hazcod/claudleak - Hunt for AI coding artifacts containing secrets.
0x4m4/hexstrike-ai - HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug boun
ghostsecurity/reaper - Live validation proxy tool for testing web app vulnerabilities
The-Art-of-Hacking/h4cker - This repository is maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), AI security, vu
android
patrickfav/uber-apk-signer - A cli tool that helps signing and zip aligning single or multiple Android application packages (APKs) with either debug or provided release certificates. It supports v1, v2 and v3 Android signing sche
ReversecLabs/drozer - The Leading Security Assessment Framework for Android.
AzeemIdrisi/PhoneSploit-Pro - An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.
appwrite/appwrite - Appwrite® - complete cloud infrastructure for your web, mobile and AI apps. Including Auth, Databases, Storage, Functions, Messaging, Hosting, Realtime and more
Solido/awesome-flutter - An awesome list that curates the best Flutter libraries, tools, tutorials, articles and more.
flutter/flutter - Flutter makes it easy and fast to build beautiful apps for mobile and beyond
B3nac/InjuredAndroid - A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.
OWASP/mastg - The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWASP
n1nj4sec/pupy - Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C
rustdesk/rustdesk - An open-source remote desktop application designed for self-hosting, as an alternative to TeamViewer.
0x4m4/hexstrike-ai - HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug boun
bee-san/Ciphey - ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
The-Art-of-Hacking/h4cker - This repository is maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), AI security, vu
royalapplications/toolbox - This repository contains various automation scripts for Royal TS (for Windows) and Royal TSX (for macOS). Also included are dynamic folder samples. This collection consists of scripts by the Royal App
sindresorhus/awesome-nodejs - ⚡️ Delightful Node.js packages and resources [BECAUSE OF TOO MUCH SPAM AND LOW-QUALITY SUBMISSIONS, SUBMISSIONS ARE PAUSED UNTIL SEPTEMBER]
avelino/awesome-go - A curated list of awesome Go frameworks, libraries and software
jaywcjlove/awesome-mac - This project is dedicated to collecting high-quality macOS software and organizing them systematically by different categories for easy search and use.
Solido/awesome-flutter - An awesome list that curates the best Flutter libraries, tools, tutorials, articles and more.
sindresorhus/awesome-nodejs - ⚡️ Delightful Node.js packages and resources [BECAUSE OF TOO MUCH SPAM AND LOW-QUALITY SUBMISSIONS, SUBMISSIONS ARE PAUSED UNTIL SEPTEMBER]
avelino/awesome-go - A curated list of awesome Go frameworks, libraries and software
jaywcjlove/awesome-mac - This project is dedicated to collecting high-quality macOS software and organizing them systematically by different categories for easy search and use.
ripienaar/free-for-dev - A list of SaaS, PaaS and IaaS offerings that have free tiers of interest to devops and infradev
Solido/awesome-flutter - An awesome list that curates the best Flutter libraries, tools, tutorials, articles and more.
enaqx/awesome-pentest - A collection of awesome penetration testing resources, tools and other shiny things
The-Art-of-Hacking/h4cker - This repository is maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), AI security, vu
prowler-cloud/prowler - Prowler is the world’s most widely used open-source cloud security platform that automates security and compliance across any cloud environment.
cloud-custodian/cloud-custodian - Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
aws/aws-cli - Universal Command Line Interface for Amazon Web Services
azure
prowler-cloud/prowler - Prowler is the world’s most widely used open-source cloud security platform that automates security and compliance across any cloud environment.
cloud-custodian/cloud-custodian - Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
MegaManSec/SSH-Snake - SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.
nvm-sh/nvm - Node Version Manager - POSIX-compliant bash script to manage multiple active node.js versions
royalapplications/toolbox - This repository contains various automation scripts for Royal TS (for Windows) and Royal TSX (for macOS). Also included are dynamic folder samples. This collection consists of scripts by the Royal App
patrickfav/uber-apk-signer - A cli tool that helps signing and zip aligning single or multiple Android application packages (APKs) with either debug or provided release certificates. It supports v1, v2 and v3 Android signing sche
projectdiscovery/dnsx - dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers.
pypa/pipx - Install and Run Python Applications in Isolated Environments
yt-dlp/yt-dlp - A feature-rich command-line audio/video downloader
code-quality
realm/SwiftLint - A tool to enforce Swift style and conventions.
code-review
Cyber-Buddy/APKHunt - APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security testers,
cpp
microsoft/vcpkg - C++ Library Manager for Windows, Linux, and MacOS
bee-san/Ciphey - ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
dnSpyEx/dnSpy - Unofficial revival of the well known .NET debugger and assembly editor, dnSpy
Aetsu/OffensivePipeline - OfensivePipeline allows you to download and build C# tools, applying certain modifications in order to improve their evasion for Red Team exercises.
clickswave/voyage - Voyage is a stateful subdomain enumeration tool that combines passive and active techniques, user-specific databases, and fine-grained control built for efficient and reliable subdomain reconnaissance
MegaManSec/SSH-Snake - SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.
MattKeeley/Spoofy - Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
t3l3machus/Villain - Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share them
infobyte/faraday - Open Source Vulnerability Management Platform
AzeemIdrisi/PhoneSploit-Pro - An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.
AlecBlance/S3BucketList - Chrome and Firefox extension that lists Amazon S3 Buckets while browsing
RoseSecurity/Anti-Virus-Evading-Payloads - During the exploitation phase of a pen test or ethical hacking engagement, you will ultimately need to try to cause code to run on target system computers. Here is a simple way to evade anti-virus sof
noraj/rawsec-cybersecurity-inventory - An inventory of tools and resources about CyberSecurity that aims to help people to find everything related to CyberSecurity.
aress31/jwtcat - A CPU-based JSON Web Token (JWT) cracker and - to some extent - scanner.
future-architect/vuls - Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
The-Art-of-Hacking/h4cker - This repository is maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), AI security, vu
CISOfy/lynis - Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
r4ulcl/WiFiChallengeLab-docker - Virtualized Wi-Fi pentesting laboratory without the need for physical Wi-Fi cards, using mac80211_hwsim. Docker version of WiFiChallenge Lab with modifications in the challenges and improved stability
containrrr/watchtower - A process for automating Docker container base image updates.
dani-garcia/vaultwarden - Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs
appwrite/appwrite - Appwrite® - complete cloud infrastructure for your web, mobile and AI apps. Including Auth, Databases, Storage, Functions, Messaging, Hosting, Realtime and more
sickcodes/Docker-OSX - Run macOS VM in a Docker! Run near native OSX-KVM in Docker! X11 Forwarding! CI/CD for OS X Security Research! Docker mac Containers.
hrhv/tor-nginx-proxy - Host your website on the Tor 🧅 network in less than 2 minutes with this tiny docker image 🎊
vmware/vsphere-automation-sdk-python - Python samples, language bindings, and API reference documentation for vSphere, VMC, and NSX-T using the VMware REST API
just-the-docs/just-the-docs - A modern, high customizable, responsive Jekyll theme for documentation with built-in search.
mkdocs/mkdocs - Project documentation with Markdown.
kamranahmedse/pennywise - Cross-platform application to open any website or media in a floating window
express
expressjs/express - Fast, unopinionated, minimalist web framework for node.
firebase
appwrite/appwrite - Appwrite® - complete cloud infrastructure for your web, mobile and AI apps. Including Auth, Databases, Storage, Functions, Messaging, Hosting, Realtime and more
macosui/macos_ui - Flutter widgets and themes implementing the current macOS design language.
appwrite/appwrite - Appwrite® - complete cloud infrastructure for your web, mobile and AI apps. Including Auth, Databases, Storage, Functions, Messaging, Hosting, Realtime and more
Solido/awesome-flutter - An awesome list that curates the best Flutter libraries, tools, tutorials, articles and more.
flutter/flutter - Flutter makes it easy and fast to build beautiful apps for mobile and beyond
B3nac/InjuredAndroid - A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.
rustdesk/rustdesk - An open-source remote desktop application designed for self-hosting, as an alternative to TeamViewer.
framework
vapor/vapor - 💧 A server-side Swift HTTP web framework.
future-architect/vuls - Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
graphql
Teycir/BurpAPISecuritySuite - Burp Suite extension for API security testing with 15 attack types, 108+ payloads, intelligent fuzzing, BOLA/IDOR detection, AI integration, and automated reconnaissance. Supports REST/GraphQL/SOAP AP
doyensec/inql - InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.
swisskyrepo/GraphQLmap - GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. - Do not use for illegal testing ;)
six2dez/reconftw - reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
r4ulcl/WiFiChallengeLab-docker - Virtualized Wi-Fi pentesting laboratory without the need for physical Wi-Fi cards, using mac80211_hwsim. Docker version of WiFiChallenge Lab with modifications in the challenges and improved stability
MegaManSec/SSH-Snake - SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.
summitt/Nope-Proxy - TCP/UDP Non-HTTP Proxy Extension (NoPE) for Burp Suite.
t3l3machus/Villain - Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share them
infosecn1nja/Red-Teaming-Toolkit - This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
AzeemIdrisi/PhoneSploit-Pro - An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.
LasCC/HackTools - The all-in-one browser extension for offensive security professionals 🛠
OWASP/mastg - The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWASP
codingo/NoSQLMap - Automated NoSQL database enumeration and web application exploitation tool.
RoseSecurity/Anti-Virus-Evading-Payloads - During the exploitation phase of a pen test or ethical hacking engagement, you will ultimately need to try to cause code to run on target system computers. Here is a simple way to evade anti-virus sof
chenjj/espoofer - An email spoofing testing tool that aims to bypass SPF/DKIM/DMARC and forge DKIM signatures.🍻
BiZken/PhishMailer - Generate Professional Phishing Emails Fast And Easy
yogeshojha/rengine - reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous mon
j3ssie/osmedeus - A Modern Orchestration Engine for Security
HackTricks-wiki/hacktricks - Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
SpiderLabs/HostHunter - HostHunter a recon tool for discovering hostnames using OSINT techniques.
bee-san/Ciphey - ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
juice-shop/juice-shop - OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
The-Art-of-Hacking/h4cker - This repository is maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), AI security, vu
pglombardo/PasswordPusher - 🔐 Securely share sensitive information with automatic expiration & deletion after a set number of views or duration. Track who, what and when with full audit logs.
prowler-cloud/prowler - Prowler is the world’s most widely used open-source cloud security platform that automates security and compliance across any cloud environment.
containrrr/watchtower - A process for automating Docker container base image updates.
AzeemIdrisi/PhoneSploit-Pro - An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.
projectdiscovery/dnsx - dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers.
shellhub-io/shellhub - Get seamless remote access to any Linux device. Centralized SSH for the edge and cloud computing
pypa/pipx - Install and Run Python Applications in Isolated Environments
swisskyrepo/GraphQLmap - GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. - Do not use for illegal testing ;)
projectdiscovery/notify - Notify is a Go-based assistance package that enables you to stream the output of several tools (or read from a file) and publish it to a variety of supported platforms.
realm/SwiftLint - A tool to enforce Swift style and conventions.
badges/shields - Concise, consistent, and legible badges in SVG and raster format
akto-api-security/tests-library - Community generated list of API security tests to find OWASP top10, HackerOne top 10 vulnerabilities
akto-api-security/akto - Proactive, Open source API security → API discovery, API Security Posture, Testing in CI/CD, Test Library with 1000+ Tests, Add custom tests, Sensitive data exposure
avelino/awesome-go - A curated list of awesome Go frameworks, libraries and software
codingo/NoSQLMap - Automated NoSQL database enumeration and web application exploitation tool.
hahwul/dalfox - 🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
epi052/feroxbuster - A fast, simple, recursive content discovery tool written in Rust.
projectdiscovery/nuclei - Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the int
noraj/rawsec-cybersecurity-inventory - An inventory of tools and resources about CyberSecurity that aims to help people to find everything related to CyberSecurity.
rofl0r/proxychains-ng - proxychains ng (new generation) - a preloader which hooks calls to sockets in dynamically linked programs and redirects it through one or more socks/http proxies. continuation of the unmaintained prox
vapor/vapor - 💧 A server-side Swift HTTP web framework.
thingsboard/thingsboard - Open-source IoT Platform - Device management, data collection, processing and visualization.
vsouza/awesome-ios - A curated list of awesome iOS ecosystem, including Objective-C and Swift Projects
appwrite/appwrite - Appwrite® - complete cloud infrastructure for your web, mobile and AI apps. Including Auth, Databases, Storage, Functions, Messaging, Hosting, Realtime and more
Solido/awesome-flutter - An awesome list that curates the best Flutter libraries, tools, tutorials, articles and more.
flutter/flutter - Flutter makes it easy and fast to build beautiful apps for mobile and beyond
noobpk/frida-ios-hook - A tool that helps you easy trace classes, functions, and modify the return values of methods on iOS platform
airsquared/blobsaver - A cross-platform GUI and CLI app for automatically saving SHSH blobs
nabla-c0d3/ssl-kill-switch2 - Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS and macOS applications.
OWASP/mastg - The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWASP
ChiChou/grapefruit - Open-source mobile security testing suite for iOS and Android. Previously Passionfruit
sindresorhus/awesome-nodejs - ⚡️ Delightful Node.js packages and resources [BECAUSE OF TOO MUCH SPAM AND LOW-QUALITY SUBMISSIONS, SUBMISSIONS ARE PAUSED UNTIL SEPTEMBER]
t3l3machus/toxssin - An XSS exploitation command-line interface and payload generator.
q-nick/npm-gui - Tired of the package.json dependency juggle? Meet npm-gui! We seamlessly integrate with npm, pnpm, or yarn. Managing, installing, and updating dependencies is as easy as it gets. Try npm-gui today and
appwrite/appwrite - Appwrite® - complete cloud infrastructure for your web, mobile and AI apps. Including Auth, Databases, Storage, Functions, Messaging, Hosting, Realtime and more
expressjs/express - Fast, unopinionated, minimalist web framework for node.
dsternlicht/RESTool - RESTool is an open source UI tool for managing RESTful APIs. It could save you time developing your own internal tools. A live example:
B3nac/InjuredAndroid - A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.
kubernetes
cloud-custodian/cloud-custodian - Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
openappsec/openappsec - open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
shellhub-io/shellhub - Get seamless remote access to any Linux device. Centralized SSH for the edge and cloud computing
royalapplications/toolbox - This repository contains various automation scripts for Royal TS (for Windows) and Royal TSX (for macOS). Also included are dynamic folder samples. This collection consists of scripts by the Royal App
n1nj4sec/pupy - Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C
rustdesk/rustdesk - An open-source remote desktop application designed for self-hosting, as an alternative to TeamViewer.
mzfr/gtfo - Search gtfobins and lolbas files from your terminal
v1s1t0r1sh3r3/airgeddon - This is a multi-use bash script for Linux systems to audit wireless networks.
CISOfy/lynis - Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
future-architect/vuls - Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
GTFOBins/GTFOBins.github.io - GTFOBins is a curated list of Unix-like executables that can be used to bypass local security restrictions in misconfigured systems.
0x4m4/hexstrike-ai - HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug boun
scipag/vulscan - Advanced vulnerability scanning with Nmap NSE
machine-learning
SoftDesLab/PIRANHA - Project for Software Design Laboratory – Topic: Detecting Phishing Website with Machine Learning
macos
RLabs-Inc/wifikit - WiFi pentesting toolkit for MacOS and Linux*. Pure Rust, single binary, real-time interactive CLI.
marksowell/hammerspoon-menu-bar - Lightweight Hammerspoon scripts that add real-time system indicators to the macOS menu bar. Includes battery and CPU alerts with ultra-low overhead.
royalapplications/toolbox - This repository contains various automation scripts for Royal TS (for Windows) and Royal TSX (for macOS). Also included are dynamic folder samples. This collection consists of scripts by the Royal App
macosui/macos_ui - Flutter widgets and themes implementing the current macOS design language.
jaywcjlove/awesome-mac - This project is dedicated to collecting high-quality macOS software and organizing them systematically by different categories for easy search and use.
flutter/flutter - Flutter makes it easy and fast to build beautiful apps for mobile and beyond
nabla-c0d3/ssl-kill-switch2 - Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS and macOS applications.
sickcodes/Docker-OSX - Run macOS VM in a Docker! Run near native OSX-KVM in Docker! X11 Forwarding! CI/CD for OS X Security Research! Docker mac Containers.
Security-Onion-Solutions/securityonion - Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, detections, a
mysql
NetSPI/SQLInjectionWiki - A wiki focusing on aggregating and documenting various SQL injection methods
nextjs
magicuidesign/magicui - UI Library for Design Engineers. Animated components and effects you can copy and paste into your apps. Free. Open Source.
pagescms/pagescms - The simplest CMS you’ll ever need. Manage content and media right in your GitHub repository.
NextAdminHQ/nextjs-admin-dashboard - Next.js admin dashboard template and UI components that come with pre-built elements, components, pages, high-quality design, integrations, and much more.
appwrite/appwrite - Appwrite® - complete cloud infrastructure for your web, mobile and AI apps. Including Auth, Databases, Storage, Functions, Messaging, Hosting, Realtime and more
nodejs
nvm-sh/nvm - Node Version Manager - POSIX-compliant bash script to manage multiple active node.js versions
sindresorhus/awesome-nodejs - ⚡️ Delightful Node.js packages and resources [BECAUSE OF TOO MUCH SPAM AND LOW-QUALITY SUBMISSIONS, SUBMISSIONS ARE PAUSED UNTIL SEPTEMBER]
q-nick/npm-gui - Tired of the package.json dependency juggle? Meet npm-gui! We seamlessly integrate with npm, pnpm, or yarn. Managing, installing, and updating dependencies is as easy as it gets. Try npm-gui today and
expressjs/express - Fast, unopinionated, minimalist web framework for node.
q-nick/npm-gui - Tired of the package.json dependency juggle? Meet npm-gui! We seamlessly integrate with npm, pnpm, or yarn. Managing, installing, and updating dependencies is as easy as it gets. Try npm-gui today and
t3l3machus/Villain - Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share them
six2dez/reconftw - reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
clickswave/voyage - Voyage is a stateful subdomain enumeration tool that combines passive and active techniques, user-specific databases, and fine-grained control built for efficient and reliable subdomain reconnaissance
initstring/cloud_enum - Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.
byt3bl33d3r/WitnessMe - Web Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to make life easier.
yogeshojha/rengine - reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous mon
j3ssie/osmedeus - A Modern Orchestration Engine for Security
s0md3v/Photon - Incredibly fast crawler designed for OSINT.
others
jonnysmillie/astro-theme-switcher - A production-ready, token-based themeable design system for Astro. Build beautiful websites with runtime theme switching, semantic design tokens, and a comprehensive component library.
github/copilot-sdk - Multi-platform SDK for integrating GitHub Copilot Agent into apps and services
matank001/Moxy - Moxy is an open-source DAST tool designed for modern web application security testing. It provides an easy-to-use interface with agentic capabilities to assist and automate pentesting workflows.
zoom/task-manager-sample - A showcase of the Zoom Developer Ecosystem and our Unified Build Flow
xnl-h4ck3r/xnldorker - Gather results of dorks across a number of search engines
AggressiveUser/AllForOne - AllForOne allows bug bounty hunters and security researchers to collect all Nuclei YAML templates from various public repositories,
S3N4T0R-0X0/Malicious-PixelCode - Malicious PixelCode is a security research project that demonstrates a covert technique for encoding executable files into pixel data and storing them inside images or videos. A lightweight loader ret
S3N4T0R-0X0/BEAR - Bear C2 is a compilation of C2 scripts, payloads, and stagers used in simulated attacks by Russian APT groups, Bear features a variety of encryption methods, including AES, XOR, DES, TLS, RC4, RSA and
ricardojoserf/SAMDump - Extract the SAM and SYSTEM hives using the Volume Shadow Copy (VSS) API. With exfiltration and XOR obfuscation options. Implemented in C#, C++, Crystal and Python
opengrep/opengrep - 🔎 Static code analysis engine to find security issues in code.
marksowell/whoami-geo - A tiny, modern web app (Docker-ready) that shows your source IPv4, IPv6, geolocation, ASN/ISP, reverse DNS, forwarded headers, and more. Clean dark UI, single binary container.
marksowell/pan-keepalive - PAN Keepalive is a Python script designed to keep a Palo Alto Networks GlobalProtect VPN connection alive by periodically reconnecting every 30 minutes. This can be useful in environments where the VP
cons0le7/iSH-tools - Ethical hacking toolkit for iOS devices using iSH Shell.
Flangvik/SharpCollection - Nightly builds of common C# offensive tools, fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.
MGamalCYSEC/ExploitFix-Windows - A repository of refined and tested exploits for Windows vulnerabilities. Includes detailed walkthroughs for exploitation, post-exploitation techniques, and mitigation strategies. Stay updated with the
tylerdotrar/RGBwiki - Aggregate of my offensive (Red), DevOps (Green), and defensive (Blue) knowledge in the form of an Obsidian Vault hosted by an mkdocs-material Github Pages site.
tylerdotrar/SigmaPotato - SeImpersonate privilege escalation tool for Windows 8 - 11 and Windows Server 2012 - 2022 with extensive PowerShell and .NET reflection support.
dagowda/DSViper - This is for Ethical Use only. The default automated binaries created are all burned. I have added the script to the repo to modify certain signatures and it will still work.
CheckPointSW/Evasions - Evasions encyclopedia gathers methods used by malware to evade detection when run in virtualized environment. Methods are grouped into categories for ease of searching and understanding. Also provided
marksowell/marksowell.github.io - Mark Sowell - Lead Penetration Tester at Check Point Software - OSCP+, CEH Master, CCSM Elite, & Cybersecurity Expert
marksowell/nmap-tailwind-xsl - An XSL stylesheet for rendering Nmap XML output with a modernized UI using Tailwind CSS and DataTables
marksowell/Kali-Linux-to-DigitalOcean - A GitHub Action to convert the Kali Linux Generic Cloud Image and upload it to Custom Images in DigitalOcean.
marksowell/LocalSOCKS5Proxy - LocalSOCKS5Proxy is a minimal, Python-based SOCKS5 proxy server designed for use cases where you need to route traffic through a remote machine or resource. It can be used in conjunction with tools su
marksowell/esp32-web-lora-demo-ota-multi-device - ESP32 Web + LoRa Demo with OTA & Multi-Device Support. This project demonstrates a web interface for ESP32 devices with LoRa communication, Over-the-Air (OTA) updates, and multi-device messaging capab
microsoft/restler-fuzzer - RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services.
marksowell/massdns - A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)
aboul3la/Sublist3r - Fast subdomains enumeration tool for penetration testers
haad/proxychains - proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4, SOCKS5 or HTTP(S) proxy. Supported auth-types: “user/pass” for
ly4k/Certipy - Tool for Active Directory Certificate Services enumeration and abuse
PortSwigger/BChecks - BChecks collection for Burp Suite Professional and Burp Suite DAST
RedTeamOperations/RedCloud-OS - RedCloudOS is a Cloud Adversary Simulation Operating System for Red Teams to assess the Cloud Security of Leading Cloud Service Providers (CSPs)
blechschmidt/massdns - A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)
qishibo/AnotherRedisDesktopManager - 🚀🚀🚀A faster, better and more stable Redis desktop manager [GUI client], compatible with Linux, Windows, Mac.
marksowell/burp-collaborator-deploy - Deploy a Private Burp Collaborator server with a wildcard Let’s Encrypt SSL certificate including automatic renewal for advanced penetration testing. Includes scripts and guides for a seamless cloud d
IvanGlinkin/Fast-Google-Dorks-Scan - The OSINT project, the main idea of which is to collect all the possible Google dorks search combinations and to find the information about the specific web-site: common admin panels, the widespread f
darklotuskdb/ios-reloader - The iOS Reloader is a weaponizing tool for jailbroken iOS devices. It facilitates the installation of a collection of tools on iOS devices (iPhone/iPad) that are essential for penetration testing purp
Syslifters/sysreptor - A customizable and powerful penetration testing reporting platform for offensive security professionals. Simplify, customize, and automate your pentest reports with ease.
Checkmarx/capital - A built-to-be-vulnerable API application based on the OWASP top 10 API vulnerabilities. Use c{api}tal to learn, train and exploit API Security vulnerabilities within your own API Security CTF.
microsoft/AttackSurfaceAnalyzer - Attack Surface Analyzer can help you analyze your operating system’s security configuration for changes during software installation.
ustayready/fireprox - AWS API Gateway management tool for creating on the fly HTTP pass-through proxies for unique IP rotation
TheCase/IPMIView.app - MacOS App wrapper for Supermicro’s IPMIView/iKVM java app
CheckPointSW/ShowPolicyPackage - Check Point ShowPolicyPackage tool shows the content of a policy package (layers, rulebase, objects) over HTML pages.
CheckPointSW/ExportObjects - Check Point ExportObjects tool enables you to export specific types of objects from a R80.10 and above Management database to a .csv file, which can then be imported into any other R80.10 and above Ma
lgandx/Responder - Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication
futurerestore/futurerestore - A hacked up idevicerestore wrapper, which allows specifying SEP and Baseband for restoring
MobSF/Mobile-Security-Framework-MobSF - Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and
dafthack/DomainPasswordSpray - DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain. BE VERY CAREFU
RobinMeis/MITMsmtp - MITMsmtp is an Evil SMTP Server for pentesting SMTP clients to catch login credentials and mails sent over plain or SSL encrypted connections.
punk-security/dnsReaper - dnsReaper - subdomain takeover tool for attackers, bug bounty hunters and the blue team!
zoom/zoomapps-advancedsample-react - This repository contains an Advanced Zoom Apps Sample. It should serve as a starting point for you to build and test your own Zoom App in development.
clr2of8/GatherContacts - A Burp Suite Extension to pull Employee Names from Google and Bing LinkedIn Search Results
threatexpress/domainhunter - Checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names
NVISOsecurity/pyCobaltHound - pyCobaltHound is an Aggressor script extension for Cobalt Strike which aims to provide a deep integration between Cobalt Strike and Bloodhound.
htr-tech/zphisher - An automated phishing tool with 30+ templates. This Tool is made for educational purpose only ! Author will not be responsible for any misuse of this toolkit !
highmeh/lure - Lure - User Recon Automation for GoPhish
kgretzky/evilginx2 - Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
kylon/Sharedown - Electron application to download Sharepoint videos (especially meant for students)
HiwinCN/HTran - HTran is a connection bouncer, a kind of proxy server. A “listener” program is hacked stealthily onto an unsuspecting host anywhere on the Internet. When it receives signals from the actual target sys
RedSiege/EyeWitness - EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.
nccgroup/scrying - A tool for collecting RDP, web and VNC screenshots all in one place
curi0usJack/luckystrike - A PowerShell based utility for the creation of malicious Office macro documents.
sevagas/macro_pack - macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments. T
3gstudent/Worse-PDF - Turn a normal PDF file into malicious.Use to steal Net-NTLM Hashes from windows machines.
tihanyin/PSSW100AVB - A list of useful Powershell scripts with 100% AV bypass (At the time of publication).
CheckPointSW/InviZzzible - InviZzzible is a tool for assessment of your virtual environments in an easy and reliable way. It contains the most recent and up to date detection and evasion techniques as well as fixes for them.
t3hbb/NSGenCS - Extendable payload obfuscation and delivery framework
dafthack/MailSniper - MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It can b
mitre-attack/attack-arsenal - A collection of red team and adversary emulation resources developed and released by MITRE.
splunk/attack_range - A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk
411Hall/JAWS - JAWS - Just Another Windows (Enum) Script
0xInfection/XSRFProbe - The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.
epinna/tplmap - Server-Side Template Injection and Code Injection Detection and Exploitation Tool
lgandx/PCredz - This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface.
hausec/ADAPE-Script - Active Directory Assessment and Privilege Escalation Script
PowerShellEmpire/PowerTools - PowerTools is a collection of PowerShell projects with a focus on offensive operations.
robertdavidgraham/masscan - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
LOLBAS-Project/LOLBAS - Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
danielmiessler/SecLists - SecLists is the security tester’s companion. It’s a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensi
aysebilgegunduz/Windows-Exploit-Suggester - This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploit
strozfriedberg/Windows-Exploit-Suggester - This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploit
theGuildHall/pwnbox - Instructions on how to create your very own Pwnbox, originally created by HTB
tomnomnom/waybackurls - Fetch all the URLs that the Wayback Machine knows about for a domain
CiscoCXSecurity/enum4linux - enum4Linux is a Linux alternative to enum.exe for enumerating data from Windows and Samba hosts
malwaredllc/byob - An open-source post-exploitation framework for students, researchers and developers.
google/tsunami-security-scanner - Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.
microsoft/vcpkg - C++ Library Manager for Windows, Linux, and MacOS
q-nick/npm-gui - Tired of the package.json dependency juggle? Meet npm-gui! We seamlessly integrate with npm, pnpm, or yarn. Managing, installing, and updating dependencies is as easy as it gets. Try npm-gui today and
royalapplications/toolbox - This repository contains various automation scripts for Royal TS (for Windows) and Royal TSX (for macOS). Also included are dynamic folder samples. This collection consists of scripts by the Royal App
marksowell/nosleep - No Sleep is a simple PowerShell script that prevents a Windows virtual machine (or physical machine) from entering sleep mode. It’s useful for ensuring continuous uptime during long-running tasks, tes
royalapplications/toolbox - This repository contains various automation scripts for Royal TS (for Windows) and Royal TSX (for macOS). Also included are dynamic folder samples. This collection consists of scripts by the Royal App
mar10/wsgidav - A generic and extendable WebDAV server based on WSGI
prowler-cloud/prowler - Prowler is the world’s most widely used open-source cloud security platform that automates security and compliance across any cloud environment.
MattKeeley/Spoofy - Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
AzeemIdrisi/PhoneSploit-Pro - An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.
jonaslejon/malicious-pdf - 💀 Generate malicious PDF test files for testing phone-home callbacks, SSRF, XSS, NTLM credential theft, and data exfiltration in PDF viewers, converters, and web applications. Can be used with Burp Co
pypa/pipx - Install and Run Python Applications in Isolated Environments
royalapplications/toolbox - This repository contains various automation scripts for Royal TS (for Windows) and Royal TSX (for macOS). Also included are dynamic folder samples. This collection consists of scripts by the Royal App
vinta/awesome-python - An opinionated list of Python frameworks, libraries, tools, and resources
commixproject/commix - Automated All-in-One OS Command Injection Exploitation Tool
t3l3machus/toxssin - An XSS exploitation command-line interface and payload generator.
vmware/vsphere-automation-sdk-python - Python samples, language bindings, and API reference documentation for vSphere, VMC, and NSX-T using the VMware REST API
n1nj4sec/pupy - Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C
MattKeeley/Spoofy - Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
vmware/vsphere-automation-sdk-python - Python samples, language bindings, and API reference documentation for vSphere, VMC, and NSX-T using the VMware REST API
byt3bl33d3r/WitnessMe - Web Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to make life easier.
SoftDesLab/PIRANHA - Project for Software Design Laboratory – Topic: Detecting Phishing Website with Machine Learning
q-nick/npm-gui - Tired of the package.json dependency juggle? Meet npm-gui! We seamlessly integrate with npm, pnpm, or yarn. Managing, installing, and updating dependencies is as easy as it gets. Try npm-gui today and
styled-components/styled-components - Fast, expressive styling for React. Server components, client components, streaming SSR, React Native—one API.
appwrite/appwrite - Appwrite® - complete cloud infrastructure for your web, mobile and AI apps. Including Auth, Databases, Storage, Functions, Messaging, Hosting, Realtime and more
appwrite/appwrite - Appwrite® - complete cloud infrastructure for your web, mobile and AI apps. Including Auth, Databases, Storage, Functions, Messaging, Hosting, Realtime and more
reactjs
dsternlicht/RESTool - RESTool is an open source UI tool for managing RESTful APIs. It could save you time developing your own internal tools. A live example:
dsternlicht/RESTool - RESTool is an open source UI tool for managing RESTful APIs. It could save you time developing your own internal tools. A live example:
ruby
pglombardo/PasswordPusher - 🔐 Securely share sensitive information with automatic expiration & deletion after a set number of views or duration. Track who, what and when with full audit logs.
six2dez/reconftw - reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
RedTeamPentesting/pretender - Your MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS, LLMNR and NetBIOS-NS spoofing.
pglombardo/PasswordPusher - 🔐 Securely share sensitive information with automatic expiration & deletion after a set number of views or duration. Track who, what and when with full audit logs.
prowler-cloud/prowler - Prowler is the world’s most widely used open-source cloud security platform that automates security and compliance across any cloud environment.
Security-Onion-Solutions/securityonion - Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, detections, a
GitGuardian/ggshield - Detect and validate 500+ types of hardcoded secrets with advanced checks. Use it as a pre-commit hook, GitHub Action, or CLI for proactive secret detection and security.
praetorian-inc/noseyparker - Nosey Parker is a command-line tool that finds secrets and sensitive information in textual data and Git history.
netwrix/pingcastle - PingCastle - Get Active Directory Security at 80% in 20% of the time
ReversecLabs/drozer - The Leading Security Assessment Framework for Android.
MegaManSec/SSH-Snake - SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.
HolyBugx/HolyTips - A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.
akto-api-security/tests-library - Community generated list of API security tests to find OWASP top10, HackerOne top 10 vulnerabilities
akto-api-security/akto - Proactive, Open source API security → API discovery, API Security Posture, Testing in CI/CD, Test Library with 1000+ Tests, Add custom tests, Sensitive data exposure
Cyber-Buddy/APKHunt - APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security testers,
dependency-check/DependencyCheck - OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
radareorg/radare2 - UNIX-like reverse engineering framework and command-line toolset
nabla-c0d3/ssl-kill-switch2 - Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS and macOS applications.
dradis/dradis-ce - Dradis Framework: Collaboration and reporting for IT Security teams
byt3bl33d3r/WitnessMe - Web Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to make life easier.
projectdiscovery/nuclei - Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the int
chenjj/espoofer - An email spoofing testing tool that aims to bypass SPF/DKIM/DMARC and forge DKIM signatures.🍻
CanIPhish/Phishious - An open-source Secure Email Gateway (SEG) evaluation toolkit designed for red-teamers.
noraj/rawsec-cybersecurity-inventory - An inventory of tools and resources about CyberSecurity that aims to help people to find everything related to CyberSecurity.
cisagov/log4j-scanner - log4j-scanner is a project derived from other members of the open-source community by CISA to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities.
google/oss-fuzz - OSS-Fuzz - continuous fuzzing for open source software.
OWASP/CheatSheetSeries - The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
cddmp/enum4linux-ng - A next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for security professionals and CTF players.
EnableSecurity/sipvicious - SIPVicious OSS is a VoIP security testing toolset. It helps security teams, QA and developers test SIP-based VoIP systems and applications. This toolset is useful in simulating VoIP hacking attacks ag
wpscanteam/wpscan - WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via contact@wpscan.com
cloud-custodian/cloud-custodian - Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
appwrite/appwrite - Appwrite® - complete cloud infrastructure for your web, mobile and AI apps. Including Auth, Databases, Storage, Functions, Messaging, Hosting, Realtime and more
MegaManSec/SSH-Snake - SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.
CISOfy/lynis - Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
vapor/vapor - 💧 A server-side Swift HTTP web framework.
realm/SwiftLint - A tool to enforce Swift style and conventions.
appwrite/appwrite - Appwrite® - complete cloud infrastructure for your web, mobile and AI apps. Including Auth, Databases, Storage, Functions, Messaging, Hosting, Realtime and more
telegram
projectdiscovery/notify - Notify is a Go-based assistance package that enables you to stream the output of several tools (or read from a file) and publish it to a variety of supported platforms.
terminal
marksowell/kautolog - Automatic terminal session logging for Bash and Zsh. Captures every command, prompt, and output in real time, with per-session files, replay support, and optional cloud sync. Ideal for security exams,
cloud-custodian/cloud-custodian - Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
NextAdminHQ/nextjs-admin-dashboard - Next.js admin dashboard template and UI components that come with pre-built elements, components, pages, high-quality design, integrations, and much more.
HolyBugx/HolyTips - A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.
appwrite/appwrite - Appwrite® - complete cloud infrastructure for your web, mobile and AI apps. Including Auth, Databases, Storage, Functions, Messaging, Hosting, Realtime and more
flutter/flutter - Flutter makes it easy and fast to build beautiful apps for mobile and beyond
GoogleChrome/lighthouse - Automated auditing, performance metrics, and best practices for the web.
epi052/feroxbuster - A fast, simple, recursive content discovery tool written in Rust.
OJ/gobuster - Directory/File, DNS and VHost busting tool written in Go
webapp
HolyBugx/HolyTips - A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.
windows
marksowell/nosleep - No Sleep is a simple PowerShell script that prevents a Windows virtual machine (or physical machine) from entering sleep mode. It’s useful for ensuring continuous uptime during long-running tasks, tes
microsoft/vcpkg - C++ Library Manager for Windows, Linux, and MacOS
royalapplications/toolbox - This repository contains various automation scripts for Royal TS (for Windows) and Royal TSX (for macOS). Also included are dynamic folder samples. This collection consists of scripts by the Royal App
flutter/flutter - Flutter makes it easy and fast to build beautiful apps for mobile and beyond
bitsadmin/wesng - Windows Exploit Suggester - Next Generation
n1nj4sec/pupy - Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C
itm4n/PrivescCheck - Privilege Escalation Enumeration Script for Windows
mzfr/gtfo - Search gtfobins and lolbas files from your terminal
ohpe/juicy-potato - A sugared version of RottenPotatoNG, with a bit of juice, i.e. another Local Privilege Escalation tool, from a Windows Service Accounts to NT AUTHORITY\SYSTEM.
Aetsu/OffensivePipeline - OfensivePipeline allows you to download and build C# tools, applying certain modifications in order to improve their evasion for Red Team exercises.
wpscanteam/wpscan - WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via contact@wpscan.com
License
To the extent possible under law, marksowell has waived all copyright and related or neighboring rights to this work.
Awesome Stars
Contents
ai
android
angular
api
artificial-intelligence
aspnet
automation
awesome
awesome-list
aws
azure
bash
bootstrap
c
chrome
chrome-extension
cli
code-quality
code-review
cpp
csharp
css
cybersecurity
dart
database
devops
docker
documentation
dotnet
electron
express
firebase
firefox
flutter
framework
git
github
go
golang
graphql
hacking
hacktoberfest
homebridge
html
http
ios
java
javascript
jekyll
json
kotlin
kubernetes
latex
library
linux
llm
lua
machine-learning
macos
markdown
material-design
mobile
mongodb
monitoring
mysql
nextjs
nodejs
nosql
npm
objective-c
open-source
osint
others
aarch64-w64-mingw32target.p2p
package-manager
perl
php
powershell
pwa
python
python3
raspberry-pi
react
react-native
reactjs
rest-api
ruby
rust
security
server
serverless
shell
sql
swift
telegram
terminal
terraform
testing
typescript
unity
vagrant
vue
web
webapp
windows
wordpress
License
To the extent possible under law, marksowell has waived all copyright and related or neighboring rights to this work.