List of mine starred repositories, the list was pre-generated by generator.py

• lanbinshijie/bili2text
  • Bilibili视频转文字，一步到位，输入链接即可使用
• kelvinBen/AppInfoScanner
  • 一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具，可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如：Title、Domain、CDN、指纹信息、状态信息等。
• GerbenJavado/LinkFinder
  • A python script that finds endpoints in JavaScript files
• elkokc/reflector
  • Burp plugin able to find reflected XSS on page in real-time while browsing on site
• CTF-MissFeng/bayonet
  • bayonet是一款src资产管理系统，从子域名、端口服务、漏洞、爬虫等一体化的资产管理系统
• EdgeSecurityTeam/EHole
  • EHole(棱洞)3.0 重构版-红队重点攻击系统指纹探测工具
• biggerduck/RedTeamNotes
  • 红队笔记
• Micropoor/Micro8
  • Gitbook
• gh0stkey/HaE
  • HaE - Highlighter and Extractor, Empower ethical hacker for efficient operations.
• fishaudio/Bert-VITS2
  • vits2 backbone with multilingual-bert
• ggreer/the_silver_searcher
  • A code-searching tool similar to ack, but faster.
• tomnomnom/gf
  • A wrapper around grep, to help you grep for things
• gogf/gf
  • GoFrame is a modular, powerful, high-performance and enterprise-class application development framework of Golang.
• reddelexc/hackerone-reports
  • Top disclosed reports from HackerOne
• wux1an/wxapkg
  • 微信小程序反编译工具，.wxapkg 文件扫描 + 解密 + 解包工具
• nicocha30/ligolo-ng
  • An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.
• CodeIntelligenceTesting/jazzer
  • Coverage-guided, in-process fuzzing for the JVM
• binaryai/sdk
  • Get results of binaryai.cn using our SDK
• github/codeql-variant-analysis-action
• OI-wiki/OI-wiki
  • 🌟 Wiki of OI / ICPC for everyone. （某大型游戏线上攻略，内含炫酷算术魔法）
• microsoft/IoT-For-Beginners
  • 12 Weeks, 24 Lessons, IoT for All!
• h4x0r-dz/Leaked-Credentials
  • how to look for Leaked Credentials !
• altair-graphql/altair
  • ✨⚡️ A beautiful feature-rich GraphQL Client for all platforms.
• github-tooling/ghtopdep
  • ⭐ CLI tool for sorting dependents repo by stars
• quarkusio/quarkus
  • Quarkus: Supersonic Subatomic Java.
• dogsheep/github-to-sqlite
  • Save data from GitHub to a SQLite database
• momosecurity/FindSomething
  • 基于chrome、firefox插件的被动式信息泄漏检测工具
• danielmiessler/SecLists
  • SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
• k1nd0ne/VolWeb
  • A centralized and enhanced memory analysis platform
• yoryio/CVE-2024-20767
  • Exploit for CVE-2024-20767 - Adobe ColdFusion
• BishopFox/sj
  • A tool for auditing endpoints defined in exposed (Swagger/OpenAPI) definition files.
• OWASP/owasp-mastg
  • The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).
• ganeshrvel/openmtp
  • OpenMTP - Advanced Android File Transfer Application for macOS
• hehehai/x-hiring
  • 🤗 每日最新招聘信息，使用 Google AI 提取摘要
• yhy0/github-cve-monitor
  • 实时监控github上新增的cve、自定义关键字、安全工具更新、大佬仓库监控，并多渠道推送通知
• opencve/opencve
  • CVE Alerting Platform
• thombergs/code-examples
  • A collection of code examples from blog posts etc.
• lz520520/railgun
• trailofbits/vscode-weaudit
  • Create code bookmarks and code highlights with a click.
• lobehub/lobe-chat
  • 🤯 Lobe Chat - an open-source, modern-design LLMs/AI chat framework. Supports Multi AI Providers( OpenAI / Claude 3 / Gemini / Ollama / Bedrock / Azure / Mistral / Perplexity ), Multi-Modals (Vision/TTS) and plugin system. One-click FREE deployment of your private ChatGPT chat application.
• LyleMi/Learn-Web-Hacking
  • Study Notes For Web Hacking / Web安全学习笔记
• satan1a/TheRoadOfSO
  • 学习安全运营的记录 | The knowledge base of security operation
• projectdiscovery/katana
  • A next-generation crawling and spidering framework.
• wgpsec/ENScan_GO
  • 一款基于各大企业信息API的工具，解决在遇到的各种针对国内企业信息收集难题。一键收集控股公司ICP备案、APP、小程序、微信公众号等信息聚合导出。
• chaitin/rad
• maurosoria/dirsearch
  • Web path scanner
• obheda12/GitDorker
  • A Python program to scrape secrets from GitHub through usage of a large repository of dorks.
• FeeiCN/GSIL
  • GitHub Sensitive Information Leakage（GitHub敏感信息泄露监控）
• sensepost/gowitness
  • 🔍 gowitness - a golang, web screenshot utility using Chrome Headless
• synacktiv/QLinspector
  • Finding Java gadget chains with CodeQL
• owasp-amass/amass
  • In-depth attack surface mapping and asset discovery
• fransr/postMessage-tracker
  • A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon
• nickboucher/trojan-source
  • Trojan Source: Invisible Vulnerabilities
• tdragon6/Supershell
  • Supershell C2 远控平台，基于反向SSH隧道获取完全交互式Shell
• unjs/nitro
  • Next Generation Server Toolkit. Create web servers with everything you need and deploy them wherever you prefer.
• Everduin94/better-commits
  • A CLI for creating better commits following the conventional commits specification
• trailofbits/testing-handbook
  • Trail of Bits Testing Handbook
• trailofbits/semgrep-rules
  • Semgrep queries developed by Trail of Bits.
• yarrick/iodine
  • Official git repo for iodine dns tunnel
• apache/incubator-answer
  • A Q&A platform software for teams at any scales. Whether it's a community forum, help center, or knowledge management platform, you can always count on Apache Answer.
• SagerNet/sing-box
  • The universal proxy platform
• cncf/foundation
  • ☁️♮🏛 This repo contains several documents related to the operation of the CNCF. File non-technical issues related to CNCF here.
• nickvourd/Windows-Local-Privilege-Escalation-Cookbook
  • Windows Local Privilege Escalation Cookbook
• chainreactors/gogo
  • 面向红队的, 高度可控可拓展的自动化引擎
• bodhiye/paste
  • 代码便利贴，在线代码分享平台~
• codecrafters-io/build-your-own-x
  • Master programming by recreating your favorite technologies from scratch.
• char/noverify-hackery
  • Force-disabling the JVM bytecode verifier
• ExpLangcn/NucleiTP
  • 自动整合全网Nuclei的漏洞POC，实时同步更新最新POC！
• x-Ai/BurpSuite
  • Burp Suite loader version --> ∞
• HackTricks-wiki/hacktricks
  • Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
• ossf/scorecard
  • OpenSSF Scorecard - Security health metrics for Open Source
• ossf/malicious-packages
  • A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerability (OSV) format.
• jetify-com/devbox
  • Instant, easy, and predictable development environments
• scopt/scopt
  • command line options parsing for Scala
• protocolbuffers/protobuf
  • Protocol Buffers - Google's data interchange format
• practical-tutorials/project-based-learning
  • Curated list of project-based tutorials
• xhycccc/Struts2-Vuln-Demo
  • Struts2漏洞实例源码
• ossf/alpha-omega
  • Our mission is to catalyze sustainable improvements to critical open source software projects and ecosystems.
• advanced-security/codeql-queries
  • [Deprecated] GitHub's Field Team's CodeQL Custom Queries, Suites, and Configurations. See GitHubSecurityLab/CodeQL-Community-Packs instead
• ossf/criticality_score
  • Gives criticality score for an open source project
• github/codeql-dubbo-workshop
• koekeishiya/yabai
  • A tiling window manager for macOS based on binary space partitioning
• 0xdea/semgrep-rules
  • A collection of my Semgrep rules to facilitate vulnerability research.
• github/codeql-action
  • Actions for running CodeQL analysis
• apache/tinkerpop
  • Apache TinkerPop - a graph computing framework
• ShiftLeftSecurity/overflowdb-codegen
• cytoscape/cytoscape.js
  • Graph theory (network) library for visualisation and analysis
• ShiftLeftSecurity/overflowdb
  • ShiftLeft OverflowDB
• plume-oss/plume
  • Plume is a code representation benchmarking library with options to extract the AST from Java bytecode and store the result in various graph databases.
• ShiftLeftSecurity/codepropertygraph
  • Code Property Graph: specification, query language, and utilities
• fmbenhassine/jql
  • Java code analysis and linting with SQL
• INRIA/spoon
  • Spoon is a metaprogramming library to analyze and transform Java source code. 🥄 is made with ❤️, 🍻 and ✨. It parses source files to build a well-designed AST with powerful analysis and transformation API.
• find-sec-bugs/find-sec-bugs
  • The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
• spotbugs/spotbugs
  • SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.
• joernio/joern
  • Open-source code analysis platform for C/C++/Java/Binary/Javascript/Python/Kotlin based on code property graphs. Discord https://discord.gg/vv4MH284Hc
• GetStream/Winds
  • A Beautiful Open Source RSS & Podcast App Powered by Getstream.io
• yang991178/fluent-reader
  • Modern desktop RSS reader built with Electron, React, and Fluent UI
• go-gost/gost
  • GO Simple Tunnel - a simple tunnel written in golang
• devsecopsguides/devsecopsguides.github.io
  • DevSecOpsGuides
• vulncheck-oss/go-exploit
  • A Go-based Exploit Framework
• ginuerzh/gost
  • GO Simple Tunnel - a simple tunnel written in golang
• Osmose/firefox-cert-override
  • Python library and CLI for reading and writing cert_override.txt files.
• zerotier/zeronsd
  • A DNS server for ZeroTier users
• jassics/security-study-plan
  • Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...
• sottlmarek/DevSecOps
  • Ultimate DevSecOps library
• caddyserver/caddy
  • Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS
• BuilderIO/gpt-crawler
  • Crawl a site to generate knowledge files to create your own custom GPT from a URL
• Jonnyan404/zerotier-planet
  • 一分钟自建zerotier-planet
• ZhuriLab/Yi
  • 项目监控工具 以及 Codeql 自动运行
• ticarpi/jwt_tool
  • 🐍 A toolkit for testing, tweaking and cracking JSON Web Tokens
• rwv/docker-zerotier-moon
  • 🐳 A docker image to create ZeroTier moon in one step.
• wangyu-/udp2raw
  • A Tunnel which Turns UDP Traffic into Encrypted UDP/FakeTCP/ICMP Traffic by using Raw Socket,helps you Bypass UDP FireWalls(or Unstable UDP Environment)
• kmahyyg/ztncui-aio
  • Licensed Under AGPL v3
• librespeed/speedtest
  • Self-hosted Speed Test for HTML5 and more. Easy setup, examples, configurable, mobile friendly. Supports PHP, Node, Multiple servers, and more
• zerotier/ZeroTierOne
  • A Smart Ethernet Switch for Earth
• auth0/docs
  • Auth0 documentation
• silentsignal/rsa_sign2n
  • Deriving RSA public keys from message-signature pairs
• wallarm/jwt-secrets
• Cryin/JavaID
  • java source code static code analysis and danger function identify prog
• danuk/k8s-webdav
  • Kubernetes Helm chart for WebDav
• web-platform-tests/wpt
  • Test suites for Web platform specs — including WHATWG, W3C, and others
• bagder/docs
  • Internet protocols and tools related documentation
• jbranchaud/til
  • 📝 Today I Learned
• microsoft/inshellisense
  • IDE style command line auto complete
• hakluke/hakrevdns
  • Small, fast tool for performing reverse DNS lookups en masse.
• hahwul/DevSecOps
  • ♾️ Collection and Roadmap for everyone who wants DevSecOps. Hope your DevOps are more safe 😎
• neo4j-examples/movies-java-spring-data-neo4j
  • Neo4j Movies Example with Spring Data Neo4j
• noidsirius/SootTutorial
  • A step-by-step tutorial for Soot (a Java static analysis framework)
• PortSwigger/turbo-intruder
  • Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
• coredns/coredns
  • CoreDNS is a DNS server that chains plugins
• bitnami/charts
  • Bitnami Helm Charts
• pascal-lab/Tai-e
  • An easy-to-learn/use static analysis framework for Java
• knownsec/KCon
  • KCon is a famous Hacker Con powered by Knownsec Team.
• rancher/local-path-provisioner
  • Dynamically provisioning persistent local storage with Kubernetes
• oracle/oci-cloud-controller-manager
  • Kubernetes Cloud Controller Manager implementation for Oracle Cloud Infrastructure
• TideSec/TideFinger_Go
  • 一个Go版(更强大)的TideFinger指纹识别工具，可对web和主机指纹进行识别探测，整合梳理互联网指纹2.3W余条，在效率和指纹覆盖面方面进行了平衡和优化。
• oracle/cluster-api-provider-oci
  • Kubernetes Cluster API Provider for Oracle Cloud Infrastructure
• chasays/newsletter-list
  • 有趣，免费的 newsletter，欢迎推荐
• flannel-io/flannel
  • flannel is a network fabric for containers, designed for Kubernetes
• projectcalico/calico
  • Cloud native networking and network security
• containernetworking/cni
  • Container Network Interface - networking for Linux containers
• kantega/notsoserial
  • Java Agent which mitigates deserialisation attacks by making certain classes unserializable
• n0a/telegram-get-remote-ip
  • Get IP address on other side audio call in Telegram.
• aquasecurity/kube-bench
  • Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark
• zfdang/Android-Touch-Helper
  • 开屏跳过-安卓系统的开屏广告自动跳过助手
• ansible/ansible
  • Ansible is a radically simple IT automation platform that makes your applications and systems easier to deploy and maintain. Automate everything from code deployment to network configuration to cloud management, in a language that approaches plain English, using SSH, with no agents to install on remote systems. https://docs.ansible.com.
• honeytrap/honeytrap
  • Advanced Honeypot framework.
• telekom-security/tpotce
  • 🍯 T-Pot - The All In One Multi Honeypot Platform 🐝
• containerd/containerd
  • An open and reliable container runtime
• Feysh-Group/corax-community
  • Corax for Java: A general static analysis framework for java code checking.
• seal-io/walrus
  • Walrus is an open-source application management platform based on IaC tools including OpenTofu, Terraform and others. It helps platform engineers build golden paths for developers and empowers developers with self-service capabilities.
• kubernetes-sigs/kubespray
  • Deploy a Production Ready Kubernetes Cluster
• c0ny1/FastjsonExploit
  • Fastjson vulnerability quickly exploits the framework（fastjson漏洞快速利用框架）
• safe6Sec/Fastjson
  • Fastjson姿势技巧集合
• orangetw/My-Presentation-Slides
  • Collections of Orange Tsai's public presentation slides.
• WebGoat/WebGoat
  • WebGoat is a deliberately insecure application
• kamranahmedse/developer-roadmap
  • Interactive roadmaps, guides and other educational content to help developers grow in their careers.
• wala/WALA
  • T.J. Watson Libraries for Analysis, with frontends for Java, Android, and JavaScript, and may common static program analyses
• soot-oss/SootUp
  • A new version of Soot with a completely overhauled architecture
• AdguardTeam/AdGuardHome
  • Network-wide ads & trackers blocking DNS server
• typecho/typecho
  • A PHP Blogging Platform. Simple and Powerful.
• mipmip/github-action-markdown-link-extract-to-json
  • Extracts link from a section inside a markdown file and stores them into a json file
• j3ers3/Hello-Java-Sec
  • ☕️ Java Security，安全编码和代码审计
• jeecgboot/jeecg-boot
  • 🔥「企业级低代码平台」前后端分离架构SpringBoot 2.x/3.x，SpringCloud，Ant Design&Vue，Mybatis，Shiro，JWT。强大的代码生成器让前后端代码一键生成，无需写任何代码! 引领新的开发模式OnlineCoding->代码生成->手工MERGE，帮助Java项目解决70%重复工作，让开发更关注业务，既能快速提高效率，帮助公司节省成本，同时又不失灵活性。
• hacklcx/HFish
  • 安全、可靠、简单、免费的企业级蜜罐
• joonspk-research/generative_agents
  • Generative Agents: Interactive Simulacra of Human Behavior
• mgeeky/Penetration-Testing-Tools
  • A collection of more than 170+ tools, scripts, cheatsheets and other loots that I've developed over years for Red Teaming/Pentesting/IT Security audits purposes.
• tsl0922/ttyd
  • Share your terminal over the web
• novnc/websockify
  • Websockify is a WebSocket to TCP proxy/bridge. This allows a browser to connect to any application/server/service.
• moonD4rk/HackBrowserData
  • Extract and decrypt browser data, supporting multiple data types, runnable on various operating systems (macOS, Windows, Linux).
• umijs/dumi
  • 📖 Static Site Generator for component library development
• vastxie/Happy-ChatGPT
  • ChatGPT 国粹版，和 GPT 一起学习地道的**话吧
• j2ekim/Pentest_Project
  • 整理渗透测试、内网渗透、应急响应、密码字典、漏洞库、代码审计、渗透测试面试题相关项目
• projectdiscovery/nuclei
  • Fast and customizable vulnerability scanner based on simple YAML based DSL.
• ossf/fuzz-introspector
  • Fuzz Introspector -- introspect, extend and optimise fuzzers
• kyo-w/router-router
  • Java web路由内存分析工具
• snyk/aether-demo
  • Aether project repository (aether-demo)
• fatedier/frp
  • A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
• tom0li/collection-document
  • Collection of quality safety articles. Awesome articles.
• LGUG2Z/komorebi
  • A tiling window manager for Windows 🍉
• netmikey/mvncloner
  • Clone / mirror all or part of a remote maven repository into another one
• yaklang/yaklang
  • A programming language exclusively designed for cybersecurity
• arangodb/arangodb
  • 🥑 ArangoDB is a native multi-model database with flexible data models for documents, graphs, and key-values. Build high performance applications using a convenient SQL-like query language or JavaScript extensions.
• sonatype/nexus-public
  • Sonatype Nexus Repository Open-source codebase mirror
• xl7dev/WebShell
  • Webshell && Backdoor Collection
• jar-analyzer/jar-analyzer-v1-cli
  • 本项目可以把一个或多个Jar包构建成数据库，用户连接数据库后通过SQL语句任意搜索需要的内容，例如类和方法信息，方法调用关系等
• CVEProject/cvelist
  • Pilot program for CVE submission through GitHub. CVE Record Submission via Pilot PRs ending 6/30/2023
• google/deps.dev
  • Resources for the deps.dev API
• buresdv/Cork
  • A fast GUI for Homebrew written in SwiftUI
• huggingface/transformers
  • 🤗 Transformers: State-of-the-art Machine Learning for Pytorch, TensorFlow, and JAX.
• JoyChou93/java-sec-code
  • Java web common vulnerabilities and security code which is base on springboot and spring security
• libin9iOak/ja-netfilter-all
• DeltaJordan/BotW-Save-Manager
  • BOTW Save Manager for Switch and Wii U
• zserge/awfice
  • The world smallest office suite
• blabla1337/skf-flask
  • Security Knowledge Framework (SKF) Python Flask / Angular project
• apache/seatunnel
  • SeaTunnel is a next-generation super high-performance, distributed, massive data integration tool.
• mheath/netty-mysql-codec
  • A Netty Codec for the MySQL/MariaDB protocol
• hoverbike1/TOTK-Mods-collection
  • Mod repo for TOTK on Yuzu emulator.
• chaitin/xpoc
  • 为供应链漏洞扫描设计的快速应急响应工具 [快速应急] [漏洞扫描] [端口扫描] [xray2.0进行时] A fast emergency response tool designed for supply chain vulnerability scanning.
• mysql/mysql-connector-python
  • MySQL Connector/Python is implementing the MySQL Client/Server protocol completely in Python. No MySQL libraries are needed, and no compilation is necessary to run this Python DB API v2.0 compliant driver. Documentation & Download: http://dev.mysql.com/doc/connector-python/en
• xelabs/go-mysqlstack
  • MySQL protocol library implementing in Go (golang)
• Gifts/Rogue-MySql-Server
  • Rogue MySql Server
• fnmsd/MySQL_Fake_Server
  • MySQL Fake Server use to help MySQL Client File Reading and JDBC Client Java Deserialize
• su18/JDBC-Attack
  • JDBC Connection URL Attack
• ncipollo/release-action
  • An action which manages a github release
• mikepenz/release-changelog-builder-action
  • A GitHub action that builds your release notes / changelog fast, easy and exactly the way you want.
• trganda/obsidian-attachment-management
  • Attachment Management of Obsidian
• aquasecurity/trivy
  • Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
• sindresorhus/awesome-chatgpt
  • 🤖 Awesome list for ChatGPT — an artificial intelligence chatbot developed by OpenAI
• Enveloppe/obsidian-enveloppe
  • Enveloppe helps you to publish your notes on a GitHub repository from your Obsidian Vault, for free!
• caido/caido
  • 🚀 Caido releases, wiki and roadmap
• microsoft/ML-For-Beginners
  • 12 weeks, 26 lessons, 52 quizzes, classic Machine Learning for all
• ast-grep/ast-grep
  • ⚡A CLI tool for code structural search, lint and rewriting. Written in Rust
• Mr-xn/BLACKHAT_Asia2023
  • Black Hat Asia 2023 PDF Public
• yaklang/yakit
  • Cyber Security ALL-IN-ONE Platform
• ozntel/oz-clear-unused-images-obsidian
  • Obsidian plugin to clear the images that are not used in note files anymore
• RUCAIBox/LLMSurvey
  • The official GitHub page for the survey paper "A Survey of Large Language Models".
• jamiebrynes7/obsidian-todoist-plugin
  • Materialize Todoist tasks in Obsidian notes
• jackyzha0/quartz
  • 🌱 a fast, batteries-included static-site generator that transforms Markdown content into fully functional websites
• zzwlpx/JNDIExploit
  • A malicious LDAP server for JNDI injection attacks
• synercys/annotated_latex_equations
  • Examples of how to create colorful, annotated equations in Latex using Tikz.
• AnubisNekhet/AnuPpuccin
  • Personal theme for Obsidian
• slsa-framework/slsa-github-generator
  • Language-agnostic SLSA provenance generation for Github Actions
• in-toto/attestation
  • in-toto Attestation Framework
• DIYgod/RSSHub
  • 🧡 Everything is RSSible
• google/gvisor
  • Application Kernel for Containers
• google/oss-fuzz
  • OSS-Fuzz - continuous fuzzing for open source software.
• gobysec/Weblogic
  • WebLogic vulnerability exploration from beginner to expert.
• arch3rPro/Pentest-Windows
  • Windows11 Penetration Suite Toolkit 一个开箱即用的windows渗透测试环境
• AstroNvim/AstroNvim
  • AstroNvim is an aesthetic and feature-rich neovim config that is extensible and easy to use with a great set of plugins
• greshake/llm-security
  • New ways of breaking app-integrated LLMs
• Stability-AI/StableLM
  • StableLM: Stability AI Language Models
• hyprwm/Hyprland
  • Hyprland is a highly customizable dynamic tiling Wayland compositor that doesn't sacrifice on its looks.
• kessejones/term.nvim
  • A neovim plugin to open terminal in floating window.
• chaitin/SafeLine
  • A web security gateway, serve as a reverse proxy to protect your websites from attacks and exploits.
• microsoft/DeepSpeed
  • DeepSpeed is a deep learning optimization library that makes distributed training and inference easy, efficient, and effective.
• guacsec/guac
  • GUAC aggregates software security metadata into a high fidelity graph database.
• connordeckers/tmux-navigator.nvim
  • Inspired by christoomey/vim-tmux-navigator, and built with Lua.
• mermaid-js/mermaid
  • Generation of diagrams like flowcharts or sequence diagrams from text in a similar manner as markdown
• Crossbell-Box/xLog
  • 🪽 An open-source creative community written on the blockchain.
• microsoft/JARVIS
  • JARVIS, a system to connect LLMs with ML community. Paper: https://arxiv.org/pdf/2303.17580.pdf
• xworldcraft/jq-live
  • Support using jq command in vscode and support live show result.
• warpdotdev/Warp
  • Warp is a modern, Rust-based terminal with AI built in so you and your team can build great software, faster.
• THUDM/GLM-130B
  • GLM-130B: An Open Bilingual Pre-Trained Model (ICLR 2023)
• nomic-ai/gpt4all
  • gpt4all: run open-source LLMs anywhere
• binary-husky/gpt_academic
  • 为GPT/GLM等LLM大语言模型提供实用化交互接口，特别优化论文阅读/润色/写作体验，模块化设计，支持自定义快捷按钮&函数插件，支持Python和C++等项目剖析&自译解功能，PDF/LaTex论文翻译&总结功能，支持并行问询多种LLM模型，支持chatglm3等本地模型。接入通义千问, deepseekcoder, 讯飞星火, 文心一言, llama2, rwkv, claude2, moss等。
• lwch/natpass
  • 🔥居家办公，远程开发神器
• sashabaranov/go-openai
  • OpenAI ChatGPT, GPT-3, GPT-4, DALL·E, Whisper API wrapper for Go
• mautrix/go
  • A Golang Matrix framework.
• pac4j/pac4j
  • Security engine for Java (authentication, authorization, multi frameworks): OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...
• epinna/tplmap
  • Server-Side Template Injection and Code Injection Detection and Exploitation Tool
• nkanaev/yarr
  • yet another rss reader
• rmb122/rogue_mysql_server
  • A rouge mysql server supports reading files from most mysql libraries of multiple programming languages.
• reewardius/bbFuzzing.txt
• NH-RED-TEAM/RustHound
  • Active Directory data collector for BloodHound written in Rust. 🦀
• TalEliyahu/awesome-security-newsletters
  • Periodic cyber security newsletters that capture the latest news, summaries of conference talks, research, best practices, tools, events, vulnerabilities, and analysis of trending threats and attacks
• A-poc/BlueTeam-Tools
  • Tools and Techniques for Blue Team / Incident Response
• teamssix/awesome-cloud-security
  • awesome cloud security 收集一些国内外不错的云安全资源，该项目主要面向国内的安全人员
• x1337loser/Dependency-Confusion
  • All About Dependency Confusion Attack, (Detecting, Finding, Mitigating)
• anchore/syft
  • CLI tool and library for generating a Software Bill of Materials from container images and filesystems
• ffuf/ffuf
  • Fast web fuzzer written in Go
• trickster0/OffensiveRust
  • Rust Weaponization for Red Team Engagements.
• LasCC/HackTools
  • The all-in-one browser extension for offensive security professionals 🛠
• google/comprehensive-rust
  • This is the Rust course used by the Android team at Google. It provides you the material to quickly teach Rust.
• CoolerVoid/codecat
  • CodeCat is an open-source tool to help you find/track user input sinks and security bugs using static code analysis. These points follow regex rules. Beta version.
• HackJava/HackJava
  • 《Java安全-只有Java安全才能拯救宇宙》Only Java Security Can Save The Universe.
• mastodon/mastodon
  • Your self-hosted, globally interconnected microblogging community
• corkami/pics
  • File formats dissections and more...
• kleiton0x00/Advanced-SQL-Injection-Cheatsheet
  • A cheat sheet that contains advanced queries for SQL Injection of all types.
• google/osv-scanner
  • Vulnerability scanner written in Go which uses the data provided by https://osv.dev
• raphw/byte-buddy
  • Runtime code generation for the Java virtual machine.
• projectnessie/cel-java
  • Common Expression Language for Java
• bytedance/Elkeid
  • Elkeid is an open source solution that can meet the security requirements of various workloads such as hosts, containers and K8s, and serverless. It is derived from ByteDance's internal best practices.
• qazbnm456/awesome-web-security
  • 🐶 A curated list of Web Security materials and resources.
• coteditor/CotEditor
  • Lightweight Plain-Text Editor for macOS
• tw93/MiaoYan
  • ⛷ Lightweight Markdown app to help you write great sentences. ⛷ 轻灵的 Markdown 笔记本伴你写出妙言
• Tikam02/DevOps-Guide
  • DevOps Guide - Development to Production all configurations with basic notes to debug efficiently.
• PKUFlyingPig/cs-self-learning
  • 计算机自学指南
• urbanadventurer/WhatWeb
  • Next generation web scanner
• hudangwei/codemillx
  • codemillx is a tool for CodeQL, extract the comments in the code and generate codeql module. 强化Go开源项目安全检测(内含开源项目漏洞挖掘方法)
• trailofbits/vast
  • VAST is an experimental compiler pipeline designed for program analysis of C and C++. It provides a tower of IRs as MLIR dialects to choose the best fit representations for a program analysis or further program abstraction.
• csujedihy/proximac
  • An open-source alternative to proxifier
• ElegantLaTeX/ElegantPaper
  • Elegant LaTeX Template for Working Papers
• souffle-lang/souffle
  • Soufflé is a variant of Datalog for tool designers crafting analyses in Horn clauses. Soufflé synthesizes a native parallel C++ program from a logic specification.
• OWASP/crAPI
  • completely ridiculous API (crAPI)
• zadam/trilium
  • Build your personal knowledge base with Trilium Notes
• NafisiAslH/KnowledgeSharing
• edoardottt/awesome-hacker-search-engines
  • A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
• ex0dus-0x/fuzzable
  • Framework for Automating Fuzzable Target Discovery with Static Analysis. Featured at Black Hat Arsenal USA 2022.
• cider-security-research/top-10-cicd-security-risks
• s0md3v/Arjun
  • HTTP parameter discovery suite.
• qtc-de/remote-method-guesser
  • Java RMI Vulnerability Scanner
• Mr-xn/BLACKHAT_USA2022
  • BLACKHAT USA2022 PDF Public
• w181496/Web-CTF-Cheatsheet
  • Web CTF CheatSheet 🐈
• jenv/jenv
  • Manage your Java environment
• Caplost/PHP-extensions-learning-document
  • 个人学习php扩展做的一些小总结。可能会有不少错误。希望给大伙提供一个辅助的作用。
• tadwhitaker/Security_Engineer_Interview_Questions
  • Every Security Engineer Interview Question From Glassdoor.com
• gmh5225/awesome-game-security
  • awesome game security [Welcome to PR]
• akullpp/awesome-java
  • A curated list of awesome frameworks, libraries and software for the Java programming language.
• DependencyTrack/dependency-track
  • Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
• java-native-access/jna
  • Java Native Access
• Col-E/Recaf
  • The modern Java bytecode editor
• ax1sX/SecurityList
  • A list for Web Security and Code Audit
• golang/vulndb
  • [mirror] The Go Vulnerability Database
• neargle/my-re0-k8s-security
  • [WIP] 整理过去的分享，从零开始的Kubernetes攻防 🧐
• MisterBooo/LeetCodeAnimation
  • Demonstrate all the questions on LeetCode in the form of animation.（用动画的形式呈现解LeetCode题目的思路）
• hluk/CopyQ
  • Clipboard manager with advanced features
• antonio-morales/Fuzzing101
  • An step by step fuzzing tutorial. A GitHub Security Lab initiative
• RangerNJU/Static-Program-Analysis-Book
  • Getting started with static program analysis. 静态程序分析入门教程。
• RicoloveFeng/SPA-Freestyle-Guidance
  • 带你畅游《软件分析》
• veo/vscan
  • 开源、轻量、快速、跨平台 的网站漏洞扫描工具，帮助您快速检测网站安全隐患。功能 端口扫描(port scan) 指纹识别(fingerprint) 漏洞检测(nday check) 智能爆破 (admin brute) 敏感文件扫描(file fuzz)
• mandiant/route-sixty-sink
  • Link sources to sinks in C# applications.
• alexbieber/Bug_Bounty_writeups
  • BUG BOUNTY WRITEUPS - OWASP TOP 10 🔴🔴🔴🔴✔
• assetnote/jira-mobile-ssrf-exploit
  • Exploit code for Jira Mobile Rest Plugin SSRF (CVE-2022-26135)
• shadow1ng/fscan
  • 一款内网综合扫描工具，方便一键自动化、全方位漏扫扫描。
• Ormicron/chatViewTool
  • 基于Java实现的图形化微信聊天记录解密查看器
• veo/wsMemShell
  • WebSocket 内存马/Webshell，一种新型内存马/WebShell技术
• R0X4R/Garud
  • An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.
• Vineflower/vineflower
  • Modern Java decompiler aiming to be as accurate as possible, with an emphasis on output quality. Fork of the Fernflower decompiler.
• Coder-256/UnrealGPUPatcher
  • Patch out the GPU checks for any x86-64 macOS Unreal Engine-based game
• Ascotbe/Medusa
  • 🐈Medusa是一个红队武器库平台，目前包括XSS平台、协同平台、CVE监控、免杀生成、DNSLOG、钓鱼邮件、文件获取等功能，持续开发中
• xfiftyone/STS2G
  • Struts2漏洞扫描利用工具 - Golang版. Struts2 Scanner Written in Golang
• SexyBeast233/SecBooks
  • 安全类各家文库大乱斗
• cilium/ebpf
  • ebpf-go is a pure-Go library to read, modify and load eBPF programs and attach them to various hooks in the Linux kernel.
• x64dbg/x64dbg
  • An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
• hypn0s/AJPy
• shimohq/chinese-programmer-wrong-pronunciation
  • **程序员容易发音错误的单词
• molnarg/ascii-zip
  • A deflate compressor that emits compressed data that is in the [A-Za-z0-9] ASCII byte range.
• offensive-security/exploitdb-bin-sploits
  • The legacy Exploit Database repository - New repo located at https://gitlab.com/exploit-database/exploitdb-bin-sploits
• joaomatosf/JavaDeserH2HC
  • Sample codes written for the Hackers to Hackers Conference magazine 2017 (H2HC).
• go-telegram-bot-api/telegram-bot-api
  • Golang bindings for the Telegram Bot API
• TangBean/understanding-the-jvm
  • 《深入理解 Java 虚拟机》阅读笔记
• RongleXie/java-books-collections
  • 📚Java编程书籍收集分享。Java programming books collection to share.🚀
• TangBean/OnlineExecutor
  • 基于 Spring Boot 的在线 Java IDE
• javaparser/javaparser
  • Java 1-21 Parser and Abstract Syntax Tree for Java with advanced analysis functionalities.
• shining1984/PL-Compiler-Resource
  • 程序语言与编译技术相关资料（持续更新中）
• Marcono1234/codeql-jdk-docker
  • Unofficial Dockerfile and scripts for building CodeQL databases for the OpenJDK
• knownsec/404StarLink
  • 404StarLink - 推荐优质、有意义、有趣、坚持维护的安全开源项目
• CriticalPathSecurity/Public-Intelligence-Feeds
  • Standard-Format Threat Intelligence Feeds
• github/securitylab
  • Resources related to GitHub Security Lab
• BytecodeDL/ByteCodeDL
  • A declarative static analysis tool for jvm bytecode based Datalog like CodeQL
• JackOfMostTrades/gadgetinspector
  • A byte code analyzer for finding deserialization gadget chains in Java applications
• ikkisoft/SerialKiller
  • Look-Ahead Java Deserialization Library
• hdbreaker/ExploitingBooks
  • Reversing & Exploiting Books Collection
• excalidraw/excalidraw
  • Virtual whiteboard for sketching hand-drawn like diagrams
• triggerdotdev/jsonhero-web
  • JSON Hero is an open-source, beautiful JSON explorer for the web that lets you browse, search and navigate your JSON files at speed. 🚀. Built with 💜 by the Trigger.dev team.
• notkmhn/CVE-2022-21449-TLS-PoC
  • CVE-2022-21449 Proof of Concept demonstrating its usage with a client running on a vulnerable Java version and a malicious TLS server
• ryanoasis/nerd-fonts
  • Iconic font aggregator, collection, & patcher. 3,600+ icons, 50+ patched fonts: Hack, Source Code Pro, more. Glyph collections: Font Awesome, Material Design Icons, Octicons, & more
• ed-asriyan/lottie-converter
  • Converts Lottie Animations (.json / .lottie) and Telegram stickers (*.tgs) to GIF / PNG / APNG / WEBP / WEBM
• hakivvi/CVE-2022-29464
  • WSO2 RCE (CVE-2022-29464) exploit and writeup.
• golang-standards/project-layout
  • Standard Go Project Layout
• Al1ex/CVE-2020-17530
  • S2-061 CVE-2020-17530
• Wrin9/CVE-2021-31805
  • S2-062 (CVE-2021-31805) / S2-061 / S2-059 RCE
• threedr3am/learnjavabug
  • Java安全相关的漏洞和技术demo，原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security Manager绕过、Dubbo-Hessian2安全加固等等实践代码。
• l1nk3rlin/php_code_audit_project
  • 该项目用来记录，我用来练手的PHP代码审计项目。
• microsoft/playwright
  • Playwright is a framework for Web Testing and Automation. It allows testing Chromium, Firefox and WebKit with a single API.
• chromedp/chromedp
  • A faster, simpler way to drive browsers supporting the Chrome DevTools Protocol.
• tebeka/selenium
  • Selenium/Webdriver client for Go
• Le0nsec/SecCrawler
  • 一个方便安全研究人员获取每日安全日报的爬虫和推送程序，目前爬取范围包括先知社区、安全客、Seebug Paper、跳跳糖、奇安信攻防社区、棱角社区以及绿盟、腾讯玄武、天融信、360等实验室博客，持续更新中。
• matthiaskaiser/jmet
  • Java Message Exploitation Tool
• leibnitz27/cfr
  • This is the public repository for the CFR Java decompiler
• rhwayfun/spring-boot-learning-examples
  • Spring Boot工程实践，快速上手Spring Boot开发必备。最全的Spring Boot使用案例！
• misterch0c/shadowbroker
  • The Shadow Brokers "Lost In Translation" leak
• githubsatelliteworkshops/codeql
  • GitHub Satellite 2020 workshops on finding security vulnerabilities with CodeQL for Java/JavaScript.
• ja-netfilter/ja-netfilter
  • A javaagent framework
• Bashfuscator/Bashfuscator
  • A fully configurable and extendable Bash obfuscation framework. This tool is intended to help both red team and blue team.
• trganda/dockerv
  • Vulnerability Environment Build with Dockerfile -> Docker Hub
• osixia/docker-phpLDAPadmin
  • phpLDAPadmin container image 🐳🌴
• secretsquirrel/the-backdoor-factory
  • Patch PE, ELF, Mach-O binaries with shellcode new version in development, available only to sponsors
• 527515025/springBoot
  • springboot 框架与其它组件结合如 jpa、mybatis、websocket、security、shiro、cache等
• urfave/cli
  • A simple, fast, and fun package for building command line apps in Go
• Y4tacker/JavaSec
  • a rep for documenting my study, may be from 0 to 0.1
• apache/karaf
  • Mirror of Apache Karaf
• nomi-sec/PoC-in-GitHub
  • 📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
• Anduin2017/HowToCook
  • 程序员在家做饭方法指南。Programmer's guide about how to cook at home (Simplified Chinese only).
• jamf/CVE-2020-0796-RCE-POC
  • CVE-2020-0796 Remote Code Execution POC
• byoungd/English-level-up-tips
  • An advanced guide to learn English which might benefit you a lot 🎉 . 离谱的英语学习指南/英语学习教程。
• arthepsy/CVE-2021-4034
  • PoC for PwnKit: Local Privilege Escalation Vulnerability in polkit’s pkexec (CVE-2021-4034)
• Konloch/bytecode-viewer
  • A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)
• mstrobel/procyon
  • Procyon is a suite of Java metaprogramming tools, including a rich reflection API, a LINQ-inspired expression tree API for runtime code generation, and a Java decompiler.
• asticode/go-astilectron
  • Build cross platform GUI apps with GO and HTML/JS/CSS (powered by Electron)
• PowerShell/Win32-OpenSSH
  • Win32 port of OpenSSH
• estesp/manifest-tool
  • Command line tool to create and query container image manifest list/indexes
• 99designs/gqlgen
  • go generate based graphql server library
• apache/skywalking-java
  • The Java agent for Apache SkyWalking
• apache/skywalking
  • APM, Application Performance Monitoring System
• tklengyel/drakvuf
  • DRAKVUF Black-box Binary Analysis
• snyk/cli
  • Snyk CLI scans and monitors your projects for security vulnerabilities.
• snyk/zip-slip-vulnerability
  • Zip Slip Vulnerability (Arbitrary file write through archive extraction)
• sunface/rust-course
  • “连续六年成为全世界最受喜爱的语言，无 GC 也无需手动内存管理、极高的性能和安全性、过程/OO/函数式编程、优秀的包管理、JS 未来基石" — 工作之余的第二语言来试试 Rust 吧。<<Rust语言圣经>>拥有全面且深入的讲解、生动贴切的示例、德芙般丝滑的内容，甚至还有JS程序员关注的 WASM 和 Deno 等专题。这可能是目前最用心的 Rust 中文学习教程 / Book
• davisjam/vuln-regex-detector
  • Detect vulnerable regexes in your project. REDOS, catastrophic backtracking.
• HXSecurity/DongTai
  • Dongtai IAST is an open-source Interactive Application Security Testing (IAST) tool that enables real-time detection of common vulnerabilities in Java applications and third-party components through passive instrumentation. It is particularly suitable for use in the testing phase of the development pipeline.
• awesome-selfhosted/awesome-selfhosted
  • A list of Free Software network services and web applications which can be hosted on your own servers
• olist213/Information_Security_Books
  • 信息安全方面的书籍
• superhuman/rxxr2
• DrunkenShells/Disclosures
  • Public Disclosures
• wfus/WebAssembly-Taint
  • Implementing taint tracking in WebAssembly as a part of the V8 Javascript Engine.
• iluwatar/java-design-patterns
  • Design patterns implemented in Java
• wavestone-cdt/abaddon
• javaweb-sec/javaweb-sec
• lexburner/oauth2-demo
  • Re：从零开始的Spring Security Oauth2
• LandGrey/SpringBootVulExploit
  • SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 check list
• rabbitstack/fibratus
  • A modern tool for Windows kernel exploration and tracing with a focus on security
• 0x240x23elu/CVE-2020-28948-and-CVE-2020-28949
• scottrogowski/code2flow
  • Pretty good call graphs for dynamic languages
• peewpw/Invoke-PSImage
  • Encodes a PowerShell script in the pixels of a PNG file and generates a oneliner to execute
• eugenp/tutorials
  • Just Announced - "Learn Spring Security OAuth":
• pwntester/codeql_grehack_workshop
  • GreHack 2021 CodeQL for Java workshop
• linkedin/school-of-sre
  • At LinkedIn, we are using this curriculum for onboarding our entry-level talents into the SRE role.
• google/sanitizers
  • AddressSanitizer, ThreadSanitizer, MemorySanitizer
• semgrep/semgrep
  • Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
• welk1n/JNDI-Injection-Exploit
  • JNDI注入测试工具（A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc）
• SummerSec/ShiroAttack2
  • shiro反序列化漏洞综合利用,包含（回显执行命令/注入内存马）修复原版中NoCC的问题 https://github.com/j1anFen/shiro_attack
• kastellanos/CVE-2018-7602
• YfryTchsGD/Log4jAttackSurface
• Sh0ckFR/log4j-CVE-2021-44228-Public-IoCs
  • Public IoCs about log4j CVE-2021-44228
• NationalSecurityAgency/ghidra
  • Ghidra is a software reverse engineering (SRE) framework
• RedDrip7/Log4Shell_CVE-2021-44228_related_attacks_IOCs
• turben/poc
  • 漏洞复现以及poc
• adamyordan/cve-2019-1003000-jenkins-rce-poc
  • Jenkins RCE Proof-of-Concept: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative)
• GossiTheDog/HiveNightmare
  • Exploit allowing you to read registry hives as non-admin on Windows 10 and 11
• microsoft/restler-fuzzer
  • RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services.
• jasperla/CVE-2020-11651-poc
  • PoC exploit of CVE-2020-11651 and CVE-2020-11652
• github/vscode-codeql-starter
  • Starter workspace to use with the CodeQL extension for Visual Studio Code.
• silentsignal/WebSphere-WSIF-gadget
  • CVE-2020-4464 / CVE-2020-4450
• thewhiteh4t/cve-2020-10977
  • GitLab 12.9.0 Arbitrary File Read
• docker/buildx
  • Docker CLI plugin for extended build capabilities with BuildKit
• vadimcn/codelldb
  • A native debugger extension for VSCode based on LLDB
• Qihoo360/safe-rules
  • 详细的C/C++编程规范指南，由360质量工程部编著，适用于桌面、服务端及嵌入式软件系统。
• knqyf263/CVE-2021-3129
  • PoC for CVE-2021-3129 (Laravel)
• 0vercl0k/CVE-2021-31166
  • Proof of concept for CVE-2021-31166, a remote HTTP.sys use-after-free triggered remotely.
• x41sec/advisories
• laixintao/tokei-pie
  • Render tokei's output to interactive sunburst chart.
• RedTeamPentesting/CVE-2020-13935
  • Exploit for WebSocket Vulnerability in Apache Tomcat
• mogwailabs/mjet
  • MOGWAI LABS JMX exploitation toolkit
• Maskhe/CVE-2020-15148-bypasses
  • 几条关于CVE-2020-15148（yii2反序列化）的绕过
• soot-oss/soot
  • Soot - A Java optimization framework
• wh1t3p1g/tabby
  • A CAT called tabby ( Code Analysis Tool )
• github/codeql
  • CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
• docker/labs
  • This is a collection of tutorials for learning how to use Docker with various tools. Contributions welcome.
• cube0x0/CVE-2021-1675
  • C# and Impacket implementation of PrintNightmare CVE-2021-1675/CVE-2021-34527
• cckuailong/vulbase
  • 各大漏洞文库合集
• zhisheng17/flink-learning
  • flink learning blog. http://www.54tianzhisheng.cn/ 含 Flink 入门、概念、原理、实战、性能调优、源码解析等内容。涉及 Flink Connector、Metrics、Library、DataStream API、Table API & SQL 等内容的学习案例，还有 Flink 落地应用的大型项目案例（PVUV、日志存储、百亿数据实时去重、监控告警）分享。欢迎大家支持我的专栏《大数据实时计算引擎 Flink 实战与性能优化》
• chipik/SAP_EEM_CVE-2020-6207
  • PoC for CVE-2020-6207 (Missing Authentication Check in SAP Solution Manager)
• saltstack/salt
  • Software to automate the management and configuration of any infrastructure or application at scale. Get access to the Salt software package repository here:
• github/codeql-cli-binaries
  • Binaries for the CodeQL CLI
• Security-Onion-Solutions/securityonion
  • Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, and case management. It also includes other tools such as Playbook, osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, and Zeek.
• YinWC/2021hvv_vul
  • 2021hvv漏洞汇总
• Al1ex/CVE-2021-22205
  • CVE-2021-22205& GitLab CE/EE RCE
• convisolabs/CVE-2021-22204-exiftool
  • Python exploit for the CVE-2021-22204 vulnerability in Exiftool
• OneSecCyber/JPEG_RCE
  • Exiftool bug which leads to RCE
• Ridter/CVE-2019-1040
  • CVE-2019-1040 with Exchange
• Ridter/Intranet_Penetration_Tips
  • 2018年初整理的一些内网渗透TIPS，后面更新的慢，所以整理出来希望跟小伙伴们一起更新维护~
• payloadbox/xxe-injection-payload-list
  • 🎯 XML External Entity (XXE) Injection Payload List
• alsotang/node-lessons
  • 📕《Node.js 包教不包会》 by alsotang
• SummerSec/learning-codeql
  • CodeQL Java 全网最全的中文学习资料
• proudwind/struts2_vulns
  • Struts2 vuln env
• motikan2010/CVE-2020-5398
  • CVE-2020-5398 - RFD(Reflected File Download) Attack for Spring MVC
• wuyouzhuguli/SpringAll
  • 循序渐进，学习Spring Boot、Spring Boot & Shiro、Spring Batch、Spring Cloud、Spring Cloud Alibaba、Spring Security & Spring Security OAuth2，博客Spring系列源码：https://mrbird.cc
• 0x727/SpringBootExploit
  • 项目是根据LandGrey/SpringBootVulExploit清单编写，目的hvv期间快速利用漏洞、降低漏洞利用门槛。
• yaunsky/CVE-2020-13937
  • Apache Kylin API未授权访问漏洞;CVE-2020-13937;Apache Kylin漏洞
• Al1ex/CVE-2020-13937
  • Apache Kylin API Unauthorized Access
• jweny/shiro-cve-2020-17523
  • shiro-cve-2020-17523 漏洞的两种绕过姿势分析 以及配套的漏洞环境
• ForbiddenProgrammer/CVE-2021-21315-PoC
  • CVE 2021-21315 PoC
• PetrusViet/CVE-2021-39115
  • Template Injection in Email Templates leads to code execution on Jira Service Management Server
• salesforce/ja3
  • JA3 is a standard for creating SSL client fingerprints in an easy to produce and shareable way.
• duc-nt/RCE-0-day-for-GhostScript-9.50
  • RCE 0-day for GhostScript 9.50 - Payload generator
• fofapro/vulfocus
  • 🚀Vulfocus 是一个漏洞集成平台，将漏洞环境 docker 镜像，放入即可使用，开箱即用。
• sanigo/books
• NickstaDB/SerializationDumper
  • A tool to dump Java serialization streams in a more human readable form.
• S3cur3Th1sSh1t/WinPwn
  • Automation for internal Windows Penetrationtest / AD-Security
• pwnesia/dnstake
  • DNSTake — A fast tool to check missing hosted DNS zones that can lead to subdomain takeover
• ORCA666/EVA2
  • Another version of EVA using anti-debugging techs && using Syscalls
• kovidgoyal/kitty
  • Cross-platform, fast, feature-rich, GPU based terminal
• benoitc/http-parser
  • HTTP request/response parser for python in C
• mattn/go-sqlite3
  • sqlite3 driver for go using database/sql
• sqlitebrowser/sqlitebrowser
  • Official home of the DB Browser for SQLite (DB4S) project. Previously known as "SQLite Database Browser" and "Database Browser for SQLite". Website at:
• woodpecker-framework/woodpecker-framework-release
  • 高危漏洞精准检测与深度利用框架
• GrrrDog/Java-Deserialization-Cheat-Sheet
  • The cheat sheet about Java Deserialization vulnerabilities
• pwntester/ysoserial.net
  • Deserialization payload generator for a variety of .NET formatters
• youngyangyang04/leetcode-master
  • 《代码随想录》LeetCode 刷题攻略：200道经典题目刷题顺序，共60w字的详细图解，视频难点剖析，50余张思维导图，支持C++，Java，Python，Go，JavaScript等多语言版本，从此算法学习不再迷茫！🔥🔥 来看看，你会发现相见恨晚！🚀
• halfrost/LeetCode-Go
  • ✅ Solutions to LeetCode by Go, 100% test coverage, runtime beats 100% / LeetCode 题解
• aalhour/awesome-compilers
  • 😎 Curated list of awesome resources on Compilers, Interpreters and Runtimes
• DoctorWkt/acwj
  • A Compiler Writing Journey
• greyireland/algorithm-pattern
  • 算法模板，最科学的刷题方式，最快速的刷题路径，你值得拥有~
• longld/peda
  • PEDA - Python Exploit Development Assistance for GDB
• rastersoft/autovala
  • A program that automatically generates CMake and Meson configuration files for your Vala project
• Qv2ray/Qv2ray
  • ⭐ Linux / Windows / macOS 跨平台 V2Ray 客户端 | 支持 VMess / VLESS / SSR / Trojan / Trojan-Go / NaiveProxy / HTTP / HTTPS / SOCKS5 | 使用 C++ / Qt 开发 | 可拓展插件式设计 ⭐
• mandiant/red_team_tool_countermeasures
• ToruNiina/toml11
  • TOML for Modern C++
• sass/dart-sass
  • The reference implementation of Sass, written in Dart.
• Candinya/Kratos-Rebirth
  • 一个可爱而现代的 Hexo 主题
• gonzaarcr/Fildem
  • Fildem global menu
• MathewSachin/Captura
  • Capture Screen, Audio, Cursor, Mouse Clicks and Keystrokes
• chjj/compton
  • A compositor for X11.
• taielab/Taie-Bugbounty-killer
  • 挖掘国内外漏洞平台必备的自动化捡钱赏金技巧，看了并去做了捡钱如喝水。
• bfritscher/carnac
  • A utility to give some insight into how you use your keyboard
• justinfrankel/licecap
  • LICEcap simple animated screen capture tool for Windows and OS X
• a3vilc0de/PentesterSpecialDict
  • Dictionary sets often used in penetration testing work , 渗透测试工作中经常使用的字典集。
• dillonzq/LoveIt
  • ❤️A clean, elegant but advanced blog theme for Hugo 一个简洁、优雅且高效的 Hugo 主题
• beefproject/beef
  • The Browser Exploitation Framework Project
• DavidBuchanan314/dlinject
  • Inject a shared library (i.e. arbitrary code) into a live linux process, without ptrace
• LoRexxar/Kunlun-M
  • KunLun-M是一个完全开源的静态白盒扫描工具，支持PHP、JavaScript的语义扫描，基础安全、组件安全扫描，Chrome Ext\Solidity的基础扫描。
• FeeiCN/Cobra
  • Source Code Security Audit (源代码安全审计)
• CHYbeta/Web-Security-Learning
  • Web-Security-Learning
• m57/dnsteal
  • DNS Exfiltration tool for stealthily sending files over DNS requests.
• threedr3am/gadgetinspector
  • 一个利用ASM对字节码进行污点传播分析的静态代码审计应用（添加了大量代码注释，适合大家进行源码学习）。也加入了挖掘Fastjson反序列化gadget chains和SQLInject（JdbcTemplate、MyBatis、JPA、Hibernate、原生jdbc等）静态检测功能。并且加入了很多功能以方便进行漏洞自动化挖掘。
• mbechler/marshalsec
• gohugoio/hugo
  • The world’s fastest framework for building websites.
• zhangkaitao/shiro-example
  • 跟我学Shiro（我的公众号：kaitao-1234567，我的新书：《亿级流量网站架构核心技术》）
• vulhub/vulhub
  • Pre-Built Vulnerable Environments Based on Docker-Compose
• iwanttobefreak/docker-weblogic1036
• paralax/awesome-honeypots
  • an awesome list of honeypot resources
• ph4ntonn/Stowaway
  • 👻Stowaway -- Multi-hop Proxy Tool for pentesters
• joewalnes/websocketd
  • Turn any program that uses STDIN/STDOUT into a WebSocket server. Like inetd, but for WebSockets.
• 7hang/--Java
  • 代码审计知识点整理-Java
• LandGrey/webshell-detect-bypass
  • 绕过专业工具检测的Webshell研究文章和免杀的Webshell
• adonovan/gopl.io
  • Example programs from "The Go Programming Language"
• SFML/SFML
  • Simple and Fast Multimedia Library
• amhndu/SimpleNES
  • An NES emulator in C++
• beefsack/webify
  • Turn shell commands into web services
• frohoff/ysoserial
  • A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
• golang-china/gopl-zh
  • 📚 Go语言圣经中文版
• gobysec/Goby
  • Attack surface mapping
• SummerSec/JavaLearnVulnerability
  • Java漏洞学习笔记 Deserialization Vulnerability
• knownsec/404StarLink-Project
  • Focus on promoting the evolution of tools in different aspects of security research.专注于推动安全研究各个领域工具化.(项目收录逐步迁移至 https://github.com/knownsec/404StarLink)
• cglib/cglib
  • cglib - Byte Code Generation Library is high level API to generate and transform Java byte code. It is used by AOP, testing, data access frameworks to generate dynamic proxy objects and intercept field access.
• knownsec/ksubdomain
  • 无状态子域名爆破工具
• mi1k7ea/My-Security-Small-Tools
  • My Security Small Tools. The project is updated from time to time.
• zhuifengshaonianhanlu/pikachu
  • 一个好玩的Web安全-漏洞测试平台
• github/archive-program
  • The GitHub Archive Program & Arctic Code Vault
• BeichenDream/Godzilla
  • 哥斯拉
• tbeu/matio
  • MATLAB MAT File I/O Library
• aemkei/jsfuck
  • Write any JavaScript with 6 Characters: !+
• cn-panda/JavaCodeAudit
  • Getting started with java code auditing 代码审计入门的小项目
• MoLeft/WebKnife
  • 一个全AJAX的php程序安全测试程序
• wireghoul/dotdotpwn
  • DotDotPwn - The Directory Traversal Fuzzer
• Snailclimb/JavaGuide
  • 「Java学习+面试指南」一份涵盖大部分 Java 程序员所需要掌握的核心知识。准备 Java 面试，首选 JavaGuide！
• winterbe/java8-tutorial
  • Modern Java - A Guide to Java 8
• webanalyzer/rules
  • 通用的指纹识别规则
• shmilylty/OneForAll
  • OneForAll是一款功能强大的子域收集工具
• TheRook/subbrute
  • A DNS meta-query spider that enumerates DNS records, and subdomains.
• pmiaowu/BurpShiroPassiveScan
  • 一款基于BurpSuite的被动式shiro检测插件
• w-digital-scanner/w13scan
  • Passive Security Scanner (被动式安全扫描器)
• jmdx/TLS-poison
• LCTT/TranslateProject
  • Linux**翻译项目
• Maskhe/javasec
  • 自己学习java安全的一些总结，主要是安全审计相关
• CleverProgrammers/tiktok-clone
  • A clone of TikTok built by Sonny & Qazi 👉 https://tik-tok-clone-eb635.web.app/
• petoolse/petools
  • PE Tools - Portable executable (PE) manipulation toolkit
• 80vul/phpcodz
  • Php Codz Hacking
• phpinternalsbook/PHP-Internals-Book
  • PHP Internals Book
• neverlovelynn/chrome_headless_xss
  • A plugin to check xss by using chrome_headless
• infosecn1nja/AD-Attack-Defense
  • Attack and defend active directory using modern post exploitation adversary tradecraft activity
• laruence/taint
  • Taint is a PHP extension, used for detecting XSS codes
• 0xn0ne/weblogicScanner
  • weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力：CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551、CVE-2020-14750、CVE-2020-14882、CVE-2020-14883
• qiyeboy/kill_webshell_detect
  • 总结了免杀webshell的方法论
• ambionics/phpggc
  • PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.
• Ivan1ee/NET-Deserialize
  • 总结了20+.Net反序列化文章，持续更新
• amix/vimrc
  • The ultimate Vim configuration (vimrc)
• mikesiko/PracticalMalwareAnalysis-Labs
  • Binaries for the book Practical Malware Analysis
• alpha1e0/kiwi
  • kiwi：安全源码审计工具
• belong2yourself/vulnerabilities
  • Issues found along the way
• f1tz/cnseay
  • Seay源代码审计系统
• chenjj/CORScanner
  • 🎯 Fast CORS misconfiguration vulnerabilities scanner
• aptnotes/data
  • APTnotes data
• EdOverflow/bugbountyguide
  • Bug Bounty Guide is a launchpad for bug bounty programs and bug bounty hunters.
• preempt/rdpy
  • Remote Desktop Protocol in Twisted Python
• xbl3/awesome-cve-poc_qazbnm456
• ruppde/rdg_scanner_cve-2020-0609
  • Scanning for Remote Desktop Gateways (Potentially unpatched CVE-2020-0609 and CVE-2020-0610)
• BlackMathIT/Esteemaudit-Metasploit
  • Porting for Metasploit of the infamous Esteemaudit RDP Exploit
• Wh0ale/SRC-experience
  • 工欲善其事，必先利其器
• openssl/openssl
  • TLS/SSL and crypto library
• justjanne/powerline-go
  • A beautiful and useful low-latency prompt for your shell, written in go
• CyC2018/CS-Notes
  • 📚 技术面试必备基础知识、Leetcode、计算机操作系统、计算机网络、系统设计
• timwhitez/crawlergo_x_XRAY
  • 360/0Kee-Team/crawlergo动态爬虫结合长亭XRAY扫描器的被动扫描功能
• swisskyrepo/PayloadsAllTheThings
  • A list of useful payloads and bypass for Web Application Security and Pentest/CTF
• jiangxufeng/v2rayL
  • v2ray linux GUI客户端，支持订阅、vemss、ss等协议，自动更新订阅、检查版本更新
• silverf0x/RpcView
  • RpcView is a free tool to explore and decompile Microsoft RPC interfaces
• Mr-xn/Penetration_Testing_POC
  • 渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
• cbwang505/CVE-2020-0787-EXP-ALL-WINDOWS-VERSION
  • Support ALL Windows Version
• shawarkhanethicalhacker/BruteXSS-1
  • BruteXSS - Cross-Site Scripting Bruteforcer
• lijiejie/GitHack
  • A .git folder disclosure exploit
• sbp/gin
  • Git index file parser, using python3
• Tuhinshubhra/CMSeeK
  • CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and over 180 other CMSs
• google/fuzzing
  • Tutorials, examples, discussions, research proposals, and other resources related to fuzzing
• kbandla/APTnotes
  • Various public documents, whitepapers and articles about APT campaigns
• evilcos/cookiehacker
  • Chrome extension, very easy to use. Cookies from: JavaScript document.cookie/Wireshark Cookies etc.
• evilcos/xssor2
  • XSS'OR - Hack with JavaScript.
• wpscanteam/wpscan
  • WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via contact@wpscan.com
• JeffXue/web-log-parser
  • An open source analysis web log tool
• gevent/gevent
  • Coroutine-based concurrency library for Python
• fofapro/Hosts_scan
  • 这是一个用于IP和域名碰撞匹配访问的小工具，旨意用来匹配出渗透过程中需要绑定hosts才能访问的弱主机或内部系统。
• xmendez/wfuzz
  • Web application fuzzer
• Threezh1/JSFinder
  • JSFinder is a tool for quickly extracting URLs and subdomains from JS files on a website.
• lijiejie/subDomainsBrute
  • A fast sub domain brute tool for pentesters
• ring04h/wydomain
  • to discover subdomains of your target domain
• nameoverflow/hexo-theme-icalm
  • Monochrome theme for hexo
• epsylon/xsser
  • Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.
• k8gege/Ladon
  • Ladon大型内网渗透工具，可PowerShell模块化、可CS插件化、可内存加载，无文件扫描。含端口扫描、服务识别、网络资产探测、密码审计、高危漏洞检测、漏洞利用、密码读取以及一键GetShell，支持批量A段/B段/C段以及跨网段扫描，支持URL、主机、域名列表扫描等。Ladon 12.2内置262个功能,网络资产探测模块32个通过多种协议(ICMP\NBT\DNS\MAC\SMB\WMI\SSH\HTTP\HTTPS\Exchange\mssql\FTP\RDP)以及方法快速获取目标网络存活主机IP、计算机名、工作组、共享资源、网卡地址、操作系统版本、网站、子域名、中间件、开放服务、路由器、交换机、数据库、打印机等信息，高危漏洞检测16个含MS17010、Zimbra、Exchange
• rebeyond/Behinder
  • “冰蝎”动态二进制加密网站管理客户端
• heroanswer/XSS_Cheat_Sheet_2020_Edition
  • xss漏洞模糊测试payload的最佳集合 2020版
• the1812/Bilibili-Evolved
  • 强大的哔哩哔哩增强脚本
• mefistotelis/ida-pro-loadmap
  • Plugin for IDA Pro disassembler which allows loading .map files.
• YajS/NikPEViewer
  • NikPEViewer a PE viewer source code
• mantvydasb/RedTeaming-Tactics-and-Techniques
  • Red Teaming Tactics and Techniques
• EmpireProject/Empire
  • Empire is a PowerShell and Python post-exploitation agent.
• gentilkiwi/mimikatz
  • A little tool to play with Windows security
• PowerShellMafia/PowerSploit
  • PowerSploit - A PowerShell Post-Exploitation Framework
• NickeManarin/ScreenToGif
  • 🎬 ScreenToGif allows you to record a selected area of your screen, edit and save it as a gif or video.
• java-decompiler/jd-gui
  • A standalone Java Decompiler GUI
• chaitin/xray
  • 一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档
• Qianlitp/crawlergo
  • A powerful browser crawler for web vulnerability scanners
• winsiderss/systeminformer
  • A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Brought to you by Winsider Seminars & Solutions, Inc. @ http://www.windows-internals.com
• SecWiki/CMS-Hunter
  • CMS漏洞测试用例集合
• soroushchehresa/awesome-coronavirus
  • 🦠 Huge collection of useful projects and resources for COVID-19 (2019 novel Coronavirus)
• jiji262/wooyun_articles
  • drops.wooyun.org 乌云Drops文章备份
• TheWover/donut
  • Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters
• skyblueee/sqli-labs-php7
  • update sqli-labs sources to adapte to php7(use mysqli_xxx functions to replace mysql_xxx ones)
• wangdoc/bash-tutorial
  • Bash 教程
• chyyuu/os_kernel_lab
  • OS kernel labs based on Rust/C Lang & RISC-V 64/X86-32
• 78778443/xssplatform
  • 一个经典的XSS渗透管理平台
• CTFd/CTFd
  • CTFs as you need them
• Mr-xn/hackbar2.1.3
  • the free firefox extions of hackbar v2.1.3 v2.2.9 v2.3.1,hackbar 插件未收费的免费版本。适用于chrome浏览器的HackBar-v2.2.6.zip,HackBar-v2.3.1.zip
• agalwood/Motrix
  • A full-featured download manager.
• lsr00ter/GitCracken
  • Crack GitKraken
• romkatv/powerlevel10k
  • A Zsh theme
• ToutyRater/toutyrater.github.io
• 0xAX/linux-insides
  • A little bit about a linux kernel
• alphaSeclab/shellcode-resources
  • Resources About Shellcode
• v2ray/v2ray-core
  • A platform for building proxies to bypass network restrictions.
• warengonzaga/wifi-passview
  • An open source batch script based WiFi Passview for Windows!
• llamasoft/polyshell
  • A Bash/Batch/PowerShell polyglot!
• Molunerfinn/PicGo
  • 🚀A simple & beautiful tool for pictures uploading built by vue-cli-electron-builder
• jsdelivr/jsdelivr
  • A free, fast, and reliable Open Source CDN for npm, GitHub, Javascript, and ESM
• acmesh-official/acme.sh
  • A pure Unix shell script implementing ACME client protocol
• wulabing/Xray_onekey
  • Xray 基于 Nginx 的 VLESS + XTLS 一键安装脚本
• google/bbr
• hashcat/hashcat
  • World's fastest and most advanced password recovery utility
• huiyadanli/RevokeMsgPatcher
  • A hex editor for WeChat/QQ/TIM - PC版微信/QQ/TIM防撤回补丁（我已经看到了，撤回也没用了）
• gfwlist/gfwlist
  • The one and only one gfwlist here
• aircrack-ng/aircrack-ng
  • WiFi security auditing tools suite
• kimocoder/wifite2
  • Rewrite of the popular wireless network auditor, "wifite" - original by @derv82
• TheKingOfDuck/fuzzDicts
  • Web Pentesting Fuzz 字典,一个就够了。
• aff3ct/aff3ct
  • A fast simulator and a library dedicated to the channel coding.
• c0ny1/vulstudy
  • 使用docker快速搭建各大漏洞靶场，目前可以一键搭建17个靶场。
• ohmyzsh/ohmyzsh
  • 🙃 A delightful community-driven (with 2,300+ contributors) framework for managing your zsh configuration. Includes 300+ optional plugins (rails, git, macOS, hub, docker, homebrew, node, php, python, etc), 140+ themes to spice up your morning, and an auto-update tool so that makes it easy to keep up with the latest updates from the community.
• c0ny1/upload-labs
  • 一个想帮你总结所有类型的上传漏洞的靶场
• jerryc127/hexo-theme-butterfly
  • 🦋 A Hexo Theme: Butterfly