/yakit - Cyber Security ALL-IN-ONE Platform
- Adminisme/ServerScan - ServerScan一款使用Golang开发的高并发网络扫描、服务探测工具。
- ph4ntonn/Stowaway - 👻Stowaway -- Multi-hop Proxy Tool for pentesters
- j3ssie/osmedeus - A Workflow Engine for Offensive Security
- maliceio/malice - VirusTotal Wanna Be - Now with 100% more Hipster
- zricethezav/gitleaks - Protect and discover secrets using Gitleaks 🔑
- anchore/grype - A vulnerability scanner for container images and filesystems
- geemion/Khepri - Free,Open-Source,Cross-platform agent and Post-exploiton tool written in Golang and C++ like CobaltStrike.
- tiagorlampert/CHAOS - 🔥 CHAOS is a free and open-source Remote Administration Tool that allow generate binaries to control remote operating systems.
- halfrost/LeetCode-Go - ✅ Solutions to LeetCode by Go, 100% test coverage, runtime beats 100% / LeetCode 题解
- halfrost/Halfrost-Field - ✍🏻 这里是写博客的地方 —— Halfrost-Field 冰霜之地
- 0voice/Introduction-to-Golang - 【未来服务器端编程语言】最全空降golang资料补给包(满血战斗),包含文章,书籍,作者论文,理论分析,开源框架,云原生,大佬视频,大厂实战分享ppt
- hoanhan101/ultimate-go - The Ultimate Go Study Guide
- KathanP19/Gxss - A tool to check a bunch of URLs that contain reflecting params.
- rfyiamcool/share_ppt - 🚗 我个人曾经做过的技术分享...
- dreddsa5dies/goHackTools - Hacker tools on Go (Golang)
- Dliv3/Venom - Venom - A Multi-hop Proxy for Penetration Testers
- jaeles-project/jaeles - The Swiss Army knife for automated Web Application Testing
- dwisiswant0/crlfuzz - A fast tool to scan CRLF vulnerability written in Go
- sensepost/gowitness - 🔍 gowitness - a golang, web screenshot utility using Chrome Headless
- gophish/gophish - Open-Source Phishing Toolkit
- Qianlitp/crawlergo - A powerful browser crawler for web vulnerability scanners
- Dreamacro/clash - A rule-based tunnel in Go.
- v2ray/v2ray-core - A platform for building proxies to bypass network restrictions.
- moovweb/gvm - Go Version Manager
- syndbg/goenv - 🚙 Like pyenv and rbenv, but for Go.
- golang/go - The Go programming language
- haccer/subjack - Subdomain Takeover tool written in Go
- hahwul/dalfox - 🌙🦊 DalFox is an powerful open source XSS scanning tool and parameter analyzer, utility
- AV1080p/Hacking-With-Golang - Golang安全资源合集
- LearnGolang/365Golang - 《365天深入理解Go语言》Deep understanding of Golang.
- michenriksen/aquatone - A Tool for Domain Flyovers
- b1gcat/DarkEye - 渗透测试情报收集工具
- michenriksen/gitrob - Reconnaissance tool for GitHub organizations
- IceWhaleTech/CasaOS - CasaOS - A simple, easy-to-use, elegant open-source Home Cloud system.
- 0xricksanchez/paper_collection - Academic papers related to fuzzing, binary analysis, and exploit dev, which I want to read or have already read
- henrypp/memreduct - Lightweight real-time memory management application to monitor and clean system memory on your computer.
- processhacker/processhacker - A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware.
- Ascotbe/Kernelhub - 🌴Kernel privilege escalation vulnerability collection, with compilation environment, demo GIF map, vulnerability details, executable file (提权漏洞合集)
- byt3bl33d3r/CrackMapExec - A swiss army knife for pentesting networks
- itm4n/PrivescCheck - Privilege Escalation Enumeration Script for Windows
- marktext/marktext - 📝A simple and elegant markdown editor, available for Linux, macOS and Windows.
- M2Team/NSudo - Series of System Administration Tools
- nccgroup/Winpayloads - Undetectable Windows Payload Generation
- XiphosResearch/exploits - Miscellaneous exploit code
- vxunderground/VX-API - Collection of various WINAPI tricks / features used or abused by Malware
- mentebinaria/retoolkit - Reverse Engineer's Toolkit
- JKornev/hidden - 🇺🇦 Windows driver with usermode interface which can hide processes, file-system and registry objects, protect processes and etc
- 1N3/PrivEsc - A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.
- rmusser01/Infosec_Reference - An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
- xianyukang/MyKeymap - MyKeymap: 我的按键映射工具
- xanderfrangos/twinkle-tray - Easily manage the brightness of your monitors in Windows from the system tray
- rubickCenter/rubick - 🔧 Electron based open source toolbox, free integration of rich plug-ins. 基于 electron 的开源工具箱,自由集成丰富插件。
- Ch0pin/AVIator - Antivirus evasion project
- nathanlopez/Stitch - Python Remote Administration Tool (RAT)
- SecWiki/windows-kernel-exploits - windows-kernel-exploits Windows平台提权漏洞集合
- huiyadanli/RevokeMsgPatcher - A hex editor for WeChat/QQ/TIM - PC版微信/QQ/TIM防撤回补丁(我已经看到了,撤回也没用了)
- geemion/Khepri - Free,Open-Source,Cross-platform agent and Post-exploiton tool written in Golang and C++ like CobaltStrike.
- carlospolop/PEASS-ng - PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
- quasar/Quasar - Remote Administration Tool for Windows
- txthinking/brook - A cross-platform network tool designed for developers. 一个为开发者设计的跨平台网络工具.
- S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet - A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
- n1nj4sec/pupy - Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python
- nmap/nmap - Nmap - the Network Mapper. Github mirror of official SVN repository.
- sherlock-project/sherlock - 🔎 Hunt down social media accounts by username across social networks
- PowerShell/PowerShell - PowerShell for every system!
- blaCCkHatHacEEkr/PENTESTING-BIBLE - Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.
- man-pages-zh/manpages-zh - Chinese Manual Pages
- future-architect/vuls - Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
- haydenjames/bench-scripts - A compilation of Linux server benchmarking scripts.
- Adminisme/ServerScan - ServerScan一款使用Golang开发的高并发网络扫描、服务探测工具。
- D4Vinci/One-Lin3r - Gives you one-liners that aids in penetration testing operations, privilege escalation and more
- marktext/marktext - 📝A simple and elegant markdown editor, available for Linux, macOS and Windows.
- screetsec/Vegile - This tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process,unlimited your session in metasploit and transparent. Even when it killed, it will
- jm33-m0/emp3r0r - Linux/Windows post-exploitation framework made by linux user
- mempodippy/vlany - Linux LD_PRELOAD rootkit (x86 and x86_64 architectures)
- milabs/awesome-linux-rootkits - awesome-linux-rootkits
- m0nad/Diamorphine - LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)
- hugsy/gef - GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging features for exploit developers & reverse engineers
- 1N3/PrivEsc - A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.
- rmusser01/Infosec_Reference - An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
- imarvinle/awesome-cs-books - 经典编程书籍大全,涵盖:计算机系统与网络、系统架构、算法与数据结构、前端开发、后端开发、移动开发、数据库、测试、项目与团队、程序员职业修炼、求职面试等
- rosehgal/BinExp - Linux Binary Exploitation
- nathanlopez/Stitch - Python Remote Administration Tool (RAT)
- CISOfy/lynis - Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
- htr-tech/nexphisher - Advanced Phishing tool for Linux & Termux
- SecWiki/linux-kernel-exploits - linux-kernel-exploits Linux平台提权漏洞集合
- geemion/Khepri - Free,Open-Source,Cross-platform agent and Post-exploiton tool written in Golang and C++ like CobaltStrike.
- GTFOBins/GTFOBins.github.io - GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems
- carlospolop/PEASS-ng - PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
- screetsec/TheFatRat - Thefatrat a massive exploiting tool : Easy tool to generate backdoor and easy tool to post exploitation attack like browser attack and etc . This tool compiles a malware with popular payload and then
- ShutdownRepo/Exegol - Fully featured and community-driven hacking environment
- htr-tech/zphisher - An automated phishing tool with 30+ templates. This Tool is made for educational purpose only ! Author will not be responsible for any misuse of this toolkit !
- thehackingsage/hacktronian - Tools for Pentesting
- Gallopsled/pwntools - CTF framework and exploit development library
- txthinking/brook - A cross-platform network tool designed for developers. 一个为开发者设计的跨平台网络工具.
- n1nj4sec/pupy - Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python
- nmap/nmap - Nmap - the Network Mapper. Github mirror of official SVN repository.
- v2rayA/v2rayA - A web GUI client of Project V which supports V2Ray, Xray, SS, SSR, Trojan and Pingtunnel 🚀
- sherlock-project/sherlock - 🔎 Hunt down social media accounts by username across social networks
- PowerShell/PowerShell - PowerShell for every system!
- trimstray/sandmap - Nmap on steroids. Simple CLI with the ability to run pure Nmap engine, 31 modules with 459 scan profiles.
- cdk-team/CDK - 📦 Make security testing of K8s, Docker, and Containerd easier.
- ckjbug/Hacking - 🌐Collate and develop network security, Hackers technical documentation and tools, code.
- wuseman/EMAGNET - Automated hacking tool that will find leaked databases with 97.1% accurate to grab mail + password together from recent uploads from https://pastebin.com. Bruteforce support for spotify accounts, inst
- trimstray/the-book-of-secret-knowledge - A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
- Ascotbe/HackerMind - 渗透步骤,web安全,CTF,业务安全,人工智能,区块链安全,安全开发,无线安全,社会工程学,二进制安全,移动安全,红蓝对抗,运维安全,风控安全,linux安全
- OpenCyberTranslationProject/Linux-Basics-for-Hackers - 书籍《Linux Basics for Hackers》2019版中文翻译版
- 0xricksanchez/paper_collection - Academic papers related to fuzzing, binary analysis, and exploit dev, which I want to read or have already read
- blaCCkHatHacEEkr/PENTESTING-BIBLE - Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.
- Z4nzu/hackingtool - ALL IN ONE Hacking Tool For Hackers
- x1sec/commit-stream - #OSINT tool for finding Github repositories by extracting commit logs in real time from the Github event API
- zricethezav/gitleaks - Protect and discover secrets using Gitleaks 🔑
- jesseduffield/lazygit - simple terminal UI for git commands
- koutto/jok3r - Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework
- S3cur3Th1sSh1t/WinPwn - Automation for internal Windows Penetrationtest / AD-Security
- OWASP/Nettacker - Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
- Pulover/PuloversMacroCreator - Automation Utility - Recorder & Script Generator
- PokemonGoF/PokemonGo-Bot - The Pokemon Go Bot, baking with community.
- NullArray/AutoSploit - Automated Mass Exploiter
- koutto/jok3r - Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework
- mitre/caldera - Automated Adversary Emulation Platform
- Hackplayers/evil-winrm - The ultimate WinRM shell for hacking/pentesting
- yaklang/yakit - Cyber Security ALL-IN-ONE Platform
- D4Vinci/One-Lin3r - Gives you one-liners that aids in penetration testing operations, privilege escalation and more
- j3ssie/osmedeus - A Workflow Engine for Offensive Security
- XiphosResearch/exploits - Miscellaneous exploit code
- gquere/pwn_jenkins - Notes about attacking Jenkins servers
- m0nad/Diamorphine - LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)
- gh0stkey/Web-Fuzzing-Box - Web Fuzzing Box - Web 模糊测试字典与一些Payloads,主要包含:弱口令暴力破解、目录以及文件枚举、Web漏洞...字典运用于实战案例:https://gh0st.cn/archives/2019-11-11/1
- aydinnyunus/Keylogger - Get Keyboard,Mouse,ScreenShot,Microphone Inputs from Target Computer and Send to your Mail.
- carlospolop/hacktricks - Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
- TryCatchHCF/Cloakify - CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting C
- KuroLabs/stegcloak - Hide secrets with invisible characters in plain text securely using passwords 🧙🏻♂️⭐
- Ignitetechnologies/Privilege-Escalation - This cheasheet is aimed at the CTF Players and Beginners to help them understand the fundamentals of Privilege Escalation with examples.
- juice-shop/juice-shop - OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
- HashPals/Name-That-Hash - 🔗 Don't know what type of hash it is? Name That Hash will name that hash type! 🤖 Identify MD5, SHA256 and 300+ other hashes ☄ Comes with a neat web app 🔥
- 0dayCTF/reverse-shell-generator - Hosted Reverse Shell generator with a ton of functionality. -- (Great for CTFs)
- 003random/getJS - A tool to fastly get all javascript sources/files
- 1N3/PrivEsc - A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.
- diego-treitos/linux-smart-enumeration - Linux enumeration tool for pentesting and CTFs with verbosity levels
- mgeeky/Penetration-Testing-Tools - A collection of more than 170+ tools, scripts, cheatsheets and other loots that I have developed over years for Red Teaming/Pentesting/IT Security audits purposes. Most of them came handy on at least
- nixawk/pentest-wiki - PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.
- rmusser01/Infosec_Reference - An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
- The-Art-of-Hacking/h4cker - This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerabil
- six2dez/pentest-book -
- antonio-morales/Fuzzing101 - An step by step fuzzing tutorial. A GitHub Security Lab initiative
- RhinoSecurityLabs/IPRotate_Burp_Extension - Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.
- payloadbox/sql-injection-payload-list - 🎯 SQL Injection Payload List
- nil0x42/phpsploit - Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor
- bettercap/bettercap - The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.
- infosecn1nja/Red-Teaming-Toolkit - This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
- urbanadventurer/WhatWeb - Next generation web scanner
- k8gege/K8tools - K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke
- screetsec/TheFatRat - Thefatrat a massive exploiting tool : Easy tool to generate backdoor and easy tool to post exploitation attack like browser attack and etc . This tool compiles a malware with popular payload and then
- ShutdownRepo/Exegol - Fully featured and community-driven hacking environment
- Ciphey/Ciphey - ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
- bee-san/pyWhat - 🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙♀️
- jekil/awesome-hacking - Awesome hacking is an awesome collection of hacking tools.
- Datalux/Osintgram - Osintgram is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname
- tiagorlampert/CHAOS - 🔥 CHAOS is a free and open-source Remote Administration Tool that allow generate binaries to control remote operating systems.
- yogeshojha/rengine - reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous mon
- nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters - A list of resources for those interested in getting started in bug bounties
- ffffffff0x/1earn - ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
- S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet - A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
- k8gege/Ladon - 大型内网渗透扫描器&Cobalt Strike,Ladon9.1.4内置150个模块,包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2,密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB
- jaeles-project/jaeles - The Swiss Army knife for automated Web Application Testing
- foospidy/payloads - Git All the Payloads! A collection of web attack payloads.
- six2dez/reconftw - reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
- swisskyrepo/PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
- hakluke/hakrawler - Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application
- D4Vinci/Cr3dOv3r - Know the dangers of credential reuse attacks.
- yassineaboukir/sublert - Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.
- bhavsec/reconspider - 🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.
- khast3x/h8mail - Email OSINT & Password breach hunting tool, locally or using premium services. Supports chasing down related email
- jofpin/trape - People tracker on the Internet: OSINT analysis and research tool by Jose Pino
- blaCCkHatHacEEkr/OSINT_TIPS - OSINT
- UnaPibaGeek/ctfr - Abusing Certificate Transparency logs for getting HTTPS websites subdomains.
- maurosoria/dirsearch - Web path scanner
- projectdiscovery/subfinder - Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.
- anouarbensaad/vulnx - vulnx 🕷️ an intelligent Bot, Shell can achieve automatic injection, and help researchers detect security vulnerabilities CMS system. It can perform a quick CMS security detection, information collecti
- kelvinBen/AppInfoScanner - 一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具,可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如:Title、Domain、CDN、指纹信息、状态信息等。
- sundowndev/hacker-roadmap - A collection of hacking tools, resources and references to practice ethical hacking.
- hahwul/WebHackersWeapons - ⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
- D4Vinci/Dr0p1t-Framework - A framework that create an advanced stealthy dropper that bypass most AVs and have a lot of tricks
- trimstray/sandmap - Nmap on steroids. Simple CLI with the ability to run pure Nmap engine, 31 modules with 459 scan profiles.
- SofianeHamlaoui/Lockdoor-Framework - 🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources
- wuseman/EMAGNET - Automated hacking tool that will find leaked databases with 97.1% accurate to grab mail + password together from recent uploads from https://pastebin.com. Bruteforce support for spotify accounts, inst
- trimstray/the-book-of-secret-knowledge - A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
- Hack-with-Github/Free-Security-eBooks - Free Security and Hacking eBooks
- toolswatch/blackhat-arsenal-tools - Official Black Hat Arsenal Security Tools Repository
- OlivierLaflamme/Cheatsheet-God - Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet
- evyatarmeged/Raccoon - A high performance offensive security tool for reconnaissance and vulnerability scanning
- smicallef/spiderfoot - SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
- hahwul/a2sv - Auto Scanning to SSL Vulnerability
- aaaguirrep/offensive-docker - Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.
- LasCC/Hack-Tools - The all-in-one Red Team extension for Web Pentester 🛠
- We5ter/Scanners-Box - A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑
- tom0li/collection-document - Collection of quality safety articles. Awesome articles.
- vitalysim/Awesome-Hacking-Resources - A collection of hacking / penetration testing resources to make you better!
- Hack-with-Github/Awesome-Hacking - A collection of various awesome lists for hackers, pentesters and security researchers
- backdoorhub/shell-backdoor-list - 🎯 PHP / ASP - Shell Backdoor List 🎯
- Hacker0x01/hacker101 - Source code for Hacker101.com - a free online web and mobile security class.
- husnainfareed/Awesome-Ethical-Hacking-Resources - 🔗 All the resources I could find for learning Ethical Hacking and Penetration Testing.
- infoslack/awesome-web-hacking - A list of web application security
- samratashok/nishang - Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
- blaCCkHatHacEEkr/PENTESTING-BIBLE - Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.
- RustScan/RustScan - 🤖 The Modern Port Scanner 🤖
- rtcatc/Packer-Fuzzer - Packer Fuzzer is a fast and efficient scanner for security detection of websites constructed by javascript module bundler such as Webpack.
- Z4nzu/hackingtool - ALL IN ONE Hacking Tool For Hackers
- koutto/jok3r - Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework
- eth0izzle/shhgit - Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories: www.shhgit.com
- cyberark/kubesploit - Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang, focused on containerized environments.
- intrigueio/intrigue-core - Discover Your Attack Surface!
- momenbasel/keyFinder - Keyfinder🔑 is a tool that let you find keys while surfing the web!
- arainho/awesome-api-security - A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.
- future-architect/vuls - Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
- snyk/cli - Snyk CLI scans and monitors your projects for security vulnerabilities.
- processhacker/processhacker - A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware.
- utkusen/urlhunter - a recon tool that allows searching on URLs that are exposed via shortener services
- yaklang/yakit - Cyber Security ALL-IN-ONE Platform
- lutfumertceylan/top25-parameter - For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙
- Viralmaniar/Passhunt - Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.
- jeffzh3ng/fuxi - Penetration Testing Platform
- ph4ntonn/Stowaway - 👻Stowaway -- Multi-hop Proxy Tool for pentesters
- j3ssie/osmedeus - A Workflow Engine for Offensive Security
- OWASP/Nettacker - Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
- XiphosResearch/exploits - Miscellaneous exploit code
- JoyChou93/java-sec-code - Java web common vulnerabilities and security code which is base on springboot and spring security
- cilium/cilium - eBPF-based Networking, Security, and Observability
- m0nad/Diamorphine - LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)
- decalage2/oletools - oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.
- MISP/MISP - MISP (core software) - Open Source Threat Intelligence and Sharing Platform
- radareorg/radare2 - UNIX-like reverse engineering framework and command-line toolset
- JKornev/hidden - 🇺🇦 Windows driver with usermode interface which can hide processes, file-system and registry objects, protect processes and etc
- TryCatchHCF/Cloakify - CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting C
- KuroLabs/stegcloak - Hide secrets with invisible characters in plain text securely using passwords 🧙🏻♂️⭐
- sleventyeleven/linuxprivchecker - linuxprivchecker.py -- a Linux Privilege Escalation Check Script
- juice-shop/juice-shop - OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
- HashPals/Name-That-Hash - 🔗 Don't know what type of hash it is? Name That Hash will name that hash type! 🤖 Identify MD5, SHA256 and 300+ other hashes ☄ Comes with a neat web app 🔥
- 0dayCTF/reverse-shell-generator - Hosted Reverse Shell generator with a ton of functionality. -- (Great for CTFs)
- andresriancho/w3af - w3af: web application attack and audit framework, the open source web vulnerability scanner.
- apsdehal/awesome-ctf - A curated list of CTF frameworks, libraries, resources and softwares
- nixawk/pentest-wiki - PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.
- xairy/linux-kernel-exploitation - A collection of links related to Linux kernel security and exploitation
- six2dez/pentest-book -
- antonio-morales/Fuzzing101 - An step by step fuzzing tutorial. A GitHub Security Lab initiative
- OpenCTI-Platform/opencti - Open Cyber Threat Intelligence Platform
- lirantal/awesome-nodejs-security - Awesome Node.js Security resources
- airbnb/binaryalert - BinaryAlert: Serverless, Real-time & Retroactive Malware Detection.
- googleprojectzero/winafl - A fork of AFL for fuzzing Windows binaries
- jonasstrehle/supercookie -
⚠️ Browser fingerprinting via favicon! - aircrack-ng/aircrack-ng - WiFi security auditing tools suite
- zricethezav/gitleaks - Protect and discover secrets using Gitleaks 🔑
- mitmproxy/mitmproxy - An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
- arkenfox/user.js - Firefox privacy, security and anti-tracking: a comprehensive user.js template for configuration and hardening
- anchore/grype - A vulnerability scanner for container images and filesystems
- zer0yu/Awesome-CobaltStrike - cobaltstrike的相关资源汇总 / List of Awesome CobaltStrike Resources
- bettercap/bettercap - The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.
- urbanadventurer/WhatWeb - Next generation web scanner
- aquasecurity/tfsec - Security scanner for your Terraform code
- 0xbug/Hawkeye - GitHub 泄露监控系统(GitHub Sensitive Information Leakage Monitor Spider)
- cddmp/enum4linux-ng - A next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for security professionals and CTF players.
- 0x4D31/awesome-threat-detection - A curated list of awesome threat detection and hunting resources
- bee-san/pyWhat - 🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙♀️
- jekil/awesome-hacking - Awesome hacking is an awesome collection of hacking tools.
- quasar/Quasar - Remote Administration Tool for Windows
- parsiya/Hacking-with-Go - Golang for Security Professionals
- ajinabraham/nodejsscan - nodejsscan is a static security code scanner for Node.js applications.
- coreb1t/awesome-pentest-cheat-sheets - Collection of the cheat sheets useful for pentesting
- projectdiscovery/nuclei-templates - Community curated list of templates for the nuclei engine to find security vulnerabilities.
- ffffffff0x/1earn - ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
- lc/gau - Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.
- chaitin/xray - 一款完善的安全评估工具,支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档
- S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet - A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
- k8gege/Ladon - 大型内网渗透扫描器&Cobalt Strike,Ladon9.1.4内置150个模块,包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2,密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB
- dreddsa5dies/goHackTools - Hacker tools on Go (Golang)
- Dliv3/Venom - Venom - A Multi-hop Proxy for Penetration Testers
- projectdiscovery/nuclei - Fast and customizable vulnerability scanner based on simple YAML based DSL.
- nomi-sec/PoC-in-GitHub - 📡 PoC auto collect from GitHub.
⚠️ Be careful Malware. - projectdiscovery/interactsh - An OOB interaction gathering server and client library
- nmap/nmap - Nmap - the Network Mapper. Github mirror of official SVN repository.
- EdOverflow/bugbounty-cheatsheet - A list of interesting payloads, tips and tricks for bug bounty hunters.
- swisskyrepo/PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
- sensepost/gowitness - 🔍 gowitness - a golang, web screenshot utility using Chrome Headless
- rsmusllp/king-phisher - Phishing Campaign Toolkit
- gophish/gophish - Open-Source Phishing Toolkit
- ivre/ivre - Network recon framework, published by @cea-sec & @ANSSI-FR. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, coll
- infobyte/faraday - Collaborative Penetration Test and Vulnerability Management Platform
- Nekmo/dirhunt - Find web directories without bruteforce
- EdOverflow/can-i-take-over-xyz - "Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
- haccer/subjack - Subdomain Takeover tool written in Go
- hahwul/dalfox - 🌙🦊 DalFox is an powerful open source XSS scanning tool and parameter analyzer, utility
- nsonaniya2010/SubDomainizer - A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.
- yassineaboukir/sublert - Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.
- NullArray/AutoSploit - Automated Mass Exploiter
- cure53/DOMPurify - DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
- bhavsec/reconspider - 🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.
- google/oss-fuzz - OSS-Fuzz - continuous fuzzing for open source software.
- evilsocket/xray - XRay is a tool for recon, mapping and OSINT gathering from public networks.
- jofpin/trape - People tracker on the Internet: OSINT analysis and research tool by Jose Pino
- blark/aiodnsbrute - Python 3.5+ DNS asynchronous brute force utility
- AV1080p/Hacking-With-Golang - Golang安全资源合集
- maurosoria/dirsearch - Web path scanner
- michenriksen/aquatone - A Tool for Domain Flyovers
- projectdiscovery/dnsprobe - DNSProb is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers.
- kelvinBen/AppInfoScanner - 一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具,可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如:Title、Domain、CDN、指纹信息、状态信息等。
- knownsec/404StarLink - 404StarLink - 推荐优质、有意义、有趣、坚持维护的安全开源项目
- sundowndev/hacker-roadmap - A collection of hacking tools, resources and references to practice ethical hacking.
- hahwul/WebHackersWeapons - ⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
- onlurking/awesome-infosec - A curated list of awesome infosec courses and training resources.
- fabacab/awesome-cybersecurity-blueteam - 💻🛡️ A curated collection of awesome resources, tools, and other shiny things for cybersecurity blue teams.
- cleverhans-lab/cleverhans - An adversarial example library for constructing attacks, building defenses, and benchmarking both
- trimstray/the-book-of-secret-knowledge - A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
- Ascotbe/HackerMind - 渗透步骤,web安全,CTF,业务安全,人工智能,区块链安全,安全开发,无线安全,社会工程学,二进制安全,移动安全,红蓝对抗,运维安全,风控安全,linux安全
- hslatman/awesome-threat-intelligence - A curated list of Awesome Threat Intelligence resources
- Hack-with-Github/Free-Security-eBooks - Free Security and Hacking eBooks
- OlivierLaflamme/Cheatsheet-God - Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet
- flipkart-incubator/Astra - Automated Security Testing For REST API's
- michenriksen/gitrob - Reconnaissance tool for GitHub organizations
- prowler-cloud/prowler - Prowler is an Open Source security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 2
- hahwul/a2sv - Auto Scanning to SSL Vulnerability
- Metnew/uxss-db - 🔪Browser logic vulnerabilities ☠️
- scipag/vulscan - Advanced vulnerability scanning with Nmap NSE
- tom0li/collection-document - Collection of quality safety articles. Awesome articles.
- Hack-with-Github/Awesome-Hacking - A collection of various awesome lists for hackers, pentesters and security researchers
- wpscanteam/wpscan - WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites.
- qazbnm456/awesome-web-security - 🐶 A curated list of Web Security materials and resources.
- findneo/Newbie-Security-List - 网络安全学习资料,欢迎补充
- Hacker0x01/hacker101 - Source code for Hacker101.com - a free online web and mobile security class.
- samratashok/nishang - Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
- RustScan/RustScan - 🤖 The Modern Port Scanner 🤖
- koutto/jok3r - Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework
- ExpLife0011/awesome-windows-kernel-security-development - windows kernel security development
- screetsec/Sudomy - Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
- bhavsec/reconspider - 🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.
- spearow/juice - The Hacker's Machine Learning Engine
- cyberark/kubesploit - Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang, focused on containerized environments.
- cilium/cilium - eBPF-based Networking, Security, and Observability
- cdk-team/CDK - 📦 Make security testing of K8s, Docker, and Containerd easier.
- apache/drill - Apache Drill is a distributed MPP query layer for self describing data
- JoyChou93/java-sec-code - Java web common vulnerabilities and security code which is base on springboot and spring security
- CalebFenton/simplify - Android virtual machine and deobfuscator
- imarvinle/awesome-cs-books - 经典编程书籍大全,涵盖:计算机系统与网络、系统架构、算法与数据结构、前端开发、后端开发、移动开发、数据库、测试、项目与团队、程序员职业修炼、求职面试等
- rememberber/WePush - 专注批量推送的小而美的工具,目前支持:模板消息-公众号、模板消息-小程序、微信客服消息、微信企业号/企业微信消息、阿里云短信、阿里大于模板短信 、腾讯云短信、云片网短信、E-Mail、HTTP请求、钉钉、华为云短信、百度云短信、又拍云短信、七牛云短信
- youngyangyang04/leetcode-master - 《代码随想录》LeetCode 刷题攻略:200道经典题目刷题顺序,共60w字的详细图解,视频难点剖析,50余张思维导图,支持C++,Java,Python,Go,JavaScript等多语言版本,从此算法学习不再迷茫!🔥🔥 来看看,你会发现相见恨晚!🚀
- frohoff/ysoserial - A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
- tom0li/collection-document - Collection of quality safety articles. Awesome articles.
- apache/drill - Apache Drill is a distributed MPP query layer for self describing data
- 1N3/PrivEsc - A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.
- Tuhinshubhra/RED_HAWK - All in one tool for Information Gathering, Vulnerability Scanning and Crawling. A must have tool for all penetration testers
- Tuhinshubhra/CMSeeK - CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and over 180 other CMSs
- wpscanteam/wpscan - WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites.
- momenbasel/keyFinder - Keyfinder🔑 is a tool that let you find keys while surfing the web!
- momenbasel/keyFinder - Keyfinder🔑 is a tool that let you find keys while surfing the web!
- iamadamdev/bypass-paywalls-chrome - Bypass Paywalls web browser extension for Chrome and Firefox.
- Kenshin/simpread - 简悦 ( SimpRead ) - 让你瞬间进入沉浸式阅读的扩展
- gongjunhao/seckill - Chrome浏览器 抢购、秒杀插件,秒杀助手,定时自动点击
- gildas-lormeau/SingleFile - 📷 Web Extension for Firefox/Chrome/MS Edge and CLI tool to save a faithful copy of an entire web page in a single HTML file
- crimx/ext-saladict - 🥗 All-in-one professional pop-up dictionary and page translator which supports multiple search modes, page translations, new word notebook and PDF selection searching.
- LasCC/Hack-Tools - The all-in-one Red Team extension for Web Pentester 🛠
- arainho/awesome-api-security - A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.
- milabs/awesome-linux-rootkits - awesome-linux-rootkits
- rshipp/awesome-malware-analysis - Defund the Police.
- maguowei/starred - creating your own Awesome List by GitHub stars!
- alebcay/awesome-shell - A curated list of awesome command-line frameworks, toolkits, guides and gizmos. Inspired by awesome-php.
- The-Art-of-Hacking/h4cker - This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerabil
- InQuest/awesome-yara - A curated list of awesome YARA rules, tools, and people.
- secfigo/Awesome-Fuzzing - A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Developme
- jaywcjlove/awesome-mac - Now we have become very big, Different from the original idea. Collect premium software in various categories.
- 0x4D31/awesome-threat-detection - A curated list of awesome threat detection and hunting resources
- codecrafters-io/build-your-own-x - Master programming by recreating your favorite technologies from scratch.
- sindresorhus/awesome - 😎 Awesome lists about all kinds of interesting topics
- ossu/computer-science - 🎓 Path to a free self-taught education in Computer Science!
- joho/awesome-code-review - An "Awesome" list of code review resources - articles, papers, tools, etc
- redhuntlabs/Awesome-Asset-Discovery - List of Awesome Asset Discovery Resources
- hahwul/WebHackersWeapons - ⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
- 0x4D31/awesome-oscp - A curated list of awesome OSCP resources
- enaqx/awesome-pentest - A collection of awesome penetration testing resources, tools and other shiny things
- fabacab/awesome-cybersecurity-blueteam - 💻🛡️ A curated collection of awesome resources, tools, and other shiny things for cybersecurity blue teams.
- trimstray/the-book-of-secret-knowledge - A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
- jivoi/awesome-osint - 😱 A curated list of amazingly awesome OSINT
- jivoi/awesome-ml-for-cybersecurity - Machine Learning for Cyber Security
- qazbnm456/awesome-web-security - 🐶 A curated list of Web Security materials and resources.
- blaCCkHatHacEEkr/PENTESTING-BIBLE - Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.
- mitre/caldera - Automated Adversary Emulation Platform
- future-architect/vuls - Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
- Viralmaniar/Passhunt - Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.
- maliceio/malice - VirusTotal Wanna Be - Now with 100% more Hipster
- MISP/MISP - MISP (core software) - Open Source Threat Intelligence and Sharing Platform
- aydinnyunus/Keylogger - Get Keyboard,Mouse,ScreenShot,Microphone Inputs from Target Computer and Send to your Mail.
- The-Art-of-Hacking/h4cker - This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerabil
- OpenCTI-Platform/opencti - Open Cyber Threat Intelligence Platform
- lirantal/awesome-nodejs-security - Awesome Node.js Security resources
- 0xCyberY/ehtk - Ethical Hacking Toolkit is a collection of tools, cheat sheets, and resources for Ethical hackers, Penetration Tester, and Security Researchers etc. It contains almost all tools mentioned in CEH, OSCP
- bee-san/pyWhat - 🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙♀️
- ihebski/DefaultCreds-cheat-sheet - One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
- foospidy/payloads - Git All the Payloads! A collection of web attack payloads.
- Viralmaniar/BigBountyRecon - BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.
- 1N3/Sn1per - Attack Surface Management Platform | Sn1perSecurity LLC
- projectdiscovery/httpx - httpx is a fast and multi-purpose HTTP toolkit allows to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads.
- bhavsec/reconspider - 🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.
- SofianeHamlaoui/Lockdoor-Framework - 🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources
- fabacab/awesome-cybersecurity-blueteam - 💻🛡️ A curated collection of awesome resources, tools, and other shiny things for cybersecurity blue teams.
- smicallef/spiderfoot - SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
- LasCC/Hack-Tools - The all-in-one Red Team extension for Web Pentester 🛠
- rtcatc/Packer-Fuzzer - Packer Fuzzer is a fast and efficient scanner for security detection of websites constructed by javascript module bundler such as Webpack.
- processhacker/processhacker - A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware.
- s-matyukevich/raspberry-pi-os - Learning operating system development using Linux kernel and Raspberry Pi
- mempodippy/vlany - Linux LD_PRELOAD rootkit (x86 and x86_64 architectures)
- m0nad/Diamorphine - LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)
- vxunderground/VX-API - Collection of various WINAPI tricks / features used or abused by Malware
- radareorg/radare2 - UNIX-like reverse engineering framework and command-line toolset
- ihack4falafel/OSCP - Collection of things made during my OSCP journey
- Cyan4973/xxHash - Extremely fast non-cryptographic hash algorithm
- hashcat/hashcat - World's fastest and most advanced password recovery utility
- processhacker/processhacker - A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware.
- cilium/cilium - eBPF-based Networking, Security, and Observability
- bettercap/bettercap - The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.
- Hackplayers/evil-winrm - The ultimate WinRM shell for hacking/pentesting
- postalserver/postal - ✉️ A fully featured open source mail delivery platform for incoming & outgoing e-mail
- urbanadventurer/WhatWeb - Next generation web scanner
- asdf-vm/asdf - Extendable version manager with support for Ruby, Node.js, Elixir, Erlang & more
- rbenv/rbenv - Manage your app's Ruby environment
- Hackplayers/evil-winrm - The ultimate WinRM shell for hacking/pentesting
- byt3bl33d3r/CrackMapExec - A swiss army knife for pentesting networks
- S3cur3Th1sSh1t/WinPwn - Automation for internal Windows Penetrationtest / AD-Security
- nccgroup/Winpayloads - Undetectable Windows Payload Generation
- starship/starship - ☄🌌️ The minimal, blazing-fast, and infinitely customizable prompt for any shell!
- D4Vinci/Dr0p1t-Framework - A framework that create an advanced stealthy dropper that bypass most AVs and have a lot of tricks
- PowerShell/PowerShell - PowerShell for every system!
- rootclay/Powershell-Attack-Guide - Powershell攻击指南----黑客后渗透之道
- samratashok/nishang - Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
- byt3bl33d3r/SILENTTRINITY - An asynchronous, collaborative post-exploitation agent powered by Python and .NET's DLR
- cobbr/Covenant - Covenant is a collaborative .NET C2 framework for red teamers.
- quasar/Quasar - Remote Administration Tool for Windows
- byt3bl33d3r/SILENTTRINITY - An asynchronous, collaborative post-exploitation agent powered by Python and .NET's DLR
- aydinnyunus/Keylogger - Get Keyboard,Mouse,ScreenShot,Microphone Inputs from Target Computer and Send to your Mail.
- Marten4n6/EvilOSX - An evil RAT (Remote Administration Tool) for macOS / OS X.
- Datalux/Osintgram - Osintgram is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname
- Gallopsled/pwntools - CTF framework and exploit development library
- thewhiteh4t/FinalRecon - The Last Web Recon Tool You'll Need
- m8r0wn/subscraper - Perform subdomain enumeration through various techniques and retrieve detailed output to aid in further testing.
- nsonaniya2010/SubDomainizer - A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.
- sherlock-project/sherlock - 🔎 Hunt down social media accounts by username across social networks
- kelvinBen/AppInfoScanner - 一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具,可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如:Title、Domain、CDN、指纹信息、状态信息等。
- Jack-Cherish/PythonPark - Python 开源项目之「自学编程之路」,保姆级教程:AI实验室、宝藏视频、数据结构、学习指南、机器学习实战、深度学习实战、网络爬虫、大厂面经、程序人生、资源分享。
- rtcatc/Packer-Fuzzer - Packer Fuzzer is a fast and efficient scanner for security detection of websites constructed by javascript module bundler such as Webpack.
- byt3bl33d3r/CrackMapExec - A swiss army knife for pentesting networks
- jivoi/pentest - ⛔ offsec batteries included
- OWASP/Nettacker - Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
- Manisso/fsociety - fsociety Hacking Tools Pack – A Penetration Testing Framework
- nccgroup/Winpayloads - Undetectable Windows Payload Generation
- 1N3/BlackWidow - A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
- XiphosResearch/exploits - Miscellaneous exploit code
- tennc/webshell - This is a webshell open source project
- Neo23x0/yarGen - yarGen is a generator for YARA rules
- decalage2/oletools - oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.
- intelowlproject/IntelOwl - Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale
- lief-project/LIEF - LIEF - Library to Instrument Executable Formats
- hugsy/gef - GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging features for exploit developers & reverse engineers
- aydinnyunus/Keylogger - Get Keyboard,Mouse,ScreenShot,Microphone Inputs from Target Computer and Send to your Mail.
- HashPals/Name-That-Hash - 🔗 Don't know what type of hash it is? Name That Hash will name that hash type! 🤖 Identify MD5, SHA256 and 300+ other hashes ☄ Comes with a neat web app 🔥
- ihack4falafel/OSCP - Collection of things made during my OSCP journey
- vinta/awesome-python - A curated list of awesome Python frameworks, libraries, software and resources
- imarvinle/awesome-cs-books - 经典编程书籍大全,涵盖:计算机系统与网络、系统架构、算法与数据结构、前端开发、后端开发、移动开发、数据库、测试、项目与团队、程序员职业修炼、求职面试等
- PokemonGoF/PokemonGo-Bot - The Pokemon Go Bot, baking with community.
- boto/boto3 - AWS SDK for Python
- sqlmapproject/sqlmap - Automatic SQL injection and database takeover tool
- nathanlopez/Stitch - Python Remote Administration Tool (RAT)
- dashingsoft/pyarmor - A tool used to obfuscate python scripts, bind obfuscated scripts to fixed machine or expire obfuscated scripts.
- mitmproxy/mitmproxy - An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
- bhattsameer/Bombers - SMS/Email/Whatsapp/Twitter/Instagram bombers Collection 💣💣💣 💥 Also added collection of some Fake SMS utilities which helps in skip phone number based SMS verification by using a te
- Marten4n6/EvilOSX - An evil RAT (Remote Administration Tool) for macOS / OS X.
- Ciphey/Ciphey - ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
- bee-san/pyWhat - 🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙♀️
- Datalux/Osintgram - Osintgram is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname
- UndeadSec/SocialFish - Phishing Tool & Information Collector
- youngyangyang04/leetcode-master - 《代码随想录》LeetCode 刷题攻略:200道经典题目刷题顺序,共60w字的详细图解,视频难点剖析,50余张思维导图,支持C++,Java,Python,Go,JavaScript等多语言版本,从此算法学习不再迷茫!🔥🔥 来看看,你会发现相见恨晚!🚀
- donnemartin/system-design-primer - Learn how to design large-scale systems. Prep for the system design interview. Includes Anki flashcards.
- thehackingsage/hacktronian - Tools for Pentesting
- Gallopsled/pwntools - CTF framework and exploit development library
- facert/awesome-spider - 爬虫集合
- rfyiamcool/share_ppt - 🚗 我个人曾经做过的技术分享...
- n1nj4sec/pupy - Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python
- s0md3v/Hash-Buster - Crack hashes in seconds.
- rsmusllp/king-phisher - Phishing Campaign Toolkit
- ivre/ivre - Network recon framework, published by @cea-sec & @ANSSI-FR. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, coll
- Nekmo/dirhunt - Find web directories without bruteforce
- pyenv/pyenv - Simple Python version management
- yassineaboukir/sublert - Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.
- opsdisk/pagodo - pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching
- TebbaaX/Katana - Python Tool that gives you the ability to run Advanced Google Queries (Known as Google Dorks - Google Dorking)
- NullArray/AutoSploit - Automated Mass Exploiter
- bhavsec/reconspider - 🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.
- jofpin/trape - People tracker on the Internet: OSINT analysis and research tool by Jose Pino
- blark/aiodnsbrute - Python 3.5+ DNS asynchronous brute force utility
- maurosoria/dirsearch - Web path scanner
- NikolaiT/GoogleScraper - A Python module to scrape several search engines (like Google, Yandex, Bing, Duckduckgo, ...). Including asynchronous networking support.
- Trusted-AI/adversarial-robustness-toolbox - Adversarial Robustness Toolbox (ART) - Python Library for Machine Learning Security - Evasion, Poisoning, Extraction, Inference - Red and Blue Teams
- MobSF/Mobile-Security-Framework-MobSF - Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and
- Jack-Cherish/PythonPark - Python 开源项目之「自学编程之路」,保姆级教程:AI实验室、宝藏视频、数据结构、学习指南、机器学习实战、深度学习实战、网络爬虫、大厂面经、程序人生、资源分享。
- TophantTechnology/ARL - ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产,构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产,发现存在的薄弱点和攻击面。
- curiousily/Deep-Learning-For-Hackers - Machine Learning tutorials with TensorFlow 2 and Keras in Python (Jupyter notebooks included) - (LSTMs, Hyperameter tuning, Data preprocessing, Bias-variance tradeoff, Anomaly Detection, Autoencoders,
- shmilylty/OneForAll - OneForAll是一款功能强大的子域收集工具
- flipkart-incubator/Astra - Automated Security Testing For REST API's
- s0md3v/Photon - Incredibly fast crawler designed for OSINT.
- smicallef/spiderfoot - SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
- commixproject/commix - Automated All-in-One OS Command Injection Exploitation Tool.
- toolswatch/vFeed - The Correlated CVE Vulnerability And Threat Intelligence Database API
- laramies/theHarvester - E-mails, subdomains and names Harvester - OSINT
- Adminisme/ServerScan - ServerScan一款使用Golang开发的高并发网络扫描、服务探测工具。
- marktext/marktext - 📝A simple and elegant markdown editor, available for Linux, macOS and Windows.
- jaywcjlove/awesome-mac - Now we have become very big, Different from the original idea. Collect premium software in various categories.
- rubickCenter/rubick - 🔧 Electron based open source toolbox, free integration of rich plug-ins. 基于 electron 的开源工具箱,自由集成丰富插件。
- neoneggplant/EggShell - iOS/macOS/Linux Remote Administration Tool
- Marten4n6/EvilOSX - An evil RAT (Remote Administration Tool) for macOS / OS X.
- geemion/Khepri - Free,Open-Source,Cross-platform agent and Post-exploiton tool written in Golang and C++ like CobaltStrike.
- txthinking/brook - A cross-platform network tool designed for developers. 一个为开发者设计的跨平台网络工具.
- sherlock-project/sherlock - 🔎 Hunt down social media accounts by username across social networks
- PowerShell/PowerShell - PowerShell for every system!
- nccgroup/house - A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python.
- ctf-wiki/ctf-wiki - Come and join us, we need you!
- nccgroup/house - A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python.
- APKLab/APKLab - Android Reverse-Engineering Workbench for VS Code
- rednaga/APKiD - Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android
- lief-project/LIEF - LIEF - Library to Instrument Executable Formats
- CalebFenton/simplify - Android virtual machine and deobfuscator
- quasarframework/quasar - Quasar Framework - Build high-performance VueJS user interfaces in record time
- AhMyth/AhMyth-Android-RAT - Android Remote Administration Tool
- txthinking/brook - A cross-platform network tool designed for developers. 一个为开发者设计的跨平台网络工具.
- n1nj4sec/pupy - Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python
- kelvinBen/AppInfoScanner - 一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具,可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如:Title、Domain、CDN、指纹信息、状态信息等。
- Hack-with-Github/Awesome-Hacking - A collection of various awesome lists for hackers, pentesters and security researchers
- D4Vinci/One-Lin3r - Gives you one-liners that aids in penetration testing operations, privilege escalation and more
- sqlmapproject/sqlmap - Automatic SQL injection and database takeover tool
- k8gege/K8tools - K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke
- wuseman/EMAGNET - Automated hacking tool that will find leaked databases with 97.1% accurate to grab mail + password together from recent uploads from https://pastebin.com. Bruteforce support for spotify accounts, inst
- insightglacier/Dictionary-Of-Pentesting - Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。
- kwsch/PKHeX - Pokémon Save File Editor
- ZerBea/hcxtools - Portable (that doesn't include proprietary/commercial operating systems) solution for conversion of cap/pcap/pcapng (gz compressed) WiFi dump files to hashcat formats (recommended by hashcat) and to J
- s-matyukevich/raspberry-pi-os - Learning operating system development using Linux kernel and Raspberry Pi
- freeCodeCamp/devdocs - API Documentation Browser
- quasarframework/quasar - Quasar Framework - Build high-performance VueJS user interfaces in record time
- marktext/marktext - 📝A simple and elegant markdown editor, available for Linux, macOS and Windows.
- rubickCenter/rubick - 🔧 Electron based open source toolbox, free integration of rich plug-ins. 基于 electron 的开源工具箱,自由集成丰富插件。
- quasarframework/quasar - Quasar Framework - Build high-performance VueJS user interfaces in record time
- bitwarden/clients - Bitwarden client applications (web, browser extension, desktop, and cli)
- marktext/marktext - 📝A simple and elegant markdown editor, available for Linux, macOS and Windows.
- ganlvtech/down_52pojie_cn - A single page file explorer that can be hosted on static website. 吾爱破解论坛 爱盘 https://down.52pojie.cn/ 页面的源代码
- quasarframework/quasar - Quasar Framework - Build high-performance VueJS user interfaces in record time
- marktext/marktext - 📝A simple and elegant markdown editor, available for Linux, macOS and Windows.
- noraj/OSCP-Exam-Report-Template-Markdown - 📙 Markdown Templates for Offensive Security OSCP, OSWE, OSCE, OSEE, OSWP exam report
- marktext/marktext - 📝A simple and elegant markdown editor, available for Linux, macOS and Windows.
- stepchowfun/toast - Containerize your development and continuous integration environments. 🥂
- gitpod-io/gitpod - Gitpod automates the provisioning of ready-to-code development environments.
- joho/awesome-code-review - An "Awesome" list of code review resources - articles, papers, tools, etc
- ajinabraham/nodejsscan - nodejsscan is a static security code scanner for Node.js applications.
- iamadamdev/bypass-paywalls-chrome - Bypass Paywalls web browser extension for Chrome and Firefox.
- Mr-xn/hackbar2.1.3 - the free firefox extions of hackbar v2.1.3 v2.2.9 v2.3.1,hackbar 插件未收费的免费版本。适用于chrome浏览器的HackBar-v2.2.6.zip,HackBar-v2.3.1.zip
- Kenshin/simpread - 简悦 ( SimpRead ) - 让你瞬间进入沉浸式阅读的扩展
- jonasstrehle/supercookie -
⚠️ Browser fingerprinting via favicon! - bitwarden/clients - Bitwarden client applications (web, browser extension, desktop, and cli)
- gildas-lormeau/SingleFile - 📷 Web Extension for Firefox/Chrome/MS Edge and CLI tool to save a faithful copy of an entire web page in a single HTML file
- crimx/ext-saladict - 🥗 All-in-one professional pop-up dictionary and page translator which supports multiple search modes, page translations, new word notebook and PDF selection searching.
- sensepost/gowitness - 🔍 gowitness - a golang, web screenshot utility using Chrome Headless
- iamadamdev/bypass-paywalls-chrome - Bypass Paywalls web browser extension for Chrome and Firefox.
- Kenshin/simpread - 简悦 ( SimpRead ) - 让你瞬间进入沉浸式阅读的扩展
- jonasstrehle/supercookie -
⚠️ Browser fingerprinting via favicon! - arkenfox/user.js - Firefox privacy, security and anti-tracking: a comprehensive user.js template for configuration and hardening
- bitwarden/clients - Bitwarden client applications (web, browser extension, desktop, and cli)
- gildas-lormeau/SingleFile - 📷 Web Extension for Firefox/Chrome/MS Edge and CLI tool to save a faithful copy of an entire web page in a single HTML file
- crimx/ext-saladict - 🥗 All-in-one professional pop-up dictionary and page translator which supports multiple search modes, page translations, new word notebook and PDF selection searching.
- 1N3/BlackWidow - A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
- JoyChou93/java-sec-code - Java web common vulnerabilities and security code which is base on springboot and spring security
- ctf-wiki/ctf-wiki - Come and join us, we need you!
- urbanadventurer/WhatWeb - Next generation web scanner
- Bo0oM/fuzz.txt - Potentially dangerous files
- donnemartin/system-design-primer - Learn how to design large-scale systems. Prep for the system design interview. Includes Anki flashcards.
- epi052/feroxbuster - A fast, simple, recursive content discovery tool written in Rust.
- OJ/gobuster - Directory/File, DNS and VHost busting tool written in Go
- ffuf/ffuf - Fast web fuzzer written in Go
- tom0li/collection-document - Collection of quality safety articles. Awesome articles.
- qazbnm456/awesome-web-security - 🐶 A curated list of Web Security materials and resources.
- backdoorhub/shell-backdoor-list - 🎯 PHP / ASP - Shell Backdoor List 🎯
- XiphosResearch/exploits - Miscellaneous exploit code
- jvoisin/php-malware-finder - Detect potentially malicious PHP files
- bartblaze/PHP-backdoors - A collection of PHP backdoors. For educational or testing purposes only.
- tennc/webshell - This is a webshell open source project
- ziadoz/awesome-php - A curated list of amazingly awesome PHP libraries, resources and shiny things.
- backdoorhub/shell-backdoor-list - 🎯 PHP / ASP - Shell Backdoor List 🎯
- JoyChou93/java-sec-code - Java web common vulnerabilities and security code which is base on springboot and spring security
- s-matyukevich/raspberry-pi-os - Learning operating system development using Linux kernel and Raspberry Pi
- openspug/spug - 开源运维平台:面向中小型企业设计的轻量级无Agent的自动化运维平台,整合了主机管理、主机批量执行、主机在线终端、文件在线上传下载、应用发布部署、在线任务计划、配置中心、监控、报警等一系列功能。
- CISOfy/lynis - Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
- aquasecurity/tfsec - Security scanner for your Terraform code
- infobyte/faraday - Collaborative Penetration Test and Vulnerability Management Platform
- trimstray/the-book-of-secret-knowledge - A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
- screetsec/Vegile - This tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process,unlimited your session in metasploit and transparent. Even when it killed, it will
- tarunkant/Gopherus - This tool generates gopher link for exploiting SSRF and gaining RCE in various servers
- mempodippy/vlany - Linux LD_PRELOAD rootkit (x86 and x86_64 architectures)
- milabs/awesome-linux-rootkits - awesome-linux-rootkits
- rshipp/awesome-malware-analysis - Defund the Police.
- maguowei/starred - creating your own Awesome List by GitHub stars!
- alebcay/awesome-shell - A curated list of awesome command-line frameworks, toolkits, guides and gizmos. Inspired by awesome-php.
- apsdehal/awesome-ctf - A curated list of CTF frameworks, libraries, resources and softwares
- vinta/awesome-python - A curated list of awesome Python frameworks, libraries, software and resources
- ziadoz/awesome-php - A curated list of amazingly awesome PHP libraries, resources and shiny things.
- InQuest/awesome-yara - A curated list of awesome YARA rules, tools, and people.
- secfigo/Awesome-Fuzzing - A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Developme
- jaywcjlove/awesome-mac - Now we have become very big, Different from the original idea. Collect premium software in various categories.
- BruceDone/awesome-crawler - A collection of awesome web crawler,spider in different languages
- SecWiki/linux-kernel-exploits - linux-kernel-exploits Linux平台提权漏洞集合
- 0x4D31/awesome-threat-detection - A curated list of awesome threat detection and hunting resources
- sindresorhus/awesome - 😎 Awesome lists about all kinds of interesting topics
- joho/awesome-code-review - An "Awesome" list of code review resources - articles, papers, tools, etc
- coreb1t/awesome-pentest-cheat-sheets - Collection of the cheat sheets useful for pentesting
- facert/awesome-spider - 爬虫集合
- enaqx/awesome-pentest - A collection of awesome penetration testing resources, tools and other shiny things
- onlurking/awesome-infosec - A curated list of awesome infosec courses and training resources.
- trimstray/the-book-of-secret-knowledge - A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
- hslatman/awesome-threat-intelligence - A curated list of Awesome Threat Intelligence resources
- OlivierLaflamme/Cheatsheet-God - Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet
- qazbnm456/awesome-cve-poc - ✍️ A curated list of CVE PoCs.
- tom0li/collection-document - Collection of quality safety articles. Awesome articles.
- Hack-with-Github/Awesome-Hacking - A collection of various awesome lists for hackers, pentesters and security researchers
- qazbnm456/awesome-web-security - 🐶 A curated list of Web Security materials and resources.
- blaCCkHatHacEEkr/PENTESTING-BIBLE - Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.
- APKLab/APKLab - Android Reverse-Engineering Workbench for VS Code
- a0rtega/pafish - Pafish is a testing tool that uses different techniques to detect virtual machines and malware analysis environments in the same way that malware families do
- mandiant/capa - The FLARE team's open-source tool to identify capabilities in executable files.
- lief-project/LIEF - LIEF - Library to Instrument Executable Formats
- mentebinaria/retoolkit - Reverse Engineer's Toolkit
- CalebFenton/simplify - Android virtual machine and deobfuscator
- hugsy/gef - GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging features for exploit developers & reverse engineers
- radareorg/radare2 - UNIX-like reverse engineering framework and command-line toolset
- rmusser01/Infosec_Reference - An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
- mandiant/flare-vm -
- vitalysim/Awesome-Hacking-Resources - A collection of hacking / penetration testing resources to make you better!
- Hack-with-Github/Awesome-Hacking - A collection of various awesome lists for hackers, pentesters and security researchers
- vxunderground/VX-API - Collection of various WINAPI tricks / features used or abused by Malware
- Ciphey/Ciphey - ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
- youngyangyang04/leetcode-master - 《代码随想录》LeetCode 刷题攻略:200道经典题目刷题顺序,共60w字的详细图解,视频难点剖析,50余张思维导图,支持C++,Java,Python,Go,JavaScript等多语言版本,从此算法学习不再迷茫!🔥🔥 来看看,你会发现相见恨晚!🚀
- Qv2ray/Qv2ray - ⭐ Linux / Windows / macOS 跨平台 V2Ray 客户端 | 支持 VMess / VLESS / SSR / Trojan / Trojan-Go / NaiveProxy / HTTP / HTTPS / SOCKS5 | 使用 C++ / Qt 开发 | 可拓展插件式设计 ⭐
- rednaga/APKiD - Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android
- halfrost/Halfrost-Field - ✍🏻 这里是写博客的地方 —— Halfrost-Field 冰霜之地
- nmap/nmap - Nmap - the Network Mapper. Github mirror of official SVN repository.
- Trusted-AI/adversarial-robustness-toolbox - Adversarial Robustness Toolbox (ART) - Python Library for Machine Learning Security - Evasion, Poisoning, Extraction, Inference - Red and Blue Teams
- curiousily/Deep-Learning-For-Hackers - Machine Learning tutorials with TensorFlow 2 and Keras in Python (Jupyter notebooks included) - (LSTMs, Hyperameter tuning, Data preprocessing, Bias-variance tradeoff, Anomaly Detection, Autoencoders,
- spearow/juice - The Hacker's Machine Learning Engine
- cleverhans-lab/cleverhans - An adversarial example library for constructing attacks, building defenses, and benchmarking both
- BishopFox/deephack - PoC code from DEF CON 25 presentation
- jivoi/awesome-ml-for-cybersecurity - Machine Learning for Cyber Security
- lief-project/LIEF - LIEF - Library to Instrument Executable Formats
- CalebFenton/simplify - Android virtual machine and deobfuscator
- hugsy/gef - GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging features for exploit developers & reverse engineers
- MobBotTeam/PokeMobBot - a Pokemon Go Bot by PokeMobBot Team - Discord: https://discord.gg/8msqsWV | Forums:
- terjanq/Tiny-XSS-Payloads - A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me
- KuroLabs/stegcloak - Hide secrets with invisible characters in plain text securely using passwords 🧙🏻♂️⭐
- juice-shop/juice-shop - OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
- 003random/getJS - A tool to fastly get all javascript sources/files
- rubickCenter/rubick - 🔧 Electron based open source toolbox, free integration of rich plug-ins. 基于 electron 的开源工具箱,自由集成丰富插件。
- quasarframework/quasar - Quasar Framework - Build high-performance VueJS user interfaces in record time
- jonasstrehle/supercookie -
⚠️ Browser fingerprinting via favicon! - fingerprintjs/fingerprintjs - Browser fingerprinting library with the highest accuracy and stability.
- bitwarden/clients - Bitwarden client applications (web, browser extension, desktop, and cli)
- gildas-lormeau/SingleFile - 📷 Web Extension for Firefox/Chrome/MS Edge and CLI tool to save a faithful copy of an entire web page in a single HTML file
- youngyangyang04/leetcode-master - 《代码随想录》LeetCode 刷题攻略:200道经典题目刷题顺序,共60w字的详细图解,视频难点剖析,50余张思维导图,支持C++,Java,Python,Go,JavaScript等多语言版本,从此算法学习不再迷茫!🔥🔥 来看看,你会发现相见恨晚!🚀
- halfrost/Halfrost-Field - ✍🏻 这里是写博客的地方 —— Halfrost-Field 冰霜之地
- ajinabraham/nodejsscan - nodejsscan is a static security code scanner for Node.js applications.
- cure53/DOMPurify - DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
- Metnew/uxss-db - 🔪Browser logic vulnerabilities ☠️
- tunz/js-vuln-db - A collection of JavaScript engine CVEs with PoCs
- terjanq/Tiny-XSS-Payloads - A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me
- jonasstrehle/supercookie -
⚠️ Browser fingerprinting via favicon! - cure53/DOMPurify - DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
- DavidBuchanan314/tweetable-polyglot-png - Pack up to 3MB of data into a tweetable PNG polyglot file.
- GorvGoyl/Clone-Wars - 100+ open-source clones of popular sites like Airbnb, Amazon, Instagram, Netflix, Tiktok, Spotify, Whatsapp, Youtube etc. See source code, demo links, tech stack, github stars.
- ihack4falafel/OSCP - Collection of things made during my OSCP journey
- alebcay/awesome-shell - A curated list of awesome command-line frameworks, toolkits, guides and gizmos. Inspired by awesome-php.
- carlospolop/PEASS-ng - PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
- starship/starship - ☄🌌️ The minimal, blazing-fast, and infinitely customizable prompt for any shell!
- syndbg/goenv - 🚙 Like pyenv and rbenv, but for Go.
- rbenv/rbenv - Manage your app's Ruby environment
- screetsec/Sudomy - Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
- leebaird/discover - Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.
- 1N3/PrivEsc - A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.
- tarunkant/Gopherus - This tool generates gopher link for exploiting SSRF and gaining RCE in various servers
- dahuoyzs/javapdf - 🍣100本 Java电子书 技术书籍PDF(以下载阅读为荣,以点赞收藏为耻)
- mgeeky/Penetration-Testing-Tools - A collection of more than 170+ tools, scripts, cheatsheets and other loots that I have developed over years for Red Teaming/Pentesting/IT Security audits purposes. Most of them came handy on at least
- antonio-morales/Fuzzing101 - An step by step fuzzing tutorial. A GitHub Security Lab initiative
- Kenshin/simpread - 简悦 ( SimpRead ) - 让你瞬间进入沉浸式阅读的扩展
- xanderfrangos/twinkle-tray - Easily manage the brightness of your monitors in Windows from the system tray
- crimx/ext-saladict - 🥗 All-in-one professional pop-up dictionary and page translator which supports multiple search modes, page translations, new word notebook and PDF selection searching.
- lirantal/awesome-nodejs-security - Awesome Node.js Security resources
- xanderfrangos/twinkle-tray - Easily manage the brightness of your monitors in Windows from the system tray
- rubickCenter/rubick - 🔧 Electron based open source toolbox, free integration of rich plug-ins. 基于 electron 的开源工具箱,自由集成丰富插件。
- denghongcai/forsaken-mail - a self-hosted disposable mail service
- jonasstrehle/supercookie -
⚠️ Browser fingerprinting via favicon! - bitwarden/clients - Bitwarden client applications (web, browser extension, desktop, and cli)
- ajinabraham/nodejsscan - nodejsscan is a static security code scanner for Node.js applications.
- asdf-vm/asdf - Extendable version manager with support for Ruby, Node.js, Elixir, Erlang & more
- jaywcjlove/awesome-mac - Now we have become very big, Different from the original idea. Collect premium software in various categories.
- public-apis/public-apis - A collective list of free APIs
- xanderfrangos/twinkle-tray - Easily manage the brightness of your monitors in Windows from the system tray
- airbnb/binaryalert - BinaryAlert: Serverless, Real-time & Retroactive Malware Detection.
- airbnb/binaryalert - BinaryAlert: Serverless, Real-time & Retroactive Malware Detection.
- aquasecurity/tfsec - Security scanner for your Terraform code
- airbnb/binaryalert - BinaryAlert: Serverless, Real-time & Retroactive Malware Detection.
- boto/boto3 - AWS SDK for Python
- aquasecurity/tfsec - Security scanner for your Terraform code
- sa7mon/S3Scanner - Scan for open S3 buckets and dump the contents
- prowler-cloud/prowler - Prowler is an Open Source security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 2
- MobBotTeam/PokeMobBot - a Pokemon Go Bot by PokeMobBot Team - Discord: https://discord.gg/8msqsWV | Forums:
- PokemonGoF/PokemonGo-Bot - The Pokemon Go Bot, baking with community.
- anouarbensaad/vulnx - vulnx 🕷️ an intelligent Bot, Shell can achieve automatic injection, and help researchers detect security vulnerabilities CMS system. It can perform a quick CMS security detection, information collecti
- PokemonGoF/PokemonGo-Bot - The Pokemon Go Bot, baking with community.
- neoneggplant/EggShell - iOS/macOS/Linux Remote Administration Tool
- quasarframework/quasar - Quasar Framework - Build high-performance VueJS user interfaces in record time
- halfrost/Halfrost-Field - ✍🏻 这里是写博客的地方 —— Halfrost-Field 冰霜之地
- txthinking/brook - A cross-platform network tool designed for developers. 一个为开发者设计的跨平台网络工具.
- quasarframework/quasar - Quasar Framework - Build high-performance VueJS user interfaces in record time
- RhinoSecurityLabs/IPRotate_Burp_Extension - Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.
- donnemartin/system-design-primer - Learn how to design large-scale systems. Prep for the system design interview. Includes Anki flashcards.
- toolswatch/blackhat-arsenal-tools - Official Black Hat Arsenal Security Tools Repository
- jonasstrehle/supercookie -
⚠️ Browser fingerprinting via favicon!
- jonasstrehle/supercookie -
⚠️ Browser fingerprinting via favicon! - le5le-com/topology - A diagram (topology, UML) framework uses canvas and typescript. 一个轻量(100k左右)、功能丰富的绘图工具(微服务架构图、拓扑图、流程图、类图等UML图、脑图,动画、视频支持)。 【在线使用】:
- bitwarden/clients - Bitwarden client applications (web, browser extension, desktop, and cli)
- crimx/ext-saladict - 🥗 All-in-one professional pop-up dictionary and page translator which supports multiple search modes, page translations, new word notebook and PDF selection searching.
- geemion/Khepri - Free,Open-Source,Cross-platform agent and Post-exploiton tool written in Golang and C++ like CobaltStrike.
- aquasecurity/tfsec - Security scanner for your Terraform code
- carlospolop/PEASS-ng - PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
- dotnetcore/DotnetSpider - DotnetSpider, a .NET standard web crawling library. It is lightweight, efficient and fast high-level web crawling & scraping framework
- kwsch/PKHeX - Pokémon Save File Editor
- bitwarden/clients - Bitwarden client applications (web, browser extension, desktop, and cli)
- starship/starship - ☄🌌️ The minimal, blazing-fast, and infinitely customizable prompt for any shell!
- rust-lang/rustlings - 🦀 Small exercises to get you used to reading and writing Rust code!
- epi052/feroxbuster - A fast, simple, recursive content discovery tool written in Rust.
- spearow/juice - The Hacker's Machine Learning Engine
- RustScan/RustScan - 🤖 The Modern Port Scanner 🤖
- pfusik/cito - Ć programming language. Translated automatically to C, C++, C#, Java, JavaScript, Python, Swift, TypeScript and OpenCL C.
- golang/go - The Go programming language
- youngyangyang04/leetcode-master - 《代码随想录》LeetCode 刷题攻略:200道经典题目刷题顺序,共60w字的详细图解,视频难点剖析,50余张思维导图,支持C++,Java,Python,Go,JavaScript等多语言版本,从此算法学习不再迷茫!🔥🔥 来看看,你会发现相见恨晚!🚀
- halfrost/LeetCode-Go - ✅ Solutions to LeetCode by Go, 100% test coverage, runtime beats 100% / LeetCode 题解
- halfrost/Halfrost-Field - ✍🏻 这里是写博客的地方 —— Halfrost-Field 冰霜之地
- jwasham/coding-interview-university - A complete computer science study plan to become a software engineer.
- yangshun/tech-interview-handbook - 💯 Curated interview preparation materials for busy engineers
- halfrost/Halfrost-Field - ✍🏻 这里是写博客的地方 —— Halfrost-Field 冰霜之地
- halfrost/Halfrost-Field - ✍🏻 这里是写博客的地方 —— Halfrost-Field 冰霜之地
- public-apis/public-apis - A collective list of free APIs
- public-apis/public-apis - A collective list of free APIs
- jwasham/coding-interview-university - A complete computer science study plan to become a software engineer.
- donnemartin/system-design-primer - Learn how to design large-scale systems. Prep for the system design interview. Includes Anki flashcards.
- codecrafters-io/build-your-own-x - Master programming by recreating your favorite technologies from scratch.
- hoanhan101/ultimate-go - The Ultimate Go Study Guide
- donnemartin/system-design-primer - Learn how to design large-scale systems. Prep for the system design interview. Includes Anki flashcards.
- ajinabraham/nodejsscan - nodejsscan is a static security code scanner for Node.js applications.
- htrgouvea/nipe - An engine to make Tor network your default gateway
- r00t-3xp10it/venom - venom - C2 shellcode generator/compiler/handler
- nmap/nmap - Nmap - the Network Mapper. Github mirror of official SVN repository.
- scipag/vulscan - Advanced vulnerability scanning with Nmap NSE
- asdf-vm/asdf - Extendable version manager with support for Ruby, Node.js, Elixir, Erlang & more
- syndbg/goenv - 🚙 Like pyenv and rbenv, but for Go.
- jhao104/proxy_pool - Python爬虫代理IP池(proxy pool)
- jofpin/trape - People tracker on the Internet: OSINT analysis and research tool by Jose Pino
- opsdisk/pagodo - pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching
- mxrch/GHunt - 🕵️♂️ Offensive Google framework.
- sundowndev/hacker-roadmap - A collection of hacking tools, resources and references to practice ethical hacking.
- Trusted-AI/adversarial-robustness-toolbox - Adversarial Robustness Toolbox (ART) - Python Library for Machine Learning Security - Evasion, Poisoning, Extraction, Inference - Red and Blue Teams
- BishopFox/deephack - PoC code from DEF CON 25 presentation
- Jack-Cherish/PythonPark - Python 开源项目之「自学编程之路」,保姆级教程:AI实验室、宝藏视频、数据结构、学习指南、机器学习实战、深度学习实战、网络爬虫、大厂面经、程序人生、资源分享。
- Jack-Cherish/PythonPark - Python 开源项目之「自学编程之路」,保姆级教程:AI实验室、宝藏视频、数据结构、学习指南、机器学习实战、深度学习实战、网络爬虫、大厂面经、程序人生、资源分享。
- curiousily/Deep-Learning-For-Hackers - Machine Learning tutorials with TensorFlow 2 and Keras in Python (Jupyter notebooks included) - (LSTMs, Hyperameter tuning, Data preprocessing, Bias-variance tradeoff, Anomaly Detection, Autoencoders,
- curiousily/Deep-Learning-For-Hackers - Machine Learning tutorials with TensorFlow 2 and Keras in Python (Jupyter notebooks included) - (LSTMs, Hyperameter tuning, Data preprocessing, Bias-variance tradeoff, Anomaly Detection, Autoencoders,
- BishopFox/deephack - PoC code from DEF CON 25 presentation
- jivoi/awesome-osint - 😱 A curated list of amazingly awesome OSINT
- insightglacier/Dictionary-Of-Pentesting - Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。
- rtcatc/Packer-Fuzzer - Packer Fuzzer is a fast and efficient scanner for security detection of websites constructed by javascript module bundler such as Webpack.
To the extent possible under law, netveil has waived all copyright and related or neighboring rights to this work.