SNIPPET
anquanscanSec Tools
77 Stars
GitHubCSSAny theme
# sec-tools
安全工具汇总
[engine](https://github.com/droidefense/engine): Droidefense: Advance Android Malware Analysis Framework
[react-cool-starter](https://github.com/wellyshen/react-cool-starter): 😎 🐣 A starter boilerplate for a universal web app with the best development experience and a focus on performance and best practices.
[howtheysre](https://github.com/upgundecha/howtheysre): A curated collection of publicly available resources on how technology and tech-savvy organizations around the world practice Site Reliability Engineering (SRE)
[1earn](https://github.com/ffffffff0x/1earn): ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
[pocassist](https://github.com/jweny/pocassist): 全新的漏洞测试框架,支持poc在线编辑、运行、批量测试。使用文档:
[how-to-secure-anything](https://github.com/veeral-patel/how-to-secure-anything): How to systematically secure anything: a repository about security engineering
[wireguard-manager](https://github.com/complexorganizations/wireguard-manager): ✔️ wireguard-manager enables you to create and manage your own vpn under a minute.
[my-arsenal-of-aws-security-tools](https://github.com/toniblyx/my-arsenal-of-aws-security-tools): List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
[occlude](https://github.com/muggenhor/occlude): C++ TLS 1.3 library
[easy-wg-quick](https://github.com/burghardt/easy-wg-quick): Creates Wireguard configuration for hub and peers with ease
[cap-std](https://github.com/bytecodealliance/cap-std): Capability-oriented version of the Rust standard library
[hardentools](https://github.com/securitywithoutborders/hardentools): Hardentools simply reduces the attack surface on Microsoft Windows computers by disabling low-hanging fruit risky features.
[DVWA](https://github.com/digininja/DVWA): Damn Vulnerable Web Application (DVWA)
[user.js](https://github.com/pyllyukko/user.js): user.js -- Firefox configuration hardening
[Crypto-NFT-Drainer](https://github.com/0xTracey/Crypto-NFT-Drainer): 🌊 ALL ETH + ERC20 TOKENS + ALL NFTS DRAINER
[jsh.php](https://github.com/jcubic/jsh.php): Terminal like php shell (PHP web terminal emulator)
[JoomlaCVE20168869](https://github.com/rustyJ4ck/JoomlaCVE20168869): Exploit for Joomla 3.4.4 - 3.6.4 (CVE-2016-8869 and CVE-2016-8870)
[pwn-writeups](https://github.com/smallkirby/pwn-writeups): CTF pwn problem writeup
[nacs](https://github.com/u21h2/nacs): 事件驱动的渗透测试扫描器 Event-driven pentest scanner
[FUDforum-XSS-RCE](https://github.com/fuzzlove/FUDforum-XSS-RCE): FUDForum 3.0.9 - XSS / Remote Code Execution (CVE-2019-18873, CVE-2019-18839)
[photovision_tv_function_unlocker](https://github.com/173210/photovision_tv_function_unlocker): Photovision TV 202HW 機能制限解除ツールです。
[traitor](https://github.com/liamg/traitor): :arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock
[bugradar](https://github.com/samet-g/bugradar): Advanced external automation on bug bounty programs by running the best set of tools to perform scanning and finding out vulnerabilities.
[netelf](https://github.com/XiphosResearch/netelf): Run executables from memory, over the network, on Windows, Linux, OpenVMS... routers... spaceships... toasters etc.
[karton-config-extractor](https://github.com/CERT-Polska/karton-config-extractor): Static configuration extractor for the Karton framework
[laravel-littlegatekeeper](https://github.com/spatie/laravel-littlegatekeeper): Protect pages from access with a universal username/password
[expcamera](https://github.com/vanpersiexp/expcamera): Exploit Netwave and GoAhead IP Camera
[aiodnsbrute](https://github.com/blark/aiodnsbrute): Python 3.5+ DNS asynchronous brute force utility
[BruteSploit](https://github.com/screetsec/BruteSploit): BruteSploit is a collection of method for automated Generate, Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation,combine,transform and permutation some words or file text :p
[docker-workspaces](https://github.com/Bartmr/docker-workspaces): Protecting my data and client's data, by running day-to-day apps inside Docker containers
[OWASP-Web-Checklist](https://github.com/0xRadi/OWASP-Web-Checklist): OWASP Web Application Security Testing Checklist
[osv.net](https://github.com/JamieMagee/osv.net): A .NET library for Open Source Vulnerabilities (OSV) schema and API client.
[CVE-2021-3560](https://github.com/GatoGamer1155/CVE-2021-3560): Script en python sobre la vulnerabilidad CVE-2021-3560
[sylkie](https://github.com/dlrobertson/sylkie): IPv6 address spoofing with the Neighbor Discovery Protocol
[ReadWriteDriver](https://github.com/ryan-weil/ReadWriteDriver): A kernel driver for reading and writing memory
[TwoFactorAuth](https://github.com/RobThree/TwoFactorAuth): PHP library for Two Factor Authentication (TFA / 2FA)
[Network_Security_Spring_2018](https://github.com/Alfons0329/Network_Security_Spring_2018): Network Security Spring 2018 Lectured by S.P. Shieh @CS NCTU Taiwan
[uptux](https://github.com/initstring/uptux): Linux privilege escalation checks (systemd, dbus, socket fun, etc)
[edoardottt](https://github.com/edoardottt/edoardottt): Hey! I'm edoardottt! 🏴☠️👹
[vulncontrol](https://github.com/Amet13/vulncontrol): Python script for monitoring www.cvedetails.com vulnerabilities database
[dotdotpwn](https://github.com/wireghoul/dotdotpwn): DotDotPwn - The Directory Traversal Fuzzer
[CVE-2021-40101](https://github.com/S1lkys/CVE-2021-40101): Survey XSS combined with CSRF leads to Admin Account Takeover in Concrete5 8.5.4
[termlock](https://github.com/ElfQrin/termlock): TermLock is a shell script to lock your terminal. It traps signals and interrupts to block Ctrl+C , Ctrl+\ , Ctrl+Z , Ctrl+D, uses a hashed password and can log failed attempts. You may alias it as termlock or lock .
[nagiosxi_rce-to-root](https://github.com/ruthvikvegunta/nagiosxi_rce-to-root): Nagios XI 5.5.6 Remote Code Execution and Privilege Escalation
[ballcat](https://github.com/ballcat-projects/ballcat): 😸一个快速开发脚手架,快速搭建企业级后台管理系统,并提供多种便捷starter进行功能扩展。主要功能包括前后台用户分离,菜单权限,数据权限,定时任务,访问日志,操作日志,异常日志,统一异常处理,XSS过滤,SQL防注入,国际化 等多种功能
[poc-list](https://github.com/s-index/poc-list): PoC List
[docker_explorer](https://github.com/matiassequeira/docker_explorer): Scan DockerHub images that match a keyword to find secrets.
[Keylogger-email](https://github.com/Cen-Devv/Keylogger-email): Esse é um programa que nós permite monitorar o teclado e tudo que for digitado. Todos os dados serão colocados em arquivo e enviados para um e-mail no horário no qual defini-lo.
[Vulnerability_scanner](https://github.com/Hem1700/Vulnerability_scanner)
[spring-boot](https://github.com/timebusker/spring-boot): spring-boot 项目实践总结
[personal-security-checklist](https://github.com/Lissy93/personal-security-checklist): 🔒 A curated checklist of 300+ tips for protecting digital security and privacy in 2022
[Ciphey](https://github.com/Ciphey/Ciphey): ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
[Password_Strength](https://github.com/VirusZzHkP/Password_Strength): C++ program to check the strength of your password.
[FuYao-Go](https://github.com/ExpLangcn/FuYao-Go): 自动化进行目标资产探测和安全漏洞扫描|适用于赏金活动、SRC活动、大规模使用、大范围使用|通过使用被动在线资源来发现网站的有效子域|通过强大且灵活的模板,模拟各种安全漏洞检查!Automate target asset detection and security vulnerability scanning | Suitable for bounty campaigns, SRC campaigns, mass usage, mass usage | Discover valid subdomains of websites by using passive online resources | Simulate various Security Vulnerability Check
[cfn_nag](https://github.com/stelligent/cfn_nag): Linting tool for CloudFormation templates
[docker-cloudsploit](https://github.com/gjyoung1974/docker-cloudsploit): dockerized-cloudsplot, CloudSploit is a security and configuration scanner that can detect hundreds of threats in your AWS account. Don't let a single misstep compromise your entire infrastructure.
[Am-I-affected-by-Meltdown](https://github.com/raphaelsc/Am-I-affected-by-Meltdown): Meltdown Exploit / Proof-of-concept / checks whether system is affected by Variant 3: rogue data cache load (CVE-2017-5754), a.k.a MELTDOWN.
[wargame](https://github.com/tlatkdgus1/wargame): H@ck wargame with Django
[top-attack-techniques](https://github.com/center-for-threat-informed-defense/top-attack-techniques): Top ATT&CK Techniques provides defenders with a systematic approach to prioritizing ATT&CK techniques.
[Kuiper](https://github.com/DFIRKuiper/Kuiper): Digital Forensics Investigation Platform
[hashview-old](https://github.com/hashview/hashview-old): A web front-end for password cracking and analytics
[dependency-confusion-exploit](https://github.com/sorahed/dependency-confusion-exploit): a demonstration of how the dependency-confusion attack with npm works
[HackingNews](https://github.com/olafgoj/HackingNews): O co chodzi w #hackingnews? W skrócie: wrzucam linki do ciekawych stron, które napotkam na swojej drodze. :)
[Typhoon-Vulnerable-VM](https://github.com/PrismaCSI/Typhoon-Vulnerable-VM): Typhoon Vulnerable VM is a virtual machine bundled with several vulnerabilities that provides a laboratory environment for researchers looking into enhancing their skills in the field of Cyber Security.
[Wifi-Hacking](https://github.com/ankit0183/Wifi-Hacking): Cyber Security Tool For Hacking Wireless Connections Using Built-In Kali Tools. Supports All Securities (WEP, WPS, WPA, WPA2/TKIP/IES)
[KeyKatcher](https://github.com/Himmii/KeyKatcher): KeyKatcher is a keylogger that records keystrokes made on a computer and sends to the E-Mail.
[Mass-Shell-upload](https://github.com/imhunterand/Mass-Shell-upload): Mass exploiter shell upload scanner tool
[Epimetheus](https://github.com/0x4meliorate/Epimetheus): Receive notifications/alerts on the most recent disclosed CVE's.
[hacking-with-python](https://github.com/drsh4rky/hacking-with-python): You guessed well, genius !! This tool is intended for the initiation to ethical hacking with python
[jerseyctf-2022-challenges](https://github.com/njitacm/jerseyctf-2022-challenges): JerseyCTF 2022
[fuzzbench](https://github.com/google/fuzzbench): FuzzBench - Fuzzer benchmarking as a service.
[EzScript](https://github.com/xFaraday/EzScript): Cyberpatriot born Windows hardening script. It serves as a way to get to baseline and can help specialists further secure the machine.
[PentestTools](https://github.com/arch3rPro/PentestTools): Awesome Pentest Tools Collection
[Drupalgeddon2](https://github.com/dreadlocked/Drupalgeddon2): Exploit for Drupal v7.x + v8.x (Drupalgeddon 2 / CVE-2018-7600 / SA-CORE-2018-002)
[the-book-of-secret-knowledge](https://github.com/trimstray/the-book-of-secret-knowledge): A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
[beelzebub](https://github.com/mariocandela/beelzebub): A secure honeypot framework, extremely easy to configure by yaml 🚀
[w2vcluster](https://github.com/mylamour/w2vcluster): word2vec & k-means cluster
[jok3r](https://github.com/koutto/jok3r): Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework
[fpvs](https://github.com/vanschelven/fpvs): Fast Python Vulnerability Scanner
[NukeJndiLookupFromLog4j](https://github.com/LoliKingdom/NukeJndiLookupFromLog4j): Selection of ways to remove JndiLookup in now obsolete Minecraft versions, or versions that still have log4j < 2.10 and is unable to use `-Dlog4j2.formatMsgNoLookups=true`
[hash-generator-](https://github.com/morpheuslord/hash-generator-): contains a bruteforcer wifi hacker an batch to exe converter contains a n verity of usefull tools in python and can be converted to exe by using pyinstaller
[Ethical-Hacking](https://github.com/FrancescoMarchiori/Ethical-Hacking): Repository for the challenges code of the M. Sc. course in Ethical Hacking
[PacketWhisper](https://github.com/TryCatchHCF/PacketWhisper): PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.
[jfscan](https://github.com/nullt3r/jfscan): JF⚡can - Super fast port scanning & service discovery using Masscan and Nmap. Scan large networks with Masscan and use Nmap's scripting abilities to discover information about services. Generate report.
[vuln-web-apps](https://github.com/geeksonsecurity/vuln-web-apps): A curated list of vulnerable web applications.
[SpoolSploit](https://github.com/BeetleChunks/SpoolSploit): A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.
[Hemera](https://github.com/KerberosSec/Hemera): O Hemera é um Software voltado para o desenvolvimento de Phishings. Seu intuito é auxiliar nos estudos de segurança digital.
[IntelOwl-ng](https://github.com/intelowlproject/IntelOwl-ng): IntelOwl's Web Interface. Built with Angular 10.
[latte](https://github.com/nette/latte): ☕ Latte: the safest & truly intuitive templates for PHP. Engine for those who want the most secure PHP sites.
[Hacker-Playbook-Utility](https://github.com/p1r-a-t3/Hacker-Playbook-Utility): A Python3 powered bash script written to slightly automate the tool installation process of the Hacker Playbook Book (http://thehackerplaybook.com).
[iskan](https://github.com/alcideio/iskan): Kubernetes Native, Runtime Container Image Scanning
[CVE-2021-33766](https://github.com/bhdresh/CVE-2021-33766): ProxyToken (CVE-2021-33766) : An Authentication Bypass in Microsoft Exchange Server POC exploit
[memrepl](https://github.com/agustingianni/memrepl): Memory inspection REPL interface
[omega](https://github.com/anthares101/omega): From Wordpress admin to pty automatically!
[is-password-pwned](https://github.com/commenthol/is-password-pwned): Check password against pwnedpasswords.com using k-anonimity model
[psudohash](https://github.com/t3l3machus/psudohash): Password list generator that focuses on keywords mutated by commonly used password creation patterns
[sinker](https://github.com/mmartins000/sinker): Sinker is a Python tool to automate the execution of dockerized container scanning security tools merging their findings into one report.
[BHR_Labs](https://github.com/blackhatruby/BHR_Labs): Black Hat Ruby book | Lab files | Buy the book https://www.amazon.com/dp/B08JHSF6GT
[UnSAFE_Bank](https://github.com/lucideus-repo/UnSAFE_Bank): Vulnerable Banking Suite
[usbguard](https://github.com/USBGuard/usbguard): USBGuard is a software framework for implementing USB device authorization policies (what kind of USB devices are authorized) as well as method of use policies (how a USB device may interact with the system)
[exploit-CVE-2021-22204](https://github.com/UNICORDev/exploit-CVE-2021-22204): Exploit for CVE-2021-22204 (ExifTool) - Arbitrary Code Execution
[yara-parser](https://github.com/Northern-Lights/yara-parser): Tools for parsing rulesets using the exact grammar as YARA. Written in Go.
[h4cker](https://github.com/The-Art-of-Hacking/h4cker): This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.
[TwitterX](https://github.com/nakiostudio/TwitterX): Keeping Twitter for macOS alive with code injection
[365](https://github.com/aryanguenthner/365): OSINT, Threat Hunting, Network and Web Recon, Discovery, Enumeration, Vulnerability Mapping, Exploitation, Reporting
[hershell](https://github.com/lesnuages/hershell): Multiplatform reverse shell generator
[HackVault](https://github.com/0xSobky/HackVault): A container repository for my public web hacks!
[Impost3r](https://github.com/ph4ntonn/Impost3r): 👻Impost3r -- A linux password thief
[PoshDellDBUtil](https://github.com/Kinsiinoo/PoshDellDBUtil): It scans all computer in a given OU for the vulnerable dbutil_2_3.sys file and remove it.
[wallet-tracker](https://github.com/aydinnyunus/wallet-tracker): Detect real scammers with Wallet-Tracker CLI from anywhere.
[pod-lab](https://github.com/bkosm/pod-lab): Programy z przedmiotu Podstawy Ochrony Danych.
[capillary](https://github.com/google/capillary): Capillary is a library to simplify the sending of end-to-end encrypted push messages from Java-based application servers to Android clients.
[Cloak](https://github.com/s0md3v/Cloak): Cloak can backdoor any python script with some tricks.
[h2csmuggler](https://github.com/BishopFox/h2csmuggler): HTTP Request Smuggling over HTTP/2 Cleartext (h2c)
[tugarecon](https://github.com/skynet0x01/tugarecon): Pentest: Subdomains enumeration tool for penetration testers.
[DomainCAT](https://github.com/DomainTools/DomainCAT): Domain Connectivity Analysis Tools to analyze aggregate connectivity patterns across a set of domains during security investigations
[pingcastle](https://github.com/vletoux/pingcastle): PingCastle - Get Active Directory Security at 80% in 20% of the time
[SSLtest](https://github.com/psc4re/SSLtest): SSL check through SSL Labs API
[Penetration_Testing_POC](https://github.com/Mr-xn/Penetration_Testing_POC): 渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
[cloudfrunt](https://github.com/MindPointGroup/cloudfrunt): A tool for identifying misconfigured CloudFront domains
[xsscan](https://github.com/doomguy/xsscan): A simple script to detect unescaped characters in a web application for e.g. Cross Site Scripting (XSS) attacks.
[wikiprot](https://github.com/ProtAAPP/wikiprot): Repositorio de documentación y referencias relativas al mundo de la ciberseguridad, creado y mantenido por la Comunidad de ProtAAPP
[Learn-Web-Hacking](https://github.com/LyleMi/Learn-Web-Hacking): Study Notes For Web Hacking / Web安全学习笔记
[cs5331](https://github.com/vhazali/cs5331): NUS CS5331 Web Security
[Struts2-045-Exp-CSharp](https://github.com/Lensual/Struts2-045-Exp-CSharp): Development with C# WinForm. Just for study and programming excercises.
[HikPwn](https://github.com/4n4nk3/HikPwn): HikPwn, a simple scanner for Hikvision devices with basic vulnerability scanning capabilities written in Python 3.8.
[tangalanga](https://github.com/elcuervo/tangalanga): Tangalanga: the Zoom conference scanner hacking tool
[KeystrokeDynamicsSpoofer](https://github.com/Aarif123456/KeystrokeDynamicsSpoofer): A keystroke biometric spoofer created to test the strength of the strength of various keystoke dynamic based authentication systems
[AutoPWN-Suite](https://github.com/GamehunterKaan/AutoPWN-Suite): AutoPWN Suite is a project for scanning vulnerabilities and exploiting systems automatically.
[wikau](https://github.com/ussaohelcim/wikau): "What i know about you" é um site que demonstra tudo o que posso saber de você com um simples site com Javascript.
[adguard-ps4-usersguide](https://github.com/upal212/adguard-ps4-usersguide): 'Users Guide' via the help of AdGuard Home
[taketv](https://github.com/SVelizDonoso/taketv): TakeTV permite descubrir dispositivos de red DLNA/UPnP y ayuda a reproducir archivos multimedia en los televisores inteligentes desde nuestra terminal en Linux.
[Open-Source-Security-Guide](https://github.com/mikeroyal/Open-Source-Security-Guide): Open Source Security Guide
[CentosAuth](https://github.com/TrinityNET/CentosAuth): A .NET Authentication System written in C# & PHP
[Markopy](https://github.com/ignis-sec/Markopy): Markov Model libraries, optimized for cracking-focused password generations.
[CVE-2020-1337](https://github.com/VoidSec/CVE-2020-1337): CVE-2020-1337 a bypass of (PrintDemon) CVE-2020-1048’s patch
[resolvers](https://github.com/trickest/resolvers): The most exhaustive list of reliable DNS resolvers.
[skf-flask](https://github.com/blabla1337/skf-flask): Security Knowledge Framework (SKF) Python Flask / Angular project
[THC-Archive](https://github.com/hackerschoice/THC-Archive): All releases of the security research group (a.k.a. hackers) The Hacker's Choice
[scan-action](https://github.com/sysdiglabs/scan-action): Inline Image Scan Github Action
[sf-ip-noipv6](https://github.com/serverfarmer/sf-ip-noipv6): sf-ip-noipv6 extension disables IPv6 connectivity at various levels..
[VulnHub](https://github.com/formidablae/VulnHub): Code and material from VulnHub. VulnHub provides materials allowing anyone to gain practical hands-on experience with digital security, computer applications and network administration tasks.
[Oblivion](https://github.com/loseys/Oblivion): Data leak checker & OSINT Tool
[felix](https://github.com/projectcalico/felix): Project Calico's per-host agent Felix, responsible for programming routes and security policy.
[MD5_Hash_crack](https://github.com/EJL3/MD5_Hash_crack): Hashed MD5(message digest algorithm 5) passwords are cracked to reveal the real keylog.
[SecTools](https://github.com/IvanVoronov/SecTools): List of tools for SecDevOps, vulnerability analysis, network scanning
[NTS_LAB1-2-3_CYBER](https://github.com/hugofnmdev/NTS_LAB1-2-3_CYBER): CYBER - LAB 1-2-3 - S1 - NTS - EPITA
[bugbounty-cheatsheet](https://github.com/EdOverflow/bugbounty-cheatsheet): A list of interesting payloads, tips and tricks for bug bounty hunters.
[CVE-List-Public-Exploits](https://github.com/TheMirkin/CVE-List-Public-Exploits): Exploits for various CVEs
[SAP_vulnerabilities](https://github.com/vah13/SAP_vulnerabilities): DoS PoC's for SAP products
[checkmyhttps](https://github.com/checkmyhttps/checkmyhttps): We propose a user-friendly add-on that allows you to check if your encrypted web traffic (SSL/TLS) towards secured Internet servers (HTTPS) is not intercepted (being listened to).
[r3con](https://github.com/thenurhabib/r3con): Multi-functional Web Recon & Vulnerability Scanner Tool
[Tomcat-webshell-application](https://github.com/p0dalirius/Tomcat-webshell-application): A webshell application and interactive shell for pentesting Apache Tomcat servers.
[nfcgate](https://github.com/nfcgate/nfcgate): An NFC research toolkit application for Android
[CamHell](https://github.com/SuperBuker/CamHell): Ingenic T10 IP camera crawler
[imap-honey](https://github.com/yvesago/imap-honey): IMAP or SMTP honeypot written in Golang
[ipmiPwner](https://github.com/c0rnf13ld/ipmiPwner): Exploit to dump ipmi hashes
[drozer-modules](https://github.com/FSecureLABS/drozer-modules)
[Cypher-MINITOOL](https://github.com/Xooppp/Cypher-MINITOOL): Cypher-Multitool is a 'Hacking' Multitool written by me in Batch, don't steal the source code :). It's a MINI version of it, the MEGA version is coming out soon...
[docker-rekall](https://github.com/blacktop/docker-rekall): Rekall Dockerfile
[ssh-mitm](https://github.com/ssh-mitm/ssh-mitm): ssh mitm server for security audits supporting public key authentication, session hijacking and file manipulation
[exploit-CVE-2016-10033](https://github.com/opsxcq/exploit-CVE-2016-10033): PHPMailer < 5.2.18 Remote Code Execution exploit and vulnerable container
[django-DefectDojo](https://github.com/DefectDojo/django-DefectDojo): DefectDojo is a DevSecOps and vulnerability management tool.
[Mega-Bot](https://github.com/Aron-Tn/Mega-Bot): [NEW] : Mega Bot ☣ Scanner & Auto Exploiter
[EnVisen](https://github.com/polyverse/EnVisen): ROP gadget finder and analysis in pure Javascript
[keycloak-scanner](https://github.com/NeuronAddict/keycloak-scanner): Keycloak security scanner
[Pentest-Tools-Framework](https://github.com/3xploit-db/Pentest-Tools-Framework): Pentest Tools Framework is a database of exploits, Scanners and tools for penetration testing. Pentest is a powerful framework includes a lot of tools for beginners. You can explore kernel vulnerabilities, network vulnerabilities
[bouncer](https://github.com/JosephSilber/bouncer): Eloquent roles and abilities.
[RedTeam-Physical-Tools](https://github.com/DavidProbinsky/RedTeam-Physical-Tools): Red Team Toolkit - A curated list of tools that are commonly used in the field for Physical Security, Red Teaming, and Tactical Covert Entry.
[using-nmap](https://github.com/JGundy64/using-nmap): A small cheat sheet to using some of the most common nmap flags and setups I use when probing a network.
[AdversarialAttack-PHM](https://github.com/dependable-cps/AdversarialAttack-PHM)
[jwt-transform](https://github.com/restuwahyu13/jwt-transform): Transform your real jwt token into fake jwt token.
[CVE-2020-7200](https://github.com/alexfrancow/CVE-2020-7200): CVE-2020-7200: HPE Systems Insight Manager (SIM) RCE PoC
[StaCoAn](https://github.com/vincentcox/StaCoAn): StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.
[Hacking_Tools](https://github.com/thinker732/Hacking_Tools): Quelques outils pouvant aider dans le cadre de test d'intrusion
[SEC-reports](https://github.com/radii1web/SEC-reports): utilizing the data avaliable at https://www.secrepo.com/ for security data analysis { the master has a web recon scanner that will also add a vulnerability scanner }
[cloud-analytics](https://github.com/center-for-threat-informed-defense/cloud-analytics): Cloud Analytics helps defenders detect attacks to their cloud infrastructure by developing behavioral analytics for cloud platforms as well as a blueprint for how others can create and use cloud analytics effectively.
[awesome-mobile-security](https://github.com/vaib25vicky/awesome-mobile-security): An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.
[blazingfast-bypass](https://github.com/0x44F/blazingfast-bypass): Blazingfast DDoS protection bypass vulnerability.
[Hacking-Security-Ebooks](https://github.com/yeahhub/Hacking-Security-Ebooks): Top 100 Hacking & Security E-Books (Free Download)
[usb-keylogger](https://github.com/Inerska/usb-keylogger): Creating a crossplatform C++ undetectable usb autorunned keylogger for education purpose
[klustair-cli](https://github.com/klustair/klustair-cli): Scan all images in your Kubernetes cluster with Trivy and check your configuration with Kubeaudit
[PT-GUI](https://github.com/Hardhat-Enterprises/PT-GUI): Project PT-GUI for Deakin Capstone Hardhat Enterprises
[hvmi](https://github.com/hvmi/hvmi): Hypervisor Memory Introspection Core Library
[CyberSecurityRSS](https://github.com/zer0yu/CyberSecurityRSS): CyberSecurityRSS: 优秀的网络安全知识来源 / A collection of cybersecurity rss to make you better!
[ddos](https://github.com/the-deepnet/ddos): Best DDoS Attack Script With 36 Plus Methods
[sub3suite](https://github.com/3nock/sub3suite): a free, open source, cross platform Intelligence gathering tool.
[coding-companion](https://github.com/JustCodeBlog/coding-companion): 😃 An artificial companion for coders 😃
[npm-initial-access](https://github.com/gmatuz/npm-initial-access): Easy to extend initial access scenario to help with EDR testing on Linux and Mac
[AgnerSecurity](https://github.com/AgnerSecurity/AgnerSecurity): Uma ferramenta WEB de segurança open source de redes de computadores com Nmap, honeypot, vulnerabilidade de equipamentos de rede etc.
[h-infect](https://github.com/jravis-8520/h-infect): H-INFECT is a tool to create a virus for android, windows, and macOS.
[alternative-frontends](https://github.com/digitalblossom/alternative-frontends): 🔐🌐 Privacy-respecting web frontends for popular services
[Google-Maps-API-Scanner](https://github.com/Kevaljagani/Google-Maps-API-Scanner): Check if the leaked Google-Maps API key is vulnerable or not.
[FDIA-PdM](https://github.com/dependable-cps/FDIA-PdM): False Data Injection Attacks in Internet of Things and Deep Learning enabled Predictive Analytics
[exploit-phpldapadmin-remote-dump](https://github.com/opsxcq/exploit-phpldapadmin-remote-dump): phpldapadmin remote exploit and vulnerable container !
[BUSCO-PROGRAMADOR](https://github.com/Astorga31/BUSCO-PROGRAMADOR): Hola a todos, soy nuevo aquí. Estoy buscando un perfil que pueda simpatizar con esta idea escrita. Queremos crear una plataforma desde cero y que se convierta en un monstruo de la era digital. Si tú sabes cómo lograrlo y tienes la ambición. Contáctame.
[chezmoi](https://github.com/twpayne/chezmoi): Manage your dotfiles across multiple diverse machines, securely.
[goflood](https://github.com/lismore/goflood): A connection flood attack application written in Go
[enumy](https://github.com/luke-goddard/enumy): Linux post exploitation privilege escalation enumeration
[SharpStrike](https://github.com/iomoath/SharpStrike): A Post exploitation tool written in C# uses either CIM or WMI to query remote systems.
[exploit-MS09-050](https://github.com/opsxcq/exploit-MS09-050): Microsoft Windows 7 SMB2.0 Remote Blue Screen of Death
[DivineLogger](https://github.com/DivineSoftware/DivineLogger): Keylogger builder written in C#
[python-tuf](https://github.com/theupdateframework/python-tuf): Python reference implementation of The Update Framework (TUF)
[bbr](https://github.com/codingo/bbr): An open source tool to aid in command line driven generation of bug bounty reports based on user provided templates.
[V-Achilles](https://github.com/MUICT-SERU/V-Achilles): Achilles is a tool that shows a visualization (i.e., using dependency graphs) of both direct and indirect dependencies that are affected by software vulnerability attacks.
[ipt_geofence](https://github.com/ntop/ipt_geofence): Geographical host protection for Linux
[badblood](https://github.com/jbaines-r7/badblood): SonicWall SMA-100 Unauth RCE Exploit (CVE-2021-20038)
[4K-Botnet](https://github.com/4k-developer/4K-Botnet): A simple and easy to use JS Botnet
[Github-Monitor](https://github.com/VKSRC/Github-Monitor): Github Sensitive Information Leakage Monitor(Github信息泄漏监控系统)
[sysmon](https://github.com/sametsazak/sysmon): Sysmon and wazuh integration with Sigma sysmon rules [updated]
[savagedetector](https://github.com/gk2savage/savagedetector): Information Gathering and Vulnerability Scanner Tool
[DFW1N-OSINT](https://github.com/DFW1N/DFW1N-OSINT): Australian Open Source Intelligence Gathering Resources, Australias Largest Open Source Intelligence Repository for Cyber Professionals and Ethical Hackers
[Discord-Token-Cracker](https://github.com/tungdo0602/Discord-Token-Cracker): Simple and fast discord token cracker
[ntlmscan](https://github.com/nyxgeek/ntlmscan): scan for NTLM directories
[breachcheck](https://github.com/c0llision/breachcheck): Checks if entered password appears in the HaveIBeenPwned dataset of leaked passwords. Uses k-Anonymity to avoid exposing the password to HIBP servers.
[Chromium-based-XSS-Taint-Tracking](https://github.com/v8blink/Chromium-based-XSS-Taint-Tracking): Cyclops 是一款具有 XSS 检测功能的浏览器
[ADMMutate](https://github.com/K2/ADMMutate): Classic code from 1999+ I am fairly sure this is the first public polymorphic shellcode ever (best IMHO and others http://ids.cs.columbia.edu/sites/default/files/ccs07poly.pdf :) If I ever port this to 64 or implement a few other suggestions (sorry I lost ppc code version contributed) it will be orders of magnitude more difficult to spot, so I hope nobody uses signatures for anything (virus / malware scanners included).
[CAN_Hacking](https://github.com/C-X1/CAN_Hacking): Getting into Opel (Vauxhall) Astra J CAN Messages
[steved3.github.io](https://github.com/SteveD3/steved3.github.io): SteveD3's personal journal for things that really don't fit on social media.
[jwt-helper](https://github.com/kaantekiner/jwt-helper): JWT Helper Tool 4 Pentests.
[trailscraper](https://github.com/flosell/trailscraper): A command-line tool to get valuable information out of AWS CloudTrail
[WebScanner](https://github.com/CyberCommands/WebScanner)
[Awesome-RedTeam-Cheatsheet](https://github.com/RistBS/Awesome-RedTeam-Cheatsheet): Active Directory & Red-Team Cheat-Sheet in constant expansion.
[Fortnite-Offsets](https://github.com/MJMODZZ/Fortnite-Offsets): These are the Fortnite Chapter 3 Seison 2 Newest Offsets.
[zeek-plugin-s7comm](https://github.com/amzn/zeek-plugin-s7comm): Zeek network security monitor plugin that enables parsing of the S7 protocol
[cybersecurity-threat-detection](https://github.com/paulveillard/cybersecurity-threat-detection): An ongoing & curated collection of awesome software best practices and remediation techniques, libraries and frameworks, E-books and videos, Technical guidelines and important resources about Threat Detection & Hunting.
[DES](https://github.com/a-Ahmed13/DES): Data Encryption Standard c/c++
[Zeebsploit](https://github.com/jaxBCD/Zeebsploit): web scanner - exploitation - information gathering
[aparoid](https://github.com/stefan2200/aparoid): Static and dynamic Android application security analysis
[botanalyse](https://github.com/gtbotsonar/botanalyse): botsonar analyse open api
[satellite](https://github.com/t94j0/satellite): easy-to-use payload hosting
[k8s-security](https://github.com/kabachook/k8s-security): Kubernetes security notes and best practices
[pentesting_script](https://github.com/TonnyMontenegro/pentesting_script): Laboratorio de pentesting con docker que nos permite descargar y desplegar aplicaciones web vulnerables para practicar pentesting en ellas
[WPContentInjection](https://github.com/lolwaleet/WPContentInjection): a quick n dirty poc for wp content injection vulnerability.
[AutomatedHunter](https://github.com/M507/AutomatedHunter): Google Chrome Extension automates testing fundamental Web Problems via Chrome
[Reverse-Engineering](https://github.com/mytechnotalent/Reverse-Engineering): A FREE comprehensive reverse engineering tutorial covering x86, x64, 32-bit ARM & 64-bit ARM architectures.
[jackhammer](https://github.com/olacabs/jackhammer): Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.
[awesome-web-hacking](https://github.com/infoslack/awesome-web-hacking): A list of web application security
[sdwannewhope](https://github.com/sdnewhop/sdwannewhope): SD-WAN security and insecurity
[offbyslash-django-dumper](https://github.com/adamyordan/offbyslash-django-dumper): A proof of concept to dump Django website's source code affected by NGINX's off-by-slash alias directive misconfiguration.
[vulscan](https://github.com/vulscanteam/vulscan): vulscan 扫描系统:最新的poc&exp漏洞扫描,redis未授权、敏感文件、java反序列化、tomcat命令执行及各种未授权扫描等...
[phpcs-security-audit](https://github.com/FloeDesignTechnologies/phpcs-security-audit): phpcs-security-audit is a set of PHP_CodeSniffer rules that finds vulnerabilities and weaknesses related to security in PHP code
[btc-hack](https://github.com/DavidMGilbert/btc-hack): An automated bitcoin wallet generator that brute forces random wallet addresses by checking their balance in real-time using an online API .
[dgad](https://github.com/COSSAS/dgad): DGA Detective - Hunt domains generated by Domain Generation Algorithms to identify malware traffic
[wcs_scanner](https://github.com/Leovalcante/wcs_scanner): Oracle WebCenter Sites Vulnerability Scanner
[VAmPI](https://github.com/erev0s/VAmPI): Vulnerable REST API with OWASP top 10 vulnerabilities for security testing
[lunasec](https://github.com/lunasec-io/lunasec): LunaSec - Open Source AppSec platform that automatically notifies you the next time vulnerabilities like Log4Shell or node-ipc happen. Track your dependencies and builds in a centralized service. Get started in one-click via our GitHub App or host it yourself. https://github.com/apps/lunatrace-by-lunasec/
[sashay](https://github.com/scalabli/sashay): Sashay is an automatic installer for useful tools.
[RE_Mal_Exploit_Tutorials](https://github.com/msayyad/RE_Mal_Exploit_Tutorials): my reading list for reverse engineering malware & exploit development
[Malware-Database](https://github.com/cryptwareapps/Malware-Database): A large repository of malware samples with 2500+ malware samples & source codes for a variety of platforms by Cryptware.
[grinder](https://github.com/sdnewhop/grinder): :mag_right: Python framework to automatically discover and enumerate hosts from different back-end systems (Shodan, Censys)
[fisy-fuzz](https://github.com/0xricksanchez/fisy-fuzz): This is the full file system fuzzing framework that I presented at the Hack in the Box 2020 Lockdown Edition conference in April.
[WEB-DOJO-SECURITY](https://github.com/jacfpentester/WEB-DOJO-SECURITY): Instalacion, configuracion y resulcion de las maquinas de la VM Web Dojo Security ( Web Pentesting ).
[Cyber-News-Bot](https://github.com/JMousqueton/Cyber-News-Bot): A bot to retweet everything related to Cyber Security based on hashtag
[shodanwave](https://github.com/jimywork/shodanwave): Shodanwave is a tool for exploring and obtaining information from Netwave IP Camera.
[hashpass](https://github.com/stepchowfun/hashpass): A simple password manager with a twist.
[ViperMonkey](https://github.com/decalage2/ViperMonkey): A VBA parser and emulation engine to analyze malicious macros.
[Brute-Force-Login](https://github.com/Sanix-Darker/Brute-Force-Login): Proof -Of-Concept Brute Force Login on a web-site with a good dictionary of words
[Sherlock](https://github.com/gbiagomba/Sherlock): This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)
[bountycat](https://github.com/blessingcharles/bountycat): A WEB SECURITY TESTING AUTOMATION TOOL FOR HUMANS
[krane](https://github.com/appvia/krane): Kubernetes RBAC static analysis & visualisation tool
[stethoscope](https://github.com/Netflix-Skunkworks/stethoscope): Personalized, user-focused recommendations for employee information security.
[knowledgezero](https://github.com/v-research/knowledgezero): KnowledgeZero is a place where we, @v-research, publish our research efforts, writing gentle introductions to our ideas but also sharing the hard-core scientific papers.
[pen-test-automation](https://github.com/secdec/pen-test-automation): A framework for automating penetration testing using a plugin based architecture
[AspNet.Security.OAuth.Okta](https://github.com/ayubamini/AspNet.Security.OAuth.Okta): AspNet.Security.OAuth.Okta is library include collection of security middlewares to authorize users based on OAuth 2.0 and OpenId Connect protocol in your application.
[CVE-2021-27928](https://github.com/GatoGamer1155/CVE-2021-27928): Pasos a seguir para explotar la vulnerabilidad CVE-2021-27928
[can-i-take-over-dns](https://github.com/indianajson/can-i-take-over-dns): "Can I take over DNS?" — a list of DNS providers and how to claim (sub)domains via missing hosted zones
[awesome-malware](https://github.com/fabacab/awesome-malware): :computer::warning: A curated collection of awesome malware, botnets, and other post-exploitation tools.
[Minesweeper](https://github.com/codingo/Minesweeper): A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).
[laravel-ban](https://github.com/cybercog/laravel-ban): Laravel Ban simplify blocking and banning Eloquent models.
[CVE-2022-25262](https://github.com/yuriisanin/CVE-2022-25262): PoC + vulnerability details for CVE-2022-25262 / JetBrains Hub single-click SAML response takeover
[PrivEsc](https://github.com/1N3/PrivEsc): A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.
[MyOwnCheatSheet](https://github.com/graminha-matheus/MyOwnCheatSheet): Anotações pessoais relacionadas a pesquisas, estudos e vivências relacionadas à cybersecurity. Sendo constantemente atualizado e aberto a Pull requests caso queira adicionar algo.
[Webshell-Sniper](https://github.com/WangYihang/Webshell-Sniper): :hammer: Manage your website via terminal
[multizone-sdk-arm](https://github.com/hex-five/multizone-sdk-arm): MultiZone® Security TEE for Arm® Cortex®-M is the quick and safe way to add security and separation to any Cortex-M based device. MultiZone® software can retrofit existing designs. If you don’t have TrustZone®, or if you require finer granularity than one secure world, you can take advantage of high security separation without the need for hardware and software redesign, eliminating the complexity associated with managing a hybrid hardware/software security scheme.
[sbt-dependency-check](https://github.com/albuch/sbt-dependency-check): SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). :rainbow:
[Safari2000day](https://github.com/Bo0oM/Safari2000day)
[ThePhish](https://github.com/emalderson/ThePhish): ThePhish: an automated phishing email analysis tool
[pentest-wiki](https://github.com/nixawk/pentest-wiki): PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.
[SwiftnessX](https://github.com/ehrishirajsharma/SwiftnessX): A cross-platform note-taking & target-tracking app for penetration testers.
[Helios](https://github.com/stefan2200/Helios): A Python based Web Application security scanner
[Hacking-Resources](https://github.com/rng70/Hacking-Resources): This repository contains some resources for ethical hackers penetration tester 😊 This may contain some files, tools, books, and links that need to be used for good purposes only. Do not do any illegal work using these sources.
[WebMap](https://github.com/SabyasachiRana/WebMap): WebMap-Nmap Web Dashboard and Reporting
[HolyTips](https://github.com/HolyBugx/HolyTips): A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.
[ICS-Security-Tools](https://github.com/ITI/ICS-Security-Tools): Tools, tips, tricks, and more for exploring ICS Security.
[Blue-Baron](https://github.com/operatorequals/Blue-Baron): Automate creating resilient, disposable, secure and agile monitoring infrastructure for Blue Teams.
[python-gvm](https://github.com/greenbone/python-gvm): Greenbone Vulnerability Management Python Library
[seeyon-exploit](https://github.com/xfiftyone/seeyon-exploit): 致远OA漏洞检测
[www-project-top-10-low-code-no-code-security-risks](https://github.com/OWASP/www-project-top-10-low-code-no-code-security-risks): OWASP No-Code Low-Code Security
[Hawkeye](https://github.com/0xbug/Hawkeye): GitHub 泄露监控系统(GitHub Sensitive Information Leakage Monitor Spider)
[Cryptonite](https://github.com/CYBERDEVILZ/Cryptonite): A ransomware created for Windows OS. It is easy to test in a safe environment before deploying it to the victims. Developed using Python
[vulnscan](https://github.com/secretguard/vulnscan): Tool for Advaneced Vulnerability Scanning using NMAP
[HFSZap](https://github.com/VICXOR/HFSZap): Rejetto HTTP File Server (HFS) 2.3.x - Remote Command Execution for Windows
[Offensive-Resources](https://github.com/Zeyad-Azima/Offensive-Resources): A Huge Learning Resources with Labs For Offensive Security Players
[WebPocket](https://github.com/TuuuNya/WebPocket): Exploit management framework
[Rafel-Rat](https://github.com/swagkarna/Rafel-Rat): -------> RAFEL<------ Android Rat Written in Java With WebPanel For Controlling Victims...Hack Android Devices
[vulmap](https://github.com/zhzyker/vulmap): Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞验证功能
[KeepNoteOSCP](https://github.com/AI-BlackB0x/KeepNoteOSCP): KeepNote For OSCP Course
[Un1kFiles](https://github.com/h4ckdepy/Un1kFiles): 适用于burpsuite渗透工具的多类型恶意文件代码、漏洞测试payload、脚本代码快速获取复制的在线辅助插件。
[tweak-series](https://github.com/ZaneH/tweak-series): Repo for YouTube series
[owasp-orizon](https://github.com/thesp0nge/owasp-orizon): Owasp Orizon is a source code static analyzer tool designed to spot security issues in Java applications.
[KeychainAccess](https://github.com/kishikawakatsumi/KeychainAccess): Simple Swift wrapper for Keychain that works on iOS, watchOS, tvOS and macOS.
[NimScan](https://github.com/elddy/NimScan): 🚀 Fast Port Scanner 🚀
[FiercePhish](https://github.com/Raikia/FiercePhish): FiercePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns, schedule sending of emails, and much more.
[Malware-Machine-Learning](https://github.com/GeekOnlineCode/Malware-Machine-Learning): Malware Machine Learning
[Loki](https://github.com/Xh4H/Loki): The Dependency Confusion vulnerability scanner and autoexploitation tool to help identifying and mitigating supply chain attacks
[awesome-api-security](https://github.com/arainho/awesome-api-security): A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.
[nosqli](https://github.com/Charlie-belmer/nosqli): NoSql Injection CLI tool, for finding vulnerable websites using MongoDB.
[F21ProInjector](https://github.com/MlgmXyysd/F21ProInjector): Exploit the vulnerability to install arbitrary applications in k61v1 without ROOT
[attack_to_veris](https://github.com/center-for-threat-informed-defense/attack_to_veris): The principal objectives and outputs of this project are the creation and dissemination of an extension to the VERIS schema incorporating ATT&CK mappings and associated usage documentation.
[aquatone](https://github.com/michenriksen/aquatone): A Tool for Domain Flyovers
[dorothy](https://github.com/elastic/dorothy): Dorothy is a tool to test security monitoring and detection for Okta environments
[oFx](https://github.com/bigblackhat/oFx): 漏洞批量验证框架
[Skaty](https://github.com/yoavst/Skaty): Scapy port for Kotlin (Proof of concept)
[LogonTracer](https://github.com/JPCERTCC/LogonTracer): Investigate malicious Windows logon by visualizing and analyzing Windows event log
[rastrea2r](https://github.com/rastrea2r/rastrea2r): Collecting & Hunting for IOCs with gusto and style
[DLL-INJECTOR](https://github.com/SherazIbrahim/DLL-INJECTOR): I created a dll injector I am going to Open source its Code. But remember one thing that is any one can use it only for Educational purpose .I again say do not use it to damage anyone's Computer.But one thing if you are using it for some good purpose like to help someone who really need help then I permit you to use it.
[VulnerabilityManagement](https://github.com/JonCyberGuy/VulnerabilityManagement): This is a walkthrough of how I created A Virtual Machine environment using VMWare running Windows 10. I did this project to gain experience with Nessus Essentials and learn how to scan for vulnerabilities and remediate them. This project will showcase two of the main steps in the Vulnerability Management Lifecycle. I will be using Nessus Essentials to scan local VMs hosted on VMWare Workstation in order run credentialed scans to discover vulnerabilities, remediate some of the vulnerabilities, then perform a rescan to verify remediation.
[radare2](https://github.com/radareorg/radare2): UNIX-like reverse engineering framework and command-line toolset
[Blooket-hack-scripts](https://github.com/IvyFlight/Blooket-hack-scripts): A few Blooket hacks (Example: ChestX-ray, TokenHack). But it might not work...
[JPGtoMalware](https://github.com/abdulkadir-gungor/JPGtoMalware): It embeds the executable file or payload inside the jpg file. The method the program uses isn't exactly called one of the steganography methods. For this reason, it does not cause any distortion in the JPG file. The JPG file size and payload do not have to be proportional.The JPG file is displayed normally in any viewing application or web application. It can bypass various security programs such as firewall, antivirus. If the file is examined in detail, it is easier to detect than steganography methods. However, since the payload in the JPG file is encrypted, it cannot be easily decrypted. It also uses the "garbage code insertion/dead-code insertion" method to prevent the payload from being caught by the antivirus at runtime.
[ghost](https://github.com/AHXR/ghost): :ghost: RAT (Remote Access Trojan) - Silent Botnet - Full Remote Command-Line Access - Download & Execute Programs - Spread Virus' & Malware
[Multithreaded-Mass-Web-Search](https://github.com/GabrielBigardi/Multithreaded-Mass-Web-Search): Scanner that scan IP ranges to find some text on the websites
[sshesame](https://github.com/jaksi/sshesame): An easy to set up and use SSH honeypot, a fake SSH server that lets anyone in and logs their activity
[linux-exploit-suggester](https://github.com/mzet-/linux-exploit-suggester): Linux privilege escalation auditing tool
[xss-http-injector](https://github.com/epsylon/xss-http-injector): XSS HTTP Inject0r is a proof of concept tool that shows how XSS (Cross Site Scripting) flags can be exploited easily. It is written in HTML + Javascript + PHP and released under GPLv3.
[Umbrella_android](https://github.com/securityfirst/Umbrella_android): Open source Android, iOS and Web app for learning about and managing digital and physical security. From how to send a secure message to dealing with a kidnap. Umbrella has best practice guides in over 40 topics in multiple languages. Used daily by people working in high risk countries - journalists, activists, diplomats, business travelers etc.
[how2exploit_binary](https://github.com/Bretley/how2exploit_binary): An in depth tutorial on how to do binary exploitation
[XSSCon](https://github.com/menkrep1337/XSSCon): XSSCon: Simple XSS Scanner tool
[awesome-bbht](https://github.com/0xApt/awesome-bbht): A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.
[pwn--](https://github.com/hugsy/pwn--): pwn++ : my Windows & Linux pwn library to play with modern C++ - and yeah, it's pwn++, not pwn-- (toy lib, don't use in prod)
[osint](https://github.com/Vault-Cyber-Security/osint): Docker image for osint
[cookie_crimes](https://github.com/defaultnamehere/cookie_crimes): Read local Chrome cookies without root or decrypting
[CTF-Write-ups](https://github.com/csivitu/CTF-Write-ups): Write-ups for CTF challenges.
[vulnerablecode](https://github.com/nexB/vulnerablecode): A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/
[ZimbraExploit](https://github.com/k8gege/ZimbraExploit): Zimbra邮件系统漏洞 XXE/RCE/SSRF/Upload GetShell Exploit 1. (CVE-2019-9621 Zimbra<8.8.11 XXE GetShell Exploit)
[zip](https://github.com/kuba--/zip): A portable, simple zip library written in C
[electronegativity](https://github.com/doyensec/electronegativity): Electronegativity is a tool to identify misconfigurations and security anti-patterns in Electron applications.
[CDMC2016](https://github.com/vinayakumarr/CDMC2016): Cybersecurity Data Mining Competition 2016
[SecurityArchitecture](https://github.com/nocomplexity/SecurityArchitecture): Repository for the Open Security Reference Architecture
[lambdacube-compiler](https://github.com/lambdacube3d/lambdacube-compiler): LambdaCube 3D is a Haskell-like purely functional language for GPU. Try it out:
[featherduster](https://github.com/nccgroup/featherduster): An automated, modular cryptanalysis tool; i.e., a Weapon of Math Destruction
[Roblox](https://github.com/bloxain/Roblox): A Script For Roblox supported by krnl,trigon,synapse and uses synapse x undected funcs fast load with files and supports 8+ Games!
[Sol-Typo](https://github.com/keyurtalati/Sol-Typo): Solidity Type Casting Identifier tool.
[turtle](https://github.com/spicesouls/turtle): MSFVenom Powershell Stager Encoder & Generator
[osmedeus](https://github.com/j3ssie/osmedeus): A Workflow Engine for Offensive Security
[External-Roblox-ESP](https://github.com/bditt/External-Roblox-ESP): This is an external ESP for Roblox. It was made while I was learning to reverse Roblox's structures. This is just a base so it doesn't do anything fancy. Please ignore the ugly code.
[H1ve](https://github.com/D0g3-Lab/H1ve): An Easy / Quick / Cheap Integrated Platform
[vminspect](https://github.com/noxdafox/vminspect): Tools for inspecting disk images
[SecurityPlus-notes](https://github.com/saira-h/SecurityPlus-notes): Study notes for the CompTIA Security+ certification
[Python-Random-Password-Generator](https://github.com/sectool/Python-Random-Password-Generator): Python - Random Password Generator ( R.P.G. )
[awesome-hacker-search-engines](https://github.com/edoardottt/awesome-hacker-search-engines): A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red Team operations, Bug Bounty and more
[monero](https://github.com/monero-project/monero): Monero: the secure, private, untraceable cryptocurrency
[Samba_usermap_exploit](https://github.com/Patchyst/Samba_usermap_exploit): Easy to read Python script for exploiting Samba versions 3.0.20 through 3.0.25rc3
[drill-network-functions](https://github.com/cgivre/drill-network-functions): Networking functions for Apache Drill
[awesome-websocket-security](https://github.com/PalindromeLabs/awesome-websocket-security): Awesome information for WebSockets security research
[email-nuker](https://github.com/bagarrattaa/email-nuker): this is a email bomber unlike other email bombers u don't need your gmail email id to use this
[moria](https://github.com/josconno/moria): Python library for interacting with in-memory C structures using data mined from binary DWARF debug info.
[useful-utilities](https://github.com/kaosagnt/useful-utilities): Useful Un*x / BSD / macOS utilities
[SatanSword](https://github.com/Lucifer1993/SatanSword): 红队综合渗透框架
[Cloakify](https://github.com/TryCatchHCF/Cloakify): CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
[CVE-2020-15227](https://github.com/filipsedivy/CVE-2020-15227): CVE-2020-15227 checker
[DccwBypassUAC](https://github.com/L3cr0f/DccwBypassUAC): Windows 8.1 and 10 UAC bypass abusing WinSxS in "dccw.exe".
[passworks](https://github.com/uclaacm/passworks): a learning lab that teaches the importance of password security! collab w/ ACM Cyber, jamie is a real MVP
[FudgeC2](https://github.com/Ziconius/FudgeC2): FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.
[Knock](https://github.com/petercunha/Knock): :key: Scan the entire internet for SSH and Telnet services. Then hack them.
[changeme](https://github.com/ztgrace/changeme): A default credential scanner.
[SubRosa](https://github.com/ihack4falafel/SubRosa): Basic tool to automate backdooring PE files
[CVE-2022-22965-PoC](https://github.com/sunnyvale-it/CVE-2022-22965-PoC): CVE-2022-22965 (Spring4Shell) Proof of Concept
[Recsech](https://github.com/radenvodka/Recsech): Recsech is a tool for doing Footprinting and Reconnaissance on the target web. Recsech collects information such as DNS Information, Sub Domains, HoneySpot Detected, Subdomain takeovers, Reconnaissance On Github and much more you can see in Features in tools .
[p4wnp1_payloads](https://github.com/chriskalv/p4wnp1_payloads): Functional payloads for a P4wnP1 A.L.O.A. device.
[awesome-ctf](https://github.com/apsdehal/awesome-ctf): A curated list of CTF frameworks, libraries, resources and softwares
[windows_kernel_resources](https://github.com/sam-b/windows_kernel_resources): Papers, blogposts, tutorials etc for learning about Windows kernel exploitation, internals and (r|b)ootkits
[timesketch-cli](https://github.com/jaegeral/timesketch-cli): A dedicated repo to interact with the API of Timesketch
[tracy](https://github.com/nccgroup/tracy): A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.
[SubdomainTakeover](https://github.com/mrlew1s/SubdomainTakeover): Small python or powershell script to look for potential subdomain takeover vulnerabilities via vulnerable Alias.
[Telegram-subscriber-adder](https://github.com/KDholakiya/Telegram-subscriber-adder): run this script with ur chanal name and u will get subscriber
[Visual-Basic-Scripts](https://github.com/ajayrandhawa/Visual-Basic-Scripts): Visual Basic Scripts Utilities. Fun, Automation, Fundamentals. With the help of these scripts, I develop lots of Exploits which I'm used for automation system tasks. these vb scripts I am also used for system security exploitation.
[metasploit-windows-ud-shell](https://github.com/0x44F/metasploit-windows-ud-shell): A metasploit module that allows users to generate *undetected* windows shells.
[Behold3r](https://github.com/ph4ntonn/Behold3r): 👻Behold3r -- 收集指定网站的子域名,并可监控指定网站的子域名更新情况,发送变更报告至指定邮箱
[scot](https://github.com/sandialabs/scot): Sandia Cyber Omni Tracker (SCOT)
[FenixSecure-VM](https://github.com/crocup/FenixSecure-VM): Backend logic implementation for Vulnerability Management System
[Ctf_Or_LearningLabs](https://github.com/gauravsachdev/Ctf_Or_LearningLabs): My thought processes as I'm working through the labs for portswigger and Hackthebox. It's just to keep account of what labs/ctf I've done. My blog will have certain cts that I did while doing my CEH. This will be all of the rest. Helps me keep account of my progress and methodology.
[storage-collision-poc](https://github.com/tinchoabbate/storage-collision-poc): A simple PoC to exploit storage collision in smart contracts
[recon-pipeline](https://github.com/epi052/recon-pipeline): An automated target reconnaissance pipeline.
[Computer-Science-Resources](https://github.com/the-akira/Computer-Science-Resources): A list of resources in different fields of Computer Science
[b-ok-scraper](https://github.com/SofianeHamlaoui/b-ok-scraper): A b-ok.cc Simple Python Scraper
[overflow](https://github.com/sradley/overflow): A command-line tool for exploiting stack-based buffer overflow vulnerabilities.
[ochrona-cli](https://github.com/ochronasec/ochrona-cli): A command line tool for detecting vulnerabilities in Python dependencies and doing safe package installs
[pocsuite3](https://github.com/knownsec/pocsuite3): pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.
[phoenix](https://github.com/AdolfMacro/phoenix): A tool for steganography of png files .
[dns-rebind-toolkit](https://github.com/brannondorsey/dns-rebind-toolkit): A front-end JavaScript toolkit for creating DNS rebinding attacks.
[voucher](https://github.com/boxproject/voucher): Enterprise-grade security solution for digital assets custody, using a cryptographically secure offline network.
[sentey](https://github.com/ComuGamersES/sentey): Protect your Spigot server by blocking unknown BungeeCord and Velocity proxies and checking for invalid IP forwarding addresses.
[Open_Source_Web-Vulnerability-Scanner-and-Patcher](https://github.com/Malwareman007/Open_Source_Web-Vulnerability-Scanner-and-Patcher): A Open Source Web Vulnerability Scanner and Patcher
[binaryalert](https://github.com/airbnb/binaryalert): BinaryAlert: Serverless, Real-time & Retroactive Malware Detection.
[dump-scripts](https://github.com/the-xentropy/dump-scripts): Downloads all scripts on an external page to a local directory, with support for automatic deobfuscation/prettifying.
[OverRide](https://github.com/anyaschukin/OverRide): Binary Exploitation and Reverse-Engineering (from assembly into C)
[w5](https://github.com/w5teams/w5): Security Orchestration, Automation and Response (SOAR) Platform. 安全编排与自动化响应平台,无需编写代码的安全自动化,使用 SOAR 可以让团队工作更加高效
[PHP_imap_open_exploit](https://github.com/Bo0oM/PHP_imap_open_exploit): Bypassing disabled exec functions in PHP (c) CRLF
[top-burpsuite-plugins-extensions](https://github.com/Elsfa7-110/top-burpsuite-plugins-extensions)
[urllibDoS.py](https://github.com/g-h-0-S-t/urllibDoS.py): A GET attack using the urllib package in Python 3. A simpler version of https://github.com/g-h-0-S-t/bs4DoSTool .
[AutoTTP](https://github.com/jymcheong/AutoTTP): Automated Tactics Techniques & Procedures
[Kali-Linux-Ebooks](https://github.com/yeahhub/Kali-Linux-Ebooks): Top 20 Kali Linux Related E-books (Free Download)
[owasp-threat-dragon-gitlab](https://github.com/appsecco/owasp-threat-dragon-gitlab): OWASP Threat Dragon with Gitlab Integration
[Browser-exploit](https://github.com/yngweijs/Browser-exploit)
[subdomain-scanner](https://github.com/momos1337/subdomain-scanner)
[ItLearnDir](https://github.com/Bluebear171/ItLearnDir): This Directory is to provide all the information for learning resource in IT world.
[cloudsplaining](https://github.com/salesforce/cloudsplaining): Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report.
[deksterecon](https://github.com/0xdekster/deksterecon): Web Application recon automation
[jenkins-cve-2016-0792](https://github.com/jpiechowka/jenkins-cve-2016-0792): Exploit for Jenkins serialization vulnerability - CVE-2016-0792
[Phoenix-CS02-CyberSecurity_Project](https://github.com/Phoenix-CS02-Cybersecurity-project/Phoenix-CS02-CyberSecurity_Project): Cybersecurity Internship Project
[awesome-cyber-security-university](https://github.com/brootware/awesome-cyber-security-university): 🎓 Because Education should be free. Contributions welcome! 🕵️
[CEHv10-Notes](https://github.com/Optixal/CEHv10-Notes): :closed_book: Both personal and public notes for EC-Council's CEHv10 312-50, because it's thousands of pages/slides of boredom, and a braindump to many
[Newbie-Security-List](https://github.com/findneo/Newbie-Security-List): 网络安全学习资料,欢迎补充
[secretnet_expl](https://github.com/Cr4sh/secretnet_expl): LPE exploits for Secret Net and Secret Net Studio
[Prismatica](https://github.com/Project-Prismatica/Prismatica): Responsive Command and Control System
[nmap_all_live_hosts](https://github.com/ninp0/nmap_all_live_hosts): Shell Script Used to Discover Live Hosts in an IP Range, Kick-Off TCP & UDP Scans, and Scan w/ Good Balance of Time vs Accuracy
[BruteX](https://github.com/1N3/BruteX): Automatically brute force all services running on a target.
[pi-timolo](https://github.com/pageauc/pi-timolo): Raspberry PI-TIMOLO ( PI-TImelapse, MOtion, LOwLight ) uses RPI picamera and OpenCV for Remote Headless Security Monitoring using Motion Tracking, Rclone Auto Sync files with remote storage services. Auto Twilight Transitions and Low Light Camera Settings. Panoramic images using PanTiltHat and More. This project is featured on GitHub Awesome software.
[ctf-writeups](https://github.com/SababaSec/ctf-writeups): Capture The Flag competition challenge write-ups
[bovine](https://github.com/chick-fil-a/bovine): Building Operational Visibility Into (n) Environments
[termux-desktop-lxqt](https://github.com/termux-desktop/termux-desktop-lxqt): Install a simple, fast and beautiful desktop in termux
[nsjail](https://github.com/google/nsjail): A light-weight process isolation tool, making use of Linux namespaces and seccomp-bpf syscall filters (with help of the kafel bpf language)
[keylogger_with_python_3](https://github.com/EdinsonRequena/keylogger_with_python_3): Keylogger with python 3
[springcore-0day-en](https://github.com/tweedge/springcore-0day-en): Everything I needed to understand what was going on with "Spring4Shell" - translated source materials, exploit, links to demo apps, and more.
[safety](https://github.com/pyupio/safety): Safety checks Python dependencies for known security vulnerabilities and suggests the proper remediations for vulnerabilities detected.
[GithubMonitor](https://github.com/Macr0phag3/GithubMonitor): 根据关键字与 hosts 生成的关键词,利用 github 提供的 api,监控 git 泄漏。
[Buffer_Overflow](https://github.com/gh0x0st/Buffer_Overflow): Don't let buffer overflows overflow your mind
[dependency-track](https://github.com/DependencyTrack/dependency-track): Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
[cyber-incident-management](https://github.com/WillOram/cyber-incident-management): Notes on managing and coordinating the response to major cyber incidents
[AttackToolKit](https://github.com/scipag/AttackToolKit): Open-source Exploiting Framework
[osv-detector](https://github.com/G-Rath/osv-detector)
[GSIL](https://github.com/FeeiCN/GSIL): GitHub Sensitive Information Leakage(GitHub敏感信息泄露监控)
[GooFuzz](https://github.com/m3n0sd0n4ld/GooFuzz): GooFuzz is a tool to perform fuzzing with an OSINT approach, managing to enumerate directories, files, subdomains or parameters without leaving evidence on the target's server and by means of advanced Google searches (Google Dorking).
[OpenSC](https://github.com/OpenSC/OpenSC): Open source smart card tools and middleware. PKCS#11/MiniDriver/Tokend
[blackbird](https://github.com/p1ngul1n0/blackbird): An OSINT tool to search for accounts by username in social networks.
[sbt-dependency-check-action](https://github.com/albuch/sbt-dependency-check-action): A Github Action to parse DependencyCheck JSON reports, print the found vulnerabilities and fail the build.
[lynis](https://github.com/CISOfy/lynis): Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
[kido](https://github.com/tikeswar/kido): White hat hacking passwords using ML
[tripwire-open-source](https://github.com/Tripwire/tripwire-open-source): Open Source Tripwire®
[SafeDeserializationHelpers](https://github.com/zyanfx/SafeDeserializationHelpers): :japanese_ogre: Fixes known BinaryFormatter deserialization vulnerabilities
[recon-archy](https://github.com/shadawck/recon-archy): Linkedin Tools (and maybe later other source) to reconstruct a company hierarchy from scraping relations and jobs title
[sipvicious](https://github.com/EnableSecurity/sipvicious): SIPVicious OSS has been around since 2007 and is actively updated to help security teams, QA and developers test SIP-based VoIP systems and applications.
[Bei-Gai-penetration-test-guide](https://github.com/ngadminq/Bei-Gai-penetration-test-guide): 渗透测试文章,如果对你有帮助记得star,未完结更新中,将写到至少2022年
[fosite](https://github.com/ory/fosite): Extensible security first OAuth 2.0 and OpenID Connect SDK for Go.
[trivy-docker-compose](https://github.com/flavienbwk/trivy-docker-compose): Deployment-ready docker configuration and instructions to use Trivy on your infrastructure and CIs.
[CVEScannerV2](https://github.com/scmanjarrez/CVEScannerV2): Nmap script that searches for probable vulnerabilities based on services discovered in open ports.
[CTFs](https://github.com/AhmedKAwwad/CTFs): K- CTF writeups
[git-hound](https://github.com/tillson/git-hound): Reconnaissance tool for GitHub code search. Finds exposed API keys using pattern matching, commit history searching, and a unique result scoring system.
[apache-ultimate-bad-bot-blocker](https://github.com/mitchellkrogza/apache-ultimate-bad-bot-blocker): Apache Block Bad Bots, (Referer) Spam Referrer Blocker, Vulnerability Scanners, Malware, Adware, Ransomware, Malicious Sites, Wordpress Theme Detectors and Fail2Ban Jail for Repeat Offenders
[TeleKiller](https://github.com/ultrasecurity/TeleKiller): A Tools Session Hijacking And Stealer Local Passcode Telegram Windows
[linux-compliance-manager](https://github.com/sudoFerraz/linux-compliance-manager): A tool for managing machines in the same network that are in compliance with the given security policies, generating vulnerabilities insights
[AutoXploit](https://github.com/Yashvendra/AutoXploit): Fast exploitation based on metasploit.
[HTBWriteups](https://github.com/Kaosam/HTBWriteups): Writeups of Hack The Box machines, Italian and English languages
[myvpn-desktop](https://github.com/my0419/myvpn-desktop): VPN server configuration software. Protocols: L2TP, PPTP, OpenVPN, WireGuard, Socks5, ShadowSocks (v2ray). | Providers: DigitalOcean, Linode, CryptoServers, Hetzner Cloud, Custom Server
[RSA_Security_Token](https://github.com/GustaMagik/RSA_Security_Token): A Security token system for (two-factor) authentication to Linux / Unix using an FPGA and a PAM-module. Either A: 72-bit or B: 512-bit RSA. Version A is air-gapped. Version B uses USB UART. BSD-3 licensed.
[through_the_wire](https://github.com/jbaines-r7/through_the_wire): CVE-2022-26134 Proof of Concept
[Cyber-ML-DL-101](https://github.com/smlra-kjsce/Cyber-ML-DL-101): Repository of all notebooks used in workshop at NII.
[cdnlookup](https://github.com/burpheart/cdnlookup): 一个使用 Edns-Client-Subnet(ECS) 遍历智能CDN节点IP地址的工具
[ggshield](https://github.com/GitGuardian/ggshield): Detect secrets in source code, scan git repos, and use pre commit hooks to prevent API key leaks.
[osint-brazuca](https://github.com/osintbrazuca/osint-brazuca): Repositório criado com intuito de reunir informações, fontes(websites/portais) e tricks de OSINT dentro do contexto Brasil.
[MS17010EXP](https://github.com/k8gege/MS17010EXP): Ladon Moudle MS17010 Exploit for PowerShell
[Ontario1024](https://github.com/ksaj/Ontario1024): A selection of my PC-based computer virus code samples from the early 90's. Don't worry. They don't bite... anymore...
[bluenightingale](https://github.com/blUeBUg200/bluenightingale): Building a unified strategy to create threat detection use-cases in the combat against cyber criminals - ADHYAYAM I [LOGS]
[MSc-CyberSecurity-Sapienza](https://github.com/edoardottt/MSc-CyberSecurity-Sapienza): Master of Science in Cybersecurity, Sapienza University of Rome.
[libfuzzer](https://github.com/planetis-m/libfuzzer): Thin interface for libFuzzer, an in-process, coverage-guided, evolutionary fuzzing engine.
[CVE-2017-0100](https://github.com/cssxn/CVE-2017-0100): CVE-2017-0100、MS17-012、Eop
[nuclei-templates](https://github.com/projectdiscovery/nuclei-templates): Community curated list of templates for the nuclei engine to find security vulnerabilities.
[Golang_SCA](https://github.com/fdl66/Golang_SCA): Golang SCA(Software Composition Analysis) 通过分析你的go.mod文件,协助你发现,Golang项目的依赖库是否存在漏洞
[Flytrap](https://github.com/nedwards86/Flytrap): A TCP based honeyport written in Python. Once an attacker accesses the port this service is listening on, the attacker's IP is blocked by the local system and a notification is sent to the specified syslog server. Runs on both Windows and Linux.
[awesome-pentest-tools](https://github.com/unexpectedBy/awesome-pentest-tools): List of Security Archives Tools and software, generally for facilitate security & penetration research. Opening it up to everyone will facilitate a knowledge transfer. Hopefully the initial set will grow and expand.
[pshape](https://github.com/Alexandre-Bartel/pshape): Inspector-gadget (a.k.a. PSHAPE - Practical Support for Half-Automated Program Exploitation) is an open source tool which assists analysts in exploit development. It discovers gadgets, chains gadgets together, and ensures that side effects such as register dereferences do not crash the program.
[captcha](https://github.com/mewebstudio/captcha): Captcha for Laravel 5/6/7/8/9
[go-cve-search](https://github.com/s-index/go-cve-search): lightweight CVE search
[TryHackMe_writeups](https://github.com/dvanmosselbeen/TryHackMe_writeups): This repository contains a few of my writeups I made for the famous and addictive TryHackMe CTF (Capture The Flag) challenges.
[R3Xploit](https://github.com/rasyidrafi/R3Xploit): Exploit for Hacking Roblox, Support multiples Api
[cryptomator](https://github.com/cryptomator/cryptomator): Multi-platform transparent client-side encryption of your files in the cloud
[vulnscanner](https://github.com/captain-noob/vulnscanner): vulnscanner is a web application source code vulnerability scanner. It could be used to detect if the target project contains any known vulnerabilities. One of the best ways we can do that is to help developers and security professionals improve the web application they are producing that everyone else relies on.
[xssmap](https://github.com/secdec/xssmap): Intelligent XSS detection tool that uses human techniques for looking for reflected cross-site scripting (XSS) vulnerabilities
[hackertyper](https://github.com/fgaz/hackertyper): "Hack" like a programmer in movies and games! Inspired by hackertyper.net
[SyscallDumper](https://github.com/joshfinley/SyscallDumper): Dump system call codes, names, and offsets from Ntdll.dll
[hardening-raspberry-pi](https://github.com/eauxfolles/hardening-raspberry-pi): Notes and considerations on hardening a Raspberry Pi 4.
[Sandman](https://github.com/tarunKoyalwar/Sandman): A Target Tracking , NoteTaking , CheckLists and Data Management GUI App for Bug Hunter's and Pentesters.
[scau](https://github.com/marcruef/scau): Source Code Analysis Utility
[R3d-Buck3T](https://github.com/nairuzabulhul/R3d-Buck3T): Penetration Testing, Vulnerability Assessment and Red Team Learning
[talks](https://github.com/SherlockSec/talks): Files for any talks that I give
[cve_searchsploit](https://github.com/andreafioraldi/cve_searchsploit): Search an exploit in the local exploitdb database by its CVE
[win-back-cat](https://github.com/RAF-87/win-back-cat): A fully undetected, hidden, persistent, reverse netcat shell backdoor for Windows.
[fstscan](https://github.com/thenurhabib/fstscan): Massive Vulnerability scanner
[CTF-All-In-One](https://github.com/firmianay/CTF-All-In-One): CTF竞赛权威指南
[cmsPoc](https://github.com/CHYbeta/cmsPoc): CMS渗透测试框架-A CMS Exploit Framework
[CodeArgos](https://github.com/DanaEpp/CodeArgos): A python module for red teams to support the continuous recon of JavaScript files and HTML script blocks in an active web application.
[awesome-cryptocurrency-security](https://github.com/nongiach/awesome-cryptocurrency-security): 😎 Curated list about cryptocurrency security (reverse / exploit / fuzz..)
[rctf-scenario6](https://github.com/aliasrobotics/rctf-scenario6): Robotics CTF scenario 6
[VulnWeb](https://github.com/riz4d/VulnWeb): simple python program used to fetch admin panel of an website.
[wildlogger](https://github.com/mustafadalga/wildlogger): This is a keylogger that collects all the data and e-mail it in a set time with system information which includes device S/N and hardware specs, every button that pushed, screenshots, and copying processes.
[hacl-rs](https://github.com/aatxe/hacl-rs): Rusty bindings for HACL*, a formally verified cryptographic library written in F*.
[dufflebag](https://github.com/BishopFox/dufflebag): Search exposed EBS volumes for secrets
[awesome-incident-response](https://github.com/meirwah/awesome-incident-response): A curated list of tools for incident response
[caldera](https://github.com/mitre/caldera): Automated Adversary Emulation Platform
[Picocrypt](https://github.com/HACKERALERT/Picocrypt): A very small, very simple, yet very secure encryption tool.
[CVE-2021-27965](https://github.com/mathisvickie/CVE-2021-27965): stack based buffer overflow in MsIo64.sys, Proof of Concept Local Privilege Escalation to nt authority/system
[Safety-checklist](https://github.com/r0eXpeR/Safety-checklist): 🌴一些安全备忘清单
[RanSim](https://github.com/lawndoc/RanSim): Ransomware simulation script written in PowerShell. Useful for testing your defenses and backups against real ransomware-like activity in a controlled setting.
[Facebook-tools](https://github.com/GigaHertzLegacy-SpiderX/Facebook-tools): Version 1.0.0 - Comment bomber only
[voters](https://github.com/solid-soda/voters): Security voters are the most granular way of checking permissions (e.g. "can this specific user edit the given item?")
[awacs-scanner](https://github.com/R00tendo/awacs-scanner): Fully automated cyber security scanner
[BurpExtend](https://github.com/dongfangyuxiao/BurpExtend): 基于Burp插件开发打造渗透测试自动化
[csv-plus_vulnerability](https://github.com/satoki/csv-plus_vulnerability): 👻 [PoC] CSV+ 0.8.0 - Arbitrary Code Execution (CVE-2022-21241)
[Shtreeba](https://github.com/mdilai/Shtreeba): VAC-proof 32bit DLL injector written in C++, using memory mapping and thread hijacking techniques
[falco](https://github.com/falcosecurity/falco): Cloud Native Runtime Security
[CVE-2018-11776-Python-PoC](https://github.com/hook-s3c/CVE-2018-11776-Python-PoC): Working Python test and PoC for CVE-2018-11776, includes Docker lab
[PcapViz](https://github.com/1ultimat3/PcapViz): Visualize network topologies and collect graph statistics based on pcap files
[Prediction-DDoS](https://github.com/francescovolpe/Prediction-DDoS): Questo progetto è stato sviluppato per il corso universitario Analisi dei dati per la sicurezza. Il progetto mira ad estrarre conoscenza dai dati per la classificazione di attacchi DDos seguendo le fasi di sviluppo del processo KDD.
[hackable](https://github.com/JasonHinds13/hackable): A python flask app that is purposefully vulnerable to SQL injection and XSS attacks. To be used for demonstrating attacks
[SQL_Injection_Payload](https://github.com/omurugur/SQL_Injection_Payload): SQL Injection Payload List
[whoishere.py](https://github.com/hkm/whoishere.py): WIFI Client Detection - Identify people by assigning a name to a device performing a wireless probe request.
[StackedTotemLimiter](https://github.com/KRYMZ0N/StackedTotemLimiter): A plugin that prevents stacked totems. Useful if you own a server that facilitates the crafting dupe, but don't want to deal with stacked totems.
[OXIDTools](https://github.com/risspect/OXIDTools): 200 TOOLS BY 0XID4FF0X FOR TERMUX
[bleachbit](https://github.com/bleachbit/bleachbit): BleachBit system cleaner for Windows and Linux
[recon-my-way](https://github.com/ehsahil/recon-my-way): This repository created for personal use and added tools from my latest blog post.
[searchport](https://github.com/gabrielfelipecsk/searchport): Search ports in multiples hosts
[lor-axe](https://github.com/ajmwagar/lor-axe): 🪓 a multi-threaded, low-bandwidth HTTP DOS tool
[gscript](https://github.com/gen0cide/gscript): framework to rapidly implement custom droppers for all three major operating systems
[GVM-Deployment](https://github.com/wajdihajji/GVM-Deployment): Dockerised Greenbone Vulnerability Management components
[ioc-explorer](https://github.com/lion-gu/ioc-explorer): Explore Indicators of Compromise Automatically
[Name-That-Hash](https://github.com/HashPals/Name-That-Hash): 🔗 Don't know what type of hash it is? Name That Hash will name that hash type! 🤖 Identify MD5, SHA256 and 300+ other hashes ☄ Comes with a neat web app 🔥
[AdministracionDeSistemasOperativos](https://github.com/chunche95/AdministracionDeSistemasOperativos): Administración de sistemas Linux y Windows . Autor: Paulino Esteban Bermúdez R.
[porkbind](https://github.com/decal/porkbind): :pig: Nameserver security scanner (ARCHIVE)
[ThinkPwn](https://github.com/Cr4sh/ThinkPwn): Started as arbitrary System Management Mode code execution exploit for Lenovo ThinkPad model line, ended as exploit for industry-wide 0day vulnerability in machines of many vendors
[Analyst-NoteBook](https://github.com/MohammedJAlmalki/Analyst-NoteBook): Python3 IP lookup tool with variety of features to enable easier and faster cybersecurity analysis.
[sf-imap-storage](https://github.com/serverfarmer/sf-imap-storage): sf-imap-storage extension provides the central storage/backup part of the IMAP infrastructure.
[AutoMacroBuilderForZAP](https://github.com/gdgd009xcd/AutoMacroBuilderForZAP): A OWASP ZAPROXY Add-on that allows testing of web application vulnerabilities by recording complex multi-step sequences. You can test applications that need to access pages in a specific order, such as shopping carts or registration of member information.
[memory.dll](https://github.com/erfg12/memory.dll): C# Hacking library for making PC game trainers.
[android-security-awesome](https://github.com/ashishb/android-security-awesome): A collection of android security related resources
[fatbee](https://github.com/d3m0n4l3x/fatbee): A low-interaction honeypot written by demonalex, i.e. Alex Huang.
[Python-Pentest-ToolKit](https://github.com/sectool/Python-Pentest-ToolKit): Pentest ToolKit
[FileVaultCracker](https://github.com/macmade/FileVaultCracker): macOS FileVault cracking tool
[aircrack-ng](https://github.com/aircrack-ng/aircrack-ng): WiFi security auditing tools suite
[EvidenceWiki](https://github.com/abathelt/EvidenceWiki): All of my threat intel recommendations for aspiring Information Security Analyst. This section contains information about evidence at analyst's disposal IP, domain, email, hash, files.
[weblogic_honeypot](https://github.com/Cymmetria/weblogic_honeypot): WebLogic Honeypot is a low interaction honeypot to detect CVE-2017-10271 in the Oracle WebLogic Server component of Oracle Fusion Middleware. This is a Remote Code Execution vulnerability.
[Webhook_Deleter](https://github.com/GabinCleaver/Webhook_Deleter): ✨ Un court code qui permet de Supprimer n'importe quel Webhook avec son lien en Python par moi, et en français.
[Lockdoor-Framework](https://github.com/SofianeHamlaoui/Lockdoor-Framework): 🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources
[Awesome-Federated-Machine-Learning](https://github.com/innovation-cat/Awesome-Federated-Machine-Learning): Everything about federated learning, including research papers, books, codes, tutorials, videos and beyond
[armory](https://github.com/polo-sec/armory): A curated repository of the tools, scripts, resources and programs I use regularly for CTF, BB or other security work.
[svscan](https://github.com/hardsoft321/svscan): SuiteCRM Vulnerability Scanner
[Zombie-DDoS](https://github.com/saurass/Zombie-DDoS): A tool to perform DDoS attack with control panel to control your crazy zombies : )
[protools](https://github.com/SeanDragon/protools): 历经开发周期两年,并且应用过千万级别项目的工具箱
[netscan2](https://github.com/AllGloryToTheHypnotoad/netscan2): active / passive network scanner
[hisilicon-dvr-telnet](https://github.com/Snawoot/hisilicon-dvr-telnet): PoC materials for article https://habr.com/en/post/486856/
[WebApplicationVulnerabilityScanners](https://github.com/michaeloconnelliii/WebApplicationVulnerabilityScanners): Tested two web application vulnerability scanners and testing platforms for their effectiveness at detecting all known categories of SQL Injection (SQLi) and Cross-Site Scripting vulnerabilities (XSS).
[ric9rdo.github.io](https://github.com/ric9rdo/ric9rdo.github.io): Just a random cybersecurity (b)log that I use as a personal database
[SecNotes](https://github.com/0xRar/SecNotes): cyber security notes for your consumption.
[SAP_ransomware](https://github.com/vah13/SAP_ransomware): Simple remote command execution exploit code for SAP GUI
[gvm-libs](https://github.com/greenbone/gvm-libs): Greenbone Vulnerability Management Libraries
[Layla](https://github.com/mthf0/Layla): BETA: Layla - recon tool for bug bounty
[Passwords](https://github.com/ducn1806/Passwords): Final project for R course at Hult, conducting an analysis about whether cybersecurity is still a business problem, specifically about passwords.
[CRLFsuite](https://github.com/Nefcore/CRLFsuite): The most powerful CRLF injection (HTTP Response Splitting) scanner.
[cariddi](https://github.com/edoardottt/cariddi): Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more
[psploit](https://github.com/colorblindpentester/psploit): psploit - bash script for using PRET with a lot of IP addresses in the row.
[k8s-harbor](https://github.com/ruzickap/k8s-harbor): Harbor in Kubernetes
[network-threats-taxonomy](https://github.com/AbertayMachineLearningGroup/network-threats-taxonomy): Machine Learning based Intrusion Detection Systems are difficult to evaluate due to a shortage of datasets representing accurately network traffic and their associated threats. In this project we attempt at solving this problem by presenting two taxonomies
[targets](https://github.com/BugBountyResources/targets): A collection of over 5.1 million sub-domains and assets belonging to public bug bounty programs, compiled into a repo, for performing bulk operations.
[tartufo](https://github.com/godaddy/tartufo): Searches through git repositories for high entropy strings and secrets, digging deep into commit history
[yakit](https://github.com/yaklang/yakit): Cyber Security ALL-IN-ONE Platform
[nuclipy](https://github.com/prasant-paudel/nuclipy): A simple template based vulnerability scanner in python (Inspired by ProjectDiscovery's Nuclei)
[Nightingale](https://github.com/RAJANAGORI/Nightingale): It's a Docker Environment for pentesting which having all the required tool for VAPT.
[meltdown](https://github.com/IAIK/meltdown): This repository contains several applications, demonstrating the Meltdown bug.
[jssdk-core](https://github.com/XQ-Message-Inc/jssdk-core): A Javascript Implementation of XQ Message SDK (V.2) which provides convenient access to the XQ Message API.
[wire-transfer](https://github.com/moloch--/wire-transfer): Encode binary as English text over HTTP(s)
[HARP](https://github.com/wilmix8/HARP): HARP is the instrument used by King david. HARP search engine is simillar to Google. HARP Search engine is invented in SLING P.L by wilmix jemin j.
[Warberry3](https://github.com/christyler80/Warberry3): WarBerryPi was built to be used as a hardware implant during red teaming scenarios where we want to obtain as much information as possible in a short period of time with being as stealthy as possible. The WarBerry python script is a collection of open source scanning tools put together to provide that functionality. These tools include nmap, crackmapexec, tcpdump, netdiscover and others typically found in Kali Linux.This project is forked from the original secgroundzero/warberry project and updated to be Python 3 compatible. The original author stopped maintaining the secgroundzero/warberry project in November 2019.
[rengine](https://github.com/yogeshojha/rengine): reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.
[CVE-2020-9283](https://github.com/brompwnie/CVE-2020-9283): Exploit for CVE-2020-9283 based on Go
[zenbuster](https://github.com/0xTas/zenbuster): Multi-threaded URL enumeration/brute-forcing tool in Python.
[osint_stuff_tool_collection](https://github.com/cipher387/osint_stuff_tool_collection): A collection of several hundred online tools for OSINT
[brakeman](https://github.com/presidentbeef/brakeman): A static analysis security vulnerability scanner for Ruby on Rails applications
[jerseyctf-2021-challenges](https://github.com/njitacm/jerseyctf-2021-challenges): JerseyCTF 2021
[jfrog-docker-desktop-extension](https://github.com/jfrog/jfrog-docker-desktop-extension): 🐸 Scans any of your local Docker images for security vulnerabilities. 🐋
[osquery](https://github.com/osquery/osquery): SQL powered operating system instrumentation, monitoring, and analytics.
[CloseTheGapCybersecurity](https://github.com/ChristianSchwarzOTHRegensburg/CloseTheGapCybersecurity): Repository for the Close the Gap - Cybersecurity E-Book. A Book about transforming your theoretical programming Knowledge from University into real Life Python Projects
[final-java-backend](https://github.com/ZootHii/final-java-backend): n-tier java web api example spring boot, postgre sql, SOLID design
[ExGen](https://github.com/Naategh/ExGen): Exploit generator for bug hunters
[GVM-Docker](https://github.com/Secure-Compliance-Solutions-LLC/GVM-Docker): Greenbone Vulnerability Management Docker Image with OpenVAS
[spiderfoot](https://github.com/smicallef/spiderfoot): SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
[AntiDDOS-system](https://github.com/Sanix-Darker/AntiDDOS-system): 🛡️⚔️ Protect your web app from DDOS attack or the Dead Ping + CAPTCHA VERIFICATION in one line!
[gopwn](https://github.com/hupe1980/gopwn): Golang CTF framework and exploit development module
[heappy](https://github.com/gand3lf/heappy): A happy heap editor to support your exploitation process :slightly_smiling_face:
[shreddedmeat](https://github.com/PrismName/shreddedmeat): shredded meat a vulnerability audit tools
[jaam](https://github.com/jishanshaikh4/jaam): Web Browser Security Framework
[openvpn-gui](https://github.com/OpenVPN/openvpn-gui): OpenVPN GUI is a graphical frontend for OpenVPN running on Windows 7 / 8 / 10. It creates an icon in the notification area from which you can control OpenVPN to start/stop your VPN tunnels, view the log and do other useful things.
[exgdb](https://github.com/miyase256/exgdb): Extension for GDB
[hackigniter](https://github.com/ferhatcil/hackigniter): HackIgniter, PHP CodeIgniter Framework'ü üzerinde kodlanmış zafiyetli bir web uygulamasıdır. Uygulama üzerinde bulunan zafiyetler, sızma testi sırasında en çok tespit edilen zafiyetlere benzer olacak şekilde hazırlanmıştır.
[0x03-ARM-32-Hacking-Float](https://github.com/mytechnotalent/0x03-ARM-32-Hacking-Float): ARM 32-bit Raspberry Pi Hacking Float example in Kali Linux.
[ciscoasa_honeypot](https://github.com/Cymmetria/ciscoasa_honeypot): A low interaction honeypot for the Cisco ASA component capable of detecting CVE-2018-0101, a DoS and remote code execution vulnerability.
[evilkit](https://github.com/krishpranav/evilkit): A Simple Backdoor ToolKit Using Rust
[GIVINGSTORM](https://github.com/rustrose/GIVINGSTORM): Infection vector that bypasses AV, IDS, and IPS. (For now...)
[claircli](https://github.com/joelee2012/claircli): Command line tool to interact with Quay Clair
[onionize](https://github.com/Anish-M-code/onionize): Script to create Onion Mirror for Clearnet site based on Enterprise Onion Toolkit
[EmailAll](https://github.com/Taonn/EmailAll): EmailAll is a powerful Email Collect tool — 一款强大的邮箱收集工具
[ScanPro](https://github.com/AnLoMinus/ScanPro): ScanPro - NMap Scanning Scripts ~ Network Mapper
[cve-2019-14326](https://github.com/seqred-s-a/cve-2019-14326): Privilege escalation in Andy emulator
[gitoops](https://github.com/ovotech/gitoops): all paths lead to clouds
[crawleet](https://github.com/truerandom/crawleet): Web Recon & Exploitation Tool.
[riceteacatpanda](https://github.com/JEF1056/riceteacatpanda): repo with challenge material for riceteacatpanda (2020)
[sarna](https://github.com/rsrdesarrollo/sarna): Security Assessment Report geNerated Automatically
[Simple-Async-Port-Scanner](https://github.com/EONRaider/Simple-Async-Port-Scanner): A simple asynchronous TCP/IP Connect Port Scanner in Python 3
[heap-viewer](https://github.com/danigargu/heap-viewer): IDA Pro plugin to examine the glibc heap, focused on exploit development
[vulture-base](https://github.com/VultureProject/vulture-base): Vulture 4 base system and bootstrap scripts
[indocrack](https://github.com/htr-tech/indocrack): All in one Indian Facebook Account Cloner [ 7/8/9/10 DIGIT ]
[wsvuls](https://github.com/anouarbensaad/wsvuls): wsvuls - website vulnerability scanner detect issues [ outdated server software and insecure HTTP headers.]
[thewhiteh4t.github.io](https://github.com/thewhiteh4t/thewhiteh4t.github.io): thewhiteh4t's Blog
[hacker-roadmap](https://github.com/sundowndev/hacker-roadmap): A collection of hacking tools, resources and references to practice ethical hacking.
[can2RNET](https://github.com/redragonx/can2RNET): This repo has code and documentation to control power-wheelchairs with R-Net electronics.
[AIVPN](https://github.com/stratosphereips/AIVPN): The AI VPN provides an security assessment of VPN clients' network traffic to identify cyber security threats.
[MemWars](https://github.com/moccajoghurt/MemWars)
[security-trust-settings-tools](https://github.com/ntkme/security-trust-settings-tools): :lock: OS X Keychain Trust Settings Tools.
[ctf-awesome-resources](https://github.com/devploit/ctf-awesome-resources): A list of Capture The Flag (CTF) frameworks, libraries, resources and software for started/experienced CTF players 🚩
[ppfuzz](https://github.com/dwisiswant0/ppfuzz): A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀
[reverse-shell](https://github.com/lukechilds/reverse-shell): Reverse Shell as a Service
[Puwr](https://github.com/Xeonrx/Puwr): Pivot your way deeper into networks by discovering hosts & ports, using a compromised machine via SSH
[ElectricEye](https://github.com/jonrau1/ElectricEye): Continuously monitor your AWS attack surface and evaluate services for configurations that can lead to degradation of confidentiality, integrity or availability. All results can be exported to Security Hub, JSON, CSV, Databases, and more for further aggregation and analysis.
[echoCTF.RED](https://github.com/echoCTF/echoCTF.RED): A platform to develop, run and administer CTF competitions. The online echoCTF.RED platform user interfaces and codebase
[SpectrePoC](https://github.com/crozone/SpectrePoC): Proof of concept code for the Spectre CPU exploit.
[OmegaPSToolkit](https://github.com/MyMeepSQL/OmegaPSToolkit): Totally in development! A toolkit that brings together penetration testing tools such as wireless tools, web tools, password cracking tools, etc.
[awesome-dotnet-security](https://github.com/guardrailsio/awesome-dotnet-security): Awesome .NET Security Resources
[CVE-2021-34429](https://github.com/ColdFusionX/CVE-2021-34429): POC for CVE-2021-34429 - Eclipse Jetty 11.0.5 Sensitive File Disclosure
[purpura-csgo-sdk](https://github.com/swoopae/purpura-csgo-sdk): small little public internal base/cheat i'm currently working on
[sifter](https://github.com/whiterabb17/sifter): Sifter - All purpose penetration testing op-center
[cloudformation-guard](https://github.com/aws-cloudformation/cloudformation-guard): Guard offers a policy-as-code domain-specific language (DSL) to write rules and validate JSON- and YAML-formatted data such as CloudFormation Templates, K8s configurations, and Terraform JSON plans/configurations against those rules.
[Backdoorcreator](https://github.com/krishpranav/Backdoorcreator): Exploit toolkit
[Ontology-Triones-Service-Node-security-checklist](https://github.com/slowmist/Ontology-Triones-Service-Node-security-checklist): Ontology Triones Service Node security checklist(本体北斗共识集群安全执行指南)
[BTPS-SecPack](https://github.com/OsbornePro/BTPS-SecPack): This repository contains a collection of PowerShell tools that can be utilized to protect and defend an environment based on the recommendations of multiple cyber security researchers at Microsoft. These tools were created with a small to medium size enterprise environment in mind as smaller organizations do not always have the type of funding available to overly spend on security. The goal of this project is to help add value to an smaller organizations security by creating more visibility for the average IT Administrator. Organizations with 1,000’s of devices may find that this entire suite does not apply to them.
[jake](https://github.com/sonatype-nexus-community/jake): Check your Python environments for vulnerable Open Source packages with OSS Index or Sonatype Nexus Lifecycle.
[zen-rails-security-checklist](https://github.com/brunofacca/zen-rails-security-checklist): Checklist of security precautions for Ruby on Rails applications.
[Roblox-Dev](https://github.com/Professor-Puddle/Roblox-Dev): An awesome Roblox Exploit for Roblox
[XSS-LOADER](https://github.com/capture0x/XSS-LOADER): Xss Payload Generator ~ Xss Scanner ~ Xss Dork Finder
[information-security](https://github.com/JakobTheDev/information-security): A place where I can create, collect and share tooling, resources and knowledge about information security.
[sleepy-puppy](https://github.com/Netflix-Skunkworks/sleepy-puppy): Sleepy Puppy XSS Payload Management Framework
[CVE-2021-3493](https://github.com/inspiringz/CVE-2021-3493): CVE-2021-3493 Ubuntu OverlayFS Local Privesc (Interactive Bash Shell & Execute Command Entered)
[struts-scan](https://github.com/Lucifer1993/struts-scan): Python2编写的struts2漏洞全版本检测和利用工具
[Amazing-Cybersec-Resources](https://github.com/lohitakshnandan/Amazing-Cybersec-Resources): Amazing Collection of Cyber Security resources (Books, Tutorials, Blogs, Podcasts, ...)
[Valet](https://github.com/square/Valet): Valet lets you securely store data in the iOS, tvOS, or macOS Keychain without knowing a thing about how the Keychain works. It’s easy. We promise.
[MicrosoftWontFixList](https://github.com/cfalta/MicrosoftWontFixList): A list of vulnerabilities or design flaws that Microsoft does not intend to fix. Since the number is growing, I decided to make a list. This list covers only vulnerabilities that came up in July 2021 (and SpoolSample ;-))
[reentrancy-attacks](https://github.com/pcaversaccio/reentrancy-attacks): A chronological and (hopefully) complete list of reentrancy attacks to date.
[0x02-ARM-32-Hacking-Int](https://github.com/mytechnotalent/0x02-ARM-32-Hacking-Int): ARM 32-bit Raspberry Pi Hacking Int example in Kali Linux.
[XAttacker](https://github.com/Moham3dRiahi/XAttacker): X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter
[chain-bench](https://github.com/aquasecurity/chain-bench): An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.
[xira](https://github.com/xadhrit/xira): xss vulnerability scanner and input fuzzing tool.
[PoW-Shield](https://github.com/RuiSiang/PoW-Shield): Project dedicated to fight Layer 7 DDoS with proof of work, featuring an additional WAF. Completed with full set of features and containerized for rapid and lightweight deployment.
[CEH_v10_Dumps](https://github.com/omurugur/CEH_v10_Dumps): Certified Ethical Hacker ( C|EH v.10 ) Dump
[stegseek](https://github.com/RickdeJager/stegseek): :zap: Worlds fastest steghide cracker, chewing through millions of passwords per second :zap:
[Richkware](https://github.com/richkmeli/Richkware): Framework for building Windows malware, written in C++
[LROSecurity](https://github.com/cltc-berkeley/LROSecurity): This guide is intended as an introductory document for low-risk organizations interested in improving their cybersecurity practices. Produced by Citizen Clinic at UC Berkeley's Center for Long-Term Cybersecurity. An introduction to this guide, and an overview on how to use it, can be seen on TechSoup:
[CVE-2022-0540-RCE](https://github.com/Pear1y/CVE-2022-0540-RCE): Atlassian Jira Seraph Authentication Bypass RCE(CVE-2022-0540)
[vulnerability-scanner](https://github.com/loricallum/vulnerability-scanner): A vulnerability detection scanner utility for Solidity smart contracts
[xlogin](https://github.com/Crakem/xlogin): Lightweight, secure and login like console display manager for X
[PyRedactKit](https://github.com/brootware/PyRedactKit): Python CLI tool to redact and un-redact sensitive data from text files. 🔐📝
[OctopusWAF](https://github.com/CoolerVoid/OctopusWAF): OctopusWAF is a WAF( Web application firewall) with high performance, made in C language and use libevent.
[CiscoExploit](https://github.com/k8gege/CiscoExploit): Cisco Exploit (CVE-2019-1821 Cisco Prime Infrastructure Remote Code Execution/CVE-2019-1653/Cisco SNMP RCE/Dump Cisco RV320 Password)
[faraday_agent_dispatcher](https://github.com/infobyte/faraday_agent_dispatcher): Faraday Agent Dispatcher launches any security tools and send results to Faradaysec Platform.
[conti-pentester-guide-leak](https://github.com/ForbiddenProgrammer/conti-pentester-guide-leak): Leaked pentesting manuals given to Conti ransomware crooks
[Xonory](https://github.com/Mahmoud7Osman/Xonory): The Xonory Programming Language For Advanced Malware Development
[CVE-2018-8120](https://github.com/unamer/CVE-2018-8120): CVE-2018-8120 Windows LPE exploit
[MixewayFortifyScaRestApi](https://github.com/Mixeway/MixewayFortifyScaRestApi): Mixeway Fortify SCA Rest API - custom build API that can execute source analyzer remotely via API Calls
[Conti-Ransomware](https://github.com/gharty03/Conti-Ransomware): Full source of the Conti Ransomware Including the missing Locker files from the original leak. I have fixed some of the errors intentionally introduced by the leaker to prevent the locker from being built. The Queue header file which implements a few linked list data structures that Conti uses for task scheduling in the Threadpool had several missing commas, there are still errors which I believe to be the result of a missing #ifdef pre-processsor macro in one of the header files but haven't had time to find it. Will be uploading English Translated Documentation In the future
[wsltools](https://github.com/Symbo1/wsltools): Web Scan Lazy Tools - Python Package
[KubeArmor](https://github.com/kubearmor/KubeArmor): Cloud-native Runtime Security Enforcement System
[redis-exploit](https://github.com/fagray/redis-exploit): an exploit to an open redis instance
[penetration-script](https://github.com/saucer-man/penetration-script): 渗透测试脚本,为防忘记开设(垃圾桶)
[WriteUps](https://github.com/deut-erium/WriteUps): Repository for writeups of ctf challenges
[crithit](https://github.com/codingo/crithit): Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.
[dockerized-parrot](https://github.com/gurayops/dockerized-parrot): Dockerized version of Parrot GNU/Linux
[Windows-Exploit-Suggester-2](https://github.com/7Ragnarok7/Windows-Exploit-Suggester-2): A tool to recommend available exploits for Windows Operating Systems
[Hikari](https://github.com/HikariObfuscator/Hikari): LLVM Obfuscator
[XSS-Payload-without-Anything](https://github.com/hahwul/XSS-Payload-without-Anything): XSS Payload without Anything.
[STIX-Java](https://github.com/StephenOTT/STIX-Java): STIX 2.x Java Library
[unsign](https://github.com/steakknife/unsign): Remove code signatures from OSX Mach-O binaries (note: unsigned binaries cannot currently be re-codesign'ed. Patches welcome!)
[advanced-censys-client](https://github.com/Inplex-sys/advanced-censys-client): It's a censys client who able to you to scrape the censys API with multiple api keys. It will able to you to scrape more than 10k ips.
[enum4linux-ng](https://github.com/cddmp/enum4linux-ng): A next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for security professionals and CTF players.
[wowInjector](https://github.com/aaaddress1/wowInjector): PoC: Exploit 32-bit Thread Snapshot of WOW64 to Take Over $RIP & Inject & Bypass Antivirus HIPS (HITB 2021)
[Phoenix-Framework](https://github.com/HackerDev-Felix/Phoenix-Framework): Phoenix Framework Project
[repo-security-scanner](https://github.com/techjacker/repo-security-scanner): CLI tool that finds secrets accidentally committed to a git repo, eg passwords, private keys
[lit-bb-hack-tools](https://github.com/edoardottt/lit-bb-hack-tools): Little Bug Bounty & Hacking Tools⚔️
[road-to-hacking](https://github.com/R3LI4NT/road-to-hacking): ¿Quieres empezar en el mundo hacking? En esta revista te enseño a instalar Kali Linux desde cero y a manipular herramientas esenciales en el Hacking Ético.
[tofu](https://github.com/puckblush/tofu): Windows offline filesystem hacking tool for Linux
[ZVulDrill](https://github.com/710leo/ZVulDrill): Web漏洞演练平台
[Google-Chrome-Browser-Database-Hack](https://github.com/ncorbuk/Google-Chrome-Browser-Database-Hack): Google Chrome Database Cracking Hacking - Get username & passwords
[burp-shell-fwd-lfi](https://github.com/gnothiseautonlw/burp-shell-fwd-lfi): A Burp Suite plugin/extension that offers a shell in Burp. Both useful for OS Command injection and LFI exploration
[Monitor-pastebin-leaks](https://github.com/OdinF13/Monitor-pastebin-leaks): Script to monitor pastebin.com's public pastes for sensitive data leakage
[tryhackme-ctf](https://github.com/edoardottt/tryhackme-ctf): TryHackMe CTFs writeups, notes, dratfs, scrabbles, files and solutions.
[metta](https://github.com/uber-common/metta): An information security preparedness tool to do adversarial simulation.
[FreeFire-Phishing](https://github.com/OnlineHacKing/FreeFire-Phishing): Free Fire Account Hack Phishing tool with Termux
[Tscan](https://github.com/TerrehDactyl/Tscan): A simple port scanner (with option to print to file) written in C using GTK 3.0
[RWCTF-FastStructureCache](https://github.com/A2nkF/RWCTF-FastStructureCache): My heavily commented analysis/reimplementation of the exploit for the FastStructureCache WebKit 1day Challenge from 2019's RealWorld CTF finals
[Red-Team-Essentials](https://github.com/hexachordanu/Red-Team-Essentials): This repo will contain some basic pentest/RT commands.
[Flask-HTTPAuth](https://github.com/miguelgrinberg/Flask-HTTPAuth): Simple extension that provides Basic, Digest and Token HTTP authentication for Flask routes
[jsbackdoor](https://github.com/SVelizDonoso/jsbackdoor): Script que por medio de un XSS permite la ejecución remota de JavaScript utilizando un Socket Server. El script es muy simple y sencillo, especial para principiantes que deseen aprender más sobre Python y ataques del lado del cliente.
[WireGuard-Guide](https://github.com/mikeroyal/WireGuard-Guide): WireGuard Guide
[tsharrk](https://github.com/hrbrmstr/tsharrk): 🦈 Tools to Make Analyses Using tshark Easier in R
[rhizobia_J](https://github.com/momosecurity/rhizobia_J): JAVA安全SDK及编码规范
[One-Lin3r](https://github.com/D4Vinci/One-Lin3r): Gives you one-liners that aids in penetration testing operations, privilege escalation and more
[angularjs-csti-scanner](https://github.com/tijme/angularjs-csti-scanner): Automated client-side template injection (sandbox escape/bypass) detection for AngularJS v1.x.
[honeyshell](https://github.com/wisepythagoras/honeyshell): An SSH honeypot based on the libssh library written entirely in Go.
[CIS-Ubuntu-20.04-Ansible](https://github.com/alivx/CIS-Ubuntu-20.04-Ansible): Ansible Role to Automate CIS v1.1.0 Ubuntu Linux 18.04 LTS, 20.04 LTS Remediation
[liffier](https://github.com/momenbasel/liffier): tired of manually add dot-dot-slash to your possible path traversal? this short snippet will increment ../ on the URL.
[TheThreatHuntLibrary](https://github.com/svch0stz/TheThreatHuntLibrary): Library of threat hunts to get any user started!
[alarmo](https://github.com/nielsfaber/alarmo): Easy to use alarm system integration for Home Assistant
[KernelForge](https://github.com/Cr4sh/KernelForge): A library to develop kernel level Windows payloads for post HVCI era
[polymorphic_compression_malware](https://github.com/t94j0/polymorphic_compression_malware): Warning, this is malware. Don't do something stupid with it
[GDA-android-reversing-Tool](https://github.com/charles2gan/GDA-android-reversing-Tool): GDA is a new fast and powerful decompiler in C++(working without Java VM) for the APK, DEX, ODEX, OAT, JAR, AAR, and CLASS file. which supports malicious behavior detection, privacy leaking detection, vulnerability detection, path solving, packer identification, variable tracking, deobfuscation, python&java scripts, device memory extraction, data decryption, and encryption, etc.
[InfiniDrive](https://github.com/DavidBerdik/InfiniDrive): A project that leverages Google Drive's API and "0 size file" rules for native Docs for unlimited storage space. - A SteelHacks 2019 Project
[sipcheck](https://github.com/sinologicnet/sipcheck): SIPCheck is a tool that watch the authentication of users of Asterisk and bans automatically if some user (or bot) try to register o make calls using wrong passwords.
[Awesome-Honeypot](https://github.com/code-byter/Awesome-Honeypot): Cowrie Honeypot with Elasticsearch
[Keye](https://github.com/clirimemini/Keye): Keye is a reconnaissance tool that was written in Python with SQLite3 integrated. After adding a single URL, or a list of URLs, it will make a request to these URLs and try to detect changes based on their response's body length.
[WebInfraScanner](https://github.com/devershichandra27/WebInfraScanner): A vulnerability scanner designed for remote web server. Uses nmap and whatweb extensively
[linux-russian-roulette](https://github.com/thebabush/linux-russian-roulette): Like Russian roulette, but for your kernel.
[WMAT](https://github.com/Ivan-Markovic/WMAT): WMAT is automatic tool for testing webmail accounts. Support SSL pages, have automatic generator for default passwords. XML driven patterns. Included on Backtrack Linux 4.
[pysdk-core](https://github.com/XQ-Message-Inc/pysdk-core): A Python Implementation of XQ Message SDK (V.2) which provides convenient access to the XQ Message API.
[IRIS](https://github.com/IRIS-Team/IRIS): 🔍 IRIS: An open-source intelligence framework
[LadonGo](https://github.com/k8gege/LadonGo): LadonGO 4.2 Pentest Scanner framework 全平台Go开源内网渗透扫描器框架,Windows/Linux/Mac内网渗透,使用它可轻松一键批量探测C段、B段、A段存活主机、高危漏洞检测MS17010、SmbGhost,远程执行SSH/Winrm,密码爆破SMB/SSH/FTP/Mysql/Mssql/Oracle/Winrm/HttpBasic/Redis,端口扫描服务识别PortScan指纹识别/HttpBanner/HttpTitle/TcpBanner/Weblogic/Oxid多网卡主机,端口扫描服务识别PortScan。
[k8s-security-dashboard](https://github.com/k8scop/k8s-security-dashboard): A security monitoring solution for Kubernetes
[TWAPT](https://github.com/MoisesTapia/TWAPT): Deploy your own lab of web application penetration testing with docker and docker-compose, webgoat, dvwap, bwapp and Juice Shop
[dr_checker_4_linux](https://github.com/marcinguy/dr_checker_4_linux): Port of "DR.CHECKER : A Soundy Vulnerability Detection Tool for Linux Kernel Drivers" to Clang/LLVM 10 and Linux Kernel
[violent-python3](https://github.com/EONRaider/violent-python3): Source code for the book "Violent Python" by TJ O'Connor. The code has been fully converted to Python 3, reformatted to comply with PEP8 standards and refactored to eliminate dependency issues involving the implementation of deprecated libraries.
[SubDomainizer](https://github.com/nsonaniya2010/SubDomainizer): A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.
[Unity-game-hacking](https://github.com/imadr/Unity-game-hacking): A guide for hacking unity games
[CTF-WriteUps](https://github.com/m0rphtail/CTF-WriteUps): Writeups for the CTFs I solve
[ORLFTExploit](https://github.com/JLDevOps/ORLFTExploit): Exploit script to constantly get free access to O'Reilly Learning material via their Free Trial Page - https://learning.oreilly.com/register/
[site-vulns-finder](https://github.com/ntexe/site-vulns-finder): Scans site for vulnerabilities, such as admin panels, logs
[TorBot](https://github.com/DedSecInside/TorBot): Dark Web OSINT Tool
[Vine](https://github.com/CompanionCubeGD/Vine): Python 3 Hacking Tools
[malidate](https://github.com/redfast00/malidate): A logging DNS and HTTP(S) server. Opensource alternative to some parts of the Burpsuite Collaborator server.
[Amazing-Bug-Bounty-Path](https://github.com/lohitakshnandan/Amazing-Bug-Bounty-Path): Amazing Collection of Bug Bounty Hunting resources
[labsecurity](https://github.com/dylanmeca/labsecurity): labsecurity is a tool that brings together python scripts made for ethical hacking, in a single tool, through a console interface
[xray](https://github.com/chaitin/xray): 一款完善的安全评估工具,支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档
[SuperLibrary](https://github.com/MrM8BRH/SuperLibrary): Information Security Library
[SQLzr-i](https://github.com/mfazrinizar/SQLzr-i): This is a Perl program to do an automated SQL Injection for pentesting web's SQL database protection. Coded by M.Fazri Nizar.
[CTI-Quiz](https://github.com/BushidoUK/CTI-Quiz): Practice CTI Quiz
[DDoS-Ripper](https://github.com/palahsu/DDoS-Ripper): DDos Ripper a Distributable Denied-of-Service (DDOS) attack server that cuts off targets or surrounding infrastructure in a flood of Internet traffic
[fake-sms](https://github.com/machine1337/fake-sms): A small script to send messages anonymously. very fast and secure SMS sending script.
[SwiftyRSA](https://github.com/TakeScoop/SwiftyRSA): RSA public/private key encryption in Swift
[Deep-Explorer](https://github.com/blueudp/Deep-Explorer): Deep Explorer is a ( 1 day developed ) tool made in python which purpose is the search of hidden services in tor network, using Ahmia Browser and crawling the links obtained
[exploit-CVE-2015-3306](https://github.com/t0kx/exploit-CVE-2015-3306): ProFTPd 1.3.5 - (mod_copy) Remote Command Execution exploit and vulnerable container
[saucerframe](https://github.com/saucer-man/saucerframe): python3批量poc检测工具
[awesome-vehicle-security](https://github.com/jaredthecoder/awesome-vehicle-security): 🚗 A curated list of resources for learning about vehicle security and car hacking.
[Gish-Code-1.12.2](https://github.com/GishReloaded/Gish-Code-1.12.2): This is a hacked modification for Minecraft Forge 1.12.2
[shfz](https://github.com/shfz/shfz): TypeScript Scenario-Based Web Application Fuzzing Framework
[CVE-2021-21315-PoC](https://github.com/ForbiddenProgrammer/CVE-2021-21315-PoC): CVE 2021-21315 PoC
[setcap-static](https://github.com/sjinks/setcap-static): A statically linked lightweight version of setcap(8) to use in `scratch` images
[Web-Scraper](https://github.com/Encryptor-Sec/Web-Scraper): Web Scraper is a melange of Web tools for web hacking, reconnaissance, bug bounty so on. This tool consists of 20 most used web tools for security assessment
[WebHackersWeapons](https://github.com/hahwul/WebHackersWeapons): ⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
[ir-rescue](https://github.com/diogo-fernan/ir-rescue): A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
[opal](https://github.com/EOP-OMB/opal): OSCAL Policy Administration Library (OPAL) provides a simple web application for managing System Security Plans. The data modle is based on the OSCAL standard.
[arachni-docked](https://github.com/umbraesoulsbane/arachni-docked): This is a skeleton project for working with Arachni (https://www.arachni-scanner.com/), a web application security scanner framework, in a Docker environment.
[Wifi-Sentinel](https://github.com/caelan-a/Wifi-Sentinel): A service that runs on a Raspberry Pi Zero W to identify and log wifi devices entering your home.
[wannaNotes](https://github.com/impulsado/wannaNotes): Markdown Cybersecurity Notes
[DeepScan](https://github.com/tahmed11/DeepScan): A simple shell script which utilizes nmap, nikto, dirb, enum4linux and other open source goodies to automate enumeration process.
[dheater](https://github.com/Balasys/dheater): D(HE)ater is a proof of concept implementation of the D(HE)at attack (CVE-2002-20001) through which denial-of-service can be performed by enforcing the Diffie-Hellman key exchange.
[BITS-v5.5](https://github.com/BITS-Editor/BITS-v5.5): Behörden-IT-Sicherheitstraining bis v5.5
[scapy](https://github.com/secdev/scapy): Scapy: the Python-based interactive packet manipulation program & library. Supports Python 2 & Python 3.
[BlockList-Malware](https://github.com/Esox-Lucius/BlockList-Malware): Making Blocklists/blacklists with data from AlienVault Threat Exchange. CC0 1.0 Universal
[PENTOL](https://github.com/radenvodka/PENTOL): PENTOL - Pentester Toolkit for Fiddler2
[privapi](https://github.com/Veridax/privapi): Detect Sensitive REST API communication using Deep Neural Networks
[adversarial-MTSR](https://github.com/dependable-cps/adversarial-MTSR)
[AndroidSecNotes](https://github.com/iamsarvagyaa/AndroidSecNotes): An actively maintained, Self curated notes related to android application security for security professionals, bugbounty hunters, pentesters, reverse engineer, and redteamers.
[mythril](https://github.com/ConsenSys/mythril): Security analysis tool for EVM bytecode. Supports smart contracts built for Ethereum, Hedera, Quorum, Vechain, Roostock, Tron and other EVM-compatible blockchains.
[thycotic.secretserver](https://github.com/thycotic-ps/thycotic.secretserver): PowerShell module for automating with Thycotic Secret Server REST API
[k8gege.github.io](https://github.com/k8gege/k8gege.github.io): K8博客
[ghaction-container-scan](https://github.com/crazy-max/ghaction-container-scan): GitHub Action to check for vulnerabilities in your container image
[net.security](https://github.com/r-net-tools/net.security): Security R package with a set of utils to analyse the different industry standards (MITRE and NIST).
[Ethical-Hacking-Labs](https://github.com/Samsar4/Ethical-Hacking-Labs): Practical Ethical Hacking Labs 🗡🛡
[exploit-pattern](https://github.com/Svenito/exploit-pattern): generate and search pattern string for exploit development
[MixewayOpenVASRestAPI](https://github.com/Mixeway/MixewayOpenVASRestAPI): JAVA Spring-Boot implementation of REST API for OpenVAS Security Vulnerability Scanner. REST API is using gvm-cli in order to communicate with OpenVAS
[spring-boot-leaning](https://github.com/ityouknow/spring-boot-leaning): Spring Boot 2.X 最全课程代码
[cryptic](https://github.com/cryptic-game/cryptic): The official repository of Cryptic
[AvArmy](https://github.com/jesusgarcia2/AvArmy): AvArmy is a software for the detection and analysis of vulnerabilities in services and web applications using Machine learning.
[rustbuster](https://github.com/phra/rustbuster): A Comprehensive Web Fuzzer and Content Discovery Tool
[ExAuth](https://github.com/ExosphericDev/ExAuth): Authentication/Whitelist system for Roblox [Synapse X]
[Wordlists](https://github.com/kkrypt0nn/Wordlists): A collection of wordlists for many different usages.
[zap-docked](https://github.com/umbraesoulsbane/zap-docked): This is a skeleton project for working with Zap (https://www.zaproxy.org/), a web application security scanner, in a Docker environment.
[Reconnoitre](https://github.com/codingo/Reconnoitre): A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.
[404StarLink](https://github.com/knownsec/404StarLink): 404StarLink - 推荐优质、有意义、有趣、坚持维护的安全开源项目
[browserrecon-asp](https://github.com/scipag/browserrecon-asp): Advanced Web Browser Fingerprinting
[kscan](https://github.com/lcvvvv/kscan): Kscan是一款纯go开发的全方位扫描器,具备端口扫描、协议检测、指纹识别,暴力破解等功能。支持协议1200+,协议指纹10000+,应用指纹2000+,暴力破解协议10余种。
[SportBruter](https://github.com/liltrendi/SportBruter): A bruteforce script aimed at sending authentication requests to the SportPesa website in an attempt to log in as a user against a supplied set of passwords
[subzer0](https://github.com/0xApt/subzer0): A tool that scans a list of given domains, and returns the status codes for each domain on both port 80 & 443
[Diamorphine](https://github.com/m0nad/Diamorphine): LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)
[spoofpoint](https://github.com/grahamhelton/spoofpoint): Spoofpoint is a domain monitoring tool that allows you to generate a list of domains that are 1 character off of your domain (grahamhelton.com turns into -> grahamheIton.com ((The L is a capital I )), check a list of domains you already have, or check as single domain.
[The-Big-List-of-Hacked-Malware-Web-Sites](https://github.com/mitchellkrogza/The-Big-List-of-Hacked-Malware-Web-Sites): This repository contains a list of all web sites I come across that are either hacked with or purposefully hosting malware, ransomware, viruses or trojans.
[M4nifest0-Payload-Builder](https://github.com/attakercyebr/M4nifest0-Payload-Builder): Crypter and downloader rat
[ctf-archive-created](https://github.com/samueltangz/ctf-archive-created): CTF problems I have created.
[A-Red-Teamer-diaries](https://github.com/ihebski/A-Red-Teamer-diaries): RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.
[Kali_Port_Scanning](https://github.com/MSadekUni/Kali_Port_Scanning): NBCU command line implementation of python-portscan
[Payload-Guest-With-Icons](https://github.com/upal212/Payload-Guest-With-Icons): Payloads with Icons for Payload Guest by Al Azif - Firmware 9.00
[technowlogger](https://github.com/PushpenderIndia/technowlogger): TechNowLogger is Windows/Linux Keylogger Generator which sends key-logs via email with other juicy target info
[HITB2020_FSFUZZER](https://github.com/0xricksanchez/HITB2020_FSFUZZER): My Material for the HITB presentation
[AndroRAT](https://github.com/karma9874/AndroRAT): A Simple android remote administration tool using sockets. It uses java on the client side and python on the server side
[G4T13L.github.io](https://github.com/G4T13L/G4T13L.github.io): Blog de notas, aportes, writeups o cosas de ciberseguridad que se me ocurra publicar.
[fast-security-scanners](https://github.com/whitespots/fast-security-scanners): Security checks for your researches
[Hacking-P-B](https://github.com/ORCA666/Hacking-P-B): the only place u can acquire knowledge
[Pwnlab-Security-Resources](https://github.com/PwnLabMe-Project/Pwnlab-Security-Resources): Sharing our knowledge and resources in the field of cyber security
[Security4Delphi](https://github.com/ezequieljuliano/Security4Delphi): Enables and use of the concept of security in your Delphi applications
[ansvif](https://github.com/oxagast/ansvif): A Not So Very Intelligent Fuzzer: An advanced fuzzing framework designed to find vulnerabilities in C/C++ code.
[linuxboot](https://github.com/linuxboot/linuxboot): The LinuxBoot project is working to enable Linux to replace your firmware on all platforms.
[fileintel](https://github.com/keithjjones/fileintel): A modular Python application to pull intelligence about malicious files
[jexboss](https://github.com/joaomatosf/jexboss): JexBoss: Jboss (and Java Deserialization Vulnerabilities) verify and EXploitation Tool
[FairEmail](https://github.com/M66B/FairEmail): Fully featured, open source, privacy friendly email app for Android
[ICS-Security-Products](https://github.com/S3cur1tyH4ggis/ICS-Security-Products): Lists of products useful for ICS security
[Vulnogram](https://github.com/Vulnogram/Vulnogram): Vulnogram is a tool for creating and editing CVE information in CVE JSON format
[Android-Security-Reference](https://github.com/doridori/Android-Security-Reference): A W.I.P Android Security Ref
[LQMToolset](https://github.com/anl-cyberscience/LQMToolset): Flexible framework that allows automation to process cyber threat information and update endpoint defense tools.
[xhunter](https://github.com/TeamDarkAnon/xhunter): Remote Administrator Tool [ RAT For Android ] No Port Forwarding
[HostHunter](https://github.com/SpiderLabs/HostHunter): HostHunter a recon tool for discovering hostnames using OSINT techniques.
[rekor](https://github.com/sigstore/rekor): Software Supply Chain Transparency Log
[goblin](https://github.com/xiecat/goblin): 一款适用于红蓝对抗中的仿真钓鱼系统
[cazador_unr](https://github.com/YasserGersy/cazador_unr): Hacking tools
[pwninit](https://github.com/io12/pwninit): pwninit - automate starting binary exploit challenges
[AI-for-Security-Learning](https://github.com/404notf0und/AI-for-Security-Learning): 安全场景、基于AI的安全算法和安全数据分析业界实践
[linux-anti-recon](https://github.com/brodzik/linux-anti-recon): Linux anti-reconnaissance kernel module. Mitigates OS fingerprinting and service detection. Based on "A deception based approach for defeating OS and service fingerprinting" by M. Albanese, E. Battista and S. Jajodia.
[wwwordlist](https://github.com/Zarcolio/wwwordlist): Wwwordlist is a wordlist generator. It extract words from HTML, URLs, JS/HTTP/input variables, quoted texts in the text and mail files.
[Ironsquirrel](https://github.com/MRGEffitas/Ironsquirrel): Encrypted exploit delivery for the masses
[android-hosts](https://github.com/privacy-guides/android-hosts): This is a small repository that has many different of hosts files with certain use-cases. It's meant to be used with the F-Droid version of Netguard https://github.com/M66B/NetGuard | https://www.netguard.me .
[PassBox](https://github.com/sectool/PassBox): Password Management Control Panel
[Basic-HTML-Website-Cyber-Security](https://github.com/sgupta-1/Basic-HTML-Website-Cyber-Security): This website was made during my college presentation and here, I am trying to convey the need for Cyber Security and how to prevent malicious activities through it, and also how to safeguard our children from child predators. It's a really simple and basic HTML, CSS, and JS-based website.
[1nternist.github.io](https://github.com/1nternist/1nternist.github.io): 1nternist's Cydia repository on Github
[ownlist](https://github.com/thelikes/ownlist): Weekly compilation of offensive security tools and write-ups
[halfempty](https://github.com/googleprojectzero/halfempty): A fast, parallel test case minimization tool.
[secureCodeBox](https://github.com/secureCodeBox/secureCodeBox): secureCodeBox (SCB) - continuous secure delivery out of the box
[hacking-tool](https://github.com/rixon-cochi/hacking-tool): Social media & camera hacking & whatsapp virus & SMS bombing
[memguard](https://github.com/awnumar/memguard): Secure software enclave for storage of sensitive information in memory.
[CVE-2019-16759-Vbulletin-rce-exploit](https://github.com/M0sterHxck/CVE-2019-16759-Vbulletin-rce-exploit): Vbulletin rce exploit CVE-2019-16759
[checkMach](https://github.com/0xmachos/checkMach): checkMach is a shell script to check the security properties of Mach-O executables
[Bookmarklet-Hacks-For-School](https://github.com/xploitspeeds/Bookmarklet-Hacks-For-School): * READ THE README FOR INFO!! * Incoming Tags- z score statistics,find mean median mode statistics in ms excel,variance,standard deviation,linear regression,data processing,confidence intervals,average value,probability theory,binomial distribution,matrix,random numbers,error propagation,t statistics analysis,hypothesis testing,theorem,chi square,time series,data collection,sampling,p value,scatterplots,statistics lectures,statistics tutorials,business mathematics statistics,share stock market statistics in calculator,business analytics,GTA,continuous frequency distribution,statistics mathematics in real life,modal class,n is even,n is odd,median mean of series of numbers,math help,Sujoy Krishna Das,n+1/2 element,measurement of variation,measurement of central tendency,range of numbers,interquartile range,casio fx991,casio fx82,casio fx570,casio fx115es,casio 9860,casio 9750,casio 83gt,TI BAII+ financial,casio piano,casio calculator tricks and hacks,how to cheat in exam and not get caught,grouped interval data,equation of triangle rectangle curve parabola hyperbola,graph theory,operation research(OR),numerical methods,decision making,pie chart,bar graph,computer data analysis,histogram,statistics formula,matlab tutorial,find arithmetic mean geometric mean,find population standard deviation,find sample standard deviation,how to use a graphic calculator,pre algebra,pre calculus,absolute deviation,TI Nspire,TI 84 TI83 calculator tutorial,texas instruments calculator,grouped data,set theory,IIT JEE,AIEEE,GCSE,CAT,MAT,SAT,GMAT,MBBS,JELET,JEXPO,VOCLET,Indiastudychannel,IAS,IPS,IFS,GATE,B-Tech,M-Tech,AMIE,MBA,BBA,BCA,MCA,XAT,TOEFL,CBSE,ICSE,HS,WBUT,SSC,IUPAC,Narendra Modi,Sachin Tendulkar Farewell Speech,Dhoom 3,Arvind Kejriwal,maths revision,how to score good marks in exams,how to pass math exams easily,JEE 12th physics chemistry maths PCM,JEE maths shortcut techniques,quadratic equations,competition exams tips and ticks,competition maths,govt job,JEE KOTA,college math,mean value theorem,L hospital rule,tech guru awaaz,derivation,cryptography,iphone 5 fingerprint hack,crash course,CCNA,converting fractions,solve word problem,cipher,game theory,GDP,how to earn money online on youtube,demand curve,computer science,prime factorization,LCM & GCF,gauss elimination,vector,complex numbers,number systems,vector algebra,logarithm,trigonometry,organic chemistry,electrical math problem,eigen value eigen vectors,runge kutta,gauss jordan,simpson 1/3 3/8 trapezoidal rule,solved problem example,newton raphson,interpolation,integration,differentiation,regula falsi,programming,algorithm,gauss seidal,gauss jacobi,taylor series,iteration,binary arithmetic,logic gates,matrix inverse,determinant of matrix,matrix calculator program,sex in ranchi,sex in kolkata,vogel approximation VAM optimization problem,North west NWCR,Matrix minima,Modi method,assignment problem,transportation problem,simplex,k map,boolean algebra,android,casio FC 200v 100v financial,management mathematics tutorials,net present value NPV,time value of money TVM,internal rate of return IRR Bond price,present value PV and future value FV of annuity casio,simple interest SI & compound interest CI casio,break even point,amortization calculation,HP 10b financial calculator,banking and money,income tax e filing,economics,finance,profit & loss,yield of investment bond,Sharp EL 735S,cash flow casio,re finance,insurance and financial planning,investment appraisal,shortcut keys,depreciation,discounting
[password-generator](https://github.com/lucasgdb/password-generator): Gerador de Senhas gratuito para Desktop (Windows 7 e posterior)
[Hunting-Queries-Detection-Rules](https://github.com/Bert-JanP/Hunting-Queries-Detection-Rules): Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
[Attacker-Group-Predictor](https://github.com/omergunal/Attacker-Group-Predictor): Tool to predict attacker groups from the techniques and software used
[fake-admin-honeypot-V1.1](https://github.com/pH-7/fake-admin-honeypot-V1.1): :honey_pot: New Honeypot Version: 1.2! :honeybee: This pH7CMS module is a simple but effective honeypot fake Admin CP for the security of your website. Honeypot for the attackers!
[Log4j-RCE](https://github.com/momos1337/Log4j-RCE): Log4j RCE - (CVE-2021-44228)
[cybersecurity-dynamic-analysis](https://github.com/paulveillard/cybersecurity-dynamic-analysis): An ongoing & curated collection of awesome vulnerability scanning software, libraries and frameworks, best guidelines and technical resources and most important dynamic application security testing (DAST)
[UMUDGA](https://github.com/Cyberdefence-Lab-Murcia/UMUDGA): Domain Generation Algorithm official repository. Please visit the WIKI page for more information
[Kong-API-Manager](https://github.com/safernandez666/Kong-API-Manager): Kong API Manager with Prometheus And Graylog
[Hacktoberfest2020](https://github.com/IzaquielCordeiro/Hacktoberfest2020): Submit your samples here :D
[Gr33k](https://github.com/lijiaxing1997/Gr33k): 图形化漏洞利用集成工具
[ccat](https://github.com/RhinoSecurityLabs/ccat): Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.
[cybersecurity-red-team](https://github.com/paulveillard/cybersecurity-red-team): An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about Red Team (Offensive) in Cybersecurity.
[SAGEMCOM-FAST-5370e-TELIA](https://github.com/wuseman/SAGEMCOM-FAST-5370e-TELIA): This is my personal wiki for hacking the router firmware used by (Sagemcom)F@ast Version 3.43.2 delivered from Sagemcom
[memcached](https://github.com/rayschu/memcached): Scan the memcached vulnerability.
[pwnKit](https://github.com/drapl0n/pwnKit): pwnKit: Privilege Escalation USB-Rubber-Ducky payload, which exploits CVE-2021-4034 in less than 10sec's and spawns root shell for you.
[smart-home-device-cyberattack-detection](https://github.com/asegun-cod/smart-home-device-cyberattack-detection): This is a collaborative work between Asmau (a Ph.D. research), Thejavathy and Oluwasegun under the supervision of Dr. Jun and Dr. Xiaoqi at Nottingham Trent University, UK.
[Sinput](https://github.com/devayes/Sinput): Standards compliant XSS input filtering package for Laravel 6, 7, 8 built on top of the popular HTMLPurifier package.
[sack](https://github.com/jofpin/sack): Identify connection of sessions for social engineering attacks.
[kanidm](https://github.com/kanidm/kanidm): Kanidm: A simple, secure and fast identity management platform
[ExploitableApp](https://github.com/postworthy/ExploitableApp): A .NET core project for web based pen testing
[werdlists](https://github.com/decal/werdlists): :keyboard: Wordlists, Dictionaries and Other Data Sets for Writing Software Security Test Cases
[Awesome-Ethical-Hacking-Resources](https://github.com/husnainfareed/Awesome-Ethical-Hacking-Resources): 🔗 All the resources I could find for learning Ethical Hacking and Penetration Testing.
[blankspace](https://github.com/jbaines-r7/blankspace): Proof of Concept for EFSRPC Arbitrary File Upload (CVE-2021-43893)
[webGuard](https://github.com/makemytrip/webGuard): webGuard is a Web Application Testing tool that helps find security vulnerabilities in your applications.
[Anti-Debugging](https://github.com/ThomasThelen/Anti-Debugging): A collection of c++ programs that demonstrate common ways to detect the presence of an attached debugger.
[qualys_parser](https://github.com/eRaMvn/qualys_parser): CLI tool that parses the csv report from Qualys and gives quick result
[awesome-hacking](https://github.com/jekil/awesome-hacking): Awesome hacking is an awesome collection of hacking tools.
[CVE-2018-10583](https://github.com/MrTaherAmine/CVE-2018-10583): An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by "xlink:href=file://192.168.0.2/test.jpg" within an "office:document-content" element in a ".odt XML document".
[Scout](https://github.com/TheHairyJ/Scout): Scout - a Contactless Active Reconnaissance Tool
[envkey-node](https://github.com/envkey/envkey-node): EnvKey's official Node.js client library
[facebook-cracker](https://github.com/Ha3MrX/facebook-cracker): Facebook Cracker Version 1.0 can crack into Facebook Database 100% without Interruption By Facebook Firewall
[GobyVuls](https://github.com/gobysec/GobyVuls): Vulnerabilities of Goby supported with exploitation.
[aws-check-publicly-exposed](https://github.com/trackit/aws-check-publicly-exposed): Check your EC2 and ELB public exposure.
[APAC-Meetups](https://github.com/Infosec-Community/APAC-Meetups): A community contributed consolidated list of InfoSec meetups in the Asia Pacific region.
[Pegasus-samples](https://github.com/9aylas/Pegasus-samples): Here's samples of android/ios spyware named "Pegasus" made by the NSOGROUP
[vpn_killer](https://github.com/noarchwastaken/vpn_killer): Kill any Android VPN in the browser, and expose the client's real IP address.
[MassVulScan](https://github.com/choupit0/MassVulScan): Bash script which quickly identifies open network ports and any associated vulnerabilities / Script Bash qui permet d'identifier rapidement les ports réseaux ouverts et les éventuelles vulnérabilités associées.
[HolisticInfoSec-For-WebDevelopers-Fascicle0](https://github.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle0): :books: Overview :lock: Tooling :lock: Process :lock: Physical :lock: People :books:
[Robber](https://github.com/MojtabaTajik/Robber): Robber is open source tool for finding executables prone to DLL hijacking
[awesome-ios-security](https://github.com/Cy-clon3/awesome-ios-security): A curated list of awesome iOS application security resources.
[TIWAP](https://github.com/tombstoneghost/TIWAP): Totally Insecure Web Application Project (TIWAP)
[SusCheck](https://github.com/k0rnh0li0/SusCheck): Reveals impostors in Among Us
[laravel-url-signer](https://github.com/spatie/laravel-url-signer): Create and validate signed URLs with a limited lifetime
[nosqlInjector](https://github.com/blessingcharles/nosqlInjector): A nosql automated injection tools for nonrelational guys
[Brutegram](https://github.com/Err0r-ICA/Brutegram): Instagram multi-bruteforce Platfrom
[ghorg](https://github.com/gabrie30/ghorg): Quickly clone an entire org/users repositories into one directory - Supports GitHub, GitLab, Bitbucket, and more 🥚
[code-injector](https://github.com/mustafadalga/code-injector): Aynı ağ içerisinde , ARP Spoofing saldırısı yapılmış hedef bilgisayarın ziyaret ettiği , HTTP protokolünü kullanan web sitelerine kod enjekte ederek manipüle etmenize yarayan bir script.
[LFIscanner](https://github.com/R3LI4NT/LFIscanner): Simple Local File Inclusion (LFI) scanner.
[xonsh-cheatsheet](https://github.com/anki-code/xonsh-cheatsheet): Cheat sheet for xonsh shell with copy-pastable examples. The best doc for the new users.
[opensnitch](https://github.com/evilsocket/opensnitch): OpenSnitch is a GNU/Linux port of the Little Snitch application firewall
[Susanoo](https://github.com/ant4g0nist/Susanoo): A REST API security testing framework.
[rdroid](https://github.com/m301/rdroid): [Android RAT] Remotely manage your android phone using PHP Interface
[Gngr_remote_keylogger](https://github.com/abdulkadir-gungor/Gngr_remote_keylogger): (On 09/04/2021) Remote Keylogger software has been made for the latest up-to-date "Windows 7, 8 and 10" operatings systems. It managed to circumvent the "Windows Defender" program.
[vue-dompurify-html](https://github.com/LeSuisse/vue-dompurify-html): Safe replacement for the v-html directive
[Anti-DDOS](https://github.com/anti-ddos/Anti-DDOS): 🔒 Anti DDOS | Bash Script Project 🔒
[TegraRcmGUI](https://github.com/eliboa/TegraRcmGUI): C++ GUI for TegraRcmSmash (Fusée Gelée exploit for Nintendo Switch)
[TORhunter](https://github.com/Err0r-ICA/TORhunter): Designed to scan and exploit vulnerabilities within Tor hidden services. TORhunter allows most tools to work as normal while resolving .onion
[honeyLambda](https://github.com/0x4D31/honeyLambda): honeyλ - a simple, serverless application designed to create and monitor fake HTTP endpoints (i.e. URL honeytokens) automatically, on top of AWS Lambda and Amazon API Gateway
[dnsbin](https://github.com/ettic-team/dnsbin): The request.bin of DNS request
[hackipy](https://github.com/usama-365/hackipy): Hacking, pen-testing, and cyber-security related tools built with Python.
[om5p-ac-v2-unlocker](https://github.com/true-systems/om5p-ac-v2-unlocker): Open Mesh OM5P-AC v2 Unlocker (U-Boot 1.1.4 based)
[MindAPI](https://github.com/dsopas/MindAPI): Organize your API security assessment by using MindAPI. It's free and open for community collaboration.
[earth-storm](https://github.com/justlive1/earth-storm): CAS 5.x 服务,提供各种cas-client
[Security_Hacking_Scripts](https://github.com/mbcse/Security_Hacking_Scripts): This Repository contains Encryption Algorithms, Ethical Hacking Scripts, Cybersecurity Learning Resources, and Security-Based Projects. Contribute to this repository!!
[whoUR](https://github.com/jopcode/whoUR): Tool for information gathering, IPReverse, AdminFInder, DNS, WHOIS, SQLi Scanner with google.
[FalconOne](https://github.com/StrikeVaults/FalconOne): FalconOne is an Open Source solution deployed and updated on daily basis to help prevent terror and crime. By using advanced tools, functions and stealth strategies, FalconOne's community is focused on making a friendly and fast solution for effective results.
[PHP-Antimalware-Scanner](https://github.com/marcocesarato/PHP-Antimalware-Scanner): AMWScan (PHP Antimalware Scanner) is a free tool to scan php files and analyze your project to find any malicious code inside it.
[vechain-core-nodes-security-checklist](https://github.com/slowmist/vechain-core-nodes-security-checklist): VeChain core nodes security checklist(唯链核心节点安全执行指南)
[helmet](https://github.com/helmetjs/helmet): Help secure Express apps with various HTTP headers
[PatrowlEngines](https://github.com/Patrowl/PatrowlEngines): PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
[yookiterm-slides](https://github.com/dobin/yookiterm-slides): Exploitation and Mitigation Slides
[SecureBit](https://github.com/richeshgupta/SecureBit): SecureBit is a chat client where Security is number one priority. B)
[SyntheticSun](https://github.com/jonrau1/SyntheticSun): SyntheticSun is a defense-in-depth security automation and monitoring framework which utilizes threat intelligence, machine learning, managed AWS security services and, serverless technologies to continuously prevent, detect and respond to threats.
[ExtensionSpoofer](https://github.com/henriksb/ExtensionSpoofer): Spoof file icons and extensions in Windows
[adminexploit](https://github.com/daddyparodz/adminexploit): this is the fastest way that you can get admin rights at work,school,etc in only a few seconds
[awesome-R-cyber-security](https://github.com/MonaxGT/awesome-R-cyber-security): awesome-R-cyber-security
[komand-tools](https://github.com/jaegeral/komand-tools): A dedicated repo to interact with the API of Rapid 7 Komand API
[Malicious-Urlv5](https://github.com/abhisheksaxena1998/Malicious-Urlv5): A multi-layered and multi-tiered Machine Learning security solution, it supports always on detection system, Django REST framework used, equipped with a web-browser extension that uses a REST API call.
[bb-tips-tricks](https://github.com/rudrasingh99/bb-tips-tricks): Just Some Tips & Tricks for BB found on the Internet :D
[streamalert](https://github.com/airbnb/streamalert): StreamAlert is a serverless, realtime data analysis framework which empowers you to ingest, analyze, and alert on data from any environment, using datasources and alerting logic you define.
[Shellcode-Extractor](https://github.com/Neetx/Shellcode-Extractor): Python script to extract shellcode from linux executables
[IsmailScript](https://github.com/thearrival/IsmailScript): Is a tool written by using python programming language. Enable a penetration testers to save a time and performing a full Reconnaissance and Information Gathering on any Web Application Server.
[Microsoft-Sentinel-4-SecOps](https://github.com/eshlomo1/Microsoft-Sentinel-4-SecOps): Microsoft Sentinel 4 SecOps
[Google-Dorks-Simplified](https://github.com/InfuriousICC/Google-Dorks-Simplified): Best Resource for learning Google Dorks
[PhoneSploit](https://github.com/aerosol-can/PhoneSploit): A tool for remote ADB exploitation in Python3 for all Machines.
[TryHackMe-Notes](https://github.com/nargaw/TryHackMe-Notes): Learning Cyber Security everyday and I share my notes here!
[Olaf-E-commerce-Backend-System](https://github.com/Ahmad-AbuGhazal/Olaf-E-commerce-Backend-System): Developed the backend of the Olaf e-commerce application. Allowing users to register in the system and buy,sell products. There is different modules in the system from login and registration to add products, sell products and different kind of services.
[Magento-shoplift-python-exploit](https://github.com/incredibleindishell/Magento-shoplift-python-exploit): Magento shoplift exploit is vulnerability which was discovered by CheckPoint team (http://blog.checkpoint.com/2015/04/20/analyzing-magento-vulnerability/) This python script developed by joren but it was having some bug because of which it was not working properly. If magento version is vulnerable, this script will create admin account with username forme and password forme
[What-Is-RESETHACKER](https://github.com/RESETHACKER-COMMUNITY/What-Is-RESETHACKER): ResetHacker celebrates its 2 year anniversary
[PayloadsAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings): A list of useful payloads and bypass for Web Application Security and Pentest/CTF
[Spykeyboard](https://github.com/Sh4rk0-666/Spykeyboard): keylogger which sends us the data to our gmail.
[pysploit-framework](https://github.com/ahmadnourallah/pysploit-framework): free exploit framework written use python language version 3.3
[icmp-bindshell](https://github.com/dc401/icmp-bindshell): Experimental python3.x based ICMP bind shell listener using scapy and windows 'compatible'
[security-checker](https://github.com/juashyam/security-checker): A Magento 2 wrapper that leverages SensioLabs Security Checker library to checks if our application uses dependencies with known security vulnerabilities
[Probe_spider](https://github.com/Aravindha1234u/Probe_spider): Probe_Spider is a Open Source Intelligence Tool made complete out of Python.
[C2-Pwn](https://github.com/LukeBob-zz/C2-Pwn): Uses Shodan API to pull down C2 servers to run known exploits on them.
[objection](https://github.com/sensepost/objection): 📱 objection - runtime mobile exploration
[CyberSecurity_Conferences](https://github.com/MrM8BRH/CyberSecurity_Conferences): List of some cybersecurity conferences
[Speedhack](https://github.com/absoIute/Speedhack): Speedhack coded in C++, inspired by Cheat Engine's own speedhack.
[spicedb](https://github.com/authzed/spicedb): Open source permissions database inspired by Google Zanzibar
[tyranoscript_vulnerability](https://github.com/satoki/tyranoscript_vulnerability): 👻 [PoC] TyranoScript 5.13b - Arbitrary Code Execution (0day)
[ioc-scanner](https://github.com/cisagov/ioc-scanner): Search a filesystem for indicators of compromise (IoC).
[nesca_audit](https://github.com/enemy-submarine/nesca_audit): The Good, the Bad and the Ugly: результаты частичного аудита кода Nesca
[secret_agent](https://github.com/ahamez/secret_agent): An Elixir library to manage secrets
[eslint-plugin-security-node](https://github.com/gkouziik/eslint-plugin-security-node): ESLint security plugin for Node.js
[ockam](https://github.com/build-trust/ockam): Build Trust with a simple developer experience and powerful primitives that orchestrate end-to-end encryption, key management, authorization policy enforcement, and mutual authentication.
[pwn-pulse](https://github.com/BishopFox/pwn-pulse): Exploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)
[host_security](https://github.com/skipmcgee/host_security): Red Hat Enterprise Linux 6 & 7 security tool for enumerating security and IT operations-relevant information on a host and forwarding to a SIEM or enterprise syslog server in key='value' format.
[TheXFramework](https://github.com/r3dxpl0it/TheXFramework): Network/WebApplication Information Gathering, Enumeration and Vulnerability Scanning (Under Development)
[ShellShockHunter](https://github.com/MrCl0wnLab/ShellShockHunter): It's a simple tool for test vulnerability shellshock
[id-obfuscator](https://github.com/jchambers/id-obfuscator): A Java library for reversibly obfuscating numerical identifiers (e.g. 1234 ↔ 4TQCNTL)
[Scripts-Sploits](https://github.com/alienwithin/Scripts-Sploits): A number of scripts POC's and problems solved as pentests move along.
[cyber_training_materials](https://github.com/moshekaplan/cyber_training_materials): Training materials I've written.
[cve-fix-reporter](https://github.com/sriramkandukuri/cve-fix-reporter): A Script to find fixes for CVE ids by parsing nvd website and respective git repository log.
[kube-psp-advisor](https://github.com/sysdiglabs/kube-psp-advisor): Help building an adaptive and fine-grained pod security policy
[Sexeca-FreeVersion](https://github.com/JasonDerulo1259/Sexeca-FreeVersion): A tool for senecalearning, that gets the answers for the questions, coded in c#
[lockphish](https://github.com/jaykali/lockphish): Lockphish it's the first tool (07/04/2020) for phishing attacks on the lock screen, designed to grab Windows credentials, Android PIN and iPhone Passcode using a https link.
[Active-Directory-Exploitation-Cheat-Sheet](https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet): A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
[syzkaller](https://github.com/google/syzkaller): syzkaller is an unsupervised coverage-guided kernel fuzzer
[UAficionado](https://github.com/quantumcore/UAficionado): Red Team vs Blue Team. Series of 5 challanges. Are you up for it?
[-CVE-2017-9805](https://github.com/0x00-0x00/-CVE-2017-9805): Exploit script for Apache Struts2 REST Plugin XStream RCE (CVE-2017-9805)
[boreas](https://github.com/greenbone/boreas): Boreas a command line tool to scan for alive hosts
[school-of-sre](https://github.com/linkedin/school-of-sre): At LinkedIn, we are using this curriculum for onboarding our entry-level talents into the SRE role.
[PolicyGlass](https://github.com/CloudWanderer-io/PolicyGlass): PolicyGlass allows you to analyse one or more AWS policies' effective permissions in aggregate, by restating them in the form of PolicyShards which are always Allow, never Deny.
[ByteCog](https://github.com/IlluminatiFish/ByteCog): A way to analyse how malware and/or goodware samples vary from each other using Shannon Entropy, Hausdorff Distance and Jaro-Winkler Distance
[caddy](https://github.com/caddyserver/caddy): Fast, multi-platform web server with automatic HTTPS
[sysmon-modular](https://github.com/olafhartong/sysmon-modular): A repository of sysmon configuration modules
[mitreattack-python](https://github.com/mitre-attack/mitreattack-python): A python module for working with ATT&CK
[Croissanted.py](https://github.com/arthur-pte/Croissanted.py): A Python script exploiting Discord's authorization token.
[Web-Cache-Vulnerability-Scanner](https://github.com/Hackmanit/Web-Cache-Vulnerability-Scanner): Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).
[reverse-shell-generator](https://github.com/0dayCTF/reverse-shell-generator): Hosted Reverse Shell generator with a ton of functionality. -- (Great for CTFs)
[Packet-Sequence](https://github.com/gamemann/Packet-Sequence): A tool that can be used to send single or multiple packets in sequences with a lot of packet customization. Can be used as a DoS attack tool for pen-testing purposes and more including network monitoring.
[brutemap](https://github.com/brutemap-dev/brutemap): Let's find someone's account
[PatrowlHearsData](https://github.com/Patrowl/PatrowlHearsData): Open-Source Vulnerability Intelligence Center - Unified source of vulnerability, exploit and threat Intelligence feeds
[stethoscope-app](https://github.com/Netflix-Skunkworks/stethoscope-app): A desktop application that checks security-related settings and makes recommendations for improvements without requiring central device management or automated reporting.
[gorsh](https://github.com/audibleblink/gorsh): A Golang Reverse Shell w/ a Tmux-driven psuedo-C2 Interface
[VulnFanatic](https://github.com/Martyx00/VulnFanatic): A Binary Ninja plugin for vulnerability research.
[mad-metasploit](https://github.com/hahwul/mad-metasploit): Metasploit custom modules, plugins, resource script and.. awesome metasploit collection
[frappe](https://github.com/frappe/frappe): Low code web framework for real world applications, in Python and Javascript
[sentinel-attack](https://github.com/BlueTeamLabs/sentinel-attack): Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
[BadUSB256](https://github.com/endbehavi0r/BadUSB256): A BadUSB Human Interface Device project that can store and execute 256 scripts at a time.
[MonarcAppFO](https://github.com/monarc-project/MonarcAppFO): MONARC - Method for an Optimised aNAlysis of Risks by @CASES-LU
[BucketsHunter](https://github.com/DanielAzulayy/BucketsHunter): A CLI tool to find open buckets, misconfigurations, and dump bucket contents - under dev
[inthewilddb](https://github.com/gmatuz/inthewilddb): Hourly updated database of exploit and exploitation reports
[winafl](https://github.com/googleprojectzero/winafl): A fork of AFL for fuzzing Windows binaries
[box-Authorizer](https://github.com/boxproject/box-Authorizer): PKApp is used to start, stop and authorise approval flow of authorizer.
[shufti](https://github.com/vaibhavkrjha/shufti): All in one OSINT Framework
[AspNetCoreSpa](https://github.com/asadsahi/AspNetCoreSpa): Asp.Net 5.0 & Angular 13 SPA Fullstack application with plenty of examples. Live demo:
[oidc-workshop-spring-io-2019](https://github.com/andifalk/oidc-workshop-spring-io-2019): Workshop at Spring I/O 2019 on "Securing Microservices with OpenID Connect and Spring Security 5.1"
[FlameCord](https://github.com/2lstudios-mc/FlameCord): Patches for Waterfall to improve overall performance, fix memory issues and protect against attacks.
[spring-break_cve-2017-8046](https://github.com/m3ssap0/spring-break_cve-2017-8046): This is a Java program that exploits Spring Break vulnerability (CVE-2017-8046).
[tracee](https://github.com/aquasecurity/tracee): Linux Runtime Security and Forensics using eBPF
[WWWE](https://github.com/chrispetrou/WWWE): :droplet: Check your email(s) using popular online services to see if it appears in any data-breach
[Simple-CTF-Writeups](https://github.com/rc4ne/Simple-CTF-Writeups): CTF Writeups
[aws-ecr-continuous-scan](https://github.com/t04glovern/aws-ecr-continuous-scan): ECR Container Image Re-Scan
[hblock](https://github.com/hectorm/hblock): Improve your security and privacy by blocking ads, tracking and malware domains.
[kernel-exploits](https://github.com/bcoles/kernel-exploits): Various kernel exploits
[introspector](https://github.com/goldfiglabs/introspector): A schema and set of tools for using SQL to query cloud infrastructure.
[malgazer](https://github.com/keithjjones/malgazer): A Python malware analysis library.
[filterbypass](https://github.com/masatokinugawa/filterbypass): Browser's XSS Filter Bypass Cheat Sheet
[arpspoof](https://github.com/YeautyYE/arpspoof): :trollface: arpspoof for macOS - intercept packets on a switched LAN
[HEVD_Kernel_Exploit](https://github.com/mgeeky/HEVD_Kernel_Exploit): Exploits pack for the Windows Kernel mode driver HackSysExtremeVulnerableDriver written for educational purposes.
[FBI-tools](https://github.com/danieldurnea/FBI-tools): 🕵️ OSINT Tools for gathering information and actions forensic 🕵️
[tfsec](https://github.com/aquasecurity/tfsec): Security scanner for your Terraform code
[reveng_rtkit](https://github.com/reveng007/reveng_rtkit): Linux Loadable Kernel Module (LKM) based rootkit (ring-0), capable of hiding itself, processes/implants, rmmod proof, has ability to bypass infamous rkhunter antirootkit.
[Awesome-Hacking-Resources](https://github.com/vitalysim/Awesome-Hacking-Resources): A collection of hacking / penetration testing resources to make you better!
[OpenNetAdmin-RCE](https://github.com/sec-it/OpenNetAdmin-RCE): OpenNetAdmin 8.5.14 <= 18.1.1 - Remote Command Execution
[cypheroth](https://github.com/seajaysec/cypheroth): Automated, extensible toolset that runs cypher queries against Bloodhound's Neo4j backend and saves output to spreadsheets.
[VHostScan](https://github.com/codingo/VHostScan): A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.
[Unified-Cybersecurity-Ontology](https://github.com/Ebiquity/Unified-Cybersecurity-Ontology): Unified Cybersecurity Ontology
[stegcloak](https://github.com/KuroLabs/stegcloak): Hide secrets with invisible characters in plain text securely using passwords 🧙🏻♂️⭐
[doraemon](https://github.com/orgurar/doraemon): Command & Control system for Windows written in Python and C++.
[dellicious](https://github.com/jbaines-r7/dellicious): Enabled / Disable LSA Protection via BYOVD
[struts2_cve-2017-5638](https://github.com/m3ssap0/struts2_cve-2017-5638): This is a sort of Java porting of the Python exploit at: https://www.exploit-db.com/exploits/41570/.
[wtf](https://github.com/0vercl0k/wtf): wtf is a distributed, code-coverage guided, customizable, cross-platform snapshot-based fuzzer designed for attacking user and / or kernel-mode targets running on Microsoft Windows.
[secure-pipeline-advisor](https://github.com/ciandt-dev/secure-pipeline-advisor): Improve your code security by running different security checks/validation in a simple way.
[awesome-cybersecurity-blueteam-cn](https://github.com/satan1a/awesome-cybersecurity-blueteam-cn): 网络安全 · 攻防对抗 · 蓝队清单,中文版
[vuln-scanner-flask](https://github.com/krishpranav/vuln-scanner-flask): A flask web app made for scanning vulnerabilites on a website, network exploitation, reconnaissance
[reconspider](https://github.com/bhavsec/reconspider): 🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.
[xmir-patcher](https://github.com/openwrt-xiaomi/xmir-patcher): Firmware patcher for Xiaomi routers
[pillager](https://github.com/brittonhayes/pillager): Pillage filesystems for sensitive information with Go 🔍
[SlowLoris](https://github.com/maxkrivich/SlowLoris): Asynchronous Python implementation of SlowLoris DoS attack
[klustair-helm](https://github.com/klustair/klustair-helm): Helm chart do deploy klustair with anchore
[omsp](https://github.com/zerolynx/omsp): Open Mobility Security Project is an open source project dedicated to standardize a framework of technical controls to evaluate security in all types of vehicles.
[CVE-2020-3153](https://github.com/shubham0d/CVE-2020-3153): POC code for CVE-2020-3153 - Cisco anyconnect path traversal vulnerability
[hostedscan-api-examples](https://github.com/hostedscan/hostedscan-api-examples): HostedScan Security API examples.
[CVenom](https://github.com/Mahmoud7Osman/CVenom): CVenom is An Ultra Easy-To-Use Cross-Platform Malware Development Framework For Advanced Malware Development
[h1st](https://github.com/h1st-ai/h1st): Power Tools for AI Engineers With Deadlines
[kerma](https://github.com/adalenv/kerma): demi2.0
[T-LOAD](https://github.com/ExpertAnonymous/T-LOAD)
[kaudit](https://github.com/alcideio/kaudit): Alcide Kubernetes Audit Log Analyzer - Alcide kAudit
[ail-feeder-leak](https://github.com/ail-project/ail-feeder-leak): AIL LeakFeeder: A Module for AIL Framework that automate the process to feed leaked files automatically
[openvas-up](https://github.com/rezen/openvas-up): Levels up scripting OpenVAS
[HackAllTheThings](https://github.com/akenofu/HackAllTheThings): Cheatsheets, References, and notes on various red teaming/pentesting topics.
[stunner](https://github.com/firefart/stunner): Stunner is a tool to test and exploit STUN, TURN and TURN over TCP servers.
[code6](https://github.com/4x99/code6): 码小六 - GitHub 代码泄露监控系统
[invenio](https://github.com/UMassCybersecurity/invenio): :mag_right: Cve-scanner and vulnerability scanner for local-hosting and local/web-wide scanning
[ccd-signal-injection-attacks](https://github.com/ssloxford/ccd-signal-injection-attacks): Source code to execute signal injection attacks against CCD image sensors
[Zero-attacker](https://github.com/AsjadOooO/Zero-attacker): Zero-attacker is an multipurpose hacking tool with over 24 tools like token-gen, ddos and more (code public in sometime)
[python-injector](https://github.com/pseudorandomuser/python-injector): A Python runtime code injector written in C++. Abandoned 2012.
[APISecurityBestPractices](https://github.com/GitGuardian/APISecurityBestPractices): Resources to help you keep secrets (API keys, database credentials, certificates, ...) out of source code and remediate the issue in case of a leaked API key. Made available by GitGuardian.
[converged-security-suite](https://github.com/9elements/converged-security-suite): Converged Security Suite for Intel & AMD platform security features
[Android-Exploits](https://github.com/sundaysec/Android-Exploits): A collection of android Exploits and Hacks
[AttackSurfaceManagement](https://github.com/1N3/AttackSurfaceManagement): Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty
[i-Haklab](https://github.com/ivam3/i-Haklab): i-Haklab is a hacking laboratory for Termux that contains open source tools for pentesting, scan/find vulnerabilities, explotation and post-explotation recommended by Ivam3 with automation hacking commands and many guides and tutorials to learn use it.
[slsa-provenance-action](https://github.com/philips-labs/slsa-provenance-action): Github Action implementation of SLSA Provenance Generation
[lemmeknow](https://github.com/swanandx/lemmeknow): The fastest way to identify anything!
[unicorn](https://github.com/unicorn-engine/unicorn): Unicorn CPU emulator framework (ARM, AArch64, M68K, Mips, Sparc, PowerPC, RiscV, S390x, TriCore, X86)
[jsubfinder](https://github.com/ThreatUnkown/jsubfinder): jsubfinder searches webpages for javascript & analyzes them for hidden subdomains and secrets (wip).
[Incident-Playbook](https://github.com/austinsonger/Incident-Playbook): GOAL: Incident Response Playbooks Mapped to MITRE Attack Tactics and Techniques. [Contributors Friendly]
[xiringuito](https://github.com/ivanilves/xiringuito): SSH-based "VPN for poors"
[bluemaho](https://github.com/zenware/bluemaho): BlueMaho is GUI-shell (interface) for suite of tools for testing security of bluetooth devices. It is freeware, opensource, written on python, uses wxPyhon. It can be used for testing BT-devices for known vulnerabilities and major thing to do – testing to find unknown vulns. Also it can form nice statistics.
[Anomaly-Detections-Apache-Spark](https://github.com/ThirdEyeData/Anomaly-Detections-Apache-Spark): This solution performs Anomaly Detection with Statistical Modeling on Spark. The detection is based on Z-Score calculated on cpu usage data collected from servers.
[iOS-Debug-Hacks](https://github.com/aozhimin/iOS-Debug-Hacks): :dart: Advanced debugging skills used in the iOS project development process, involves the dynamic debugging, static analysis and decompile of third-party libraries. iOS 项目开发过程中用到的高级调试技巧,涉及三方库动态调试、静态分析和反编译等领域
[nginxconfig.io](https://github.com/digitalocean/nginxconfig.io): ⚙️ NGINX config generator on steroids 💉
[SSH-tunneling-internal](https://github.com/aconstantinou-cmd/SSH-tunneling-internal): Scripts to assist in deploying virtual ethernet adapter and ssh tunneling for vulnerability scanning/ penetration testing
[wordlistgen](https://github.com/ameenmaali/wordlistgen): Quickly generate context-specific wordlists for content discovery from lists of URLs or paths
[the-bastion](https://github.com/ovh/the-bastion): Authentication, authorization, traceability and auditability for SSH accesses.
[cve-2016-1764](https://github.com/moloch--/cve-2016-1764): Extraction of iMessage Data via XSS
[attack-control-framework-mappings](https://github.com/center-for-threat-informed-defense/attack-control-framework-mappings): Security control framework mappings to MITRE ATT&CK provide a critically important resource for organizations to assess their security control coverage against real-world threats and provide a bridge for integrating ATT&CK-based threat information into the risk management process.
[topscan](https://github.com/thenurhabib/topscan): Web Vulnerability Scanner.
[hack-technicolor](https://github.com/hack-technicolor/hack-technicolor): Hacking Technicolor Gateways wiki repository
[Ethlint](https://github.com/duaraghav8/Ethlint): (Formerly Solium) Code quality & Security Linter for Solidity
[gateCracker](https://github.com/aydinnyunus/gateCracker)
[CVE-2021-44228-PoC-log4j-bypass-words](https://github.com/Puliczek/CVE-2021-44228-PoC-log4j-bypass-words): 🐱💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks
[Infosec-and-Hacking-Scripts](https://github.com/alvin-tosh/Infosec-and-Hacking-Scripts): 🚀 This is a collection of hacking and pentesting 🧐 scripts to help with enumeration, OSINT, exploitation and post exploitation automated scripts to make work easier. Have fun!😎
[graphqlInjector](https://github.com/blessingcharles/graphqlInjector): A graphQl Injector for REST in peace guys
[KeychainCracker](https://github.com/macmade/KeychainCracker): macOS keychain cracking tool
[black-hat-rust](https://github.com/skerkour/black-hat-rust): Applied offensive security with Rust - https://kerkour.com/black-hat-rust
[GEVAUDAN](https://github.com/MauroEldritch/GEVAUDAN): Exploit for Red Hat / GlusterFS CVE-2018-1088 & CVE-2018-1112, featured @ DEFCON 26, Las Vegas!
[who_and_what_to_follow](https://github.com/santosomar/who_and_what_to_follow): Who and what to follow in the world of cyber security
[tjson.js](https://github.com/tjson/tjson.js): JavaScript-compatible implementation of Tagged JSON (TJSON), written in TypeScript.
[OSINT-SAN](https://github.com/Bafomet666/OSINT-SAN): OSINT-SAN Framework дает возможность быстро находить информацию и деанонимизировать пользователей сети интернет.
[CVE-2020-7931](https://github.com/gquere/CVE-2020-7931): Hacking Artifactory with server side template injection
[cve-scanner-exploiting-pocs](https://github.com/gmatuz/cve-scanner-exploiting-pocs)
[Zilcorili](https://github.com/b3-v3r/Zilcorili)
[openpyn-nordvpn](https://github.com/jotyGill/openpyn-nordvpn): Easily connect to and switch between, OpenVPN servers hosted by NordVPN on Linux (+patch leakes)
[aardvark](https://github.com/Netflix-Skunkworks/aardvark): Aardvark is a multi-account AWS IAM Access Advisor API
[CVE-2019-10149](https://github.com/Diefunction/CVE-2019-10149): CVE-2019-10149 : A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.
[nero-phishing-server](https://github.com/kurogai/nero-phishing-server): An full HTTP server for Phishing. Downloads recursively the entire webpage.
[AutoPentest](https://github.com/bodavk/AutoPentest): A system for automation of the penetration testing procedure. Master's thesis work
[CloudScraper](https://github.com/jordanpotti/CloudScraper): CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.
[ImgBackdoor](https://github.com/Tsuyoken/ImgBackdoor): Hide your payload into .jpg file
[kravatte](https://github.com/inmcm/kravatte): Implementation of Kravatte Encryption Suite
[t14m4t](https://github.com/MS-WEB-BN/t14m4t): Automated brute-forcing attack tool.
[lempo](https://github.com/MauroEldritch/lempo): LEMPO (Ldap Exposure on POrtainer) is an exploit for CVE-2018-19466 (LDAP Credentials Disclosure on Portainer). Featured @ DevFest Siberia 2018
[chainsaw](https://github.com/countercept/chainsaw): Rapidly Search and Hunt through Windows Event Logs
[openvas-light](https://github.com/MrSuicideParrot/openvas-light): A dockerized version of openvas and totally independent of the greenbone stack.
[hmac-timing-attacks](https://github.com/eggie5/hmac-timing-attacks): HMAC timing attack's w/ statistical analysis
[titanm](https://github.com/quarkslab/titanm): This repository contains the tools we used in our research on the Google Titan M chip
[Crash-Call-Discord](https://github.com/Its-Vichy/Crash-Call-Discord): Crash discord dm / group vocal
[Hunter-Toolkit](https://github.com/Keyj33k/Hunter-Toolkit): Hunter-Toolkit Pentesting Assistant: Information Gathering And More.
[Cascade](https://github.com/binarybird/Cascade): Cascade - Dataflow graphing and analysis for C#
[shynet](https://github.com/milesmcc/shynet): Modern, privacy-friendly, and detailed web analytics that works without cookies or JS.
[soos-ci-analysis-circleci-orb](https://github.com/soos-io/soos-ci-analysis-circleci-orb): SOOS SCA for CircleCI
[uokoo_exploit](https://github.com/0xf15h/uokoo_exploit): Post-Auth RCE & Persistence on UOKOO Security Cameras
[cycat-service](https://github.com/CyCat-project/cycat-service): CyCAT.org API back-end server including crawlers
[Resources-for-Beginner-Bug-Bounty-Hunters](https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters): A list of resources for those interested in getting started in bug bounties
[Windows-Event-Monitor](https://github.com/jrdnbradford/Windows-Event-Monitor): Python 3-based multithreaded Windows Event monitoring program
[FakeUSB](https://github.com/Skazza94/FakeUSB): Make your own BadUSB device!
[dionaea](https://github.com/DinoTools/dionaea): Home of the dionaea honeypot
[Make-It-Burn](https://github.com/Ud0g-Py/Make-It-Burn): Colección de herramientas y scripts enfocados al Red-Team y CTFs
[GetMeUacPerms](https://github.com/KaizerFox/GetMeUacPerms): this will be deleted when its patched
[KeyLy](https://github.com/Sanix-Darker/KeyLy): A powerfull and awesome Keylogger(Your keyboard and your mouse) realy helpfull for hackers! :-P (C/C++)
[cherrybomb](https://github.com/blst-security/cherrybomb): Stop half-done API specifications! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by validating your API specifications.
[paypalsocialengineering](https://github.com/rafadeveloper14/paypalsocialengineering): Uma ferramenta simples , de fácil instalação e bem desenvolvida com o objetivo de facilitar a prática em ambiente de pentesting o acesso a contas PayPal
[bypassjqueryrealpersoncaptcha](https://github.com/willthornton/bypassjqueryrealpersoncaptcha): A Chrome Plugin to Bypass jQuery Real Person Captcha
[CVSS_Calculator](https://github.com/moeinfatehi/CVSS_Calculator): CVSS Calculator - a burp suite extension for calculating CVSS v2 and v3.1 scores of vulnerabilities.
[Tor2web](https://github.com/tor2web/Tor2web): Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers
[Niko](https://github.com/narumii/Niko): Small crash client base for retarded(german) people who steal other people's code.
[BAF](https://github.com/TralseDev/BAF): winx86 Stack-Based Buffer Overflow Scanner
[aws-least-privilege](https://github.com/functionalone/aws-least-privilege): Use AWS X-Ray to reach Least Privilege
[evillimiter-windows](https://github.com/bitbrute/evillimiter-windows): Tool that limits bandwidth of devices on the same network without access.
[Docx-Exploit-2021](https://github.com/LazarusReborn/Docx-Exploit-2021): This docx exploit uses res files inside Microsoft .docx file to execute malicious files. This exploit is related to CVE-2021-40444
[MixewayScanner](https://github.com/Mixeway/MixewayScanner): Mixeway Scanner is Spring Boot application which aggregate integration with number of OpenSource Vulnerability scanners - both SAST and DAST types
[search_vulns](https://github.com/ra1nb0rn/search_vulns): Search for known vulnerabilities in software using software titles or a CPE 2.3 string
[PcapXray](https://github.com/Srinivas11789/PcapXray): :snowflake: PcapXray - A Network Forensics Tool - To visualize a Packet Capture offline as a Network Diagram including device identification, highlight important communication and file extraction
[Auditr](https://github.com/0x1CA3/Auditr): A utility for auditing C code for vulnerabilities.
[OWASP-Risk-Assessment-Calculator](https://github.com/Ivan-Markovic/OWASP-Risk-Assessment-Calculator): This Risk Rating Calculator is based on OWASP's Risk Rating Methodology
[BSOD-Trigger](https://github.com/superblaubeere27/BSOD-Trigger)
[CVE-2019-0708-Tool](https://github.com/adalenv/CVE-2019-0708-Tool): A social experiment
[Seth](https://github.com/SySS-Research/Seth): Perform a MitM attack and extract clear text credentials from RDP connections
[MyBBscan](https://github.com/0xB9/MyBBscan): Scans plugins directory for possible vulnerable plugins.
[zbn](https://github.com/zbnio/zbn): 安全编排与自动化响应平台
[heimdall-framework](https://github.com/Heimdall-Framework/heimdall-framework): USB threat evaluation framework for Linux
[SharpSQLPwn](https://github.com/lefayjey/SharpSQLPwn): C# tool to identify and exploit weaknesses within MSSQL instances in Active Directory environments
[autovpn](https://github.com/ttlequals0/autovpn): Create On Demand Disposable OpenVPN Endpoints on AWS.
[fireELF](https://github.com/rek7/fireELF): fireELF - Fileless Linux Malware Framework
[kaminsky_exploit](https://github.com/filipdavidovic/kaminsky_exploit): Tool to exploit the Kaminsky DNS vulnerability
[wildzarek.github.io](https://github.com/WildZarek/wildzarek.github.io): Artículos sobre ciberseguridad, hacking ético, resolución de CTFs, programación y mucho más.
[blue_hydra](https://github.com/ZeroChaos-/blue_hydra): Blue Hydra
[browserrecon-php](https://github.com/scipag/browserrecon-php): Advanced Web Browser Fingerprinting
[IoT-Network-Intrusion-Detection-System-UNSW-NB15](https://github.com/abhinav-bhardwaj/IoT-Network-Intrusion-Detection-System-UNSW-NB15): Network Intrusion Detection based on various machine learning and deep learning algorithms using UNSW-NB15 Dataset
[Android_Hacking](https://github.com/AzimsTech/Android_Hacking): All things Android | Happy New Year 🎉 2022️⃣!
[chef-cis-tomcat-hardening](https://github.com/mitre/chef-cis-tomcat-hardening): (WIP) Chef recipe for hardening tomcat 8 to the CIS Tomcat Benchmark v1.0.1
[V3n0M-Scanner](https://github.com/v3n0m-Scanner/V3n0M-Scanner): Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
[KeyLogger](https://github.com/jagdishpatil2111/KeyLogger): This Advanced Keylogger is much more than a Keylogger. This keylogger includes more features other than just keylogging. This program is capable of Recording Keystrokes, Takes Screensnaps, Records Audio, Cracks System Configurations, Records data copied in Clipboard, Sends all the above data via E-mail.
[CVE-2019-12594](https://github.com/Alexandre-Bartel/CVE-2019-12594): This is a PoC for CVE-2019-12594, a vulnerability in DOSBox 0.74-2.
[programming-challenges](https://github.com/michelbernardods/programming-challenges): Algorithmic, Data Structures, Frontend and Pentest - Programming challenges and competitions to improve knowledge.
[RHEL7-CIS](https://github.com/ansible-lockdown/RHEL7-CIS): Ansible role for Red Hat 7 CIS Baseline
[infosec-startups](https://github.com/infosec-startups/infosec-startups): This repo contains list of all cybersecurity around the India. It has core hugo files for infosec-startups.github.io website for sending PR to add more links
[hijagger](https://github.com/firefart/hijagger): Checks all maintainers of all NPM and Pypi packages for hijackable packages through domain re-registration
[graph-fraud-detection-papers](https://github.com/safe-graph/graph-fraud-detection-papers): A curated list of fraud detection papers using graph information or graph neural networks
[secrets-web](https://github.com/jarmo/secrets-web): Not Yet Another Password Manager self-hosted Web app written in Go using libsodium
[SecBERT](https://github.com/jackaduma/SecBERT): pretrained BERT model for cyber security text, learned CyberSecurity Knowledge
[PXEnum](https://github.com/shawnduong/PXEnum): A shell script that automatically performs a series of *NIX enumeration tasks.
[overkill](https://github.com/jbaines-r7/overkill): QNAP N-Day (Probably not CVE-2020-2509)
[goHackTools](https://github.com/dreddsa5dies/goHackTools): Hacker tools on Go (Golang)
[richelieu](https://github.com/tarraschk/richelieu): List of the most common French passwords
[Vault-7](https://github.com/DarrenRainey/Vault-7): A Public available archive of the leaked Vault 7 archive files
[CVE-2020-0796](https://github.com/ORCA666/CVE-2020-0796): local exploit
[packet-maze-example](https://github.com/hrbrmstr/packet-maze-example): 🔀 📕Example R project for the CyberDefenders Packet Maze e-book walkthrough
[AllHackingTools](https://github.com/LOGI-LAB/AllHackingTools): ALL HACKING TOOLS IN ONE REPO
[docker-volatility](https://github.com/blacktop/docker-volatility): Volatility Dockerfile
[puffgo](https://github.com/ARaChn3/puffgo): A go package implementing a simple logic-bomb.
[vsftpd-3.0.3-DoS](https://github.com/prodseanb/vsftpd-3.0.3-DoS): vsftpd 3.0.3 Exploit - Remote Denial of Service
[SecPump](https://github.com/r3glisss/SecPump): A wireless infusion pump system workbench for security research
[Standard-Keylogger](https://github.com/liagason/Standard-Keylogger): A simple, small in size and portable keylogger for Windows XP/Vista/7/8/10/11 that doesn't require .NET Framework.
[encrypted-list](https://github.com/oneminch/encrypted-list): EncryptedList 2.0 - Collective List of Products & Services that Offer Zero-Knowledge or End-to-End Encryption.
[RubyFu](https://github.com/rubyfu/RubyFu): Rubyfu, where Ruby goes evil!
[codeclimate-rubocop](https://github.com/codeclimate/codeclimate-rubocop): Code Climate Engine for Rubocop
[HacKingPro](https://github.com/AnLoMinus/HacKingPro): HacKingPro - Hack Like A Pro !
[MrKaplan](https://github.com/Idov31/MrKaplan): MrKaplan is a tool aimed to help red teamers to stay hidden by clearing evidence of execution.
[batchql](https://github.com/assetnote/batchql): GraphQL security auditing script with a focus on performing batch GraphQL queries and mutations
[subshot](https://github.com/boydlowr/subshot): :bug: Screenshot subdomains w/ Sublist3r.
[HellRaiser](https://github.com/m0nad/HellRaiser): Vulnerability scanner using Nmap for scanning and correlating found CPEs with CVEs.
[Cloak-And-Dagger](https://github.com/NoahS96/Cloak-And-Dagger): An overlay attack example
[security-guide-for-developers](https://github.com/FallibleInc/security-guide-for-developers): Security Guide for Developers (实用性开发人员安全须知)
[kubestriker](https://github.com/vchinnipilli/kubestriker): A Blazing fast Security Auditing tool for Kubernetes
[Multi-Client-Reverse-Shell](https://github.com/mustafadalga/Multi-Client-Reverse-Shell): A multi-client reverse shell that allows multiple connections from target computers || Hedef bilgisayarlardan gelen birden fazla bağlantıya izin veren çoklu istemcili reverse shell.
[LambdaGuard](https://github.com/Skyscanner/LambdaGuard): AWS Serverless Security
[SecurityManageFramwork](https://github.com/we1h0/SecurityManageFramwork): Security Manage Framwork is a security management platform for enterprise intranet, which includes asset management, vulnerability management, account management, knowledge base management, security scanning automation function modules, and can be used for internal security management. This platform is designed to help Party A with fewer security personnel, complicated business lines, difficult periodic inspection and low automation to better achieve internal safety management.
[box-appServer](https://github.com/boxproject/box-appServer): The Staff-Manager App Server for Enterprise Token Safe BOX
[OhMyDoS](https://github.com/martinkubecka/OhMyDoS): :no_entry: Console application abusing Wordpress API called XML-RPC and its functions with aim of Denial-of-Service.
[EventTranscriptParser](https://github.com/stuxnet999/EventTranscriptParser): Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)
[openmz](https://github.com/castor-software/openmz): OpenMZ, a security kernel for RISC-V targeting secure coprocessors and secure embedded systems.
[metasploit-cheat-sheet](https://github.com/security-cheatsheet/metasploit-cheat-sheet): Metasploit Cheat Sheet 💣
[Angora](https://github.com/AngoraFuzzer/Angora): Angora is a mutation-based fuzzer. The main goal of Angora is to increase branch coverage by solving path constraints without symbolic execution.
[Awesome-Deep-Graph-Anomaly-Detection](https://github.com/XiaoxiaoMa-MQ/Awesome-Deep-Graph-Anomaly-Detection): Awesome graph anomaly detection techniques built based on deep learning frameworks. Collections of commonly used datasets, papers as well as implementations are listed in this github repository. We also invite researchers interested in anomaly detection, graph representation learning, and graph anomaly detection to join this project as contributors and boost further research in this area.
[cpwntools](https://github.com/nequ4tion/cpwntools): Fast, portable implementations for exploit development in C.
[TFM](https://github.com/VictorNS69/TFM): Resolución y explicación de Cap y Seal (HTB)
[envkey-python](https://github.com/envkey/envkey-python): EnvKey's python library. Protect API keys and credentials. Keep configuration in sync.
[spike_detector](https://github.com/pjain03/spike_detector): Tool to detect unusually high CPU usage (as in harmful cryptojacking)
[iblessing](https://github.com/Soulghost/iblessing): iblessing is an iOS security exploiting toolkit, it mainly includes application information gathering, static analysis and dynamic analysis. It can be used for reverse engineering, binary analysis and vulnerability mining.
[samaritan](https://github.com/MAkcanca/samaritan): Samaritan clone from the hit CBS T.V. show, Person of Interest.
[aws-recon](https://github.com/darkbitio/aws-recon): Multi-threaded AWS inventory collection tool with a focus on security-relevant resources and metadata.
[discord-bugs-exploits](https://github.com/DevEntro/discord-bugs-exploits): A Collection of Various Discord Bugs, Exploits, Un-Documented Parts of the Discord API, and Other Discord Related Miscellaneous Stuff.
[ThreatReportExtractor](https://github.com/jackaduma/ThreatReportExtractor): Extracting Attack Behavior from Threat Reports
[athena-iso](https://github.com/Athena-OS/athena-iso): Athena is a Arch Linux-based distro focused on Cybersecurity. Learn, practice and enjoy with any hacking tool!
[sops](https://github.com/mozilla/sops): Simple and flexible tool for managing secrets
[WebHackingNotes](https://github.com/inj3ctor-m4/WebHackingNotes): RECON Notes taking from every fucking book about bugbounty and web-app penetration testing exists
[urchin](https://github.com/keeganjk/urchin): :shell::collision: Python socket remote shell that lets you connect to others computers through the shell when they run the client.
[bpfd](https://github.com/genuinetools/bpfd): Framework for running BPF programs with rules on Linux as a daemon. Container aware.
[pyKeylogger](https://github.com/kartikmehta8/pyKeylogger): A Python-based Keylogger that can track your keystrokes, clipboard text, take screenshots at regular intervals, and records audio. It sends the data as SMS to the target phone number using Twilio.
[Secode](https://github.com/AliasgarSabunwala/Secode): Static Code Analyzer For Scanning Insecure Functions In The Given C++ Code
[Crascan](https://github.com/aryanrtm/Crascan): Crascan is a simple LFI, RFI, RCE, and Joomla Components vulnerability scanner.
[logback](https://github.com/longfeizheng/logback): 💡 SpringBoot+Spring Security基本配置
[sense-hacker](https://github.com/kaiwalyakoparkar/sense-hacker): This game is developed in vanilla js. This project won 2nd prize in Merge Intern's Hack You Hackathon 🎉
[Vigenere](https://github.com/STIFTMAN/Vigenere): This small C-program is able to encrypt and decrypt simple textfiles using Vigenere algorithm.
[CVE-2021-3317](https://github.com/Al1ex/CVE-2021-3317): CVE-2021-3317
[MAOYYK2018](https://github.com/atalayx7/MAOYYK2018): Mustafa Akgül Özgür Yazılım Yaz Kampı 2018 - Ağ Güvenliği ve Denetimi Kursu Notları
[honggfuzz](https://github.com/google/honggfuzz): Security oriented software fuzzer. Supports evolutionary, feedback-driven fuzzing based on code coverage (SW and HW based)
[Doxxer-Toolkit](https://github.com/Euronymou5/Doxxer-Toolkit): Todo lo necesario que un doxxer debe de tener siempre a mano
[dbuster-pro](https://github.com/DioBruh/dbuster-pro): Dbuster-pro is a beta open-source hacking tool for scanning directories in the websites!
[command-injection-payload-list](https://github.com/payloadbox/command-injection-payload-list): 🎯 Command Injection Payload List
[mercator](https://github.com/dbarzin/mercator): Cartographie du système d'information / Mapping the information system
[RVD](https://github.com/aliasrobotics/RVD): Robot Vulnerability Database. An archive of robot vulnerabilities and bugs.
[WhatsPayloadRCE](https://github.com/Err0r-ICA/WhatsPayloadRCE): Whatsapp Automatic Payload Generator [CVE-2019-11932]
[openvpn3](https://github.com/OpenVPN/openvpn3): OpenVPN 3 is a C++ class library that implements the functionality of an OpenVPN client, and is protocol-compatible with the OpenVPN 2.x branch.
[Python-RAT](https://github.com/FZGbzuw412/Python-RAT): Remote Administration tool for Windows Systems written in pure Python
[assimilation-official](https://github.com/assimilation/assimilation-official): This is the official main repository for the Assimilation project
[evilgrade](https://github.com/infobyte/evilgrade): Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates.
[Exploit-jpg](https://github.com/attakercyebr/Exploit-jpg): Vulnerability Disclosure Timeline Closer inspection of the Exploit JPG content reveals the malicious link as well as the URL Download and Execute of the tool used to generate the Exploit JPG from Python encrypted code content which we also implement in couple of our builders.Silent JPG Exploit There are multiple Exploit JPG in Silent JPG Exploit…
[DiabHack](https://github.com/trojanfoe/DiabHack): The definitive Diablo 1 hacking program
[encryption-decrypted](https://github.com/TobiasFrahm/encryption-decrypted): How does RSA Work, who was Diffie Hellman? I need this for my Finals, feel free to use on your own risk
[virtualseccons](https://github.com/santosomar/virtualseccons): An ongoing list of virtual cybersecurity conferences.
[Gallery-Pole-Vault](https://github.com/TreyAJenkins/Gallery-Pole-Vault): Android Gallery Vault PoC Exploit
[mikrotik-fail2ban](https://github.com/soriel/mikrotik-fail2ban)
[hackerpro](https://github.com/jaykali/hackerpro): All in One Hacking Tool for Linux & Android (Termux). Make your linux environment into a Hacking Machine. Hackers are welcome in our blog
[gvmd](https://github.com/greenbone/gvmd): Greenbone Vulnerability Manager - The database backend for the Greenbone Community Edition
[criptografia-arquivos](https://github.com/utfpr-sas-criptografia/criptografia-arquivos): A ideia deste projeto é desenvolver um sistema que permite usuários gravarem dados em um servidor não confiável. O servidor não deve ser capaz de observar os dados enviados por usuários e também não deve ser capaz de corromper os arquivos enviados sem que isto seja notado. O sistema deve permitir a coexistência de diferentes usuários que podem compartilhar arquivos entre si. Para cada arquivo deve ser possível controlar o conjunto de usuários que podem ler e/ou escrever para aquele arquivo.
[TimeLapse](https://github.com/jonasjuffinger/TimeLapse): A time lapse app for Sony Alpha camera using the OpenMemories framework
[limitrr-php](https://github.com/eddiejibson/limitrr-php): Better PHP rate limiting using Redis.
[Peergos](https://github.com/Peergos/Peergos): A p2p, secure file storage, social network and application protocol
[hacker101](https://github.com/Hacker0x01/hacker101): Source code for Hacker101.com - a free online web and mobile security class.
[Kissing-Bug](https://github.com/Mayur-Debu/Kissing-Bug): This is a combination of a hacking and a cracking tool.
[API-Security-Checklist](https://github.com/shieldfy/API-Security-Checklist): Checklist of the most important security countermeasures when designing, testing, and releasing your API
[VanakkamNanbaFW](https://github.com/karuppan-the-pentester/VanakkamNanbaFW): ;-P
[go-hash](https://github.com/renatoathaydes/go-hash): Small utility to store secret information like passwords.
[adsimulator](https://github.com/nicolas-carolo/adsimulator): A realistic simulator of Active Directory domains
[starboard](https://github.com/aquasecurity/starboard): Moved to https://github.com/aquasecurity/trivy-operator
[Jira-Lens](https://github.com/MayankPandey01/Jira-Lens): Fast and customizable vulnerability scanner For JIRA written in Python
[zaproxy-automation](https://github.com/ZFPSystems/zaproxy-automation): This is a collection of ZAProxy Automation Tools and scripts to automate security tests of WEB Applications and WEB Sites
[Stowaway](https://github.com/ph4ntonn/Stowaway): 👻Stowaway -- Multi-hop Proxy Tool for pentesters
[secure-webhosting-infra](https://github.com/david-strejc/secure-webhosting-infra): WordPress, security, speed, backuping, webhosting, and tuned Apache2.4 server with php-fpm, chroot and other stuff.
[suricata-rules](https://github.com/al0ne/suricata-rules): Suricata IDS rules 用来检测红队渗透/恶意行为等,支持检测CobaltStrike/MSF/Empire/DNS隧道/Weevely/菜刀/冰蝎/挖矿/反弹shell/ICMP隧道等
[CVE-2020-29134](https://github.com/Ls4ss/CVE-2020-29134): Exploit CVE-2020-29134 - TOTVS Fluig Platform - Path Traversal
[Blue-Team-Notes](https://github.com/Purp1eW0lf/Blue-Team-Notes): You didn't think I'd go and leave the blue team out, right?
[buji-pac4j](https://github.com/bujiio/buji-pac4j): pac4j security library for Shiro: OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...
[AnsiblePlaybooks](https://github.com/byt3bl33d3r/AnsiblePlaybooks): A collection of Ansible Playbooks that configure Kali to use Fish & install a number of tools
[tp_link_gdpr](https://github.com/0xf15h/tp_link_gdpr): Breaking TP-Link's attempt at GDPR compliance
[MISP](https://github.com/MISP/MISP): MISP (core software) - Open Source Threat Intelligence and Sharing Platform
[gensec](https://github.com/fstab50/gensec): General Security Utilities for Linux
[PatrowlManager](https://github.com/Patrowl/PatrowlManager): PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform
[neoblox](https://github.com/NeobloxExecutor/neoblox): A level 7 keyless Lua executor for Roblox. Free, forever!
[websocket-connection-smuggler](https://github.com/hahwul/websocket-connection-smuggler): websocket-connection-smuggler
[IDORD](https://github.com/AyemunHossain/IDORD): The only IDOR Vulnerablitiy detection tools ever.
[jarbou3](https://github.com/youhacker55/jarbou3): Jarbou3 is rat tool coded in python with C&C which can accept multiple connections from clients
[security-bulletins](https://github.com/Netflix/security-bulletins): Security Bulletins that relate to Netflix Open Source
[ADPWN](https://github.com/r4wd3r/ADPWN): Useful Windows and AD tools
[gvm-install-script](https://github.com/Jarthianur/gvm-install-script): An unofficial script to install GVM alias OpenVAS.
[hiddenwave](https://github.com/thehackersbrain/hiddenwave): An Audio Steganography Tool, written in C++
[ppmap](https://github.com/kleiton0x00/ppmap): A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.
[openredscan](https://github.com/thenurhabib/openredscan): Multifunctional open redirection vulnerability scanner.
[find-gh-poc](https://github.com/trickest/find-gh-poc): Find CVE PoCs on GitHub
[log4shell-looker](https://github.com/ravro-ir/log4shell-looker): log4jshell vulnerability scanner for bug bounty
[ggtfobins](https://github.com/CristinaSolana/ggtfobins): Get GTFOBins info about a given exploit from the command line
[teleport](https://github.com/gravitational/teleport): Certificate authority and access plane for SSH, Kubernetes, web apps, databases and desktops
[SmartBatteryHack](https://github.com/laszlodaniel/SmartBatteryHack): Arduino based hacking tool for smart batteries using SMBus.
[cybersecurity-malware-analysis](https://github.com/paulveillard/cybersecurity-malware-analysis): A collection of Malware Analysis software, materials, libraries, documents, books, resources about malware analysis in Cybersecurity.
[meshbird](https://github.com/meshbird/meshbird): Distributed private networking
[reosploit](https://github.com/spicesouls/reosploit): A Tool that Finds, Enumerates, and Exploits Reolink Cameras.
[spectre_meltdown](https://github.com/jarmouz/spectre_meltdown): Meltdown and Spectre : CPU vulnerabilities — Explained and Exploited
[railsgoat](https://github.com/OWASP/railsgoat): A vulnerable version of Rails that follows the OWASP Top 10
[ambiguous-png-packer](https://github.com/DavidBuchanan314/ambiguous-png-packer): Craft PNG files that appear completely different in Apple software [NOW PATCHED]
[browser-creds](https://github.com/HugoLB0/browser-creds): recover Firefox and more browsers logins
[ez-pwnkit](https://github.com/OXDBXKXO/ez-pwnkit): Go implementation of the PwnKit Linux Local Privilege Escalation exploit (CVE-2021-4034)
[TotalPass](https://github.com/0xHJK/TotalPass): Default password scanner. 默认密码扫描器
[Teardroid-phprat](https://github.com/ScRiPt1337/Teardroid-phprat): :india: :robot: It's easy to use android botnet work without port forwarding, vps and android studio
[cve-2020-27358-27359](https://github.com/sebastian-mora/cve-2020-27358-27359): CVE-2020-27358 and CVE-2020-27359
[AppInfoScanner](https://github.com/kelvinBen/AppInfoScanner): 一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具,可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如:Title、Domain、CDN、指纹信息、状态信息等。
[WitnessMe](https://github.com/byt3bl33d3r/WitnessMe): Web Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to make life easier.
[cics-java-liberty-loans-and-scoring](https://github.com/cicsdev/cics-java-liberty-loans-and-scoring): Sample materials for the article "Using the Liberty JWT Feature with CICS" that illustrate how CICS and Liberty for z/OS capabilities can be used to handle JSON Web Token (JWT)
[HTP](https://github.com/aryanrtm/HTP): Hack The Printer
[The-Awesome-And-Dangerous-collection](https://github.com/maxamin/The-Awesome-And-Dangerous-collection)
[fuxi](https://github.com/jeffzh3ng/fuxi): Penetration Testing Platform
[Instabruteforce](https://github.com/Hackertrackersj/Instabruteforce): hacking-tool termux-tools termux noob-friendly instagram-bot bruteforce-password-cracker wordlist-technique
[robot_hacking_manual](https://github.com/vmayoral/robot_hacking_manual): Robot Hacking Manual (RHM). From robotics to cybersecurity. Papers, notes and writeups from a journey into robot cybersecurity.
[Forum-de-cursos](https://github.com/Gabrie345/Forum-de-cursos): Aplicação desenvolvida com o curso da alura Spring-boot-seguranca-cache-monitoramento
[sploitfun-linux-x86-exp-tut-zh](https://github.com/wizardforcel/sploitfun-linux-x86-exp-tut-zh): :book: [译] SploitFun Linux x86 Exploit 开发系列教程
[charlas-ciberseguras](https://github.com/andersonjoseph/charlas-ciberseguras): Charlas / Conferencias de hacking y seguridad informática en español
[PseudoROX.github.io](https://github.com/PseudoROX/PseudoROX.github.io): PseudoROX cybersecurity opensource project website.
[snoop](https://github.com/snooppr/snoop): Snoop — инструмент разведки на основе открытых данных (OSINT world)
[Slacker](https://github.com/kordup/Slacker): Slacker makes navigating tools while focusing on a single target quicker, and easier with global targeting and preset tool functionality, as well as optional custom argument input.
[nocom-explanation](https://github.com/nerdsinspace/nocom-explanation): block game military grade radar
[Asnlookup](https://github.com/yassineaboukir/Asnlookup): Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.
[orbot](https://github.com/guardianproject/orbot): The Github home of Orbot: Tor on Android (Also available on gitlab!)
[wprecon](https://github.com/blackcrw/wprecon): WPRecon, is a tool for the recognition of vulnerabilities and blackbox information for wordpress.
[rdp0708scanner](https://github.com/l9c/rdp0708scanner): cve-2019-0708 vulnerablility scanner
[envchain](https://github.com/sorah/envchain): Environment variables meet macOS Keychain and gnome-keyring <3
[Exploit-Slient-Doc-Pdf](https://github.com/attakercyebr/Exploit-Slient-Doc-Pdf): ulnerability Disclosure Timeline Closer inspection of the Exploit PDF content reveals the malicious link as well as the URL Download and Execute of the tool used to generate the Exploit PDF from Python encrypted code content which we also implement in couple of our builders. Silent PDF Exploit silent-pdf-exploit-2018silent-pdf-exploit-2018 Silen…
[Miner](https://github.com/M507/Miner): Local Privilege Escalation Miner
[wholeaked](https://github.com/utkusen/wholeaked): a file-sharing tool that allows you to find the responsible person in case of a leakage
[second-order](https://github.com/mhmdiaa/second-order): Second-order subdomain takeover scanner
[opencti](https://github.com/OpenCTI-Platform/opencti): Open Cyber Threat Intelligence Platform
[mobile-heavy-artillery](https://github.com/Fricciolosa-Red-Team/mobile-heavy-artillery): 🔥Ready, Aim, Fire.🔥
[netauditor](https://github.com/scmanjarrez/netauditor): Mirror repository of https://gitlab.gast.it.uc3m.es/schica/netauditor
[Whaler](https://github.com/P3GLEG/Whaler): Program to reverse Docker images into Dockerfiles
[container.binwalk](https://github.com/0dayInc/container.binwalk): Project that Leverages Packer to Produce a Docker Container w/ binwalk and its Dependencies
[EvtXHunt](https://github.com/Lyc4on/EvtXHunt): EvtXHunt is an Autopsy plugin that is able to analyze Windows EVTX logs against a library of SIGMA rules.
[DevSecOpsGuideline](https://github.com/OWASP/DevSecOpsGuideline): The OWASP DevSecOps Guideline can help us to embedding security as a part of the development pipeline.
[RECON-SCANNER](https://github.com/tburakdirlik/RECON-SCANNER): Recon scanner is a web crawling and vulnerability scanning tool. Available modules: whoIs, subdomain scanner, port scanner, directory traversal finder, xss finder.
[cybersecurity-interview-questions](https://github.com/jassics/cybersecurity-interview-questions): Security interview questions with possible explanation
[G-Unsicherheit](https://github.com/java-crypto/G-Unsicherheit): G-Unsecure
[httpsuite](https://github.com/whoamisec75/httpsuite): A toolkit for web reconnaissance, it's fast and easy to use.
[Fuzzing101](https://github.com/antonio-morales/Fuzzing101): An step by step fuzzing tutorial. A GitHub Security Lab initiative
[wp-api-exploit-v4.7.0-v4.7.1](https://github.com/kvcpr/wp-api-exploit-v4.7.0-v4.7.1): WordPress 4.7.0-4.7.1 REST API Post privilege escalation / defacement exploit
[MBF-HACK](https://github.com/Hammond-sys/MBF-HACK): gunakan dengan bijak
[wallnet](https://github.com/wallarm/wallnet)
[saractl](https://github.com/smeso/saractl): saractl is the userspace counterpart of the S.A.R.A. LSM.
[w13scan](https://github.com/w-digital-scanner/w13scan): Passive Security Scanner (被动式安全扫描器)
[anonfiles](https://github.com/TheSpeedX/anonfiles): Share Files More Anonymously Than Ever...
[TITANIC-DATASET-ANALYSIS](https://github.com/drsanchikagupta/TITANIC-DATASET-ANALYSIS): Kaggle Titanic Challenge link: https://www.kaggle.com/c/titanic-gettingStarted
[Advanced-Penetration-testing](https://github.com/Afriness/Advanced-Penetration-testing): A Step by Step Penetration Testing Sheet for Cyber Security Experts
[Python-Nikto-Vulnerability-Report-Tool](https://github.com/sectool/Python-Nikto-Vulnerability-Report-Tool): Nikto Vulnerability Report Tool 🌌
[hawk](https://github.com/medpaf/hawk): Network, recon and offensive-security tool for Linux.
[intrigue-ident](https://github.com/intrigueio/intrigue-ident): Application and Service Fingerprinting
[Valkyrie](https://github.com/soufianetahiri/Valkyrie): Another OSINT tool
[BlooketHack](https://github.com/kgsensei/BlooketHack): One of the First Blooket hacks online.
[VanCleef](https://github.com/MauroEldritch/VanCleef): Exploit for CVE-2019-11881 (Rancher 2.1.4 Web Parameter Tampering)
[joomscan](https://github.com/OWASP/joomscan): OWASP Joomla Vulnerability Scanner Project
[PwnLnX](https://github.com/0xTRAW/PwnLnX): An advanced multi-threaded, multi-client python reverse shell for hacking linux systems. There's still more work to do so feel free to help out with the development. Disclaimer: This reverse shell should only be used in the lawful, remote administration of authorized systems. Accessing a computer network without authorization or permission is illegal.
[recommendations-for-engineers](https://github.com/pyxelr/recommendations-for-engineers): All of my recommendations for aspiring engineers in a single place, coming from various areas of interest.
[wingkalabs](https://github.com/SVelizDonoso/wingkalabs): Wingkalabs (Linux) Wingkalabs es una máquina Virtual Linux intencionalmente vulnerable. Esta máquina virtual se puede utilizar para realizar entrenamientos de seguridad, probar herramientas de seguridad y practicar técnicas comunes de pruebas de penetración.
[cloudlist](https://github.com/projectdiscovery/cloudlist): Cloudlist is a tool for listing Assets from multiple Cloud Providers.
[click-click](https://github.com/anirudhdggl/click-click): click-click is a python script to quickly scan for clickjacking vulnerability in a given list of URLs
[lyncsmash](https://github.com/nyxgeek/lyncsmash): locate and attack Lync/Skype for Business
[ns3-cybersecurity-simulations](https://github.com/Saket-Upadhyay/ns3-cybersecurity-simulations): Collection of Common Cybersecurity Scenarios/Simulations in NS3 w/ NetAnim.
[pocassistdb](https://github.com/jweny/pocassistdb): database of pocassist(漏洞库)
[argus](https://github.com/ALDON94/argus): Argus Advanced Remote & Local Keylogger For macOS and Windows
[RainbowAttack](https://github.com/alahyaoui/RainbowAttack): C++ application that cracks password using a Rainbow Table
[RedTeam_toolkit](https://github.com/signorrayan/RedTeam_toolkit): Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools used in the red-teaming together.
[dronesploit](https://github.com/dhondta/dronesploit): Drone pentesting framework console
[OpenEMR-RCE](https://github.com/noraj/OpenEMR-RCE): OpenEMR <= 5.0.1 - (Authenticated) Remote Code Execution
[manifest](https://github.com/wookey-project/manifest): The WooKey project manifest repository, use repo init -u https://github.com/wookey-project/manifest.git
[Vaile](https://github.com/VainlyStrain/Vaile): Metasploit-like pentest framework derived from TIDoS (https://github.com/0xInfection/TIDoS-Framework)
[ThreatMapper](https://github.com/deepfence/ThreatMapper): 🔥 🔥 Open source cloud native security observability platform. Linux, K8s, AWS Fargate and more. 🔥 🔥
[eth_keyfun](https://github.com/Sector443/eth_keyfun): A small tool to bruteforce weak ethereum private keys and more
[cod-steamauth-rce](https://github.com/RektInator/cod-steamauth-rce)
[SELKS](https://github.com/StamusNetworks/SELKS): A Suricata based IDS/IPS/NSM distro
[OSCP-Notes-Template](https://github.com/Twigonometry/OSCP-Notes-Template): A template Obsidian Vault for storing your OSCP revision notes
[Cam-Hackers](https://github.com/AngelSecurityTeam/Cam-Hackers): Hack Cameras CCTV FREE
[emba](https://github.com/e-m-b-a/emba): EMBA - The firmware security analyzer
[GitLab-11.4.7-RCE](https://github.com/ctrlsam/GitLab-11.4.7-RCE): POC for GitLabs Authenticated RCE in version 11.4.7 community edition
[hostintel](https://github.com/keithjjones/hostintel): A modular Python application to collect intelligence for malicious hosts.
[OSINTBookmarks](https://github.com/5nacks/OSINTBookmarks): OSINT Bookmarks for Firefox / Chrome / Edge / Safari
[CTI-Lexicon](https://github.com/BushidoUK/CTI-Lexicon): Dictionary of CTI-related acronyms, terms, and jargon
[dexcalibur](https://github.com/FrenchYeti/dexcalibur): [Official] Android reverse engineering tool focused on dynamic instrumentation automation leveraging Frida. It disassembles dex, analyzes it statically, generates hooks, discovers reflected methods, stores intercepted data and does new things from it. Its aim is to be an all-in-one Android reverse engineering platform.
[findbugs-security-docker](https://github.com/lokori/findbugs-security-docker): FindBugs + Find Security Bugs -plugin in Docker image
[sliver-gui](https://github.com/BishopFox/sliver-gui): A Sliver GUI Client
[ggshield-action](https://github.com/GitGuardian/ggshield-action): GitGuardian Shield GitHub Action - Find exposed credentials in your commits
[the-hacking-trove](https://github.com/noraj/the-hacking-trove): The hacker technical cheat sheet
[nim-firejail](https://github.com/juancarlospaco/nim-firejail): Firejail wrapper for Nim, Isolate your Production App before its too late!
[security_review](https://github.com/banviktor/security_review): Drupal 8 port of the Security Review module for GSoC 2015
[certera](https://github.com/certera-io/certera): A central validation server for Let's Encrypt certificates
[AutoGadgetFS](https://github.com/ehabhussein/AutoGadgetFS): USB testing made easy
[CVE-2021-21123-PoC-Google-Chrome](https://github.com/Puliczek/CVE-2021-21123-PoC-Google-Chrome): 🐱💻 👍 Google Chrome - File System Access API - vulnerabilities reported by Maciej Pulikowski | Total Bug Bounty Reward: $5.000 | CVE-2021-21123 and 5 more...
[the-practical-linux-hardening-guide](https://github.com/trimstray/the-practical-linux-hardening-guide): This guide details creating a secure Linux production system. OpenSCAP (C2S/CIS, STIG).
[Yazilarim](https://github.com/expday/Yazilarim): Geçmiş zamanlarda yazdığım yazılar. Siber güvenlik, Rootkit, Analiz, Bot Network, DDoS, DoS , Phishing , Exploit ...v.s...
[cloudmarker](https://github.com/cloudmarker/cloudmarker): Cloud security monitoring tool and framework
[CVE-2019-8449](https://github.com/mufeedvh/CVE-2019-8449): CVE-2019-8449 Exploit for Jira v2.1 - v8.3.4
[IoTVulnerabilityScanner](https://github.com/yashpungaliya/IoTVulnerabilityScanner): An interactive IoT vulnerability scanner.
[MalwareGallery](https://github.com/BaRRaKudaRain/MalwareGallery): Malware Gallery. Yet another malware collection in the Internet.
[mimiRust](https://github.com/ThottySploity/mimiRust): MimiRust - Hacking the Windows operating system to hand us the keys to the kingdom with Rust.
[nodejsscan](https://github.com/ajinabraham/nodejsscan): nodejsscan is a static security code scanner for Node.js applications.
[MS17-010](https://github.com/a6avind/MS17-010): MS17-010
[Chaya](https://github.com/xerohackcom/Chaya): Advance Image Steganography
[php-casbin](https://github.com/php-casbin/php-casbin): An authorization library that supports access control models like ACL, RBAC, ABAC in PHP .
[pwn2exploit](https://github.com/jmpews/pwn2exploit): all mine papers, pwn & exploit
[webstor](https://github.com/RossGeerlings/webstor): A script to quickly enumerate all websites across all of your organization's networks, store their responses, and query for known web technologies, such as those with zero-day vulnerabilities.
[getroot](https://github.com/sdushantha/getroot): 🛠️ Tool to bypass my school's security system to get sudo privileges on MacOS
[OSCP-Human-Guide](https://github.com/six2dez/OSCP-Human-Guide): My own OSCP guide
[swifty](https://github.com/swiftyapp/swifty): 🔑 Free Offline Password Manager
[CVE-repository](https://github.com/Orange-Cyberdefense/CVE-repository): :beetle: Repository of CVE found by OCD people
[fim](https://github.com/Achiefs/fim): FIM is an Open Source Host-based file detection tool that performs file system analysis, file integrity checking and real time alerting.
[git-dumper](https://github.com/arthaud/git-dumper): A tool to dump a git repository from a website
[privacy.sexy](https://github.com/undergroundwires/privacy.sexy): Open-source tool to enforce privacy & security best-practices on Windows and macOS, because privacy is sexy 🍑🍆
[Explib](https://github.com/b4zinga/Explib): Explib: Collections of poc and exp.
[incident_alarm](https://github.com/christiecc8/incident_alarm): An alarm written in Python to sniff a pcap file or live interface for NULL, XMAS, FIN, SMB, and Nikto scans. Detects plaintext credentials sent over IMAP, FTP, and HTML protocols.
[Addon](https://github.com/ClearURLs/Addon): ClearURLs is an add-on based on the new WebExtensions technology and will automatically remove tracking elements from URLs to help protect your privacy.
[ArchStrike](https://github.com/ArchStrike/ArchStrike): An Arch Linux repository for security professionals and enthusiasts. Done the Arch Way and optimized for i686, x86_64, ARMv6, ARMv7 and ARMv8.
[BinAbsInspector](https://github.com/KeenSecurityLab/BinAbsInspector): BinAbsInspector: Vulnerability Scanner for Binaries
[plexiglass](https://github.com/enochkan/plexiglass): A PyTorch toolbox for adversarial attack and deepfake detection research.
[ForceReset](https://github.com/Fweak/ForceReset): Simple Tool to Temp Disable Discord Accounts | Force them to Reset their password
[cti-stix-diamond-activity-attack-graph](https://github.com/yukh1402/cti-stix-diamond-activity-attack-graph): STIX 2.1 Visualizer, Attack and Activity Thread Graph for Threat Modeling
[DeimosC2](https://github.com/DeimosC2/DeimosC2): DeimosC2 is a Golang command and control framework for post-exploitation.
[ManageEngineFileUploadExploit](https://github.com/Trek333/ManageEngineFileUploadExploit): POC script for the ManageEngine Multiple Products Authenticated File Upload Exploit
[unipacker](https://github.com/unipacker/unipacker): Automatic and platform-independent unpacker for Windows binaries based on emulation
[certonid](https://github.com/certonid/certonid): Certonid is a Serverless SSH Certificate Authority
[Mass-exploit-CVE-2022-29464](https://github.com/electr0lulz/Mass-exploit-CVE-2022-29464): Mass Exploit for CVE 2022-29464 on Carbon
[CVE-2022-23808](https://github.com/dipakpanchal456/CVE-2022-23808): phpMyAdmin XSS
[seccubus](https://github.com/seccubus/seccubus): Easy automated vulnerability scanning, reporting and analysis
[go-cpe](https://github.com/knqyf263/go-cpe): A Go library for CPE (A Common Platform Enumeration 2.3)
[SwissArmyPi](https://github.com/vs4vijay/SwissArmyPi): A set of utility/tools to make Raspberry Pi [Zero W] into Swiss Army Knife
[terrascan](https://github.com/tenable/terrascan): Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
[openvas-scanner](https://github.com/greenbone/openvas-scanner): This repository contains the scanner component for Greenbone Community Edition.
[log4j-scanner](https://github.com/cisagov/log4j-scanner): log4j-scanner is a project derived from other members of the open-source community by CISA to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities.
[ATutor-2.2.4-Language-Exploit](https://github.com/fuzzlove/ATutor-2.2.4-Language-Exploit): ATutor 2.2.4 Arbitrary File Upload / RCE (CVE-2019-12169)
[securitytools](https://github.com/virenukey/securitytools): Tools created under this repo are general-purpose tools for cyber-security beginners to check the prototype and flow of any enterprise-level software and implementation, providing the same
[CVE-2022-24124](https://github.com/ColdFusionX/CVE-2022-24124): POC for CVE-2022-24124
[bWAPP](https://github.com/chillitray/bWAPP): Most vulnerable PHP website to carry pentesting.
[SSI_Extra_Materials](https://github.com/jose-r-lopez/SSI_Extra_Materials): In my computer security course we make extensive usage of cheatsheets for various tools and extra materials to complement the student learning if they are willing to do so. I have decided to share them to enable others to take advantage of these materials
[Apache-OFBiz-XXE](https://github.com/jamieparfet/Apache-OFBiz-XXE): XXE injection (file disclosure) exploit for Apache OFBiz < 16.11.04
[free-security-resources](https://github.com/ad775/free-security-resources): 安全总是无处不在...
[sodium_compat](https://github.com/paragonie/sodium_compat): Pure PHP polyfill for ext/sodium
[Snort_Log_Server](https://github.com/mruv/Snort_Log_Server): A tool for simplifying network administration. Gets log messages from Snort IDS, processes them, classifies them as either THREAT / NOT_THREAT then creates a pop up window incase of a threat.
[hacker-scripts](https://github.com/restran/hacker-scripts): ⛷ A collection of hacker scripts.
[codecat](https://github.com/CoolerVoid/codecat): CodeCat is an open-source tool to help you find/track user input sinks and security bugs using static code analysis. These points follow regex rules. Beta version.
[aws-well-architected-labs](https://github.com/awslabs/aws-well-architected-labs): Hands on labs and code to help you learn, measure, and build using architectural best practices.
[exploit-CVE-2014-6271](https://github.com/opsxcq/exploit-CVE-2014-6271): Shellshock exploit + vulnerable environment
[CCSC-CTF-2020](https://github.com/cybermouflons/CCSC-CTF-2020): All challenges for the CCSC 2020 CTF
[xxUSBSentinel](https://github.com/thereisnotime/xxUSBSentinel): Windows anti-forensics USB monitoring tool.
[SecurityDriven.Inferno](https://github.com/sdrapkin/SecurityDriven.Inferno): :white_check_mark: .NET crypto done right. Professionally audited.
[OSINT-SearchOperators](https://github.com/BushidoUK/OSINT-SearchOperators)
[cipher4j](https://github.com/cszxyang/cipher4j): Pure Implementations for encryption algorithms including DES, RSA, AES, RC4
[hubcommander](https://github.com/Netflix/hubcommander): A Slack bot for GitHub organization management -- and other things too
[WarioLand4MultiEditor](https://github.com/shinespeciall/WarioLand4MultiEditor): MultiEditor for Wario Land 4
[TokenUniverse](https://github.com/diversenok/TokenUniverse): An advanced tool for working with access tokens and Windows security policy.
[DOMPurify](https://github.com/cure53/DOMPurify): DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
[fosstars-rating-core](https://github.com/SAP/fosstars-rating-core): A framework for defining ratings for open source projects. In particular, the framework offers a security rating for open source projects that may be used to assess the security risk that comes with open source components.
[graphw00f](https://github.com/dolevf/graphw00f): graphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology is behind a given GraphQL endpoint.
[Kill-Router-](https://github.com/msfidelis/Kill-Router-): Ferramenta para quebrar senhas administrativas de roteadores Wireless, routers, switches e outras plataformas de gestão de serviços de rede autenticados.
[cisofy-security-policy](https://github.com/CISOfy/cisofy-security-policy): This is the public security policy of CISOfy, with extra resources like security tools.
[tenable-securitycenter](https://github.com/AlainODea-haskell/tenable-securitycenter): Tenable SecurityCenter REST API client
[dnsFookup](https://github.com/makuga01/dnsFookup): DNS rebinding toolkit
[ProxyExe](https://github.com/scipag/ProxyExe): Launch a Windows EXE file with this EXE file (application filter evasion)
[TextAttack](https://github.com/QData/TextAttack): TextAttack 🐙 is a Python framework for adversarial attacks, data augmentation, and model training in NLP https://textattack.readthedocs.io/en/master/
[midfp-win32](https://github.com/scipag/midfp-win32): Mail Message-ID Fingerprinting
[SyscallExtractorAnalyzer](https://github.com/Truvis/SyscallExtractorAnalyzer): This script will pull and analyze syscalls in given application(s) allowing for easier security research purposes
[python_sec](https://github.com/bit4woo/python_sec): python安全和代码审计相关资料收集 resource collection of python security and code review
[gagako](https://github.com/seaung/gagako): 一款Golang开发的安全工具
[eos-bp-nodes-security-checklist](https://github.com/slowmist/eos-bp-nodes-security-checklist): EOS bp nodes security checklist(EOS超级节点安全执行指南)
[dirhunt](https://github.com/Nekmo/dirhunt): Find web directories without bruteforce
[bluetooth-keyboard-emulator](https://github.com/SySS-Research/bluetooth-keyboard-emulator): Simple proof-of-concept software tool for emulating Bluetooth BR/EDR (a.k.a. Bluetooth Classic) keyboards
[ByePg](https://github.com/can1357/ByePg): Defeating Patchguard universally for Windows 8, Windows 8.1 and all versions of Windows 10 regardless of HVCI
[ATSCAN](https://github.com/AlisamTechnology/ATSCAN): Advanced dork Search & Mass Exploit Scanner
[ctfr](https://github.com/UnaPibaGeek/ctfr): Abusing Certificate Transparency logs for getting HTTPS websites subdomains.
[Adhrit](https://github.com/abhi-r3v0/Adhrit): Android Security Suite for in-depth reconnaissance and static bytecode analysis based on Ghera benchmarks.
[mdptropfort.github.io](https://github.com/MDPTropFort/mdptropfort.github.io): Et si on essayait collectivement d'adopter une meilleure hygiène informatique ?
[Discord-Nuker](https://github.com/tungdo0602/Discord-Nuker): Super fast nuker written in python with proxy and many thing!
[Vailyn](https://github.com/VainlyStrain/Vailyn): A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python
[vilicus](https://github.com/edersonbrilhante/vilicus): Vilicus is an open source tool that orchestrates security scans of container images(docker/oci) and centralizes all results into a database for further analysis and metrics.
[flightsim](https://github.com/alphasoc/flightsim): A utility to safely generate malicious network traffic patterns and evaluate controls.
[Python-Scripts](https://github.com/bing0o/Python-Scripts): Collection of Python Scripts
[PHPVulFinder](https://github.com/meizjm3i/PHPVulFinder): PHP Static Program Analysis
[tpot-terraform](https://github.com/prateepb/tpot-terraform): DEPRECATED: Deploy T-Pot Honeypot to EC2 Using Terraform
[NETNOOB](https://github.com/NARCOTIC/NETNOOB): A simple program written in bash that contains basic Linux network tools, information gathering tools and scanning tools.
[android-hacking-part-2](https://github.com/vinagrsec/android-hacking-part-2): How to Hack an Android Phone using an Malicious Android Application - Part-2 (More Sophisticated Way)
[CVE-2022-33891](https://github.com/AmoloHT/CVE-2022-33891): 「💥」CVE-2022-33891 - Apache Spark Shell Command Injection
[bughunting-ar](https://github.com/hackarwiki/bughunting-ar): هذا المستودع هي محاولة منا لاثراء المحتوي العربي بخصوص البج بونتي ومايحتويه من انواع ثغرات الي تقنيات مختلفة الي مصادر متعددة
[search-for-vulnerabilities](https://github.com/AdrielFreud/search-for-vulnerabilities)
[CVE-2019-0604](https://github.com/k8gege/CVE-2019-0604): cve-2019-0604 SharePoint RCE exploit
[Go-MISPFeedGenerator](https://github.com/KaanSK/Go-MISPFeedGenerator): Golang implementation of PyMISP-feedgenerator
[pyvfeed](https://github.com/vfeedio/pyvfeed): Python API for vFeed Vulnerability & Threat Intelligence Database Enterprise & Pro Editions
[Software-Security](https://github.com/ramizebian/Software-Security): A Github repository I created while studying the Software Security course on Coursera. I made the repository public to discuss solutions with like-minded developers.
[nvtengine](https://github.com/Clivebi/nvtengine): network vulnerability-test engine nasl like script engine
[Screenshooter](https://github.com/FortyNorthSecurity/Screenshooter): C# program to take a full size screenshot or a recording of the user's desktop. Takes in 0-3 flags
[Brutal](https://github.com/screetsec/Brutal): Payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy . Brutal is a toolkit to quickly create various payload,powershell attack , virus attack and launch listener for a Human Interface Device ( Payload Teensy )
[awesome-vm-exploit](https://github.com/WinMin/awesome-vm-exploit): share some useful archives about vm and qemu escape exploit.
[DScaner](https://github.com/BenDerPan/DScaner): 分布式漏扫框架
[jaeles](https://github.com/jaeles-project/jaeles): The Swiss Army knife for automated Web Application Testing
[ATMSFE](https://github.com/Err0r-ICA/ATMSFE): Termux Auto-Metasploit
[go-gmp](https://github.com/filewalkwithme/go-gmp): Go library to interact with the Greenbone Vulnerability Manager 11 using the GMP protocol (Greenbone Management Protocol, version 9.0)
[interactsh](https://github.com/projectdiscovery/interactsh): An OOB interaction gathering server and client library
[CVE-2021-3156](https://github.com/GatoGamer1155/CVE-2021-3156): Script en python sobre la vulnerabilidad CVE-2021-3156
[handbook](https://github.com/0xffsec/handbook): A living document for penetration testing and offensive security.
[0d1n](https://github.com/CoolerVoid/0d1n): Tool for automating customized attacks against web applications. Fully made in C language with pthreads, it has fast performance.
[ThreatIngestor](https://github.com/InQuest/ThreatIngestor): Extract and aggregate threat intelligence.
[integrated-security-testing-environment](https://github.com/okuken/integrated-security-testing-environment): Integrated Security Testing Environment for Web Applications as Burp Extension. 質問等用Slackへの参加はこちら:https://join.slack.com/t/burp-iste/shared_invite/zt-13xm9liet-BPI1ByEEklmTKZcSbQepAA
[awesome-game-security](https://github.com/gmh5225/awesome-game-security): awesome game security [Welcome to PR]
[Knowledge-Base](https://github.com/slowmist/Knowledge-Base): Knowledge Base 慢雾安全团队知识库
[RomBuster](https://github.com/EntySec/RomBuster): RomBuster is a router exploitation tool that allows to disclosure network router admin password.
[databreach](https://github.com/vlooten/databreach): Description of Data Breaches Notifications in France and Lessons Learned for the Healthcare Stakeholders. Simon M. Looten V. Stud Health Technol Inform. 2020 Nov 23;275:192-196. doi: 10.3233/SHTI200721. https://pubmed.ncbi.nlm.nih.gov/33227767/
[AutoBlue-MS17-010](https://github.com/3ndG4me/AutoBlue-MS17-010): This is just an semi-automated fully working, no-bs, non-metasploit version of the public exploit code for MS17-010
[wP-BrutE](https://github.com/zerobyte-id-bak/wP-BrutE)
[PortScanner](https://github.com/Youssefa99/PortScanner): Scanning privileged ports 1-1024, DDos is illegal and should be used only if have permission
[Nidhogg](https://github.com/Idov31/Nidhogg): Nidhogg is an all-in-one simple to use rootkit for red teams.
[wifiphisher](https://github.com/wifiphisher/wifiphisher): The Rogue Access Point Framework
[adarch](https://github.com/pagiux/adarch): Development of active defense tools, made easier.
[dirsearch](https://github.com/maurosoria/dirsearch): Web path scanner
[chromepass](https://github.com/darkarp/chromepass): Chromepass - Hacking Chrome Saved Passwords
[bloodhound-elementary](https://github.com/ProfessionallyEvil/bloodhound-elementary): Command line tool for analyzing .json files generated by bloodhound.py or sharphound for use in Bloodhound.
[armpwn](https://github.com/saelo/armpwn): Repository to train/learn memory corruption on the ARM platform.
[Umbrella_content](https://github.com/securityfirst/Umbrella_content): Open source Android, iOS and Web app for learning about and managing digital and physical security. From how to send a secure message to dealing with a kidnap. Umbrella has best practice guides in over 40 topics in multiple languages. Used daily by people working in high risk countries - journalists, activists, diplomats, business travelers etc.
[PrefSecure](https://github.com/Mohamed-Fadel/PrefSecure): Android Library For Saving any sensitive Data (e.g user credentials, access token, credit cards ,... etc) in cryptographic format
[taser](https://github.com/m8sec/taser): Python3 resource library for creating security related tooling
[CyberSecurity-Bootcamp](https://github.com/dsteves28/CyberSecurity-Bootcamp): Assignments and projects that show my knowledge and experience of Cyber Security.
[securefs](https://github.com/netheril96/securefs): Filesystem in userspace (FUSE) with transparent authenticated encryption
[falcon](https://github.com/qeeqbox/falcon): Collection of exploits that were verified by an automated system
[psytester.github.io](https://github.com/psytester/psytester.github.io): Blog
[security-bundle](https://github.com/symfony/security-bundle): The security system is one of the most powerful parts of Symfony and can largely be controlled via its configuration.
[scilla](https://github.com/edoardottt/scilla): Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration
[Hax-That-Fuck](https://github.com/akalankauk/Hax-That-Fuck): Hax That F#uck Html Page
[leaky-paths](https://github.com/ayoubfathi/leaky-paths): A collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.
[SAP_exploit](https://github.com/vah13/SAP_exploit): Here you can get full exploit for SAP NetWeaver AS JAVA
[kubernetes-goat](https://github.com/madhuakula/kubernetes-goat): Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
[rainfall](https://github.com/bpisano/rainfall): Second projet de la branche sécurité de l'école 42.
[AWS-Loot](https://github.com/sebastian-mora/AWS-Loot): Pull secrets from an AWS environment
[hookso](https://github.com/esrrhs/hookso): linux动态链接库的注入修改查找工具 A tool for injection, modification and search of linux dynamic link library
[jasypt-spring-boot](https://github.com/ulisesbocchio/jasypt-spring-boot): Jasypt integration for Spring boot
[facebook-exploit-toolkit](https://github.com/jagreetdg/facebook-exploit-toolkit): Toolkit for Penetration Testing Facebook
[violent_python](https://github.com/AllGloryToTheHypnotoad/violent_python): Example programs from Violent Python book
[awesome-cloud-osint](https://github.com/testrockytesting/awesome-cloud-osint): This repository will host resources for collecting information about cloud providers - SaaS, IaaS, PaaS, DaaS etc.
[multi-juicer](https://github.com/iteratec/multi-juicer): Run Capture the Flags and Security Trainings with OWASP Juice Shop
[Vanquish](https://github.com/frizb/Vanquish): Vanquish is Kali Linux based Enumeration Orchestrator. Vanquish leverages the opensource enumeration tools on Kali to perform multiple active information gathering phases.
[attckr](https://github.com/hrbrmstr/attckr): ⚔️MITRE ATT&CK Machinations in R
[ursadb](https://github.com/CERT-Polska/ursadb): Trigram database written in C++, suited for malware indexing
[reconftw](https://github.com/six2dez/reconftw): reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
[ApplicationSecurity_Interview_Questions_Answers](https://github.com/mafiaguy/ApplicationSecurity_Interview_Questions_Answers): Some of the queries that were asked in interviews for Application/Security Engineering roles and were submitted to Glassdoor.com. I felt these queries were vital to being asked and a few were difficult to answer. I attempted to incorporate some answers for a few of the queries
[deepweb-scappering](https://github.com/kurogai/deepweb-scappering): Discover hidden deepweb pages
[phpsecurityscanner](https://github.com/lpkapil/phpsecurityscanner): A PHP Class to recursively scan vulnerable php functions inside a directory
[OSINT_TIPS](https://github.com/blaCCkHatHacEEkr/OSINT_TIPS): OSINT
[POC-exploits](https://github.com/merrychap/POC-exploits): :unlock: Vulnerability Research and Proof of Concept exploits for various targets found by me
[Secure-Pref-Manager](https://github.com/prashantsolanki3/Secure-Pref-Manager): Secure Preference Manager for android. It uses various Encryption to protect your application's Shared Preferences.
[brutto](https://github.com/jofpin/brutto): Easy brute forcing to whatever you want - Jose Pino
[DARK-FB_v1.6](https://github.com/Samuelpasaribu/DARK-FB_v1.6): script hack fb
[advisory-db](https://github.com/rustsec/advisory-db): Security advisory database for Rust crates published through crates.io
[UserFinder](https://github.com/mishakorzik/UserFinder): OSINT tool for finding profiles by username
[Exploits-in-c](https://github.com/online6731/Exploits-in-c): Exploits in c
[scan-cli-plugin](https://github.com/docker/scan-cli-plugin): Docker Scan is a Command Line Interface to run vulnerability detection on your Dockerfiles and Docker images
[collection-document](https://github.com/tom0li/collection-document): Collection of quality safety articles. Awesome articles.
[habu](https://github.com/fportantier/habu): Hacking Toolkit
[keeweb](https://github.com/keeweb/keeweb): Free cross-platform password manager compatible with KeePass
[capsulecorp-pentest](https://github.com/R3dy/capsulecorp-pentest): Vagrant VirtualBox environment for conducting an internal network penetration test
[Ethical-Hacking-Python-Scripts](https://github.com/SHathi28/Ethical-Hacking-Python-Scripts): Repository for security-related Python scripts.
[materializecss_starter](https://github.com/jalasem/materializecss_starter): A Starter Boilerplate for Materializecss, ionicons, font-awesome and Animatecss
[Pompem](https://github.com/rfunix/Pompem): Find exploit tool
[Structured-Exception-Handling-SEH-Buffer-Overflow](https://github.com/GihanJ/Structured-Exception-Handling-SEH-Buffer-Overflow): Contains an exploit code of a SEH attack against the file sharing wizard 1.5.0 application and a report explaining the process
[X-Scan](https://github.com/XTeam-Wing/X-Scan): 魔改版内网扫描工具
[Galacticc](https://github.com/Kopamed/Galacticc): Minecraft ghost client for 1.8.9
[DeathStar](https://github.com/byt3bl33d3r/DeathStar): Uses Empire's (https://github.com/BC-SECURITY/Empire) RESTful API to automate gaining Domain and/or Enterprise Admin rights in Active Directory environments using some of the most common offensive TTPs.
[wp-plugins-poc](https://github.com/deguru22/wp-plugins-poc): Collection of WordPress Plugin PoC - For Educational Purposes ONLY
[ARP-Spoofer](https://github.com/Sedatyf/ARP-Spoofer): This script sends forged ARP packages on a local network in order to impersonate a host and receive victim's internet traffic
[pytools](https://github.com/CharlesPikachu/pytools): Pytools: Some useful tools written by pure python.
[apk-medit](https://github.com/aktsk/apk-medit): memory search and patch tool on debuggable apk without root & ndk
[TypeHUB](https://github.com/AdliXSec/TypeHUB): TypeHUB Exploiter
[MalGAN](https://github.com/PowerLZY/MalGAN): 主题为”基于GAN的恶意软件对抗样本生成“。首先介绍了恶意软件发展现状,引出基于模式匹配、特征空间和问题空间三种方式去检测恶意软件。然后介绍了如何生成对抗样本攻击恶意软件检测器,详细介绍了基于GAN的恶意软件对抗样本的MalGAN框架,并对实验结果进行了对比。最后总结了结构性对抗样本的约束:可用转换 、保留语义、似然性、副作用特征。
[phackerpy](https://github.com/xmc2/phackerpy): p hacker
[SpicyPass](https://github.com/JFreegman/SpicyPass): A light-weight password manager with a focus on simplicity and security
[exploit-CVE-2016-6515](https://github.com/opsxcq/exploit-CVE-2016-6515): OpenSSH remote DOS exploit and vulnerable container
[VISE](https://github.com/antonioforte1995/VISE): A search engine on information delivered by OSINT sources to support Vulnerability Assessment
[sel4-armv8-vmm-manifest](https://github.com/dornerworks/sel4-armv8-vmm-manifest): A manifest that allows one to build virtualized seL4 for zcu102 and i.MX8
[os-newify](https://github.com/justincpresley/os-newify): os-newify: A set of steps to update, clean, reset, and maintain different types of operating systems to boost security and make the device(s) more efficient.
[awesome-list-of-secrets-in-environment-variables](https://github.com/Puliczek/awesome-list-of-secrets-in-environment-variables): 🦄🔒 Awesome list of secrets in environment variables 🖥️
[TIL](https://github.com/waeandway/TIL): 📚 Today I Learned : Security
[Watcher](https://github.com/thalesgroup-cert/Watcher): Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.
[zong-wifi](https://github.com/abdullah2993/zong-wifi)
[IntRec-Pack](https://github.com/NullArray/IntRec-Pack): Intelligence and Reconnaissance Package/Bundle installer.
[iBadApple](https://github.com/WilliamHottzz/iBadApple): First ever: Windows, free iCloud & activation lock bypass... that isn't a malware!
[gitleaks](https://github.com/zricethezav/gitleaks): Protect and discover secrets using Gitleaks 🔑
[linuxScripts](https://github.com/akakayev/linuxScripts): University(SevGU) master's project. Several scripts to scan Linux OS, detect vulnerabilities and manage them.
[Shellshocker](https://github.com/NullArray/Shellshocker): A Bash script to test a list of URLs for the shellshock vulnerability.
[redteam_vul](https://github.com/r0eXpeR/redteam_vul): 红队作战中比较常遇到的一些重点系统漏洞整理。
[csplogger](https://github.com/giuliocomi/csplogger): A CSP endpoint to aggregate, correlate and analyze report-uri violations across your infrastructure
[WebExp](https://github.com/safesword/WebExp): 2020年~2021年 网站CMS、中间件、框架系统漏洞集合
[badKarma](https://github.com/r3vn/badKarma): network reconnaissance toolkit
[sike-java](https://github.com/wultra/sike-java): SIKE for Java is a software library that implements experimental supersingular isogeny cryptographic schemes that aim to provide protection against attackers running a large-scale quantum computer.
[Interlace](https://github.com/codingo/Interlace): Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.
[docker-vuln-scanner](https://github.com/githubfoam/docker-vuln-scanner): docker vulnerability scanner
[HassanKit_Target_Detection](https://github.com/littl3field/HassanKit_Target_Detection): This script validates if any queried domain/user is contained as a target within the HassanKit Phishing Campaign
[Perun](https://github.com/WyAtu/Perun): Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫描框架
[PWF](https://github.com/bluecapesecurity/PWF): Practical Windows Forensics Training
[HERCULES](https://github.com/EgeBalci/HERCULES): HERCULES is a special payload generator that can bypass antivirus softwares.
[How-2-Get-Bootcamp-Content](https://github.com/JaniceW777/How-2-Get-Bootcamp-Content): Samples of how I write how-to's
[teensy3.2-projects](https://github.com/teensy-hacking/teensy3.2-projects): Teensy 3.2 Projects - Teensy with CMD Command Execution Attack Example 💣
[Blog-Pessoal](https://github.com/leosouzv/Blog-Pessoal): Projeto blog pessoal para praticar CRUD, realizado durando o bootcamp da Generation Brasil
[Shady-Hook](https://github.com/nybble04/Shady-Hook): Proof of Concept - Hooking API calls of a Ransomware
[CVE-2020-15368](https://github.com/stong/CVE-2020-15368): CVE-2020-15368, aka "How to exploit a vulnerable driver"
[hackage-security](https://github.com/R3K1NG/hackage-security): Hackage security framework based on TUF (The Update Framework)
[WebToken](https://github.com/Mntry/WebToken): Monetary's WebToken JS Client
[packit](https://github.com/resurrecting-open-source-projects/packit): network packet generator and capture tool
[ctf-exploit-farm](https://github.com/andgein/ctf-exploit-farm): Asynchronous exploit farm for attack-defence CTF
[vgs-rails-bikerental](https://github.com/verygoodsecurity/vgs-rails-bikerental): An example demonstrating how Very Good Security can secure a Rails application without any code changes and instantly make it PCI DSS Level 2 compliant.
[the-broken-links-project](https://github.com/jspeed-meyers/the-broken-links-project): A site for an IQT R&D initiative on software supply chain security.
[Nettacker](https://github.com/OWASP/Nettacker): Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
[XSpear](https://github.com/hahwul/XSpear): Powerfull XSS Scanning and Parameter analysis tool&gem
[threat-personas](https://github.com/cydea/threat-personas): We borrow the concept of 'personas' from UX/service design and apply it to threat actors to improve understanding between security, technology and business teams. Created at the Open Security Summit 2020.
[spidex](https://github.com/alechilczenko/spidex): Continuous reconnaissance scanner. Find and analyze internet-connected devices in minutes.
[PatrowlDocs](https://github.com/Patrowl/PatrowlDocs): PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
[Final-year-Diffie-hellman-key-Algorithm-Project](https://github.com/Vatshayan/Final-year-Diffie-hellman-key-Algorithm-Project): Diffie–Hellman Key Exchange Method (hereafter called the D-H method) allows two parties agree upon a shared secret number, a symmetric key, over an insecure communications channel
[PROXY-List](https://github.com/TheSpeedX/PROXY-List): Get PROXY List that gets updated everyday
[Smart-Augmented-Glasses-Hackthon-4.0-](https://github.com/phanisaikamal/Smart-Augmented-Glasses-Hackthon-4.0-): Smart Glasses for Police Force, a wearable augmented reality glasses with applications in security, medical and industrial field applications such as remote monitoring surgical operations. Our solution is built with state of the art IOT components integrated with Artificial Intelligence. The glasses essentially automate the process of asking for an ID. When the wearer looks at someone, the attached camera apparently takes precise measurements of the person’s face. That measurement is then compared to a database of individuals, each with their own recorded measurements. The tech is reportedly able to determine a match within seconds. For riders, the police want to make sure the person on the train/plane isn’t traveling with someone else’s ID or hopping a train/plane to avoid police. Catching criminals in a real world crowd just with a glance. In the last years, more and more wearable devices are being adapted for law enforcement. Next-generation wearables have the potential to enable police officers to improve situational awareness and decision making during missions. Law enforcement needs real-time information for better situational awareness in the field and at the command center. Officers need access to information, to stream videos and to collaborate in real time.
[CVE-2018-7750](https://github.com/jm33-m0/CVE-2018-7750): an RCE (remote command execution) approach of CVE-2018-7750
[RegSLScan](https://github.com/Dankirk/RegSLScan): A tool for scanning registery key permissions. Find where non-admins can create symbolic links.
[Red-Baron](https://github.com/Coalfire-Research/Red-Baron): Automate creating resilient, disposable, secure and agile infrastructure for Red Teams.
[BlueCommand](https://github.com/leeberg/BlueCommand): Dashboarding and Tooling front-end for PowerShell Empire using PowerShell Universal Dashboard
[Dh-All](https://github.com/DH-AL/Dh-All): This is a package of all hacking tools., This tool contain over 300+ Advance and professional Hacking tools.it contain Phishing, Brute forcing, cloning, Vulnerability scanning, Information Gathering, Tracing and Tracking, Exploitation, Password cracking, Wifi Hacking, Bombing, DDOS, Malwares, Some special pakages and Another Hacking tools
[honggfuzz-rs](https://github.com/rust-fuzz/honggfuzz-rs): Fuzz your Rust code with Google-developed Honggfuzz !
[SirepRAT](https://github.com/SafeBreach-Labs/SirepRAT): Remote Command Execution as SYSTEM on Windows IoT Core (releases available for Python2.7 & Python3)
[simple-haveibeenpwned](https://github.com/kisscool-fr/simple-haveibeenpwned): A very simple class to check your password safety against 'Have I Been Pwned' API.
[urldedupe](https://github.com/ameenmaali/urldedupe): Pass in a list of URLs with query strings, get back a unique list of URLs and query string combinations
[fortify-plugin](https://github.com/jenkinsci/fortify-plugin): Fortify Jenkins plugin
[sqlinjection-training-app](https://github.com/appsecco/sqlinjection-training-app): A simple PHP application to learn SQL Injection detection and exploitation techniques.
[nice-framework](https://github.com/langholloman/nice-framework): This is a repo for on-going development of an xAPI Profile and JSONLD for the Cybersecurity Education Cybersecurity Workforce Framework - NICE Framework
[PyPowerShellXray](https://github.com/JohnLaTwC/PyPowerShellXray): Python script to decode common encoded PowerShell scripts
[wadbpwn](https://github.com/wuseman/wadbpwn): Hack a random android device with 100% guarantee to succeed within 1 second, all you really need is to copy and paste 3 lines, yay! It's for real!!
[CVE-2018-16763-Exploit-Python3](https://github.com/n3m1dotsys/CVE-2018-16763-Exploit-Python3)
[dc540-0x00005b](https://github.com/mytechnotalent/dc540-0x00005b): DC540 hacking challenge 0x00005b.
[IPASN-History](https://github.com/D4-project/IPASN-History): IP ASN History to find ASN announcing an IP and the closest prefix announcing it at a specific date
[derailed](https://github.com/SakuraSamuraii/derailed): CVE-2021-40875: Tools to Inspect Gurock Testrail Servers for Vulnerabilities related to CVE-2021-40875.
[CheckPasswordHash](https://github.com/MikeS159/CheckPasswordHash): Lets you check your password hash against a list in a textfile (for the have i been pwned database)
[clusterfuzzlite](https://github.com/google/clusterfuzzlite): ClusterFuzzLite - Simple continuous fuzzing that runs in CI.
[simple-port-scanner](https://github.com/EdinsonRequena/simple-port-scanner): This is a simple port scanner built in python 3.8
[pentbox](https://github.com/technicaldada/pentbox): PentBox is a tool that allows us to create honeypot in our system this is written in ruby language.
[jiff](https://github.com/multiparty/jiff): JavaScript library for building web-based applications that employ secure multi-party computation (MPC).
[pwnscripts](https://github.com/152334H/pwnscripts): Very simple script(s) to hasten binary exploit creation
[rastrea2r-server](https://github.com/rastrea2r/rastrea2r-server): Restful Server to handle requests from rastrea2r client
[One-Click-Image-Logger](https://github.com/FLUORESCENTXX/One-Click-Image-Logger): A method on how to make a One Click Image Logger!
[nerve](https://github.com/PaytmLabs/nerve): NERVE Continuous Vulnerability Scanner
[Hacking-Notebooks](https://github.com/rambasnet/Hacking-Notebooks): Hacking Tricks, Techniques & Tools
[cyber-camp-2020-writeup](https://github.com/9p4/cyber-camp-2020-writeup): Cyber Camp 2020 CTF by SANS Institute Writeup
[attack_monitor](https://github.com/yarox24/attack_monitor): Endpoint detection & Malware analysis software
[azure_password_harvesting](https://github.com/guardicore/azure_password_harvesting): Plaintext Password harvesting from Azure Windows VMs
[mptcp](https://github.com/msonstei/mptcp): Application and work associated with Ph.D. research. The purpose of the research is to provide a mechanism to transfer data safely without encryption using MP-TCP.
[dumb-password-rules](https://github.com/duffn/dumb-password-rules): Shaming sites with dumb password rules.
[password-leak](https://github.com/mathiscode/password-leak): A library to check for compromised passwords
[Bachelorarbeit_SichereWebsite](https://github.com/Zenty96/Bachelorarbeit_SichereWebsite)
[secDevLabs](https://github.com/globocom/secDevLabs): A laboratory for learning secure web and mobile development in a practical manner.
[gohack](https://github.com/jamesmoriarty/gohack): Experimental Go language CSGO exploit.
[Computer-forensics](https://github.com/HSNHK/Computer-forensics): The best tools and resources for forensic analysis.
[Quantum-Phase-Estimation](https://github.com/AgentANAKIN/Quantum-Phase-Estimation): Quantum Phase Estimation is a key component of Shor's Factoring Algorithm.
[Hackbox](https://github.com/strellic/Hackbox): Hackbox is an open-source, container-based platform that makes it easy to launch vulnerable systems to test your hacking skill!
[charts](https://github.com/CheckPointSW/charts): Deploy Kubernetes Helm Charts for Check Point CloudGuard
[PrestaShop-CVE-2018-19126](https://github.com/farisv/PrestaShop-CVE-2018-19126): PrestaShop (1.6.x <= 1.6.1.23 or 1.7.x <= 1.7.4.4) Back Office Remote Code Execution (CVE-2018-19126)
[cyber-crime-records-management-system](https://github.com/shubhambalyan/cyber-crime-records-management-system): The objective of this project is to maintain a record of all the cyber-crime complaints reported by the victims and provide a platform for the cyber-crime bureau/police department to provide necessary solution and help to all of these problems.
[tuftools2](https://github.com/unkn0wnh4ckr/tuftools2): a installer that u can install some of my hacking tools and other hacking tools on written in python 2.7.14 (DEAD SCRIPT)
[mOSL](https://github.com/0xmachos/mOSL): Bash script to audit and fix macOS Catalina (10.15.x) security settings
[awesome-windows-domain-hardening](https://github.com/PaulSec/awesome-windows-domain-hardening): A curated list of awesome Security Hardening techniques for Windows.
[xvwa](https://github.com/SVelizDonoso/xvwa): XVWA es una aplicación Web mal Desarrollada en PHP / MySQL que ayuda a los entusiastas de la seguridad a aprender la seguridad de las aplicaciones WEB. No es recomendable alojar esta aplicación en línea, ya que está diseñada para ser "Extremadamente Vulnerable". Recomendamos alojar esta aplicación en un entorno local/controlado. El fin es que puedas agudizar tus habilidades de seguridad, ya que este proyecto es totalmente legal romperlo o piratearlo. La idea es evangelizar la seguridad de las aplicaciones web para la comunidad de la forma más fácil posible. Por favor Aprende y adquiere estas habilidades para un buen propósito.
[cyberdisc-bot](https://github.com/CyberDiscovery/cyberdisc-bot): The bot for the Cyber Discovery Community Discord Server!
[awesome-embedded-and-iot-security](https://github.com/fkie-cad/awesome-embedded-and-iot-security): A curated list of awesome embedded and IoT security resources.
[DarkDork](https://github.com/TheSadError/DarkDork): Fast dorking with DarkDork. Written with python. Please run it with python3 versions. You can find vulnerability url s.
[sandfly-setup](https://github.com/sandflysecurity/sandfly-setup): Sandfly Security Agentless Compromise and Intrusion Detection System For Linux
[awesome-security-hardening](https://github.com/decalage2/awesome-security-hardening): A collection of awesome security hardening guides, tools and other resources
[BLE-Security-Attack-Defence](https://github.com/Charmve/BLE-Security-Attack-Defence): ✨ Purpose only! The dangers of Bluetooth Low Energy(BLE)implementations: Unveiling zero day vulnerabilities and security flaws in modern Bluetooth LE stacks.
[reverseshell-powercat-v2](https://github.com/rexpository/reverseshell-powercat-v2): Bypass antivirus and gain a reverse shell on Windows with Powercat v2
[bylibrary](https://github.com/BaizeSec/bylibrary): 白阁文库是白泽Sec安全团队维护的一个漏洞POC和EXP公开项目
[asleep_scanner](https://github.com/d34db33f-1007/asleep_scanner): Dahua DVRs bruteforcer at port 37777
[Nihon-Lua-Bytecode-Interpreter](https://github.com/Nihon-Development/Nihon-Lua-Bytecode-Interpreter): C/C++ Roblox Lua Script Executor, Uses Probably The Next To Worst Method Lua Bytecode Interpreter Where Our Lua Interpreter Does Most Of The Work This Method Is Unstable And Slow
[node-rate-limiter-flexible](https://github.com/animir/node-rate-limiter-flexible): Count and limit requests by key with atomic increments in single process or distributed environment.
[uniscan](https://github.com/Sreyas-Sreelal/uniscan): Just a mirror of uniscan project
[ekolabs](https://github.com/ekoparty/ekolabs): EKOLABS esta dedicada para investigadores independientes y para la comunidad del Software Libre. Vamos a proveer de stands completos con monitor, alimentacion de energia y acceso a internet por cable, y vos vas a traer tu maquina para mostrar tu trabajo y responder preguntas de los participantes de Ekoparty Security Conference
[Dunocoin-Exploit](https://github.com/Its-Vichy/Dunocoin-Exploit): Custom miner that Spoof packets to be considered an IoT device and earn more coins.
[devise-security](https://github.com/devise-security/devise-security): A security extension for devise, meeting industry-standard security demands for web applications.
[GoFuzz](https://github.com/graniet/GoFuzz): A Request fuzzer written in Go
[cvemon](https://github.com/ARPSyndicate/cvemon): Monitoring exploits & references for CVEs
[DevSecOps_tools](https://github.com/ramirezversion/DevSecOps_tools): Recopilación de herramientas complementarias para auditoría de Docker, K8, AWS, etc. Estas herramientas me han sido útiles en pentesting (tanto caja negra como blanca) y en la revisión de la seguridad de diferentes entornos y diferentes tecnologías.
[MBomb](https://github.com/palahsu/MBomb): MBomb(Gmail To Gmail) Mail Bombing! Send Unlimited Bombing!
[macof.py](https://github.com/WhiteWinterWolf/macof.py): macof.py, a MAC address table overflow utility.
[linux-kernel-exploitation](https://github.com/xairy/linux-kernel-exploitation): A collection of links related to Linux kernel security and exploitation
[heartsk_community](https://github.com/yqcs/heartsk_community): Hearts K-企业资产发现与脆弱性检查工具,自动化资产信息收集与漏洞扫描
[terracreds](https://github.com/tonedefdev/terracreds): A Terraform Automation and Collaboration Software credentials helper
[wstg](https://github.com/OWASP/wstg): The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
[Cheatsheet-God](https://github.com/OlivierLaflamme/Cheatsheet-God): Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet
[steal-all-files](https://github.com/pablocorbalann/steal-all-files): Python script to automatically steal all the files and information from a computer using an USB device. Created just for educational purposes.
[blueborne-scanner](https://github.com/hook-s3c/blueborne-scanner): Bluetooth scanner for local devices that may be vulnerable to Blueborne exploit
[openvas-sandbox](https://github.com/githubfoam/openvas-sandbox): openvas network security monitoring NIDS HIDS
[cyber-defence-presentation](https://github.com/Lissy93/cyber-defence-presentation): 🖥️ A reveal.js website for presenting the cyber security basics to humans
[Bruteforcefb](https://github.com/NeloF4/Bruteforcefb): Tools Brute Force Facebook v.0.1
[Python-Rootkit](https://github.com/0xIslamTaha/Python-Rootkit): Python Remote Administration Tool (RAT) to gain meterpreter session
[OpenRemoteStart](https://github.com/jmaxxz/OpenRemoteStart): An open source remote implementation for the Fortin EVO-One remote starter
[cve-2021-3449](https://github.com/terorie/cve-2021-3449): CVE-2021-3449 OpenSSL denial-of-service exploit 👨🏻💻
[Audit-Learning](https://github.com/jiangsir404/Audit-Learning): 记录自己对《代码审计》的理解和总结,对危险函数的深入分析以及在p牛的博客和代码审计圈的收获
[security-checklist-transformer](https://github.com/JLLeitschuh/security-checklist-transformer): Sqreen Security Checklist Transformer & Uploader
[kindle-factory-jailbreak](https://github.com/sgayou/kindle-factory-jailbreak): Kindle factory image jailbreak.
[slate-tools](https://github.com/five23/slate-tools): Shopify's defunct Slate tools occasionally updated w/ some security patches
[guardium-analyzer-workshop](https://github.com/IBM/guardium-analyzer-workshop): IBM Security Guardium Analyzer Workshops
[Image-Security-by-Triple-DES-Final-Year-Project](https://github.com/Vatshayan/Image-Security-by-Triple-DES-Final-Year-Project): B.tech Cryptogaphy Final Year Project on ENCRYPTION & DECRYPTION of IMAGE through Triple DES.
[stealthware-backdoor](https://github.com/raunvk/stealthware-backdoor): Persistent & Undetectable Malware Backdoor
[sriracha-iq](https://github.com/tiburon-security/sriracha-iq): Rapid cybersecurity toolkit based on Elastic in Docker. Designed to quickly build elastic-based environments to analyze and execute threat hunting, blue team assessments, audits, and security control assessments.
[chronicle](https://github.com/paragonie/chronicle): Public append-only ledger microservice built with Slim Framework
[Follina_Exploiter_CLI](https://github.com/Hrishikesh7665/Follina_Exploiter_CLI): Exploit Microsoft Zero-Day Vulnerability Follina (CVE-2022-30190)
[kickthemout](https://github.com/k4m4/kickthemout): 💤 Kick devices off your network by performing an ARP Spoof attack.
[Ktos.AspNetCore.Authentication.ApiKeyHeader](https://github.com/ktos/Ktos.AspNetCore.Authentication.ApiKeyHeader): Authentication using X-APIKEY HTTP header for ASP.NET Core
[Hide-FS](https://github.com/proxytype/Hide-FS): Inject dll to explorer.exe and hide file from process.
[fofa_viewer](https://github.com/wgpsec/fofa_viewer): 一个简单实用的FOFA客户端 By flashine
[Espionage](https://github.com/MandConsultingGroup/Espionage): A Network Packet and Traffic Interceptor For Linux. Spoof ARP & Wiretap A Network.
[maskphish](https://github.com/jaykali/maskphish): Introducing "URL Making Technology" to the world for the very FIRST TIME. Give a Mask to Phishing URL like a PRO.. A MUST have tool for Phishing.
[Sooty](https://github.com/TheresAFewConors/Sooty): The SOC Analysts all-in-one CLI tool to automate and speed up workflow.
[pwn.hs](https://github.com/Tosainu/pwn.hs): [WIP] Exploit development library for Haskeller
[zap-scripts](https://github.com/sepehrdaddev/zap-scripts): Zed Attack Proxy Scripts for finding CVEs and Secrets.
[protostar-iot](https://github.com/Sector443/protostar-iot): Statically compiled binaries of Protostar (exploit-exercises.com) in ARM and MIPS along with original source code
[ksubdomain](https://github.com/knownsec/ksubdomain): 无状态子域名爆破工具
[RVuln](https://github.com/iinc0gnit0/RVuln): [ Automated Web Vulnerability Scanner ]
[awesome-recon-tools](https://github.com/nahberry/awesome-recon-tools): A compiled list of tools for reconnaissance and footprinting
[ShellPop](https://github.com/0x00-0x00/ShellPop): Pop shells like a master.
[pentestER-Fully-automatic-scanner](https://github.com/RASSec/pentestER-Fully-automatic-scanner): DNS Subdomain● Brute force ● Web Spider ● Nmap Scan ● etc
[CybersecurityEssentials](https://github.com/PaulinoBermudez/CybersecurityEssentials): Abarca los fundamentos y las habilidades básicas en todos los dominios de la ciberseguridad, incluida la seguridad de la información, seguridad de sistemas, seguridad de la red, ética y leyes, y técnicas de defensa y mitigación utilizadas en la protección de los negocios.
[pi-pwnbox-rogueap](https://github.com/koutto/pi-pwnbox-rogueap): Homemade Pwnbox :rocket: / Rogue AP :satellite: based on Raspberry Pi — WiFi Hacking Cheatsheets + MindMap :bulb:
[SecretScanner](https://github.com/deepfence/SecretScanner): :unlock: :unlock: Find secrets and passwords in container images and file systems :unlock: :unlock:
[wifi-sdcf](https://github.com/DavidBuchanan314/wifi-sdcf): Reverse Engineering notes on the Dxingtek/Keytech(?) WiFi@SDCF card
[Th3_Monster](https://github.com/Moat3zKadd3chy/Th3_Monster): Th3_Monster Tool 2.5 ☣ Website Vulnerability Scanner & Auto Exploiter Bot ☣ .
[CustomizableAlertController](https://github.com/illescasDaniel/CustomizableAlertController): Hacking the UIAlertController to fully customize it
[khefin](https://github.com/mjec/khefin): A simple way to generate password-proteceted secrets from a FIDO2 authenticator with the hmac-secret extension
[Unreliable-Web](https://github.com/HaxonicOfficial/Unreliable-Web): Vulnerable Pen-testing Lab for Web+Forensics+Crypto
[CEHv10StudyGuidePlusPlus](https://github.com/KevCui/CEHv10StudyGuidePlusPlus): :notebook: CEHv10 Study Guide++
[rogue_ap](https://github.com/jerryryle/rogue_ap): Rogue AP using a Raspberry Pi Zero W
[whose-trying-to-hack-me](https://github.com/nsardo/whose-trying-to-hack-me): Crystal-lang tool to identify potential hackers
[security_content](https://github.com/splunk/security_content): Splunk Security Content
[domato](https://github.com/googleprojectzero/domato): DOM fuzzer
[dockerized-security-tools](https://github.com/raesene/dockerized-security-tools): Dockerfiles for security tools
[FalconGate](https://github.com/A3sal0n/FalconGate): A smart gateway to stop cyber criminals - Sponsored by Falcon Guard
[zip-slip-vulnerability](https://github.com/snyk/zip-slip-vulnerability): Zip Slip Vulnerability (Arbitrary file write through archive extraction)
[universal-otherapp](https://github.com/TuxSH/universal-otherapp): Userland -> Kernel11 -> Arm9 otherapp for 3DS system versions 1.0 to <= 11.15
[pwnAdventure3](https://github.com/airvzxf/pwnAdventure3): This video game was created to test the hackers. I'm trying to solve it applying the technic "Man In The Middle Attack". I took some ideas and resources from LiveOverflow/PwnAdventure3 (https://github.com/LiveOverflow/PwnAdventure3) but I am doing with my thoughts and resources.
[basic_ssh_honeypot](https://github.com/sjbell/basic_ssh_honeypot): A basic SSH honeypot built in Python and containerised in Docker
[Colossus](https://github.com/Kiinitix/Colossus): Secure File Storage in Cloud Computing using Hybrid Cryptography Algorithms. Colossus ensures security of the user’s data stored on cloud (AWS S3) by providing a tool that helps to encrypt files using AES and RSA. The user receives the key via email.
[Godzilla](https://github.com/AhmedMohamedDev/Godzilla): Godzilla is an automated scanner tool for bug hunters/pentesters that can scan website for vulnerabilities, Do Information gathering in Network range, exploit and attack network.
[blackhat_python_book_code](https://github.com/carloocchiena/blackhat_python_book_code): Source code and exercises from the book "Black Hat Python" by Justin Seitz.
[spyse-python](https://github.com/spyse-com/spyse-python): The official wrapper for spyse.com API, written in Python, aimed to help developers build their integrations with Spyse.
[Security-Monitoring-Visualisation-System](https://github.com/Mithileysh/Security-Monitoring-Visualisation-System): This visualisation system is used to monitor the state and confirm the system's health running.
[ifoughtthelaw](https://github.com/MauroEldritch/ifoughtthelaw): Repository for "I Fought The Law and The Law Lost" talk. Featured on Recon Village @ DEFCON 26, Las Vegas (And many other conferences!)
[httprecon-win32](https://github.com/scipag/httprecon-win32): Advanced web server fingerprinting
[AndroidHacking](https://github.com/wvrld/AndroidHacking): Everything here is only for educational purposes only. Add star if u want, i will be very happy. Thanks :)
[SH4R1NG4N](https://github.com/NicolasMuras/SH4R1NG4N): Plataforma de hacking ético, recolección de información y manejo de bases de datos. Es un proyecto antiguo, mi aprendizaje empezó con MySQL y Python, mi idea fue combinar ambas tecnologías.
[Mpchadwick_MwscanUtils2](https://github.com/mpchadwick/Mpchadwick_MwscanUtils2): Run better Magento malware scans
[swaggerHole](https://github.com/Liodeus/swaggerHole): A python3 script searching for secret on swaggerhub
[sippts](https://github.com/Pepelux/sippts): Set of tools to audit SIP based VoIP Systems
[CVE-2021-37740](https://github.com/robertguetzkow/CVE-2021-37740): PoC for DoS vulnerability CVE-2021-37740 in firmware v3.0.3 of SCN-IP100.03 and SCN-IP000.03 by MDT. The bug has been fixed in firmware v3.0.4.
[CTFGuideReact](https://github.com/ctfguide-tech/CTFGuideReact): The React Client for CTFGuide
[cross-account-ecr-access-control](https://github.com/miztiik/cross-account-ecr-access-control): Allow AWS Account B to be able to connect to Account A ECR image repository to push or pull images
[tensorflow-insiderthreat](https://github.com/dc401/tensorflow-insiderthreat): Experimental ONLY: This consolidated data of scenario-2 of the US-CERT dataset for insider threats to be used with TF 2.0 and Keras
[AIOCLF](https://github.com/slowy07/AIOCLF): just bored app for create all in one tools for hacker :p
[GitMonitor](https://github.com/Talkaboutcybersecurity/GitMonitor): One way to continuously monitor sensitive information that could be exposed on Github
[expdev](https://github.com/simonuvarov/expdev): Vulnerable software and exploits used for OSCP/OSCE preparation
[O-MEGA_VIRUSES](https://github.com/ABC123USA/O-MEGA_VIRUSES): SAMPLE O-MEGA VIRUS FOR RESEARCH PURPOSES ONLY. PLEASE DELETE AFTER USAGE UNLESS A LICENSE IS PURCHASED.
[splunk-integration](https://github.com/databrickslabs/splunk-integration): Databricks Add-on for Splunk
[awesome-threat-intelligence](https://github.com/hslatman/awesome-threat-intelligence): A curated list of Awesome Threat Intelligence resources
[jwt-hack](https://github.com/hahwul/jwt-hack): 🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)
[thc-tesla-powerwall2-hack](https://github.com/hackerschoice/thc-tesla-powerwall2-hack): TESLA PowerWall 2 Security Shenanigans
[ThreadBoat](https://github.com/MandConsultingGroup/ThreadBoat): Program Uses Thread Execution Hijacking To Inject Native Shell-code Into a Standard Win32 Application
[visualize_logs](https://github.com/keithjjones/visualize_logs): A Python library and command line tools to provide interactive log visualization.
[rescope](https://github.com/root4loot/rescope): A scope-generator-tool for Burp Suite and ZAP
[google-ctf](https://github.com/google/google-ctf): Google CTF
[wordle-answer-hack](https://github.com/rxzyx/wordle-answer-hack): Get the answer in both wordle and wordleunlimited.org
[mutillidae](https://github.com/webpwnized/mutillidae): OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. Mutillidae can be installed on Linux and Windows using LAMP, WAMP, and XAMMP. It is pre-installed on SamuraiWTF and OWASP BWA. The existing version can be updated on these platforms. With dozens of vulnerabilities and hints to help the user; this is an easy-to-use web hacking environment designed for labs, security enthusiast, classrooms, CTF, and vulnerability assessment tool targets. Mutillidae has been used in graduate security courses, corporate web sec training courses, and as an "assess the assessor" target for vulnerability assessment software. A containerized version of the application is available as a companion project.
[PhishMailer](https://github.com/BiZken/PhishMailer): Generate Professional Phishing Emails Fast And Easy
[Tech-Scrolls](https://github.com/FFFF-0000h/Tech-Scrolls): Concepts. Books. People. Definitions. Tech.
[iot-security-vulnerability](https://github.com/davikawasaki/iot-security-vulnerability): Raspberry PI Vulnerability Study using Flask, PWA VueJS 2, Requests, Vue-Socket.io and Flask SocketIO
[weekly-dmarc-grabber](https://github.com/hrbrmstr/weekly-dmarc-grabber): Weekly DMARC Grabs of the Rapid7 1500
[zeek-plugin-enip](https://github.com/amzn/zeek-plugin-enip): Zeek network security monitor plugin that enables parsing of the Ethernet/IP and Common Industrial Protocol standards
[fotogo-bakcend](https://github.com/Roky360/fotogo-bakcend): Fotogo's backend server.
[wireguard-docs](https://github.com/pirate/wireguard-docs): 📖 Unofficial WireGuard Documentation: Setup, Usage, Configuration, and full example setups for VPNs supporting both servers & roaming clients.
[DGFraud-TF2](https://github.com/safe-graph/DGFraud-TF2): A Deep Graph-based Toolbox for Fraud Detection in TensorFlow 2.X
[waf](https://github.com/chengdedeng/waf): :vertical_traffic_light:Web Application Firewall or API Gateway(应用防火墙/API网关)
[wrecon](https://github.com/fabiodelgadopereira/wrecon): WRecon is an open source no intussive web scanner. It is designed to discover all URL in a website recursively, without using bruteforce or unauthorized access. It comes with a camouflage engine and nice features for pentesting.
[Cerberus](https://github.com/YagamiiLight/Cerberus): 一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿里云,云盾,腾讯云等,提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等),支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能
[nginx-admins-handbook](https://github.com/trimstray/nginx-admins-handbook): How to improve NGINX performance, security, and other important things.
[AutoSploit](https://github.com/NullArray/AutoSploit): Automated Mass Exploiter
[oro-bypass](https://github.com/neetjn/oro-bypass): RumbleFighter GameGuard bypass written with C++ 11 using win32
[OverwatchINT](https://github.com/jagdishpatil2111/OverwatchINT): OverWatchINT is an Open Source Intelligence and All-in-One Hacking Tool. It's purpose is to reduce the time and efforts of security researchers and cyber experts.
[0day-security-software-vulnerability-analysis-technology](https://github.com/jas502n/0day-security-software-vulnerability-analysis-technology): 0day安全_软件漏洞分析技术
[pickleassem](https://github.com/gousaiyang/pickleassem): A simple pickle assembler to make handcrafting pickle bytecode easier.
[Cybersecurity-University.of.Maryland](https://github.com/extwiii/Cybersecurity-University.of.Maryland): Cybersecurity Specialization - Cybersecurity Fundamentals. Construction of Secure Systems - Coursera
[Polaris](https://github.com/doimet/Polaris): 渗透测试框架
[DetExploit](https://github.com/detexploit/DetExploit): OSS Vulnerability Scanner for Windows Platform
[h-encore](https://github.com/TheOfficialFloW/h-encore): Fully chained kernel exploit for the PS Vita on firmwares 3.65-3.68
[TallGrass](https://github.com/chdav/TallGrass): An AV exclusion enumeration tool written in Python.
[mosint](https://github.com/alpkeskin/mosint): An automated e-mail OSINT tool
[RCE-VB5.x](https://github.com/Alaa-abdulridha/RCE-VB5.x): Vulnerable (RCE) vBulletin 5.0.0 - 5.5.4 BurpSuite Request
[slack-watchman](https://github.com/PaperMtn/slack-watchman): Monitoring your Slack workspaces for sensitive information
[FlowerPassword](https://github.com/kenmick/FlowerPassword): 🌸花密,不一样的密码管理器
[forta-attack-simulation](https://github.com/kovart/forta-attack-simulation): 🦠🔬 Forta agent that detect deployment of smart contracts containing an exploit function
[rootend](https://github.com/twelvesec/rootend): A *nix Enumerator & Auto Privilege Escalation tool.
[h1-702-2018-ctf-wu](https://github.com/luc10/h1-702-2018-ctf-wu)
[free_materials](https://github.com/StefanAustin/free_materials): Small collection about free cybersecurity materials
[wraith](https://github.com/wraith-labs/wraith): [WIP] A free and open-source, modular Remote Administration Tool (RAT) / Payload Dropper written in Go(lang) with a flexible command and control (C2) system.
[WAMpage](https://github.com/DavidBuchanan314/WAMpage): WAMpage - A WebOS root LPE exploit chain (CVE-2022-23731)
[opencve](https://github.com/opencve/opencve): CVE Alerting Platform
[embark](https://github.com/e-m-b-a/embark): EMBArk - The firmware security scanning environment
[prober](https://github.com/binarytrails/prober): Pentester's toolbox
[usb-keystroke-injector](https://github.com/AmirrezaNasiri/usb-keystroke-injector): ☠️ An Arduino-based USB keyboard simulator which injects keystrokes via Bluetooth protocol or predefined payloads in a SD card.
[d3fend](https://github.com/d3fend/d3fend): Public static website for the D3FEND project. For the D3FEND ontology repo see: https://github.com/d3fend/d3fend-ontology
[critical-ops-0day](https://github.com/culturally/critical-ops-0day): source to ban any account in mobile game critical ops
[100-redteam-projects](https://github.com/kurogai/100-redteam-projects): Projects for security students
[sns](https://github.com/rosescript/sns): Scan'n'Search is a program that runs an Nmap scan and returns vunerabilities.
[rawsec_cli](https://github.com/tyki6/rawsec_cli): Rawsec's Cybersecurity Inventory cli. Search pentesting tools, resources, ctf, os.
[pentesting-multitool](https://github.com/ffmancera/pentesting-multitool): Different utility scripts for pentesting and hacking.
[uPyPortal](https://github.com/lemariva/uPyPortal): A captive portal for MicroPython using ESP32 (WeMos)
[itsdangerous](https://github.com/pallets/itsdangerous): Safely pass trusted data to untrusted environments and back.
[terraform-aws-secure-vpc](https://github.com/nozaq/terraform-aws-secure-vpc): A terraform module to create a VPC with secure default configurations.
[dependency-check-plugin](https://github.com/jenkinsci/dependency-check-plugin): Jenkins plugin for OWASP Dependency-Check. Inspects project components for known vulnerabilities (e.g. CVEs).
[PickleRick](https://github.com/CCrashZer0/PickleRick): A write up guide for the Pickle Rick room from Try Hack Me.
[Atividades_Spring-Generation](https://github.com/LucasLM1/Atividades_Spring-Generation): Aulas de Java Avançado e inicio da Programação com Spring dentro do bootcamp Generation Brasil
[hack-help](https://github.com/SilentFrogNet/hack-help): A support web page for my eJPT / eCPPT Certification Process
[Reloaded.Memory](https://github.com/Reloaded-Project/Reloaded.Memory): Managed, high performance, fully featured memory manipulation library written in C#, providing a very easy to use API.
[Python-security-hashing](https://github.com/Ddhruv-IOT/Python-security-hashing): It is the project for ShapeAi Bootcamp in python and network security. I have created this project to demonstrate the use of various algorithms from Hashlib. Also, I have demonstrated the use of salting and iteration on hashes to increase security and protection.
[x11-stack-corruption](https://github.com/epsylon/x11-stack-corruption): X11/libX11.so.6 (XQueryKeymap) Stack corruption/Access violation [PoC+ Fuzzer]
[dojos](https://github.com/novoda/dojos): This is where the Novoda team do all their hacking
[your-private-life](https://github.com/MilesCodeIt/your-private-life): Your "Private" Life est un jeu web permettant de faire de la prévention sur les dangers du web et de l'Internet.
[Rainbow-Wifi-Hack-Utility-Android](https://github.com/LinkClink/Rainbow-Wifi-Hack-Utility-Android): The program implements brute Wi-Fi network method on platform Android
[sec-admin-web](https://github.com/smallcham/sec-admin-web): 分布式资产安全扫描核心管理系统Web页面(弱口令扫描,漏洞扫描)
[bot18](https://github.com/carlos8f/bot18): Bot18 is a high-frequency cryptocurrency trading bot developed by Zenbot creator @carlos8f
[EOS-Proxy-Token](https://github.com/EOSEssentials/EOS-Proxy-Token): Proxy token to allow mitigating EOSIO Ram exploit
[google-dorks](https://github.com/Proviesec/google-dorks): Useful Google Dorks for WebSecurity and Bug Bounty
[NIVOS](https://github.com/TheSadError/NIVOS): NIVOS is a hacking tool that allows you to scan deeply , crack wifi, see people on your network. It applies to all linux operating systems. And it is improving every day, new packages are added. Thank You For Using NIVOS :> [NIVOS Created By NIVO Team]
[GoodHound](https://github.com/idnahacks/GoodHound): Uses Sharphound, Bloodhound and Neo4j to produce an actionable list of attack paths for targeted remediation.
[SplunkPWNScripts](https://github.com/0x0FB0/SplunkPWNScripts): Scripts aiding penetration testing of Splunk Enterprise systems
[depthcharge](https://github.com/nccgroup/depthcharge): A U-Boot hacking toolkit for security researchers and tinkerers
[wp-mini-exploiter](https://github.com/0xtn/wp-mini-exploiter): Mini Wordress Exploiter using CVE2020
[LuaCollection](https://github.com/jareer12/LuaCollection): 🐱💻Roblox hack/cheat scripts I made.
[Cr3dOv3r](https://github.com/D4Vinci/Cr3dOv3r): Know the dangers of credential reuse attacks.
[scriptsafe](https://github.com/andryou/scriptsafe): a browser extension to bring security and privacy to chrome, firefox, and opera
[C-Experiments](https://github.com/mcdulltii/C-Experiments): Experiments on C/C++ Exploits
[sozu](https://github.com/sozu-proxy/sozu): Sōzu HTTP reverse proxy, configurable at runtime, fast and safe, built in Rust. It is awesome! Ping us on gitter to know more
[DFF](https://github.com/Ivan-Markovic/DFF): One of Best Path traversal and PRL attack tools by TS/SCI Security (year 2008). Also tool is included on BackTrack 4 and OWASP Phoenix/Tools Project.
[RdpCacheStitcher](https://github.com/BSI-Bund/RdpCacheStitcher): RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.
[ColdFusionX.github.io](https://github.com/ColdFusionX/ColdFusionX.github.io)
[hades](https://github.com/devtoolboxuk/hades): Firewall System for A.E.G.I.S.
[RBust](https://github.com/iinc0gnit0/RBust): [ Blazing Fast Web Fuzzer in Rust ]
[ransomwvre](https://github.com/AOrps/ransomwvre): Ransomware in v
[Hack4Squad](https://github.com/elfalehed/Hack4Squad): :skull: A bash hacking and scanning framework.
[simplex-chat](https://github.com/simplex-chat/simplex-chat): SimpleX - the first messaging platform operating without user identifiers of any kind - 100% private by design! iOS and Android apps are released 📱!
[HiveNightmare](https://github.com/GossiTheDog/HiveNightmare): Exploit allowing you to read registry hives as non-admin on Windows 10 and 11
[AIRAVAT](https://github.com/Th30neAnd0nly/AIRAVAT): A multifunctional Android RAT with GUI based Web Panel without port forwarding.
[has_tokenable](https://github.com/ZephiroRB/has_tokenable): Identify your active records with random tokens when you don't want your users to see a sequential ID https://rubygems.org/gems/has_tokenable
[Discord-email-spammer-exploit](https://github.com/Rdimo/Discord-email-spammer-exploit): A discord email spammer exploit that works by unferifying a tokens email and then requesting discord verify it again multiple times which leads to discord spamming that email with email verification messages
[dymerge](https://github.com/k4m4/dymerge): 🔓 A dynamic dictionary merger for successful dictionary based attacks.
[ProjectBrightSun](https://github.com/CalvinKrist/ProjectBrightSun): A suite of cybersecurity tools designed to allow for rapid deployment of virtualized environments. Intended for use in education: contains built-in lessons.
[TRADFRI-Hacking](https://github.com/basilfx/TRADFRI-Hacking): Hacking IKEA TRÅDFRI products, such as light bulbs, window blinds and other accessories.
[vichiti](https://github.com/umair9747/vichiti): An OSINT focused tool made with Nodejs!
[ban2fail](https://github.com/jrbrtsn/ban2fail): Simple & efficient log file scanning and iptable filtering
[is-website-vulnerable](https://github.com/lirantal/is-website-vulnerable): finds publicly known security vulnerabilities in a website's frontend JavaScript libraries
[Wyrmsun_Macrobot](https://github.com/GameHackingAcademy/Wyrmsun_Macrobot): A hack for Wyrmsun version 5.0.1 that will automatically create worker units out of the currently selected structure when a player's gold is over 3000.
[Reverse-Shell-Manager](https://github.com/WangYihang/Reverse-Shell-Manager): :hammer: A multiple reverse shell session/client manager via terminal
[Security-Scanner](https://github.com/shantanusoni72/Security-Scanner): It is a scanner used for security related tasks during penetration testing.
[pdfparser](https://github.com/KarmaPenny/pdfparser): PDF Parser is a command line tool and go library for analyzing PDF files.
[Caesar](https://github.com/0blio/Caesar): An HTTP based RAT (Remote Administration Tool) that allows you to remotely control devices from your browser
[setup-ipsec-vpn](https://github.com/hwdsl2/setup-ipsec-vpn): Scripts to build your own IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2
[CVE-2021-43008-AdminerRead](https://github.com/p0dalirius/CVE-2021-43008-AdminerRead): Exploit tool for CVE-2021-43008 Adminer 1.0 up to 4.6.2 Arbitrary File Read vulnerability
[klustair-frontend](https://github.com/klustair/klustair-frontend): Frontend to Klustair scanner and Anchore
[InstaBrowser](https://github.com/ariashirazi/InstaBrowser): Android Phishing Application.This Project is for Educational purposes only.The Developer of this application is not responsible of any bad usage
[gotator](https://github.com/Josue87/gotator): Gotator is a tool to generate DNS wordlists through permutations.
[100DaysOfHacking](https://github.com/faiqu3/100DaysOfHacking): This repository contains all the information shared during my 100 days of hacking challenge.
[DI.WE.H](https://github.com/TGPrado/DI.WE.H): Repositório com conteúdo sobre web hacking em português
[mvt](https://github.com/mvt-project/mvt): MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise.
[HCPaper](https://github.com/Hacker-Combat-Organization/HCPaper): The published paper proposing Hacker Combat.
[isoalloc](https://github.com/struct/isoalloc): A general purpose memory allocator that implements an isolation security strategy to mitigate memory safety issues while maintaining good performance
[asqlmap](https://github.com/Gualty/asqlmap): Automated sqlmap
[Bootmiester](https://github.com/Yashvendra/Bootmiester): Advanced deauthentication script.
[bakerman](https://github.com/Cumachelas/bakerman): Doughskript interpreter for converting simple command sequences into executable Arduino C++ code.
[beaconleak](https://github.com/cjcase/beaconleak): Covert data exfiltration and detection using 802.11 beacon stuffing
[K8tools](https://github.com/k8gege/K8tools): K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)
[CuckooNet](https://github.com/Jon2G/CuckooNet): A full implementation of the Cuckoo Sandbox Rest 2.0.7 API
[attifyos](https://github.com/adi0x90/attifyos): Attify OS - Distro for pentesting IoT devices
[OSCP2020](https://github.com/Mrnmap/OSCP2020)
[EasyProtector](https://github.com/lamster2018/EasyProtector): 一行代码检测XP/调试/多开/模拟器/root
[Sploits-Protostar](https://github.com/r4gnax/Sploits-Protostar): Protostar exploit python scripts
[IPAPatch](https://github.com/Naituw/IPAPatch): Patch iOS Apps, The Easy Way, Without Jailbreak.
[rebuilderd](https://github.com/kpcyrd/rebuilderd): Independent verification of binary packages - reproducible builds
[SpringBootExploit](https://github.com/0x727/SpringBootExploit): 项目是根据LandGrey/SpringBootVulExploit清单编写,目的hvv期间快速利用漏洞、降低漏洞利用门槛。
[swag-client](https://github.com/Netflix-Skunkworks/swag-client): Cloud multi-account metadata management tool.
[50-Days-Of-SQLi](https://github.com/arpeetrathii/50-Days-Of-SQLi): Learning and hunting SQL injection bugs for 50 continuous days
[aws-auto-remediate](https://github.com/servian/aws-auto-remediate): Open source application to instantly remediate common security issues through the use of AWS Config
[RATel](https://github.com/FrenchCisco/RATel): RAT-el is an open source penetration test tool that allows you to take control of a windows machine. It works on the client-server model, the server sends commands and the client executes the commands and sends the result back to the server. The client is completely undetectable by anti-virus software.
[zBang](https://github.com/cyberark/zBang): zBang is a risk assessment tool that detects potential privileged account threats
[etw-dns](https://github.com/asgarciap/etw-dns): A simple example application to collect DNS queries logs using etw-api
[Ohm](https://github.com/Th30neAnd0nly/Ohm): Android RAT with web panel and undetectable App
[PwnBack](https://github.com/P3GLEG/PwnBack): Burp Extender plugin that generates a sitemap of a website using Wayback Machine
[cybersecurity-blue-team](https://github.com/paulveillard/cybersecurity-blue-team): A collection of awesome software, libraries, learning tutorials, documents and books, technical resources and cool stuff about Blue Team in Cybersecurity.
[C-Browser-Password-Cracker](https://github.com/akalankauk/C-Browser-Password-Cracker): C++ Firefox & Google Chrome Cracker Source Code
[Crumble](https://github.com/sudo-su-FDEL/Crumble): Menu driven wordlist generator in C++
[vulnerability-tool](https://github.com/drosser92/vulnerability-tool): Vulnerability-tool chains middleware (inspired by Alice) tools to analyse Github repositories for vulnerabilities (secrets, keys, etc)
[offensive-azure](https://github.com/blacklanternsecurity/offensive-azure): Collection of offensive tools targeting Microsoft Azure
[otseca](https://github.com/trimstray/otseca): Open source security auditing tool to search and dump system configuration. It allows you to generate reports in HTML or RAW-HTML formats.
[agartha](https://github.com/volkandindar/agartha): a burp extension for dynamic payload generation to detect injection flaws (RCE, LFI, SQLi), creates access matrix based user sessions to spot authentication/authorization issues, and converts Http requests to Javascript for further XSS exploitation and more.
[ocaps](https://github.com/tersesystems/ocaps): Object capability (ocap) tools and macros for Scala.
[awesome-browser-containers](https://github.com/NewAlexandria/awesome-browser-containers): Curated list of awesome browser extensions that protect your privacy
[airgeddon](https://github.com/v1s1t0r1sh3r3/airgeddon): This is a multi-use bash script for Linux systems to audit wireless networks.
[spectre-attack](https://github.com/Eugnis/spectre-attack): Example of using revealed "Spectre" exploit (CVE-2017-5753 and CVE-2017-5715)
[exfilkit](https://github.com/tasooshi/exfilkit): Data exfiltration utility for testing detection capabilities
[u2f-zero](https://github.com/conorpp/u2f-zero): U2F USB token optimized for physical security, affordability, and style
[grype-contribs](https://github.com/opt-nc/grype-contribs): A set of resources around Anchore's grype tool
[CVE-2021-44228-Mass-RCE](https://github.com/razz0r/CVE-2021-44228-Mass-RCE): CVE-2021-44228 Log4J multithreaded Mass Exploitation tool compatible with URL/IP lists.
[themis](https://github.com/cossacklabs/themis): Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.
[wesng](https://github.com/bitsadmin/wesng): Windows Exploit Suggester - Next Generation
[audit_scripts](https://github.com/vanhauser-thc/audit_scripts): Scripts to gather system configuration information for offline/remote auditing
[plaguesec-os](https://github.com/plaguesec/plaguesec-os): Plague Security Customed Operating System for Penetration Testers Based on Kali Linux
[Commodity-Injection-Signatures](https://github.com/xsscx/Commodity-Injection-Signatures): Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT
[pwn2own2020](https://github.com/sslab-gatech/pwn2own2020): Compromising the macOS Kernel through Safari by Chaining Six Vulnerabilities
[offsec](https://github.com/t0thkr1s/offsec): Docker environment for exploit development.
[pksgnpa](https://github.com/lennylxx/pksgnpa): This tool creates NPA archives used by visual novel game Steins;Gate, for Chinese translation.
[Gotanda](https://github.com/HASH1da1/Gotanda): Gotanda is browser Web Extension for OSINT.
[1Hosts](https://github.com/badmojr/1Hosts): World's most advanced DNS filter-/blocklists!
[AntiCheat-Testing-Framework](https://github.com/niemand-sec/AntiCheat-Testing-Framework): Framework to test any Anti-Cheat
[dockle](https://github.com/goodwithtech/dockle): Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start
[dockerscan](https://github.com/cr0hn/dockerscan): Docker security analysis & hacking tools
[fhe-toolkit-linux](https://github.com/IBM/fhe-toolkit-linux): IBM Fully Homomorphic Encryption Toolkit For Linux. This toolkit is a Linux based Docker container that demonstrates computing on encrypted data without decrypting it! The toolkit ships with two demos including a fully encrypted Machine Learning inference with a Neural Network and a Privacy-Preserving key-value search.
[linkedin2username](https://github.com/initstring/linkedin2username): OSINT Tool: Generate username lists for companies on LinkedIn
[Spectre-PoC](https://github.com/chaitanyarahalkar/Spectre-PoC): Proof of Concept - Spectre
[tpotce](https://github.com/telekom-security/tpotce): 🍯 T-Pot - The All In One Honeypot Platform 🐝
[Brutus](https://github.com/Bialomazur/Brutus): Botnet targeting Windows machines written entirely in Python & open source security project.
[aws-securitygroup-grapher](https://github.com/jeanlouisferey/aws-securitygroup-grapher): This ansible role gets information from an AWS VPC and generate a graphical representation of security groups
[Scumblr](https://github.com/Netflix-Skunkworks/Scumblr): Web framework that allows performing periodic syncs of data sources and performing analysis on the identified results
[evil-ssdp](https://github.com/initstring/evil-ssdp): Spoof SSDP replies and create fake UPnP devices to phish for credentials and NetNTLM challenge/response.
[Lauschgeraet](https://github.com/SySS-Research/Lauschgeraet): Gets in the way of your victim's traffic and out of yours
[unikraft](https://github.com/unikraft/unikraft): Unikraft is an automated system for building specialized OSes known as unikernels. Unikraft can be configured to be POSIX-compliant. (Core repository)
[Exploit-Discord-Cache-System-PoC](https://github.com/ecriminal/Exploit-Discord-Cache-System-PoC): 🗄️ Exploit Discord's cache system to remote upload payloads to Discord users machines (possible malware dropper for e.g. targeting specific victims)
[RustScan](https://github.com/RustScan/RustScan): 🤖 The Modern Port Scanner 🤖
[crowdsec](https://github.com/crowdsecurity/crowdsec): CrowdSec - the open-source and participative IPS able to analyze visitor behavior & provide an adapted response to all kinds of attacks. It also leverages the crowd power to generate a global CTI database to protect the user network.
[b11](https://github.com/BotolMehedi/b11): 11 DIGIT FACEBOOK ACCOUNTS PASSWORD CRACKER <br> FOR BANGLADESHI TERMUX USERS
[UEFI_boot_script_expl](https://github.com/Cr4sh/UEFI_boot_script_expl): CHIPSEC module that exploits UEFI boot script table vulnerability
[www-project-csrfguard](https://github.com/OWASP/www-project-csrfguard): The aim of this project is to protect Java applications against CSRF attacks with the use of Synchronizer Tokens
[WS-VulnS](https://github.com/4mina/WS-VulnS): WS-VulnS (Web Services Vulnerability Scanner) is a blackbox tool that detects injections (SQLi & XMLi) and DoS (XML Bomb, Oversized XML & Oversized Payload) vulnerabilities in SOAP and REST Web Services. It was developped during graduation project at Ecole Nationale Supérieure d'Informatique (ESI, Algiers) by AIT HABOUCHE Manele and BALI Amina.
[hkcert-ctf-2020-challenges](https://github.com/samueltangz/hkcert-ctf-2020-challenges): The challenges for HKCERT CTF 2020
[bludit-cms-bypass-brute-force-protection-mechanism](https://github.com/MrW0l05zyn/bludit-cms-bypass-brute-force-protection-mechanism): Permite realizar bypass (eludir) el mecanismo de protección de fuerza bruta de Bludit CMS versión 3.9.2 o inferior, mediante el uso de diferentes encabezados HTTP X-Forwarded-For falsificados.
[GraphKer](https://github.com/amberzovitis/GraphKer): Open Source Tool - Cybersecurity Graph Database in Neo4j
[dependency-check-sonar-plugin](https://github.com/dependency-check/dependency-check-sonar-plugin): Integrates Dependency-Check reports into SonarQube
[wifi-passview](https://github.com/warengonzaga/wifi-passview): An open source batch script based WiFi Passview for Windows!
[CyberSecurity-and-Pentesting-Resources](https://github.com/cybergeekgyan/CyberSecurity-and-Pentesting-Resources): Top 5 ethical hacking books to get started? Top 5 practical hacking books? Top 5 cybersecurity books to get started? Did I miss any great books?
[aws-enumerator](https://github.com/shabarkin/aws-enumerator): The AWS Enumerator was created for service enumeration and info dumping for investigations of penetration testers during Black-Box testing. The tool is intended to speed up the process of Cloud review in case the security researcher compromised AWS Account Credentials.
[wd-rce](https://github.com/bnbdr/wd-rce): WD My Cloud PoC exploit
[MurMurHash](https://github.com/Viralmaniar/MurMurHash): This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.
[proxmox_toolbox](https://github.com/Tontonjo/proxmox_toolbox): A toolbox to get the firsts configurations of Proxmox VE / BS done in no time
[redteam-hardware-toolkit](https://github.com/sectool/redteam-hardware-toolkit): 🔺 Red Team Hardware Toolkit 🔺
[ATM-Malware-](https://github.com/nonamee71/ATM-Malware-): Works only on NCR and Diebold Nixdorf. The software works pretty simple : Work on Windows and Android (8.0 or highter) devices. The NCR and Diebold Nixdorf ATM's work on Windows XP os and are connected to hidden wifi network. The software contains hidden wifi finder, brute force tool and wordlist. The procedure is absolutely wirelessly! All you need to do is to be less than 20 meters from the ATM, turn on the wifi finder, get the password via the bruteforcing tool and send the trojan to the ATM. The next step is to go in front of the ATM, press two buttons on the device you got connected through and start collecting the money. Contact info: telegram @No_name71 ,wickr @nonamee71, protonmail @No_namee71@protonmail.com
[CVE-2021-41773](https://github.com/thehackersbrain/CVE-2021-41773): Apache2 2.4.49 - LFI & RCE Exploit - CVE-2021-41773
[nishang](https://github.com/samratashok/nishang): Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
[wowned](https://github.com/namreeb/wowned): Authentication bypass for outdated WoW emulation authentication servers
[Shodan-Dorks](https://github.com/humblelad/Shodan-Dorks): Dorks for shodan.io. Some basic shodan dorks collected from publicly available data.
[Tic-Tac](https://github.com/Sanix-Darker/Tic-Tac): Client not paid ? Set a timer to kill css/js or decrease opacity over time with a js script, available remotely !
[ktmm](https://github.com/ao/ktmm): Keep That Mouse Moving!
[exynos8890-bootrom-dump](https://github.com/frederic/exynos8890-bootrom-dump): dump Exynos 8890 bootROM from Samsung Galaxy S7
[pyhtools](https://github.com/dmdhrumilmistry/pyhtools): A collection of python written hacking tools consisting of network scanner, arp spoofer and detector, dns spoofer, code injector, packet sniffer, network jammer, email sender, downloader, wireless password harvester credential harvester, keylogger, download&execute, ransomware and reverse_backdoor.
[wgcf](https://github.com/ViRb3/wgcf): 🚤 Cross-platform, unofficial CLI for Cloudflare Warp
[burpa](https://github.com/tristanlatr/burpa): Burp Automator - A Burp Suite Automation Tool. It provides a high level CLI and Python interfaces to Burp Suite scanner and can be used to setup Dynamic Application Security Testing (DAST).
[CVE-2021-44228-Mass-RCE-Log4j](https://github.com/cybersecurityresearcher/CVE-2021-44228-Mass-RCE-Log4j): CVE-2021-44228 Log4J multithreaded Mass Exploitation tool compatible with URL/IP lists.
[Phlexish](https://github.com/KnightSec-Official/Phlexish): Advanced Spear Phishing tool for Facebook with 2 factor authentication bypass! May contain minor bugs due to...idk
[Eternalblue](https://github.com/0xFenrik/Eternalblue): Eternalblue written in CSharp. Contains version detection, vulnerability scanner and exploit of MS17-010
[pwnphone](https://github.com/thehackingsage/pwnphone): DREAM DEVICE FOR HACKERS
[JbossExploit](https://github.com/k8gege/JbossExploit): MSF moudle jboss invoke deploy getshell Exploit & Jboss jmx-console getshell exploit
[loopback4-vault](https://github.com/sourcefuse/loopback4-vault): A loopback-next extension for HashiCorp's Vault integration in loopback-next applications
[Apache-HTTP-Server-Module-Backdoor](https://github.com/WangYihang/Apache-HTTP-Server-Module-Backdoor): :japanese_goblin: A Backdoor For Apache HTTP Server Written in C
[sqlscan](https://github.com/Cvar1984/sqlscan): Quick SQL Scanner, Dorker, Webshell injector PHP
[SpyLocator](https://github.com/mugiluri/SpyLocator): A desktop application for detecting key logging activities based on active processes. Created in C# with visual studio 2019 for windows OS.
[awesome-iot-hacks](https://github.com/nebgnahz/awesome-iot-hacks): A Collection of Hacks in IoT Space so that we can address them (hopefully).
[mana-security-app](https://github.com/manasecurity/mana-security-app): macOS vulnerability management for individuals
[Unban](https://github.com/werp420/Unban): Den unbanner det id du specificere hvis din ven fx får ban ;) (skift user_id = 1)
[Exegol](https://github.com/ShutdownRepo/Exegol): Fully featured and community-driven hacking environment
[WindowsExp](https://github.com/safesword/WindowsExp): Windows全版本提权脚本
[vul-detect](https://github.com/nexus-lab/vul-detect): GitHub repository vulnerability detection and metrics.
[Pentest-Bookmarkz](https://github.com/SofianeHamlaoui/Pentest-Bookmarkz): A collection of useful links for Pentesters
[MyExploits](https://github.com/hansmach1ne/MyExploits): Repo for discovered vulnerabilities/exploits
[magesecuritypatcher](https://github.com/magemojo/magesecuritypatcher): Magento 1 Security Patcher from MageMojo
[Linux-kernel-forensics-scripts](https://github.com/tin-z/Linux-kernel-forensics-scripts): Gdb, r2, python scripts i made to perform binary analysis and forensic tasks.
[x64dbgpylib](https://github.com/x64dbg/x64dbgpylib): Port of windbglib to x64dbgpy, in an effort to support mona.py in x64dbg.
[Log4j-RCE-Scanner](https://github.com/adilsoybali/Log4j-RCE-Scanner): Remote command execution vulnerability scanner for Log4j.
[AndroDucky](https://github.com/proxyanon/AndroDucky): Ferramenta para criação de payload HID para android sem nethunter e sem rubber ducky
[Checklist-Tools-Website](https://github.com/AlexisDanizan/Checklist-Tools-Website): 🍿 The perfect Checklist Website for meticulous developers.
[shellen](https://github.com/merrychap/shellen): :cherry_blossom: Interactive shellcoding environment to easily craft shellcodes
[cybersecurity-appsec](https://github.com/paulveillard/cybersecurity-appsec): A collection of awesome framework, libraries, learning tutorials, videos, webcasts, technical resources and cool stuff about Application Security.
[posta](https://github.com/benso-io/posta): 🐙 Cross-document messaging security research tool powered by https://enso.security
[biostamp](https://github.com/biostamp/biostamp): A self-hosted, open-source biometric identity solution that provides ready-made, customizable components for quickly implementing advanced biometric identity. Join us towards a #passwordless future.
[dawgmon](https://github.com/anvilsecure/dawgmon): dawg the hallway monitor - monitor operating system changes and analyze introduced attack surface when installing software
[WEB1Tutorial.github.io](https://github.com/jemin777/WEB1Tutorial.github.io): WEB1.0 is the Most Standard Programming Language for WEB invented by wilmix jemin j in NJDOLLAR at OCT 2015 to develop a WebService with namespace, used for security, used for userfriendly interface design, and it is easy to use....
[APSoft-Web-Scanner-v2](https://github.com/ph09nix/APSoft-Web-Scanner-v2): Powerful dork searcher and vulnerability scanner for windows platform
[csharp-keylogger](https://github.com/cristianzsh/csharp-keylogger): :keyboard: A keylogger written in C# + Send by email
[IT8761-Security-Lab-Experiments](https://github.com/TonyPSR/IT8761-Security-Lab-Experiments): Anna University Regulation 2017 IT8761 Lab experiments. All of the programs here are my own for the most part. There could be hidden bugs or less optimal implementations. If you find any, do correct it and contribute to this repository. I'll add programs as I finish them.
[dark-fantasy-hack-tool](https://github.com/ritvikb99/dark-fantasy-hack-tool): DDOS Tool: To take down small websites with HTTP FLOOD. Port scanner: To know the open ports of a site. FTP Password Cracker: To hack file system of websites.. Banner Grabber: To get the service or software running on a port. (After knowing the software running google for its vulnerabilities.) Web Spider: For gathering web application hacking information. Email scraper: To get all emails related to a webpage IMDB Rating: Easy way to access the movie database. Both .exe(compressed as zip) and .py versions are available in files.
[Web-Security-Engineer-Skill-Sheet](https://github.com/CyberSpace365/Web-Security-Engineer-Skill-Sheet): web安全工程师技能表
[revshellgen](https://github.com/t0thkr1s/revshellgen): Reverse shell generator written in Python 3.
[pySSH](https://github.com/krishpranav/pySSH): A simple python tool to get ssh password of a target machine when they connect to the pySSH server
[GlobalHookSample](https://github.com/katahiromz/GlobalHookSample): Win32 global hook sample
[openrasp-iast](https://github.com/baidu-security/openrasp-iast): IAST 灰盒扫描工具
[BugId](https://github.com/SkyLined/BugId): Detect, analyze and uniquely identify crashes in Windows applications
[pythonizing_nmap](https://github.com/gh0x0st/pythonizing_nmap): A detailed guide showing you different ways you can incorporate Python into your workflows around Nmap.
[PythonHackingBook1](https://github.com/xuanhun/PythonHackingBook1): Python黑客编程之极速入门
[Security-Event-Analysis-Automation-Tool](https://github.com/AzharAnwar9/Security-Event-Analysis-Automation-Tool): A SOC Analyst's tool to automate the investigation & validation of possible Indicators of Compromise (IOCs) and perform various tasks including Phishing Email Analysis & Brand Monitoring to fasten the incident response.
[Cronos-Crypter](https://github.com/TalosSec/Cronos-Crypter): Cronos Crypter is an simple example of crypter created for educational purposes.
[CVE-2021-38314](https://github.com/orangmuda/CVE-2021-38314): Unauthenticated Sensitive Information Disclosure (CVE-2021–38314).
[pentestlab](https://github.com/itboxltda/pentestlab): Script to manage and create local pentesting training virtual lab
[Lost-NDS-TV](https://github.com/LostNintendoHistory/Lost-NDS-TV): The Lost Nintendo DS Television Output, brought back to life
[shania](https://github.com/abdilahrf/shania): Scan secrets from Continuous Integration Build Logs
[exploit-cve-2017-5715](https://github.com/opsxcq/exploit-cve-2017-5715): Spectre exploit
[SocialRecon](https://github.com/Ramalingasamy012/SocialRecon): This is an Open source intelligence tool and used to gather information about social media and it is also used to find whether the user name found in any of the website.It is used to find GPS location of an image and it also checks whether the email is found or not.
[hacking-resources](https://github.com/Lifka/hacking-resources): Hacking resources and cheat sheets. References, tools, scripts, tutorials, and other resources that help offensive and defensive security professionals.
[manticore](https://github.com/trailofbits/manticore): Symbolic execution tool
[SVE-2016-7930](https://github.com/frederic/SVE-2016-7930): Proof-of-Concept for SVE-2016-7930 : multiple buffer overflows in Samsung Galaxy bootloader
[wildpwn](https://github.com/localh0t/wildpwn): unix wildcard attacks
[SmsReader](https://github.com/HackDagger/SmsReader): Android Sms Reader
[Raccoon](https://github.com/evyatarmeged/Raccoon): A high performance offensive security tool for reconnaissance and vulnerability scanning
[anyelevate](https://github.com/kkent030315/anyelevate): x64 Windows privilege elevation using anycall
[zinc](https://github.com/zinclabs/zinc): ZincSearch. A lightweight alternative to elasticsearch that requires minimal resources, written in Go.
[svg2raster-cheatsheet](https://github.com/yuriisanin/svg2raster-cheatsheet): A cheatsheet for exploiting server-side SVG rasterization.
[teensy-slcan](https://github.com/mintynet/teensy-slcan): Teensy slcan sketch for arduino IDE can be used on teensy 3.2, 3.5, 3.6, 4.0 & 4.1 for can2.0b
[SemanticCrashBucketing](https://github.com/squaresLab/SemanticCrashBucketing): Semantic Crash Bucketing
[packj](https://github.com/ossillate-inc/packj): The vetting tool 🚀 behind our large-scale security analysis platform to detect malicious/risky open-source packages
[smbd-cpuminer-infection-fix](https://github.com/Menziess/smbd-cpuminer-infection-fix): A Samba exploit turned Linux into a goldmine. Those infected by the malware would have their systems mining cryptocurrency 24/7, causing their cpu to maintain a 100% usage. My droplet was infected, these were the steps to remove the infection.
[nm_objdump](https://github.com/nasrat-v/nm_objdump): A personal implementation of GNU shell commands: nm and objdump
[blooket-hack](https://github.com/shenkeYT/blooket-hack): The original Blooket hack!
[sdwan-infiltrator](https://github.com/sdnewhop/sdwan-infiltrator): :crystal_ball: NSE script to automatically discover SD-WAN nodes
[horusec](https://github.com/ZupIT/horusec): Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.
[padre](https://github.com/glebarez/padre): Blazing fast, advanced Padding Oracle exploit
[Yalu-Jailbreak-iOS-10.2](https://github.com/GeoSn0w/Yalu-Jailbreak-iOS-10.2): My own fork of (Beta) Yalu Jailbreak for iOS 10.0 to 10.2 by @kpwn and @marcograss with custom UI and other features.
[py_webauthn](https://github.com/duo-labs/py_webauthn): Pythonic WebAuthn
[Awesome-Redteam](https://github.com/Threekiii/Awesome-Redteam): 一个红队知识仓库
[InfGather](https://github.com/donutsThatsHowWeGetAnts/InfGather): Information Gathering Scripts for Vulnerability Assessment
[endpointdiff](https://github.com/ameenmaali/endpointdiff): Wrapper around LinkFinder to quickly determine whether endpoints have been added/removed to JavaScript files.
[moonwalk](https://github.com/mufeedvh/moonwalk): Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.
[oss-backend](https://github.com/HiCooper/oss-backend): 仿写阿里云OSS,分布式对象存储OSS后端,支持 java sdk 授权访问,存储空间授权其他账户访问;技术栈:spring sercurity,mybatis, RS纠错冗余,Redis分布式锁;适用于一些严格要求内网部署的存储服务,如政府部门一些内部资料存储,同样可用于内部项目的文件存储相关的服务分离,支持sdk签发token直接与oss交互;
[azweb_decrypt](https://github.com/ol3k/azweb_decrypt): Paywall Issue: The provider leaks sensitive data like password, IV and salt which are used for encryption and can be used to decrypt the articles.
[RedTeam_Bypass-Detections](https://github.com/Truvis/RedTeam_Bypass-Detections): Collections of way to evade normal detection events.
[file-identifier](https://github.com/Ricky-001/file-identifier): A simple CLI Tool scripted in Python to check for File types based on MIME types and then comparing them with the extensions.
[SoulTaker-Multitool](https://github.com/Xooppp/SoulTaker-Multitool): SoulTaker is a Open-Source MultiTool written by myself, contains a lot of things such as a phone spoofer, ip lookup, dox tool etc.
[Web-Security-Learning](https://github.com/CHYbeta/Web-Security-Learning): Web-Security-Learning
[Life-Hacks](https://github.com/haxonic-com/Life-Hacks): Few tools and cheat sheets, maybe useful for penetration testers and hackers while solving CTFs.
[Cov-ComSec.github.io](https://github.com/Cov-ComSec/Cov-ComSec.github.io): The official site for Coventry's Ethical Hacking Computer Security Society (ComSec), find our latest presentations, videos & announcements!
[websy](https://github.com/0xrishabh/websy): Keep track of changes in website with WEBSY
[is_my_password_pwned](https://github.com/kevin-hanselman/is_my_password_pwned): How often does your password appear in the Pwned Passwords database? Uses the k-anonymity API.
[Router-hacker-Exploit-and-extract-user-and-password-](https://github.com/johnoseni1/Router-hacker-Exploit-and-extract-user-and-password-): This is a python wifi (router) hacker , having ability to search for mikrotic devices around you and get their <MAC> address then extract their user and password
[kubescape](https://github.com/armosec/kubescape): Kubescape is a K8s open-source tool providing a multi-cloud K8s single pane of glass, including risk analysis, security compliance, RBAC visualizer and image vulnerabilities scanning.
[dref](https://github.com/FSecureLABS/dref): DNS Rebinding Exploitation Framework
[Encrypted_Traffic_Classification](https://github.com/qa276390/Encrypted_Traffic_Classification): using deep learning to classify the encrypted network traffic
[zap2docker-auth-weekly](https://github.com/ICTU/zap2docker-auth-weekly): Zap baseline scanner in Docker with authentication
[certspotter](https://github.com/SSLMate/certspotter): Certificate Transparency Log Monitor
[dnsmon-go](https://github.com/jonpulsifer/dnsmon-go): A golang DNS monitor inspired by https://github.com/gamelinux/passivedns
[cybersec-writeups](https://github.com/0xShad3/cybersec-writeups): That's a repo where I'll upload writeups for different topics related to cybersecurity.
[CVE-2018-19131](https://github.com/JonathanWilbur/CVE-2018-19131): Proof-of-Concept exploit of CVE-2018-19131: Squid Proxy XSS via X.509 Certificate
[HackInBo](https://github.com/drego85/HackInBo): Official Collection of Slides and Programs of HackInBo
[Dorkscan-Project](https://github.com/SivertPL/Dorkscan-Project): A new, better approach at dork scanning
[linkedin-employee-scraper](https://github.com/ChrisAD/linkedin-employee-scraper): Extract all employees from LinkedIn. Especially useful for companies with thousands of employees.
[MikrotikSploit](https://github.com/0x802/MikrotikSploit): MikrotikSploit is a script that searches for and exploits Mikrotik network vulnerabilities
[Kh0p3sh](https://github.com/Akshay-Rohatgi/Kh0p3sh): :lock: Python tool for vulnerability assessment and persistence.
[diffy](https://github.com/Netflix-Skunkworks/diffy): Diffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.
[csn09112](https://github.com/billbuchanan/csn09112): CSN09112 Module
[CVE-2019-9810](https://github.com/0vercl0k/CVE-2019-9810): Exploit for CVE-2019-9810 Firefox on Windows 64-bit.
[awesome-reference](https://github.com/agussetyar/awesome-reference): Reference list of useful links to learn about programming, networking, hacking, cybersecurity, ctf, bounty bug write-up, and more
[sunlogin-exp-gui](https://github.com/theLSA/sunlogin-exp-gui): GUI版向日葵RCE漏洞利用工具 / GUI version of sunlogin exploit tool
[cargo-crev](https://github.com/crev-dev/cargo-crev): A cryptographically verifiable code review system for the cargo (Rust) package manager.
[API-SecurityEmpire](https://github.com/Cyber-Guy1/API-SecurityEmpire): API Security Project aims to present unique attack & defense methods in API Security field
[PandwaRF](https://github.com/ComThings/PandwaRF): PandwaRF: RF analysis tool with a sub-1 GHz wireless transceiver controlled by a smartphone or
[csp-builder](https://github.com/paragonie/csp-builder): Build Content-Security-Policy headers from a JSON file (or build them programmatically)
[CryptDown](https://github.com/ikkez/CryptDown): client-side AES-encrypted Markdown pastebin clone
[nothing-private](https://github.com/gautamkrishnar/nothing-private): Do you think you are safe using private browsing or incognito mode?. :smile: :imp: This will prove that you're wrong.
[2fa.day](https://github.com/intosec-nl/2fa.day): It's World 2FA Day on 2 FebuAry!
[31-days-of-API-Security-Tips](https://github.com/inonshk/31-days-of-API-Security-Tips): This challenge is Inon Shkedy's 31 days API Security Tips.
[win10pro](https://github.com/Divinemonk/win10pro): Active " Windows 10 Professional " with our Activation Script for Free
[PHP-Auth](https://github.com/delight-im/PHP-Auth): Authentication for PHP. Simple, lightweight and secure.
[kalimux](https://github.com/noob-hackers/kalimux): Install And Use Kali Linux With Gui In Termux
[PasswordPusher](https://github.com/pglombardo/PasswordPusher): 🔐 A dead-simple application to securely communicate passwords over the web. Passwords automatically expire after a certain number of views and/or time has passed.
[Shellcode-Minidumpwritedump](https://github.com/0xFenrik/Shellcode-Minidumpwritedump): Shellcode for creating a minidump file of the lsass.exe process.
[test-your-sysadmin-skills](https://github.com/trimstray/test-your-sysadmin-skills): A collection of Linux Sysadmin Test Questions and Answers. Test your knowledge and skills in different fields with these Q/A.
[Metaforge](https://github.com/chriswmorris/Metaforge): An OSINT Metadata analyzing tool that filters through tags and creates reports
[cloud-lusat](https://github.com/cloud-sniper/cloud-lusat): Cloud Internal Threat Intelligence Feeds, Inventory and Compliance Data Collection
[onifw](https://github.com/w0bos/onifw): onifw is a console framework for pentesting
[warsend](https://github.com/thewhiteh4t/warsend): Apache Tomcat Manager API WAR Shell Upload
[DAws](https://github.com/dotcppfile/DAws): Advanced Web Shell
[edb-49263-fixed](https://github.com/xenophil90/edb-49263-fixed): Fixed version of the Python script to exploit CVE-2018-19571 and CVE-2018-19585 (GitLab 11.4.7 - Authenticated Remote Code Execution) that is available at https://www.exploit-db.com/exploits/49263 (Python 3.9).
[K8CScan](https://github.com/k8gege/K8CScan): K8Cscan大型内网渗透自定义插件化扫描神器,包含信息收集、网络资产、漏洞扫描、密码爆破、漏洞利用,程序采用多线程批量扫描大型内网多个IP段C段主机,目前插件包含: C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆破、Oracle密码爆破、MSSQL密码爆破、Windows/Linux系统密码爆破、存活主机扫描、端口扫描、Web信息探测、操作系统版本探测、Cisco思科设备扫描等,支持调用任意外部程序或脚本,支持Cobalt Strike联动
[Resources-for-learning](https://github.com/APT-0/Resources-for-learning): l
[awesome-appsec](https://github.com/paragonie/awesome-appsec): A curated list of resources for learning about application security
[smart-url-fuzzer](https://github.com/avilum/smart-url-fuzzer): Explore URLs of domains fast and efficiently using fuzzing techniques
[tag2domain](https://github.com/certtools/tag2domain): A mapping project between tags (annotations, labels) and domain names
[exposed-password](https://github.com/laravel-validation-rules/exposed-password): Validate that a password hasn't been exposed in a data breach.
[polichombr](https://github.com/ANSSI-FR/polichombr): Collaborative malware analysis framework
[iot-cves](https://github.com/InesMartins31/iot-cves): IoT CVEs as abnormal events to evaluate a real-time host-based IDS. https://doi.org/10.1016/j.future.2022.03.001
[exploit-CVE-2016-9920](https://github.com/t0kx/exploit-CVE-2016-9920): Roundcube 1.0.0 <= 1.2.2 Remote Code Execution exploit and vulnerable container
[i-wish-i-were-at-defcon-25-hack-a-thon](https://github.com/john-science/i-wish-i-were-at-defcon-25-hack-a-thon): My own "I wish I were at DefCon 25" Hack-a-Thon
[nTimetools](https://github.com/limbenjamin/nTimetools): Timestomper and Timestamp checker with nanosecond accuracy for NTFS volumes
[log4shell4shell](https://github.com/suuhm/log4shell4shell): Log4shell - Multi-Toolkit. Find, Fix & Test possible CVE-2021-44228 vulneraries - provides a complete LOG4SHELL test/attack environment on shell
[ROP-B1n-3xp](https://github.com/Ja4V8s28Ck/ROP-B1n-3xp): A very less information on what I learnt about ROP for the past days
[THOTCON0xB](https://github.com/ch33r10/THOTCON0xB): THOTCON 0xB Adversary Detection Pipelines Talk on 10/8/2021 in Chicago, IL.
[sonarqube](https://github.com/dragol7/sonarqube): SonarQube PHP file example.
[evolve_cfengine_freelib](https://github.com/neilhwatson/evolve_cfengine_freelib): Evolve Thinking's free Cfengine promise library.
[karton-yaramatcher](https://github.com/CERT-Polska/karton-yaramatcher): File and analysis artifacts yara matcher for Karton framework
[nginx-tuning](https://github.com/denji/nginx-tuning): NGINX tuning for best performance
[ShowSheets](https://github.com/DBHeise/ShowSheets): A Simple CLI App to mark all EXCEL sheets visible (i.e. sets "Very Hidden" and "Hidden" to "Visible")
[iniscan](https://github.com/psecio/iniscan): A php.ini scanner for best security practices
[exploit-CVE-2019-14530](https://github.com/sec-it/exploit-CVE-2019-14530): OpenEMR < 5.0.2 - (Authenticated) Path Traversal - Local File Disclosure
[Cyder](https://github.com/palwolus/Cyder): Cyder is a Honeypot that can imitate any machines Operating System (OS) that is available in the NMAP database
[sebsd](https://github.com/TrustedBSD/sebsd): SEBSD is an experimental implementation of NSA's FLASK and Type Enforcement technologies, ported from SELinux using the TrustedBSD MAC Framework on FreeBSD 7.0.
[fuelcms-rce](https://github.com/noraj/fuelcms-rce): Fuel CMS 1.4 - Remote Code Execution
[slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator): Language-agnostic SLSA provenance generation for Github Actions
[Cybernotes](https://github.com/shivam1317/Cybernotes): Collection of all My notes and CTF writeups
[shellver](https://github.com/0xR0/shellver): Reverse Shell Cheat Sheet TooL
[javascript-rat-antivirus-bypass](https://github.com/qorncat/javascript-rat-antivirus-bypass): don't use for bad matters so i blocked already, don't try :D
[Penetration_PoC](https://github.com/CnHack3r/Penetration_PoC): FROM:@Mr-xn 渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
[coreruleset](https://github.com/coreruleset/coreruleset): OWASP ModSecurity Core Rule Set (Official Repository)
[LightCosmosRat](https://github.com/robitec97/LightCosmosRat): A remote administration tool for Windows, written in C#
[wsvd-bench](https://github.com/nmsa/wsvd-bench): Benchmarking Vulnerability Detection Tools for Web Services
[ATutor-Instructor-Backup-Arbitrary-File](https://github.com/fuzzlove/ATutor-Instructor-Backup-Arbitrary-File): ATutor 2.2.4 'Backup' Remote Command Execution (CVE-2019-12170)
[BlooketUI](https://github.com/Blooketware/BlooketUI): The best Blooket Multitool out there.
[OS-CFI](https://github.com/mustakimur/OS-CFI): Origin-sensitive Control Flow Integrity (OS-CFI) - USENIX Security 2019
[Go_Learning_Repo](https://github.com/rwx-777/Go_Learning_Repo): This is my Go Learnig Repository for all fellow Go noobs. Focused on InfoSec.
[Self-XSS-Finder](https://github.com/q-analysis/Self-XSS-Finder): Finding XSS with the X-FORWARDED-FOR header
[clair-scanner](https://github.com/arminc/clair-scanner): Docker containers vulnerability scan
[pitch](https://github.com/OpenSourcePentest/pitch): The initial conversation slides and menu of scenarios
[DotUrl](https://github.com/Fergs32/DotUrl): .url | Open source URL vulnerability scanner with integrated Proxyscraper
[detectron2-dormalarm](https://github.com/DeepsMoseli/detectron2-dormalarm): I use detectron2 to demonstrate a computer vision powered dorm room security system that leverages transfer learning.
[Osintgram](https://github.com/Datalux/Osintgram): Osintgram is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname
[inspector-gadget](https://github.com/Alexandre-Bartel/inspector-gadget): Inspector-gadget (a.k.a. PSHAPE - Practical Support for Half-Automated Program Exploitation) is an open source tool which assists analysts in exploit development. It discovers gadgets, chains gadgets together, and ensures that side effects such as register dereferences do not crash the program.
[XsSCan](https://github.com/The404Hacking/XsSCan): XsSCan | Web Application XSS Scanner | Coded By Sir.4m1R [Mr.Hidden]
[security-scripts](https://github.com/PeterMosmans/security-scripts): A collection of security related Python and Bash shell scripts. Analyze hosts on generic security vulnerabilities. Wrapper around popular tools like nmap (portscanner), nikto (webscanner) and testssl.sh (SSL/TLS scanner)
[NMapGUI](https://github.com/daniel-cues/NMapGUI): Advanced Graphical User Interface for NMap
[HackingAllTheThings](https://github.com/mikaelkall/HackingAllTheThings): My documentation and tools for learn ethical hacking.
[ratchet](https://github.com/sethvargo/ratchet): A tool for securing CI/CD workflows with version pinning.
[ds3-nrssr-rce](https://github.com/tremwil/ds3-nrssr-rce): Documentation and proof of concept code for CVE-2022-24125 and CVE-2022-24126.
[AboutSecurity](https://github.com/ffffffff0x/AboutSecurity): Everything for pentest. | 用于渗透测试的 payload 和 bypass 字典.
[api-firewall](https://github.com/wallarm/api-firewall): Fast and light-weight API proxy firewall for request and response validation by OpenAPI specs.
[pyshing](https://github.com/igor-m-martins/pyshing): [Phishing Tool]
[MDPin](https://github.com/bastien8060/MDPin): MDPin is a server and a website. It contains an UI to fake a Android login screen to steal their pin code. It works via a web browser, by going into fullscreen.
[repo-supervisor](https://github.com/auth0/repo-supervisor): Scan your code for security misconfiguration, search for passwords and secrets. :mag:
[SPN-Honeypot](https://github.com/whoamins/SPN-Honeypot): Detect Kerberoasting
[BEST-HACKING-TOOLS](https://github.com/technicaldada/BEST-HACKING-TOOLS): BEST HACKING TOOLS..For more tools visit our blog for Hackers
[gex112](https://github.com/ruanpato/gex112): Segurança e auditoria de sistemas
[Sepia](https://github.com/S4kur4/Sepia): 一款集PoC批量验证和漏洞攻击的渗透测试工具
[oval-graph](https://github.com/OpenSCAP/oval-graph): Understand OVAL results in a blink of an eye
[GoFetch](https://github.com/GoFetchAD/GoFetch): GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.
[CVE-2020-10558](https://github.com/nuzzl/CVE-2020-10558): Tesla Model 3 Hack DoS Entire Touchscreen Interface CVE-2020-10558
[Owlyshield](https://github.com/SitinCloud/Owlyshield): Owlyshield is an open-source AI-driven behaviour based anti-malware engine written in Rust.
[Degate](https://github.com/DegateCommunity/Degate): A modern and open-source cross-platform software for chips reverse engineering.
[The-Hackers-Meetup-Application-Security-edition](https://github.com/nomadicmehul/The-Hackers-Meetup-Application-Security-edition): The Hacker's MeetUp is doing a Monthly Meet-Ups to provide a proper platform for the cyber security researchers as well as security enthusiast people who really inserted to learn something and take exposure of latest trends and issues in cyber security, deep dive into security domain and build a community.
[PyStat](https://github.com/roothaxor/PyStat): Advanced Netstat Using Python For Windows
[naive-hashcat](https://github.com/brannondorsey/naive-hashcat): Crack password hashes without the fuss :cat2:
[nfstream](https://github.com/nfstream/nfstream): NFStream: a Flexible Network Data Analysis Framework.
[Bludit-auth-BF-bypass](https://github.com/noraj/Bludit-auth-BF-bypass): Bludit <= 3.9.2 - Authentication Bruteforce Mitigation Bypass
[anti-quack](https://github.com/afonso-pereira/anti-quack): Anti Bad USB Shell Script
[ras-fuzzer](https://github.com/hahwul/ras-fuzzer): RAS(RAndom Subdomain) Fuzzer
[Python-random-module-cracker](https://github.com/tna0y/Python-random-module-cracker): Predict python's random module generated values.
[SeshWebsite](https://github.com/ShefESH/SeshWebsite): The website for Sheffield Ethical Student Hackers society
[XSScope](https://github.com/kleiton0x00/XSScope): XSScope is one of the most powerful and advanced GUI Framework for Modern Browser exploitation via XSS.
[hbhc](https://github.com/ASHWIN990/hbhc): HBHC is a tool writeen in Python3 for Cracking the hashes in speed, it's small and handy tools required only 2 arguments. 🏡 🍪 🔑 🔨
[Ridogram](https://github.com/iniridwanul/Ridogram): Ridogram is an advanced multi-featured Telegram UserBot.
[CVE-2018-15499](https://github.com/DownWithUp/CVE-2018-15499): PoC code for CVE-2018-15499 (exploit race condition for BSoD)
[XXE_Payload_List](https://github.com/omurugur/XXE_Payload_List): XML External Entity Vulnerability Payload List
[misp-compliance](https://github.com/MISP/misp-compliance): Legal, procedural and policies document templates for operating MISP and information sharing communities
[Website_Vulnerbility_Checker](https://github.com/harishsg99/Website_Vulnerbility_Checker): This tools helps developers to check for xss and SQL injection vulnerability in websites
[MSF-Webkit-10.3](https://github.com/MTJailed/MSF-Webkit-10.3): A metasploit module for webkit exploits and PoC's targeting devices running iOS 10+
[syswall](https://github.com/polaris64/syswall): Work in progress firewall for Linux syscalls, written in Rust
[awesome-nodejs-security](https://github.com/lirantal/awesome-nodejs-security): Awesome Node.js Security resources
[Otomasyon_Video_2_Selenium](https://github.com/acnrayd/Otomasyon_Video_2_Selenium): Selenium - Python ile Web Arayüz Otomasyonu (API ve SOAR olmayan bir ortamda), Örnek Senaryo, Firewall'dan Endpoint'e Otomatik Kural Yazma
[Phishing-Websites-Detection](https://github.com/sayakpaul/Phishing-Websites-Detection): Experiments to detect phishing websites using neural networks
[awesome-ics-writeups](https://github.com/neutrinoguy/awesome-ics-writeups): Collection of writeups on ICS/SCADA security.
[Shiro_exploit](https://github.com/insightglacier/Shiro_exploit): Apache Shiro 反序列化漏洞检测与利用工具
[Python-Shellcode-Buffer-Overflow](https://github.com/sectool/Python-Shellcode-Buffer-Overflow): Shellcode / Buffer Overflow 💣
[NERD](https://github.com/CESNET/NERD): Network Entity Reputation Database
[nessus-file-reader](https://github.com/LimberDuck/nessus-file-reader): CLI tool and python module which enables you to parse nessus scan files from Nessus and Tenable.SC by (C) Tenable, Inc.
[malware-ioc](https://github.com/prodaft/malware-ioc): This repository contains indicators of compromise (IOCs) of our various investigations.
[PayloadSiteForPenTesters](https://github.com/tobor88/PayloadSiteForPenTesters): This is a site I made for easily hosting tools and payload over apache2 on Kali Linux so they are always ready to go. These are a collection of tools that can be downloaded with a site that is browsable for GUI situations.
[pyiocutils](https://github.com/cmatthewbrooks/pyiocutils): A collection of Python utilities for use in scripts related to working with "indicators of compromise" (IOCs).
[extractTVpasswords](https://github.com/vah13/extractTVpasswords): tool to extract passwords from TeamViewer memory using Frida
[attack-stix-data](https://github.com/mitre-attack/attack-stix-data): STIX data representing MITRE ATT&CK
[meltdown-c](https://github.com/Rambou/meltdown-c): Fork of saneki repository which is a port of Kao's delphi tool in C.
[onelinepy](https://github.com/spicesouls/onelinepy): Python Obfuscator to generate One-Liners and FUD Payloads.
[zauth](https://github.com/RijulGulati/zauth): 2FA (Two-Factor Authentication) application for CLI terminal with support to import/export andOTP files.
[Ecommerce-Website-Security-CheckList](https://github.com/IamHDT/Ecommerce-Website-Security-CheckList): List of considerations for commerce site auditing and security teams. This is summary of action points and areas that need to be built into the Techinical Specific Document, or will be checked in the Security testing phases.
[h-encore-2](https://github.com/TheOfficialFloW/h-encore-2): Fully chained kernel exploit for the PS Vita on firmwares 3.65-3.74
[openvas-docker](https://github.com/mikesplain/openvas-docker): A Docker container for Openvas
[Safiler](https://github.com/Bo0oM/Safiler): Safari local file reader
[Malicious-URL-Detection](https://github.com/vinayakumarr/Malicious-URL-Detection): Malicious URL Detection using classical machine learning and deep learning
[TMOHS1-Root-Utility](https://github.com/natthawk/TMOHS1-Root-Utility): An interactive python script that enables root access on the T-Mobile (Wingtech) TMOHS1, as well as providing several useful utilites to change the configuration of the device.
[process_injector](https://github.com/kushvaibhav/process_injector)
[CloudPeler](https://github.com/zidansec/CloudPeler): CrimeFlare is a useful tool for bypassing websites protected by CloudFlare WAF, with this tool you can easily see the real IP of websites that have been protected by CloudFlare. The resulting information is certainly very useful for conducting further penetration testing, and analyzing websites with the same server.
[Instagram-h4cknew](https://github.com/ahmadchen/Instagram-h4cknew): How To Hacking Instagram ? Tutorial In Down 😷😎 Follow Me
[CVE-2022-30781](https://github.com/wuhan005/CVE-2022-30781): 🍵 Gitea repository migration remote command execution exploit.
[netpwn](https://github.com/3XPL017/netpwn): Tool made to automate tasks of pentesting.
[UAC_Exploit](https://github.com/0xyg3n/UAC_Exploit): Escalate as Administrator bypassing the UAC affecting administrator accounts only.
[xpid](https://github.com/kris-nova/xpid): Linux Process Discovery. C Library, Go bindings, Runtime.
[Blockchain_for_user_auth](https://github.com/rahul2227/Blockchain_for_user_auth): It is a project with an idea o using block chain for user authentication in various scenarios
[webanalyze](https://github.com/rverton/webanalyze): Port of Wappalyzer (uncovers technologies used on websites) to automate mass scanning.
[dictionary-attack](https://github.com/mustafadalga/dictionary-attack): Bir hedef web sitesi veya ip adresine giriş için sözlük saldırısı yapan bir script.
[graph-onelogin](https://github.com/JupiterOne/graph-onelogin): A graph conversion tool for https://www.onelogin.com
[Umbraco-RCE](https://github.com/noraj/Umbraco-RCE): Umbraco CMS 7.12.4 - (Authenticated) Remote Code Execution
[Awesome-Baseband](https://github.com/R3dFruitRollUp/Awesome-Baseband): Awesome list for baseband modem resources.
[vaf](https://github.com/d4rckh/vaf): Vaf is a cross-platform very advanced and fast web fuzzer written in nim
[CRAXplusplus](https://github.com/SQLab/CRAXplusplus): The exploit generator CRAX++ is CRAX with x86_64 ROP techniques, s2e 2.0 upgrade, code selection, I/O states, dynamic ROP, and more!
[red_team_attack_lab](https://github.com/Marshall-Hallenbeck/red_team_attack_lab): Red Team Attack Lab for TTP testing & research
[CVE-2017-8759](https://github.com/JonasUliana/CVE-2017-8759): Simple C# implementation of CVE-2017-8759
[lapPI](https://github.com/raflisboa/lapPI): A low-coast Laptop project based on Raspberry Pi Zero W.
[gef-legacy](https://github.com/hugsy/gef-legacy): Legacy version of GEF running for GDB+Python2
[lavymaria.github.io](https://github.com/lavymaria/lavymaria.github.io)
[arm_exploit](https://github.com/w0lfzhang/arm_exploit)
[casper-fs](https://github.com/CoolerVoid/casper-fs): Casper-fs is a Custom Hidden Linux Kernel Module generator. Each module works in the file system to protect and hide secret files.
[mitrecnd.github.io](https://github.com/MITRECND/mitrecnd.github.io): MITRE Shield website
[envkey-ruby](https://github.com/envkey/envkey-ruby): EnvKey's official Ruby client library
[sniff-probes](https://github.com/brannondorsey/sniff-probes): Plug-and-play bash script for sniffing 802.11 probes requests :nose:
[domfind](https://github.com/diogo-fernan/domfind): A Python DNS crawler to find identical domain names under different TLDs.
[OllyDbg-Scripts](https://github.com/ThomasThelen/OllyDbg-Scripts): Unpacking scripts for Ollydbg.
[swap_digger](https://github.com/sevagas/swap_digger): swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.
[OSweep](https://github.com/ecstatic-nobel/OSweep): Don't Just Search OSINT. Sweep It.
[maalik](https://github.com/quantumcore/maalik): Feature-rich Post Exploitation Framework with Network Pivoting capabilities.
[CVE-2022-0337-PoC-Google-Chrome-Microsoft-Edge-Opera](https://github.com/Puliczek/CVE-2022-0337-PoC-Google-Chrome-Microsoft-Edge-Opera): 🎩 🤟🏻 [P1-$10,000] Google Chrome, Microsoft Edge and Opera - vulnerability reported by Maciej Pulikowski - System environment variables leak - CVE-2022-0337
[CVE-2018-19788](https://github.com/d4gh0s7/CVE-2018-19788): Ansible role to check the vulnerability tracked as CVE-2018-19788, impacts PolicyKit version 0.115 which comes pre-installed on a wide range of Linux distributions
[OpenVehicleDiag](https://github.com/rnd-ash/OpenVehicleDiag): A rust based cross-platform ECU diagnostics and car hacking application, utilizing the passthru protocol
[Recon-X](https://github.com/Yashvendra/Recon-X): Advanced Reconnaissance tool to enumerate attacking surface of the target.
[fingerlib](https://github.com/Xisabla/fingerlib): HTTP Fingerprint generation library in C++
[CVE-2018-20343](https://github.com/Alexandre-Bartel/CVE-2018-20343): PoC for CVE-2018-20343
[DefaultCreds-cheat-sheet](https://github.com/ihebski/DefaultCreds-cheat-sheet): One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
[rajappan](https://github.com/kaiiyer/rajappan): An All in one Project for Digital Privacy. A step towards a PRIVATE FUTURE
[cve-2019-11447](https://github.com/thewhiteh4t/cve-2019-11447): CutePHP Cute News 2.1.2 RCE PoC
[BetterBackdoor](https://github.com/thatcherclough/BetterBackdoor): A backdoor with a multitude of features.
[awesome-ddos-tools](https://github.com/theodorecooper/awesome-ddos-tools): Collection of several DDos tools.
[squatm3](https://github.com/david3107/squatm3): Squatm3 is a python tool designed to enumerate available domains generated modifying the original domain name through different techniques
[clair-openshift](https://github.com/arocki7/clair-openshift): Openshift template for Clair (Docker vulnerability Scanner)
[IoT-PT](https://github.com/IoT-PTv/IoT-PT): A Virtual environment for Pentesting IoT Devices
[gh-dork](https://github.com/molly/gh-dork): Github dorking tool
[CVE-2018-18852](https://github.com/hook-s3c/CVE-2018-18852): CERIO RCE CVE-2018-18852, authenticated (vendor defaults) web-based RCE as root user.
[log4j_mass_scanner](https://github.com/srhercules/log4j_mass_scanner): Automated scan thousands hosts in your Active Directory domain in minutes, for Log4j vulnerabilities with multithreading mass scanner and detailed report.
[CVE-2018-15961](https://github.com/vah13/CVE-2018-15961): Unrestricted file upload in Adobe ColdFusion
[insiders](https://github.com/trickest/insiders): Archive of Potential Insider Threats
[CTFd](https://github.com/CTFd/CTFd): CTFs as you need them
[iamzero](https://github.com/common-fate/iamzero): Identity & Access Management simplified and secure.
[leaky_diode](https://github.com/secnot/leaky_diode): Leaky diode is a data exfiltration test tool for data diodes.
[phishalytics](https://github.com/sjbell/phishalytics): Measurement system I built during my PhD to collect and analyse large-scale datasets; including phishing and malware attacks on Twitter, blacklist characterisation, and phishing detection capabilities of web browsers.
[honeycomb_plugins](https://github.com/Cymmetria/honeycomb_plugins): The plugin repository for Honeycomb, the honeypot framework by Cymmetria
[FlipKart-Grid-Information-Security](https://github.com/Sanchit611/FlipKart-Grid-Information-Security): Flipkart Grid 4.0 Submission for Information Security Challenge
[CiscoRV320Dump](https://github.com/0x27/CiscoRV320Dump): CVE-2019-1652 /CVE-2019-1653 Exploits For Dumping Cisco RV320 Configurations & Debugging Data AND Remote Root Exploit!
[notruler](https://github.com/sensepost/notruler): The opposite of Ruler, provides blue teams with the ability to detect Ruler usage against Exchange.
[remediar](https://github.com/fabaff/remediar): Remediar is an issue and vulnerability tracker framework
[CVE-2020-27976](https://github.com/k0rnh0li0/CVE-2020-27976): osCommerce Phoenix CE <=1.0.5.4 Authenticated RCE
[eslint-plugin-no-secrets](https://github.com/nickdeis/eslint-plugin-no-secrets): An eslint plugin to find strings that might be secrets/credentials
[OSCP-Cheat-Sheet](https://github.com/akenofu/OSCP-Cheat-Sheet): This is my OSCP cheat sheet made by combining a lot of different resources online with a little bit of tweaking. I used this cheat sheet during my exam (Fri, 13 Sep 2019) and during the labs. I can proudly say it helped me pass so I hope it can help you as well ! Good Luck and Try Harder
[security-bugtracker](https://github.com/designsecurity/security-bugtracker): Run security test tools and track bugs easily
[dnsmap](https://github.com/resurrecting-open-source-projects/dnsmap): Scan for subdomains using bruteforcing techniques
[zombie-system-demo](https://github.com/rc4ne/zombie-system-demo): A simple setup that demonstrates concept of zombie computer and using it for dos.
[SocialPwned](https://github.com/MrTuxx/SocialPwned): SocialPwned is an OSINT tool that allows to get the emails, from a target, published in social networks such as Instagram, Linkedin and Twitter to find possible credentials leaks in PwnDB or Dehashed and obtain Google account information via GHunt.
[gnuradio](https://github.com/gnuradio/gnuradio): GNU Radio – the Free and Open Software Radio Ecosystem
[awesome-rails-security](https://github.com/0xedward/awesome-rails-security): A curated list of security resources for a Ruby on Rails application
[libdiffuzz](https://github.com/Shnatsel/libdiffuzz): Custom memory allocator that helps discover reads from uninitialized memory
[killshot](https://github.com/bahaabdelwahed/killshot): A Penetration Testing Framework, Information gathering tool & Website Vulnerability Scanner
[AVMP](https://github.com/RackReaver/AVMP): A collection of tools for managing and automating vulnerability management.
[execution-trace-viewer](https://github.com/teemu-l/execution-trace-viewer): Tool for viewing and analyzing execution traces
[Cyber-Playbook](https://github.com/rowland007/Cyber-Playbook): Playbooks are used by cybersecurity professionals to store or encapsulate knowledge on cybersecurity topics and tactics. I will use these again and again in the field to deal with situations as they arise. The idea is that I don’t want to wait until a challenging situation arises to have a plan; I want to already have potential mitigation strategies in my playbook that can help kickstart my process toward finding solutions.
[canary](https://github.com/psecio/canary): Canary: Input Detection and Response
[rotacsufbo](https://github.com/itemic/rotacsufbo): did u know the name of the repo is obfuscator backwards?
[BCA-Phantom](https://github.com/EONRaider/BCA-Phantom): A multi-platform HTTP(S) Reverse Shell Server and Client in Python 3
[Return-into-libc](https://github.com/Vilquid/Return-into-libc): Attaque informatique par un dépassement de tampon dans lequel l'adresse de retour dans la pile est remplacée par l'adresse d'une autre fonction et une seconde partie de la pile est modifiée pour fournir les paramètres à cette fonction.
[goMS17-010](https://github.com/jflyup/goMS17-010): Simple program for detecting if host(s) are vulnerable to SMB exploit(MS17-010)
[security-txt](https://github.com/securitytxt/security-txt): A proposed standard that allows websites to define security policies.
[loopback4-ratelimiter](https://github.com/sourcefuse/loopback4-ratelimiter): A rate limiting extension for loopback4 applications
[Quasar](https://github.com/quasar/Quasar): Remote Administration Tool for Windows
[CVE-2019-1476](https://github.com/sgabe/CVE-2019-1476): AppXSvc Arbitrary File Overwrite DoS
[My_Secured_Memo](https://github.com/Khushik514/My_Secured_Memo): An android application that allows you to secure your notes with the highest level of security ,i.e., Fingerprint. Only the people with their fingerprints in the system can access, edit, delete or share the notes. It has dark theme as well!
[linux-kernel-exploits](https://github.com/SecWiki/linux-kernel-exploits): linux-kernel-exploits Linux平台提权漏洞集合
[QuadCore-Web-SQLi-Injecter-DB-Dumper](https://github.com/quadcoreside/QuadCore-Web-SQLi-Injecter-DB-Dumper): WEB SQLi Injection DB Dumper DATA Hacking Tool
[cve-2019-1003000-jenkins-rce-poc](https://github.com/adamyordan/cve-2019-1003000-jenkins-rce-poc): Jenkins RCE Proof-of-Concept: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative)
[android-zoo](https://github.com/murksombra/android-zoo): A collection of proof of concepts of android malwares. For educational purposes only.
[CVE-2021-31166-Exploit](https://github.com/y0g3sh-99/CVE-2021-31166-Exploit): Exploit for MS Http Protocol Stack RCE vulnerability (CVE-2021-31166)
[InfosecHouse](https://github.com/InfosecHouse/InfosecHouse): Infosec resource center for offensive and defensive security operations.
[gsvsoc_mission-model](https://github.com/guardsight/gsvsoc_mission-model): Incident Response Report Using GitHub-Sphinx
[CVE-2018-16711](https://github.com/DownWithUp/CVE-2018-16711): PoC code for CVE-2018-16711 (exploit by wrmsr)
[m3n0sd0n4ld.github.io](https://github.com/m3n0sd0n4ld/m3n0sd0n4ld.github.io): Resource where I will be posting #HTB, #THM, #VulnHub and others, scripts, exploits, personal articles or talks I have participated in security conferences.
[client-python](https://github.com/OpenCTI-Platform/client-python): OpenCTI Python Client
[aqua-helm](https://github.com/aquasecurity/aqua-helm): Helm Charts For Installing Aqua Security Components
[PivotSuite](https://github.com/RedTeamOperations/PivotSuite): Network Pivoting Toolkit
[cloudrasp-log4j2](https://github.com/boundaryx/cloudrasp-log4j2): 一个针对防御 log4j2 CVE-2021-44228 漏洞的 RASP 工具。 A Runtime Application Self-Protection module specifically designed for log4j2 RCE (CVE-2021-44228) defense.
[RedTeamTools](https://github.com/lengjibo/RedTeamTools): 记录自己编写、修改的部分工具
[subzy](https://github.com/LukaSikic/subzy): Subdomain takeover vulnerability checker
[torDDoS](https://github.com/r3nt0n/torDDoS): Automate tool DDoS Attack over Tor Network
[otax](https://github.com/0x44F/otax): "Otax", a popularized shitty discord zero-day exploit. A bullshit writeup on it was released by a larper called HellSec.
[tempesta](https://github.com/tempesta-tech/tempesta): All-in-one solution for high performance web content delivery and advanced protection against DDoS and web attacks
[Threat-Hunting-and-Detection](https://github.com/Cyb3r-Monk/Threat-Hunting-and-Detection): Repository for threat hunting and detection queries, tools, etc.
[cameradar](https://github.com/Ullaakut/cameradar): Cameradar hacks its way into RTSP videosurveillance cameras
[cfltools](https://github.com/bradley-evans/cfltools): A logfile analysis tool for cyberforensics investigators.
[ruby-ann-webattack-filtering](https://github.com/bararchy/ruby-ann-webattack-filtering): A project to filter SQL Injection and XSS attacks using ANN -- in Ruby
[AFL_DataSets](https://github.com/cloudsriseup/AFL_DataSets): A work in progress repository for curated and created AFL-enabled fuzzing datasets for various programs, protocols, and file formats.
[vuldash](https://github.com/talsoft/vuldash): Vulnerability Dashboard
[LinuxPatchChecker](https://github.com/b3b0/LinuxPatchChecker): 🐧🎛️ Can be used for anything really though! Don't be evil! Pure python, OS-agnostic.
[CounterAttack](https://github.com/0x61656c/CounterAttack): Destroy account scammers with this one neat trick! This Python Script will help you shut down phishermen with ease.
[DoubleStar](https://github.com/forrest-orr/DoubleStar): A personalized/enhanced re-creation of the Darkhotel "Double Star" APT exploit chain with a focus on Windows 8.1 and mixed with some of my own techniques
[recaptcha](https://github.com/c181/recaptcha): CakePHP 3 reCaptcha Plugin
[hackingtool](https://github.com/Z4nzu/hackingtool): ALL IN ONE Hacking Tool For Hackers
[OPCDE](https://github.com/msuiche/OPCDE): OPCDE Cybersecurity Conference Materials
[SolarPuttyDecrypt](https://github.com/VoidSec/SolarPuttyDecrypt): A post-exploitation tool to decrypt SolarPutty's sessions files
[hakrawler](https://github.com/hakluke/hakrawler): Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application
[Set-UID-Vuln](https://github.com/roflcer/Set-UID-Vuln): Set-UID is an important security mechanism in Unix operating systems. When a Set-UID program is run, it assumes the owner’s privileges. For example, if the program’s owner is root, then when anyone runs this program, the program gains the root’s privileges during its execution. Set-UID allows us to do many interesting things, but unfortunately, it is also the culprit of many bad things. Therefore, the objective of this lab is two-fold: (1) Appreciate its good side: understand why Set-UID is needed and how it is implemented. (2) Be aware of its bad side: understand its potential security problems.
[nowsecure-action](https://github.com/nowsecure/nowsecure-action): The NowSecure Action delivers fast, accurate, automated security analysis of iOS and Android apps coded in any language
[LanguageBackdoors](https://github.com/K2/LanguageBackdoors): Compiler exploits and exploitable non-obvious source code back doors.
[httprecon-nse](https://github.com/scipag/httprecon-nse): Advanced web server fingerprinting for Nmap
[wordlist-generator](https://github.com/J4NN0/wordlist-generator): Generate customised wordlist for penetration testing practice (e.g. brute force attack, dictionary attack, etc.).
[RDDoS_Tool](https://github.com/Red-company/RDDoS_Tool): 🔫 Red DDoS Tool is -THE BEST- tool for DDoS attacks.
[Vulnerous](https://github.com/ScorchingShade/Vulnerous): A vulnerability and network analysis tool with many additional features!
[cybersecurity-exploit-development](https://github.com/paulveillard/cybersecurity-exploit-development): An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about Exploit Development.
[scirius](https://github.com/StamusNetworks/scirius): Scirius is a web application for Suricata ruleset management and threat hunting.
[kicks3](https://github.com/abuvanth/kicks3): S3 bucket finder from html,js and bucket misconfiguration testing tool
[SecCrawler](https://github.com/Le0nsec/SecCrawler): 一个方便安全研究人员获取每日安全日报的爬虫和推送程序,目前爬取范围包括先知社区、安全客、Seebug Paper、跳跳糖、奇安信攻防社区、棱角社区以及绿盟、腾讯玄武、天融信、360等实验室博客,持续更新中。
[goaltdns](https://github.com/subfinder/goaltdns): A permutation generation tool written in golang
[awesome-checker-services](https://github.com/Brunty/awesome-checker-services): ✅ List of links to the various checkers out there on the web for sites, domains, security etc.
[macos-scripts](https://github.com/0xmachos/macos-scripts): Various scripts for macOS tasks
[Awesome-hacking-tools](https://github.com/awake1t/Awesome-hacking-tools): 收集网上好用、实用的红蓝对抗武器。从资产扫描、泄漏扫描、信息收集、漏洞扫描、SRC批量挖掘、内网渗透、应急响应等等工具。 大部分我都用过、部分会写上自己的感想与建议,希望对你有帮助
[tutsplus-android-o-sms-token](https://github.com/chikecodes/tutsplus-android-o-sms-token): My Tuts+ tutorial about using Android O's SMS Token
[Open-Source-Lua-Wrapper](https://github.com/milkteaaa/Open-Source-Lua-Wrapper): Free open-source Lua wrapper for ROBLOX
[weird_proxies](https://github.com/GrrrDog/weird_proxies): Reverse proxies cheatsheet
[data_obfuscation](https://github.com/biniamf/data_obfuscation): Data Obfuscation for C/C++ Code Based on Residue Number Coding (RNC)
[CVE-2018-16713](https://github.com/DownWithUp/CVE-2018-16713): PoC code for CVE-2018-16713 (exploit by rdmsr)
[Librefox](https://github.com/intika/Librefox): Librefox: Firefox with privacy enhancements
[mqtts](https://github.com/SPuerBRead/mqtts): MQTT安全测试工具 (MQTT Security Tools)
[VolumEraser](https://github.com/schefa/VolumEraser): Securely erases all data from a disk (USB Drive, SD Card etc.) based on the U.S. Department of Defense's standard 'National Industrial Security Program Operating Manual' (US DoD 5220.22-M ECE)
[windows-kernel-exploits](https://github.com/SecWiki/windows-kernel-exploits): windows-kernel-exploits Windows平台提权漏洞集合
[netsec-ps-scripts](https://github.com/thom-s/netsec-ps-scripts): Collection of PowerShell network security scripts for system administrators.
[Hacking-Tools-Pack](https://github.com/Interpreter-THOR/Hacking-Tools-Pack): Trojan Rat Builder(310), Ransomware Builder(17), Crypter(72), Miner(9), Worm(8), Botnet(25), Virus Builder(9), Binder(25), Exploit(7), Keylogger & Stealer(40), Proxy Tool(9), Spoofer(11),Fake program & Sample Virus(64),Other & Tools(16). Around 𝟔𝟑𝟎 tools, that you can use for Hacking.
[BrokenSMTP](https://github.com/mrlew1s/BrokenSMTP): Small python script to look for common vulnerabilities on SMTP server.
[vimana-framework](https://github.com/s4dhulabs/vimana-framework): Vimana is an experimental security framework that aims to provide resources for auditing Python web applications.
[pyyso](https://github.com/cokeBeer/pyyso): pyyso is a Python package that generate java serialized poc. Including CommonsCollections1-7, JDK7u21, JDK8u20, ldap for jndi, shiro-550, CommonsBeanutils1 no cc, JRMPClient, high version JDK Bypass, Fake MySQL for JDBC attack
[awesome-ethereum-security](https://github.com/crytic/awesome-ethereum-security): A curated list of awesome Ethereum security references
[cmd32](https://github.com/szybnev/cmd32): Fork of https://github.com/klinix5/InstallerFileTakeOver
[antisamy](https://github.com/nahsra/antisamy): a library for performing fast, configurable cleansing of HTML coming from untrusted sources
[Burp-Addons](https://github.com/SofianeHamlaoui/Burp-Addons): Burp-Addons : Some of Burp Addons I use ( Mindak ak fahem )
[articles-translator](https://github.com/madneal/articles-translator): :books:Translate the distinct technical blogs. Please star or watch. Welcome to join me.
[IoT-vulhub](https://github.com/VulnTotal-Team/IoT-vulhub): IoT固件漏洞复现环境
[krackattack-all-zero-tk-key](https://github.com/lucascouto/krackattack-all-zero-tk-key): This code has base on a code made by Mathy Vanhoef (https://github.com/vanhoefm/krackattacks-poc-zerokey). Please, take a look on README.md. Enjoy!
[xforwardy](https://github.com/roottusk/xforwardy): Host Header Injection Scanner
[Privilege-Escalation-For-Linux](https://github.com/Somchandra17/Privilege-Escalation-For-Linux): Bypass security restrictions in misconfigured systems.
[PowerExfil](https://github.com/1N3/PowerExfil): A collection of data exfiltration scripts for Red Team assessments.
[vsftpd-2.3.4-vulnerable](https://github.com/vitalyford/vsftpd-2.3.4-vulnerable): This repo spins up vulnerable vsftpd-2.3.4 containers that can be used in security courses
[Autoban](https://github.com/werp420/Autoban): Det i har ventet på ;) | autobanner via mysql.
[MicroservicesSecurity](https://github.com/dev-hernandez2/MicroservicesSecurity): Udacity Cloud Native Architect Nanodegree project 4
[ropoly](https://github.com/polyverse/ropoly): ROP-Tool HTTP Server
[nvtscript](https://github.com/Clivebi/nvtscript): the openVAS converted script for nvtengine
[chepy](https://github.com/securisec/chepy): Chepy is a python lib/cli equivalent of the awesome CyberChef tool.
[hackercouch](https://github.com/hackercouch/hackercouch): Hospitality for Hackers
[Pwnagotchi-Addon-Scripts](https://github.com/rwx-777/Pwnagotchi-Addon-Scripts): These are my Scripts i use regulary for my Pwnagotchi and or other CyberSec related stuff.
[Zeus-Scanner](https://github.com/Ekultek/Zeus-Scanner): Advanced reconnaissance utility
[awesome-executable-packing](https://github.com/dhondta/awesome-executable-packing): A curated list of awesome resources related to executable packing
[Cluri7](https://github.com/pobyzaarif/Cluri7): penetration testing and security assessment
[vUte](https://github.com/okno/vUte): VeraCrypt Bruteforcer
[jenkins-shell](https://github.com/joesmithjaffa/jenkins-shell): Automating Jenkins Hacking using Shodan API
[Steal-Not-Safe](https://github.com/aleff-github/Steal-Not-Safe): Stealing a computer won't be as easy as it used to be, as long as you have Python and an internet connection.
[nginx-ultimate-bad-bot-blocker](https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker): Nginx Block Bad Bots, Spam Referrer Blocker, Vulnerability Scanners, User-Agents, Malware, Adware, Ransomware, Malicious Sites, with anti-DDOS, Wordpress Theme Detector Blocking and Fail2Ban Jail for Repeat Offenders
[ApplicationInspector](https://github.com/microsoft/ApplicationInspector): A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.
[PAKURI-THON](https://github.com/01rabbit/PAKURI-THON): PAKURI-THON is a tool that supports pentesters with various pentesting tools and C4 server (command & control and chat & communication server). PAKURI-THON can perform most of the operations with intuitive web operations and commands to chatbots.
[CVE-2020-1034](https://github.com/yardenshafir/CVE-2020-1034): PoC demonstrating the use of cve-2020-1034 for privilege escalation
[poro](https://github.com/9rnt/poro): Scan publicly accessible assets on your AWS cloud environment
[articulos](https://github.com/R3LI4NT/articulos): Artículos relacionados a la Ciberseguridad y Hacking.
[PacketMagician](https://github.com/DpoofikD/PacketMagician): Linux tool written in C++ for creating and sending fully customizable TCP, UDP or ICMP packets with payloads.
[exitmap](https://github.com/NullHypothesis/exitmap): A fast and modular scanner for Tor exit relays. The canonical repository (including issue tracker) is at https://gitlab.torproject.org/tpo/network-health/exitmap
[empty-argv-segfault-check](https://github.com/eriksjolund/empty-argv-segfault-check): Test if an executable segfaults when started with an empty argv. The script may be used as a vulnerability-scanner to find setuid executables having buggy code (but it will probably not find any direct security vulnerabilities).
[ASKT-AutoScriptKiddiesTool-](https://github.com/b3-v3r/ASKT-AutoScriptKiddiesTool-)
[asvs-checklist](https://github.com/nicoSWD/asvs-checklist): OWASP Application Security Verification Standard 4.0 Checklist
[MalwareDatabase](https://github.com/Vichingo455/MalwareDatabase): One of the few malware collection
[tarian](https://github.com/kube-tarian/tarian): Protect your Cloud Native Applications running on Kubernetes from malicious attacks with pre-registered source code, pre-registered runtime processes monitoring, automated actions based on configure-actions, analytics, alerting and also sharing detections with community. Maybe save from Ransomware. Shift-Left your threat detection. Shift Right threat elimination.
[TCPOptionsDataExfil](https://github.com/dc401/TCPOptionsDataExfil): Experimental scripts using Python 3.x and Scapy to transmit data to closed (or open) ports between hosts using only TCP Options
[CVE-2018-18714](https://github.com/DownWithUp/CVE-2018-18714): PoC Code for CVE-2018-18714 (exploit by stack overflow)
[kalitorify](https://github.com/brainfucksec/kalitorify): Transparent proxy through Tor for Kali Linux OS
[lobster-pot](https://github.com/salesforce/lobster-pot): Scans every git push to your Github organisations to find unwanted secrets.
[CITM](https://github.com/jamestiotio/CITM): Battle Cats MITM Mailbox Hack [PATCHED]
[AdvBox](https://github.com/advboxes/AdvBox): Advbox is a toolbox to generate adversarial examples that fool neural networks in PaddlePaddle、PyTorch、Caffe2、MxNet、Keras、TensorFlow and Advbox can benchmark the robustness of machine learning models. Advbox give a command line tool to generate adversarial examples with Zero-Coding.
[arbimz](https://github.com/oppsec/arbimz): 🔥 Arbimz is a python tool created to exploit the vulnerability on Zimbra assigned as CVE-2019-9670.
[Vulnerability-Wiki](https://github.com/Ranwu0/Vulnerability-Wiki): 本项目用于搜集常见漏洞EXP/POC等,注意:本项目并不刻意搜集 POC 或 EXP,包含但不限于漏洞资讯、漏洞复现、漏洞分析、漏洞验证、漏洞利用
[external-protocol-flooding](https://github.com/fingerprintjs/external-protocol-flooding): Scheme flooding vulnerability: how it works and why it is a threat to anonymous browsing
[gitGraber](https://github.com/hisxo/gitGraber): gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...
[instahack](https://github.com/evildevill/instahack): instahack is a bash & python based script which is officially made to test password strength of Instagram account from termux and kali with bruteforce attack and. it based on tor This tool works on both rooted Android device and Non-rooted Android device. Best Tool For Instagram Bruteforce hacking Tool By Waseem Akram. Made in Bash & python. This is an official repository of instahack
[gzip](https://github.com/tbela99/gzip): Optimize any Joomla website and/or turn it into a Progressive Web Application
[BTCPriceFeed](https://github.com/tls-n/BTCPriceFeed): Secure Bitcoin price feed based on TLS-N proofs.
[My-Reports](https://github.com/h0nus/My-Reports): Here I'll share my pentest's reports. Html or Pdf or just txt files;
[x41-smartcard-fuzzing](https://github.com/x41sec/x41-smartcard-fuzzing): X41 Smartcard Fuzzer
[Moodle-webshell-plugin](https://github.com/p0dalirius/Moodle-webshell-plugin): A webshell plugin and interactive shell for pentesting a Moodle instance.
[SADA](https://github.com/MTK911/SADA): SADA Webapplication Scanner
[log4py](https://github.com/dotPY-hax/log4py): pythonic pure python RCE exploit for CVE-2021-44228 log4shell
[Infosec_Reference](https://github.com/rmusser01/Infosec_Reference): An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
[Gr3eNoX](https://github.com/Black-Hell-Team/Gr3eNoX): Advanced Vulnerability Scanner Tool
[go-cves](https://github.com/cokeBeer/go-cves): 收录go语言编写的项目、框架和组件出现的cve,或者一些相关的利用方式的文章
[vulniq-security-scanner](https://github.com/vulniq/vulniq-security-scanner): VulnIQ Security Scanner, Terzi
[log4scan](https://github.com/fuji97/log4scan): A simple automatic tool for finding vulnerable log4j hosts
[OpenNetAdmin18.1.1RCE](https://github.com/d4t4s3c/OpenNetAdmin18.1.1RCE): OpenNetAdmin 18.1.1 - Exploit - Remote Code Execution (RCE)
[phishytics-machine-learning-for-phishing](https://github.com/faizann24/phishytics-machine-learning-for-phishing): Machine Learning for Phishing Website Detection
[kindle-5.6.5-jailbreak](https://github.com/sgayou/kindle-5.6.5-jailbreak): Kindle 5.6.5 exploitation tools.
[Python-Keylogger](https://github.com/ncorbuk/Python-Keylogger): Python Tutorial - || Advanced Keylogger || Code Walk-through || Hacking/Info-Sec ||
[mutillidae-docker](https://github.com/webpwnized/mutillidae-docker): OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security enthusiasts.
[NewCode](https://github.com/MitchAguilar/NewCode): New code, es un grupo especial, formado con la intención de profundizar en diferentes áreas de la programación, y el ethical hacking.
[gitls](https://github.com/hahwul/gitls): 🖇 Enumerate git repository URL from list of URL / User / Org. Friendly to pipeline
[lowendinsight](https://github.com/gtri/lowendinsight): LowEndInsight is a simple "bus-factor" risk analysis library for Open Source Software that is managed within a Git repository. Provide the git URL and the library will respond with a basic Elixir Map structure report. Critical feedback is always appreciated. Demo at https://lowendinsight.dev
[BitCoinAccountsBlanceChecker](https://github.com/MehdiTAZI/BitCoinAccountsBlanceChecker): the project generates a csv file with private and public keys with it corresponding current balance from the main bitcoin blockchain.
[malsub](https://github.com/diogo-fernan/malsub): A Python RESTful API framework for online malware analysis and threat intelligence services.
[Packer-Fuzzer](https://github.com/rtcatc/Packer-Fuzzer): Packer Fuzzer is a fast and efficient scanner for security detection of websites constructed by javascript module bundler such as Webpack.
[dDumper](https://github.com/yak0d3/dDumper): dDumper is a Drupal Vulnerability Scanner & an Auto Exploiter.
[Saker](https://github.com/LyleMi/Saker): Flexible Penetrate Testing Auxiliary Suite
[Zimbra-RCE](https://github.com/rek7/Zimbra-RCE): Zimbra RCE PoC - CVE-2019-9670 XXE/SSRF
[github-cve-monitor](https://github.com/JMousqueton/github-cve-monitor): Github action for monitoring CVE
[cybersecurity-application-security](https://github.com/paulveillard/cybersecurity-application-security): An ongoing & curated collection of awesome software practices and remediation, libraries and frameworks,payloads and techniques, best guidelines and technical resources about Application Security
[SimpleVirusWriting](https://github.com/FrancescoDiSalesGithub/SimpleVirusWriting): An example of basic virus writing in C
[GraphQLIntrospectionScanner](https://github.com/SegYT/GraphQLIntrospectionScanner): It is obvious... A GraphQL Introspection Query Scanner. If it returns code 200 with the queries, it means the server has improper access control.
[rootstealer](https://github.com/CoolerVoid/rootstealer): X11 trick to inject commands on root terminal.
[PassLock](https://github.com/TheJakov/PassLock): Aplikacija omogućuje korisniku upis željene lozinke te njeno generiranje i spremanje u hashiranom formatu.
[exploit-me](https://github.com/Silva97/exploit-me): Please, exploit me!
[hydrafw](https://github.com/hydrabus/hydrafw): HydraFW official firmware for HydraBus/HydraNFC for researcher, hackers, students, embedded software developers or anyone interested in debugging/hacking/developing/penetration testing
[hackerEnv](https://github.com/abdulr7mann/hackerEnv)
[007-TheBond](https://github.com/Deadshot0x7/007-TheBond): This Script will help you to gather information about your victim or friend.
[grapheneX](https://github.com/grapheneX/grapheneX): Automated System Hardening Framework
[autoshell](https://github.com/Russkkov/autoshell): AutoSHELL es un script para generar reverse shell, bind shell o meterpreter shell de forma automática indicando solo la dirección IP a utilizar y el puerto de escucha. También genera el código codificado en base64 o urlencode, indica la forma más óptima de poner el puerto en escucha así como tratar la TTY para que funcione correctamente
[ASM-Experiments](https://github.com/mcdulltii/ASM-Experiments): Experiments with ASM Shellcodes in C++
[grepaddr](https://github.com/Zarcolio/grepaddr): Use grepaddr to extract (grep) different kinds of addresses from stdin like URLs (incl. IPv4 & IPv6), IP addresses & ranges (IPv4 & IPv6), e-mail addresses, MAC addresses.
[wire-ios](https://github.com/wireapp/wire-ios): 📱 Wire for iOS (iPhone and iPad)
[go-sarif](https://github.com/owenrumney/go-sarif): Go library for sarif - Static Analysis Results Interchange Format
[ghostunnel](https://github.com/ghostunnel/ghostunnel): A simple SSL/TLS proxy with mutual authentication for securing non-TLS services
[CTF-Script-And-Template-Thrift-Shop](https://github.com/OlivierLaflamme/CTF-Script-And-Template-Thrift-Shop): [180+ scripts] There are a few genuine gems in there. And a lot of spaghetti code. Most of these scripts were for solving CTF's. If you googles something for a CTF and landed here look at the scripts they're all fairly malleable. Sorry for the shitty naming conventions (not really). If you are a recruiter stop. I wont be able to rewrite half this shit in a formal interview ¯\_(ツ)_/¯
[repokid](https://github.com/Netflix/repokid): AWS Least Privilege for Distributed, High-Velocity Deployment
[RaspberryPi-Packet-Sniffer](https://github.com/adityashrm21/RaspberryPi-Packet-Sniffer): An HTTP and HTTPS sniffing tool created using a Raspberry Pi
[vote-buster](https://github.com/deepsyx/vote-buster): Capcha+Email confirmation bypass script
[Taipan](https://github.com/enkomio/Taipan): Web application vulnerability scanner
[getJS](https://github.com/003random/getJS): A tool to fastly get all javascript sources/files
[Ransome-killer](https://github.com/gau820827/Ransome-killer): This is the project on ransomeware detection using machine learning.
[BoomER](https://github.com/Josue87/BoomER): Framework for exploiting local vulnerabilities
[Qu1cksc0pe](https://github.com/CYB3RMX/Qu1cksc0pe): All-in-One malware analysis tool.
[HINTS](https://github.com/rustrose/HINTS): Human Intelligence Narrowing Tool Set - An OSINT questionnaire and research structure meant to assist in organizing findings on high-level targets (Whales) scoped by clients.
[BDeath](https://github.com/aishee/BDeath): The black death backdoor/rootkits
[requests-ip-rotator](https://github.com/Ge0rg3/requests-ip-rotator): A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.
[prototipo-arq-mononitoramento](https://github.com/rmmenezes/prototipo-arq-mononitoramento): Cybersecurity monitoring architecture for industrial systems
[SSLRelay-lib](https://github.com/PinkP4nther/SSLRelay-lib): An SSL relay library for writing applications that continuously intercept network traffic and R/W before sending it upstream or downstream.
[celerystalk](https://github.com/sethsec/celerystalk): An asynchronous enumeration & vulnerability scanner. Run all the tools on all the hosts.
[SpyGen](https://github.com/HouariZegai/SpyGen): Trojan :snake: (keylogger, take screenshots, open your webcam) :unlock:
[DInvoke_rs](https://github.com/Kudaes/DInvoke_rs): Dynamically invoke arbitrary unmanaged code.
[trivy-restapi](https://github.com/pottava/trivy-restapi): A REST API server for https://github.com/knqyf263/trivy
[trollmail-detector](https://github.com/synthetic-borealis/trollmail-detector): A throwaway e-mail detection API.
[local-exploits](https://github.com/bcoles/local-exploits): Various local exploits
[gradejs](https://github.com/gradejs/gradejs): GradeJS analyzes production Webpack bundles without having access to the source code of a website. Instantly see vulnerabilities, outdated packages, and more just by entering a web application URL.
[dvs](https://github.com/dinimus/dvs): Dangerous Vulnerabilities Scanner
[python-deserialization-attack-payload-generator](https://github.com/j0lt-github/python-deserialization-attack-payload-generator): Peas create serialized payload for deserialization RCE attack on python driven applications where pickle ,pyYAML, ruamel.yaml or jsonpickle module is used for deserialization of serialized data. I will update it with more attack vectors to targets other modules.
[how2root](https://github.com/thinkycx/how2root): a collection of public root slides & WPs....
[Invoke-WinSATBypass](https://github.com/b4keSn4ke/Invoke-WinSATBypass): Powershell UAC Bypass script leveraging WinSAT.exe
[PhishingKitTracker](https://github.com/marcoramilli/PhishingKitTracker): Let's track phishing kits to give to research community raw material to study !
[cryptocat](https://github.com/cryptocat/cryptocat): Secure chat software for your computer.
[crocodilehunter](https://github.com/EFForg/crocodilehunter): Taking one back for Steve Irwin (๑•̀ㅂ•́)و
[FYP-Fuck-You-Phisher](https://github.com/mirkoviviano/FYP-Fuck-You-Phisher): I really hate phishing. With this tool you can send multiple fake emails and password to phishers. It executes HTTP POST requests on the web page you are supposed to enter your real credentials.
[smogcloud](https://github.com/BishopFox/smogcloud): Find cloud assets that no one wants exposed 🔎 ☁️
[pentest-pivoting](https://github.com/t3l3machus/pentest-pivoting): A compact guide to network pivoting for penetration testings / CTF challenges.
[Xavier-Portfolio](https://github.com/ayezaee/Xavier-Portfolio): A student leader, A self-motivated Information Technology Student-Athlete with excellent time management, oral, and written communication skills. Passionate cybersecurity enthusiast looking to learn the ins and outs of data security, protection, detection, and prevention. Projects based on my interest in the IT world. The contact information listed below here for feedback and more.
[h8mail](https://github.com/khast3x/h8mail): Email OSINT & Password breach hunting tool, locally or using premium services. Supports chasing down related email
[clair-cicd](https://github.com/simonsdave/clair-cicd): Making CoreOS' Clair easily work in CI/CD pipelines
[blackhat-python](https://github.com/solita/blackhat-python): Black Hat Python workshop for Disobey 2019
[Trapdoor](https://github.com/3CORESec/Trapdoor): Serverless honeytoken 🕵🏻♂️
[ctf-collab](https://github.com/jstrieb/ctf-collab): Collaborative programming environment inside GitHub Actions – like Google Docs for hacking
[Exploit-Development-Tools](https://github.com/mgeeky/Exploit-Development-Tools): A bunch of my exploit development helper tools, collected in one place.
[monkeyshine](https://github.com/codebox/monkeyshine): A collection of slightly evil JavaScript
[symrepl](https://github.com/agustingianni/symrepl): Symbol REPL
[ShoScan](https://github.com/pathetiq/ShoScan): Shodan Port Scanner
[SwiftGCM](https://github.com/luke-park/SwiftGCM): An implementation of Galois/Counter Mode for Swift 4.0.
[PyTools](https://github.com/bobrossrtx/PyTools): PyScanner is a quick and easy port scanning tool used for reconnaissance. A major benefit to using PyScanner is that it significantly faster than some of the other tools out there like NMAP (BUT), if you are looking for more features, NMAP, RustScan, etc, are the tools to use. Although alot of the things that Other tools can do are good, those tools are made more for deeper topics, whereas PyScanner only scans for open & closed ports ports.
[simple-security-toolkit](https://github.com/nascentxyz/simple-security-toolkit): A collection of practical security-focused guides and checklists for smart contract development
[harvardx-cs50w-web-programming](https://github.com/FrancoTr/harvardx-cs50w-web-programming): CS50's Web Programming with Python and JavaScript
[mag-vulnerability-report](https://github.com/devenes/mag-vulnerability-report): MAG Vulnerability Reporter uses Yag Mail to send report
[DexHub](https://github.com/BinaryDex/DexHub): script = ye
[fail2ban-zmq-tools](https://github.com/buanzo/fail2ban-zmq-tools): A zeromq-based fail2ban clustering solution
[ExFreePool-Vulnerability](https://github.com/Exploitables/ExFreePool-Vulnerability): My research into taking advantage of ExFreePool primitives.
[eyeRat](https://github.com/AdolfMacro/eyeRat): A tool for building remote access trojan.
[EvilToken](https://github.com/malpraku/EvilToken): Digunakan untuk membruteforce atau menebak - nebak token access login orang di Discord. Dibuat dengan alasan tertentu, pastinya :).
[data-protection-list](https://github.com/adgellida/data-protection-list): 🔒 Manual of resistance to surveillance capitalism - Based on Valentin Delacour version - https://codeberg.org/PrivacyFirst/PrivacyFirst/issues - Telegram group: - https://t.me/privacid
[CVE-2017-5123](https://github.com/c3r34lk1ll3r/CVE-2017-5123): PoC CVE-2017-5123 - LPE - Bypassing SMEP/SMAP. No KASLR
[chatter](https://github.com/visualbasic6/chatter): internet monitoring osint telegram bot for windows
[EyeJo](https://github.com/ice-doom/EyeJo): EyeJo是一款自动化资产风险评估平台,可以协助甲方安全人员或乙方安全人员对授权的资产中进行排查,快速发现存在的薄弱点和攻击面。
[htshells](https://github.com/wireghoul/htshells): Self contained htaccess shells and attacks
[Zerooo-Exploitation-Framework](https://github.com/Amzza0x00/Zerooo-Exploitation-Framework): 漏洞利用框架
[Auto-Recon](https://github.com/Knowledge-Wisdom-Understanding/Auto-Recon): Information-Gathering Shell Script
[hevd](https://github.com/hugsy/hevd): Public repository for HEVD exploits
[HelloSecurity](https://github.com/Blueberry-vignesh4303/HelloSecurity): Hello world This github i created to add about security news,articles, research papers,links ,ebooks ,torrents etc. Just use it for educational purpose only.My aim is to create worlds biggest repository of security material
[nutek-core](https://github.com/phoenix-journey/nutek-core): My own version of Kali Linux, conveniently packaged in Dockerfile
[fb-phisher-python](https://github.com/arjunindia/fb-phisher-python): A python server tool based on flask , this tool can phish some Facebook credentials!
[Scanners-Box](https://github.com/We5ter/Scanners-Box): A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑
[awesome-shodan-queries](https://github.com/jakejarvis/awesome-shodan-queries): 🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩💻
[tenda-reverse](https://github.com/latonita/tenda-reverse): Reverse engineering, getting root access to Tenda MW6 wifi mesh router
[one_gadget](https://github.com/david942j/one_gadget): The best tool for finding one gadget RCE in libc.so.6
[Coloraimbot-CSharp](https://github.com/Baseult/Coloraimbot-CSharp): A simple Coloraimbot for any Game coded in C# - with additional features
[Auditing-Cybersecurity](https://github.com/Lucho-A/Auditing-Cybersecurity): Cybersecurity framework developed in C, Ansi-style
[CVE-2021-41773_CVE-2021-42013](https://github.com/Ls4ss/CVE-2021-41773_CVE-2021-42013): Apache HTTP Server 2.4.49, 2.4.50 - Path Traversal & RCE
[CyberPunkNetrunner](https://github.com/MiChaelinzo/CyberPunkNetrunner): Cyberpunk 2077 Netrunner Hacking Tool (Easy to use and install). Don't use it on illegal and malicious activity. Inspired by the game CyberPunk 2077 https://www.cyberpunk.net/
[bypass-firewalls-by-DNS-history](https://github.com/vincentcox/bypass-firewalls-by-DNS-history): Firewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies for that domain. Handy for bugbounty hunters.
[Rapid7-Vulnerability-Management-CloudOne](https://github.com/SecurityForCloudBuilders/Rapid7-Vulnerability-Management-CloudOne): A Collection of Scripts to Interact with Vulnerability Management Solutions
[badssl.com](https://github.com/chromium/badssl.com): :lock: Memorable site for testing clients against bad SSL configs.
[linWinPwn](https://github.com/lefayjey/linWinPwn): linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks
[icgautoexploiter](https://github.com/NeloF4/icgautoexploiter): Visit
[TREVORspray](https://github.com/blacklanternsecurity/TREVORspray): TREVORspray is a modular password sprayer with threading, clever proxying, loot modules, and more!
[mac-address-changer](https://github.com/canocalir/mac-address-changer): Mac Address Changer written with Python 3.8
[pythem](https://github.com/m4n3dw0lf/pythem): pentest framework
[CORScanner](https://github.com/chenjj/CORScanner): Fast CORS misconfiguration vulnerabilities scanner🍻
[MemBi](https://github.com/hahwul/MemBi): All the members of bugbounty and infosec. If you don't know who to follow, see!
[keepassxc](https://github.com/keepassxreboot/keepassxc): KeePassXC is a cross-platform community-driven port of the Windows application “Keepass Password Safe”.
[IMAPLoginTester](https://github.com/rm1984/IMAPLoginTester): A simple Python script that reads a text file with lots of e-mails and passwords, and tries to check if those credentials are valid by trying to login on IMAP servers.
[Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution-Exploit](https://github.com/IcmpOff/Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution-Exploit): This Metasploit module exploits an unauthenticated remote code execution vulnerability which exists in Apache version 2.4.49 (CVE-2021-41773). If files outside of the document root are not protected by ‘require all denied’ and CGI has been explicitly enabled, it can be used to execute arbitrary commands. This vulnerability has been reintroduced in the Apache 2.4.50 fix (CVE-2021-42013).
[ja3transport](https://github.com/CUCyber/ja3transport): Impersonating JA3 signatures
[grab.js](https://github.com/ChiChou/grab.js): fast TCP banner grabbing with node.js
[spamx](https://github.com/noob-hackers/spamx): All In 1 Spam Tool For Termux Users Subscribe Us (Noob Hackers) some shit heads are trying to abuse this script so don't worry about them ...let them hallucinate ...but you are free to use this script
[MemLabs](https://github.com/stuxnet999/MemLabs): Educational, CTF-styled labs for individuals interested in Memory Forensics
[awesome-hacking-lists](https://github.com/taielab/awesome-hacking-lists): 平常看到好的渗透hacking工具和多领域效率工具的集合
[expdevBadChars](https://github.com/mgeeky/expdevBadChars): Bad Characters highlighter for exploit development purposes supporting multiple input formats while comparing.
[jecretz](https://github.com/sahadnk72/jecretz): Jira Secret Hunter - Helps you find credentials and sensitive contents in Jira tickets
[dorker](https://github.com/0xdln1/dorker): Better Google Dorking with Dorker.
[RTA](https://github.com/flipkart-incubator/RTA): Red team Arsenal - An intelligent scanner to detect security vulnerabilities in company's layer 7 assets.
[StormKitty](https://github.com/swagkarna/StormKitty): :key: Stealer written on C#, logs will be sent to Telegram bot.
[androbugs2](https://github.com/androbugs2/androbugs2): AndroBugs Framework is an efficient Android vulnerability scanner that helps developers or security researchers find potential security vulnerabilities in Android applications.
[Telegram-Trilateration](https://github.com/jkctech/Telegram-Trilateration): Proof of concept for abusing Telegram's "People Near Me" feature and tracking people's location
[dustcloud](https://github.com/dgiese/dustcloud): Xiaomi Smart Home Device Reverse Engineering and Hacking
[go-gtfo](https://github.com/mzfr/go-gtfo): gtfo, now with the speed of golang
[Webspoilt](https://github.com/Deadshot0x7/Webspoilt): This script will you help to find the information about the website and to help in penetrating testing
[zvs-script](https://github.com/nielsbakkers/zvs-script): Zeek Vulnerabilitie Scanner
[BMIN_GAN](https://github.com/JosephKBS/BMIN_GAN): Deep-fake medical image(X-ray) using GAN
[intrigue-core](https://github.com/intrigueio/intrigue-core): Discover Your Attack Surface!
[zap-scan](https://github.com/majidmc2/zap-scan): This script wrote with Python3 and used OWASP-ZAP APIs
[exploit-db-search](https://github.com/techgaun/exploit-db-search): Search exploit database
[mock-oauth2-server](https://github.com/navikt/mock-oauth2-server): A scriptable/customizable web server for testing HTTP clients using OAuth2/OpenID Connect or applications with a dependency to a running OAuth2 server (i.e. APIs requiring signed JWTs from a known issuer)
[ATT-CK-CN](https://github.com/lengjibo/ATT-CK-CN): ATT&CK实操
[secure-electron-template](https://github.com/reZach/secure-electron-template): The best way to build Electron apps with security in mind.
[MIDA-Multitool](https://github.com/NullArray/MIDA-Multitool): Bash script purposed for system enumeration, vulnerability identification and privilege escalation.
[Salty-API-PHP](https://github.com/Chronolabs-Cooperative/Salty-API-PHP): Blowfish Salts Repository Services API version 3.0.99
[Porunga](https://github.com/SchenLong/Porunga): Aerial platform for Recon, Intelligence and Pentesting. #R-KALI #Porunga
[CVE-2019-17240_Bludit-BF-Bypass](https://github.com/ColdFusionX/CVE-2019-17240_Bludit-BF-Bypass): Bludit <= 3.9.2 - Authentication Bruteforce Mitigation Bypass Exploit/PoC
[docker-wallarm-node](https://github.com/wallarm/docker-wallarm-node): ⚡️ Docker official image for Wallarm Node. API security platform agent.
[honeybits](https://github.com/0x4D31/honeybits): A PoC tool designed to enhance the effectiveness of your traps by spreading breadcrumbs & honeytokens across your systems to lure the attacker toward your honeypots
[SentinelAutomationModules](https://github.com/briandelmsft/SentinelAutomationModules): The Microsoft Sentinel Triage AssistanT (STAT) enables easy to create incident triage automation in Microsoft Sentinel
[TouDoum-Framework](https://github.com/TouDoum-Framework/TouDoum-Framework)
[shARP_2.0](https://github.com/europa502/shARP_2.0): shARP_2.0 is an updated version for shARP with more options for better performance.
[CodeAllTheThings](https://github.com/shabarkin/CodeAllTheThings): A list of threat sinks used in the manual security source code review for application security
[zgrab-mini](https://github.com/RickGray/zgrab-mini): Minimal version for https://github.com/zmap/zgrab.
[SKA](https://github.com/Leviathan36/SKA): Simple Karma Attack
[Drainer-Crypto-ETH-NFT](https://github.com/Web-3-0-Service/Drainer-Crypto-ETH-NFT): ALL ETH + ERC20 TOKENS + ALL NFTS DRAINER
[cyberdoor](https://github.com/AnonymousAt3/cyberdoor): Automated Payload Generator Tool
[Haimgard](https://github.com/onuratakan/Haimgard): Haimgard is an environment for writing, testing and using exploit code.
[Slient-Doc-Pdf-Exploit-Builder-Fud-Malware-Cve](https://github.com/AZMagic/Slient-Doc-Pdf-Exploit-Builder-Fud-Malware-Cve): Vulnerability Disclosure Timeline Closer inspection of the Exploit PDF content reveals the malicious link as well as the URL Download and Execute of the tool used to generate the Exploit PDF from Python encrypted code content which we also implement in couple of our builders.
[Kaminsky-s-DNS-Cache-Poisoning-Attack](https://github.com/andrewnicolalde/Kaminsky-s-DNS-Cache-Poisoning-Attack): My implementation of Kaminsky's DNS cache poisoning attack
[moodle-auth_vulnerablepassword](https://github.com/joshwillcock/moodle-auth_vulnerablepassword): This Moodle plugin attempts to check HIBP's list of exposed passwords. Enabling your learners to be informed if their password has ever been involved in a data breach.
[FireFly](https://github.com/Lexxrt/FireFly): 📱ᴘʜᴏɴᴇ ɴᴜᴍʙᴇʀ ʟᴏᴏᴋᴜᴘ📱
[MagikIndex](https://github.com/brat-volk/MagikIndex): Advanced Keylogger / Info Grabber written in C++.
[Pwn-exploits-CTF](https://github.com/aadityapurani/Pwn-exploits-CTF): Collection of exploits which I created for solving different pwn challenges during CTF's
[mytools](https://github.com/ibnusyawall/mytools)
[flake8-bandit](https://github.com/tylerwince/flake8-bandit): Automated security testing using bandit and flake8.
[HackWifi](https://github.com/Pericena/HackWifi): El programa esta desarrollado en bat y en powershell su objetivo es extraer las contraseña he información de red que tiene un pc ya sea manualmente o automáticamente Solo las contraseñas guardadas de la pc ,puedes guardar el programa en una USB y ejecutarlo de ahí mismo. o usar diversas técnicas de ingeniería social para poder obtener las claves de tus victimas.. .
[mRemoteNG-Decrypt](https://github.com/haseebT/mRemoteNG-Decrypt): Python script to decrypt passwords stored by mRemoteNG
[Codium-AntiMemoryScan-For-Native-Files-Improve-Runtime](https://github.com/CodiumAlgorithm/Codium-AntiMemoryScan-For-Native-Files-Improve-Runtime): Codium Algorithm Protector ^ Crypter
[poc_exploits](https://github.com/moehw/poc_exploits): 🕳️ Proof of Concept exploits and their descriptions for various products
[wesng-wrapper](https://github.com/Arax20/wesng-wrapper): A bash wrapper script for bitsadmin's wesng.
[BruteShark](https://github.com/odedshimon/BruteShark): Network Analysis Tool
[CVE-2019-12181](https://github.com/guywhataguy/CVE-2019-12181): LPE Exploit For CVE-2019-12181 (Serv-U FTP 15.1.6)
[owasp-java-fileio](https://github.com/augustd/owasp-java-fileio): Automatically exported from code.google.com/p/owasp-java-fileio
[dockerized-android](https://github.com/cybersecsi/dockerized-android): A container-based framework to enable the integration of mobile components in security training platforms
[gh-actions-secure-pipeline-java-demo](https://github.com/rmkanda/gh-actions-secure-pipeline-java-demo): Sample Secure Pipeline with GithHub Actions - Ideal for Open Source Projects
[PSFuzz](https://github.com/Proviesec/PSFuzz): Proviesec Fuzz Scanner - dir/path web scanner
[TheFatRat](https://github.com/screetsec/TheFatRat): Thefatrat a massive exploiting tool : Easy tool to generate backdoor and easy tool to post exploitation attack like browser attack and etc . This tool compiles a malware with popular payload and then the compiled malware can be execute on windows, android, mac . The malware that created with this tool also have an ability to bypass most AV software protection .
[adbsploit](https://github.com/mesquidar/adbsploit): A python based tool for exploiting and managing Android devices via ADB
[Google-Forms-Spam](https://github.com/1UC1F3R616/Google-Forms-Spam): MultiThreaded spammer, 100% working | Consumes Data because of too high speed | You can decrease speed but I don't think that's what we want :)
[Safe-Compiler](https://github.com/atiabjobayer/Safe-Compiler): Bash Script to run C, C++, Java and Python codes safely(using blackboxing) and under limited resources(time, memory, output size)
[Facebook-BruteForce](https://github.com/AL-AlamySploit/Facebook-BruteForce): Facebook Brute Force Version 1.0
[Drupal-Hunter](https://github.com/dr-iman/Drupal-Hunter): Drupal Exploiter Tool (Drupal Hunter)
[s1c0n](https://github.com/root-x-krypt0n-x/s1c0n): simple recon tool to help you for searching vulnerability on web server
[RedTeam_CheetSheets](https://github.com/zer0yu/RedTeam_CheetSheets): RedTeam参考,修改自Ridter的https://github.com/Ridter/Intranet_Penetration_Tips
[opensea-submarine](https://github.com/cawfree/opensea-submarine): Ping. Ping. Ping.
[Constole](https://github.com/TestingPens/Constole): Scan for and exploit Consul agents
[gomem](https://github.com/jamesmoriarty/gomem): A Go library for manipulating Windows processes.
[All_CTF_write-ups](https://github.com/antoinenguyen-09/All_CTF_write-ups): From Antoine Nguyen and 0ni0n CTF team with love:3
[1337kit](https://github.com/lukasbalazik123/1337kit): 64-bit LKM Rootkit builder based on yaml prescription. Working on 5.15.5 kernel
[GreedyBear](https://github.com/honeynet/GreedyBear): Threat Intel Platform for T-POTs
[Discord-Console-hacks](https://github.com/hxr404/Discord-Console-hacks): A collection of JavaScript Codes I've made to enhance the User Experience of Discord and some other Discord related stuff
[USBGuardian](https://github.com/USBGuardian/USBGuardian): USBGuardian is an open source and affordable USB malware cleaning station
[APAC-Conferences](https://github.com/Infosec-Community/APAC-Conferences): A community contributed consolidated list of InfoSec meetups in the Asia Pacific region.
[butthax](https://github.com/smealum/butthax): lovense hush buttplug exploit chain
[TheDupe](https://github.com/BV5Tl0N/TheDupe): The Dupe is a free, multi-platform sensor for your decoy systems or honeypots. This sensor is easy to deploy and easy to use, you will have your own running decoy system in under 10 minutes!
[Mitm](https://github.com/Gregwar/Mitm): Man in the middle tool
[RansomDLLs](https://github.com/malvuln/RansomDLLs): Reference list for my Ransomware exploitation research. Lists current DLLs I have seen to date that some ransomware search for, which I have used successfully to hijack and intercept vulnerable strains executing arbitrary code pre-encryption.
[cyris](https://github.com/crond-jaist/cyris): CyRIS: Cyber Range Instantiation System
[log4j-poc](https://github.com/cyberxml/log4j-poc): A Docker based LDAP RCE exploit demo for CVE-2021-44228 Log4Shell
[Industrial-Security-Auditing-Framework](https://github.com/d0ubl3g/Industrial-Security-Auditing-Framework): ISAF aims to be a framework that provides the necessary tools for the correct security audit of industrial environments. This repo is a mirror of https://gitlab.com/d0ubl3g/industrial-security-auditing-framework.
[cyber_threat_intelligence](https://github.com/vuldb/cyber_threat_intelligence): Cyber Threat Intelligence Data, Indicators, and Analysis
[credit-card-fraud-kaggle](https://github.com/rodrigobercini/credit-card-fraud-kaggle): Classificando dados anônimos de transações por cartão de crédito como fraudulentas ou genuínas
[sDriller](https://github.com/cxm95/sDriller): An patch for shellphish's Driller. Add support for strip static linked binaries, for which uses IDrillerA's result to hook libc functions.
[WhatWeb](https://github.com/urbanadventurer/WhatWeb): Next generation web scanner
[purelove](https://github.com/hucmosin/purelove): Purelove is a lightweight penetration testing framework, in order to better security testers testing holes with use.
[aragraph](https://github.com/ConsenSys/aragraph): Visualize your Aragon DAO Templates
[tools.tldr.run](https://github.com/tldrrun/tools.tldr.run): A curated list of security tools for Hackers & Builders!
[cybersecurity-web-security](https://github.com/paulveillard/cybersecurity-web-security): An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about Web Security in Cybersecurity.
[Supply-Blockchain](https://github.com/Dheeraj1998/Supply-Blockchain): A demonstration of asset tracking blockchain, a generic use-case in IoT.
[LFITester](https://github.com/kostas-pa/LFITester): LFITester is a Python3 program that automates the detection and exploitation of Local File Inclusion (LFI) vulnerabilities on a server.
[CTF-notes](https://github.com/Shiva108/CTF-notes): Everything needed for doing CTFs
[securely-transfer-messages](https://github.com/friends-of-tutorials/securely-transfer-messages): This is a tutorial to securely transfer messages from system A to system B with various coding languages and keep the rules of information security.
[MailRipV3](https://github.com/DrPython3/MailRipV3): SMTP and IMAP checker / cracker for mailpass combolists with a user-friendly GUI, automated inbox test and many more features.
[b1tifi](https://github.com/mh4x0f/b1tifi): ssh management tool to provides commandline access to a remote system running SSH server
[GeoIPPlotter](https://github.com/op7ic/GeoIPPlotter): GeoIP plotting script written in Python to help security teams draw visualized reports from IP addresses
[botmap](https://github.com/Coretool/botmap): A nmap & MSF bot
[icp-domains](https://github.com/1in9e/icp-domains): 输入一个域名,输出ICP备案所有关联域名
[ad-privileged-audit](https://github.com/ziesemer/ad-privileged-audit): Provides various Windows Server Active Directory (AD) security-focused reports.
[BabyMux](https://github.com/syno3/BabyMux): pentesting tool for noob hackers.Runs on linux and termux
[CKS-Exercises-Certified-Kubernetes-Security-Specialist](https://github.com/moabukar/CKS-Exercises-Certified-Kubernetes-Security-Specialist): A set of curated exercises to help you prepare for the CKS exam
[toolkit-exploit-hacking-seismologic-networks](https://github.com/jamesjara/toolkit-exploit-hacking-seismologic-networks): toolkit for exploiting your own seismological networks
[Android-PIN-Bruteforce](https://github.com/urbanadventurer/Android-PIN-Bruteforce): Unlock an Android phone (or device) by bruteforcing the lockscreen PIN. Turn your Kali Nethunter phone into a bruteforce PIN cracker for Android devices! (no root, no adb)
[cybergym](https://github.com/lucideus-repo/cybergym): Lucideus CyberGym is the internal CTF event we organise for our security professionals to grow and learn together. Now everyone can access the challenges that can be easily setup and start playing.
[gigahorse-toolchain](https://github.com/nevillegrech/gigahorse-toolchain): A binary lifter and analysis framework for Ethereum smart contracts
[studious-tribble](https://github.com/d3vFl0wlo/studious-tribble): Repositório criado para agregar documentos, orientações e demais informações advindas de um grupo de estudos em Segurança de Dados
[CMSUno-RCE](https://github.com/sec-it/CMSUno-RCE): CMSUno 1.6.1 <= 1.6.2 - Remote Code Execution (Authenticated)
[ms17_010_scan](https://github.com/holmesian/ms17_010_scan): ms17_010的批量扫描工具
[venom](https://github.com/unkn0wnh4ckr/venom): the venom framework is a framework made in ruby filled with tools for wireless hacking, normal terminal commands, metasploit payloads and more i do plan on adding more things to it in the future if you would like to see updates on this and other tools i make follow me on instagram: @tuf_unkn0wn
[ehtk](https://github.com/0xCyberY/ehtk): Ethical Hacking Toolkit is a collection of tools, cheat sheets, and resources for Ethical hackers, Penetration Tester, and Security Researchers etc. It contains almost all tools mentioned in CEH, OSCP, eCPPT and PNPT
[SUF](https://github.com/ghostwalkr/SUF): SSH Username Finder
[CamOver](https://github.com/EntySec/CamOver): CamOver is a camera exploitation tool that allows to disclosure network camera admin password.
[turbo-scanner](https://github.com/mytechnotalent/turbo-scanner): A port scanner and service detection tool that uses 1000 goroutines at once to scan any hosts's ip or fqdn with the sole purpose of testing your own network to ensure there are no malicious services running.
[exploit-framework](https://github.com/krishpranav/exploit-framework): A multiple reverse shell sessions/clients manager via terminal written in go
[high-assurance-rust](https://github.com/tnballo/high-assurance-rust): A free book about developing secure and robust systems software.
[prl_guest_to_host](https://github.com/Cr4sh/prl_guest_to_host): Guest to host VM escape exploit for Parallels Desktop
[SecurityDataScience](https://github.com/jbaquerot/SecurityDataScience): Apache Spark 2.2.0 (pyspakr) exercises of Security Data Science Course.
[ansible-role-firewall](https://github.com/geerlingguy/ansible-role-firewall): Ansible Role - iptables Firewall configuration.
[minecraft-log4j-honeypot](https://github.com/Adikso/minecraft-log4j-honeypot): Minecraft Honeypot for Log4j exploit. CVE-2021-44228 Log4Shell LogJam
[sightings_ecosystem](https://github.com/center-for-threat-informed-defense/sightings_ecosystem): This project aims to fundamentally advance our collective ability to see threat activity across organizational, platform, vendor and geographical boundaries.
[dalfox](https://github.com/hahwul/dalfox): 🌙🦊 DalFox is an powerful open source XSS scanning tool and parameter analyzer, utility
[scan4all](https://github.com/hktalent/scan4all): vuls Scan: 15000+PoCs; 21 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...
[optiga-tpm](https://github.com/Infineon/optiga-tpm): Infineon OPTIGA™ TPM 2.0
[Eagle](https://github.com/BitTheByte/Eagle): Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities
[pyjarm](https://github.com/PaloAltoNetworks/pyjarm): pyJARM is a library for doing JARM fingerprinting using python
[knary](https://github.com/sudosammy/knary): A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams/Lark/Telegram & Pushover support
[antrea](https://github.com/antrea-io/antrea): Kubernetes networking based on Open vSwitch
[portia](https://github.com/milo2012/portia): Portia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account has been compromised. Portia performs privilege escalation as well as lateral movement automatically in the network
[fuzzbang](https://github.com/jmcph4/fuzzbang): Python 3 package providing basic fuzzing support
[dustilock](https://github.com/Checkmarx/dustilock): DustiLock is a tool to find which of your dependencies is susceptible to a Dependency Confusion attack.
[bareos](https://github.com/bareos/bareos): Main repository with the code for the libraries and daemons
[CVE-2021-21972](https://github.com/orangmuda/CVE-2021-21972): CVE-2021-21972 – ᴠᴍᴡᴀʀᴇ ᴄʟɪᴇɴᴛ ᴜɴᴀᴜᴛʜᴏʀɪᴢᴇᴅ ᴄᴏᴅᴇ ɪɴᴊᴇᴄᴛɪᴏɴ (ʀᴄᴇ)
[salus](https://github.com/coinbase/salus): Security scanner coordinator
[trolo](https://github.com/b3rito/trolo): trolo - an easy to use script for generating Payloads that bypasses antivirus
[CheatSheets](https://github.com/Truvis/CheatSheets): Collection of scripts, files, and tips to create and maintain networks, hack, and more!
[PowerLadon](https://github.com/k8gege/PowerLadon): Ladon Network Penetration Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL/ORACLE/VNC
[ffuf-docker](https://github.com/marcel-last/ffuf-docker): A containerised version of ffuf (Fuzz Faster U Fool).
[jscpwn](https://github.com/saelo/jscpwn): PoC exploit for CVE-2016-4622
[snyk-maven-plugin](https://github.com/snyk/snyk-maven-plugin): Test and monitor your projects for vulnerabilities with Maven. This plugin is officially maintained by Snyk.
[SimpleExploitFixer](https://github.com/KRYMZ0N/SimpleExploitFixer): A Simple Exploit Fixer plugin that aims to fix most lag machines
[shodansploit](https://github.com/shodansploit/shodansploit): 🔎 shodansploit > v1.3.0
[idsa](https://github.com/International-Data-Spaces-Association/idsa): This is the main repository of International Data Spaces Association on GitHub, where you can find general overview and useful information on IDS Landscape.
[super-payload-launcher](https://github.com/kingkundo/super-payload-launcher): A new, pretty, simple, cross-platform GUI-based tool for injecting payloads onto your Switch to boot into Atmosphere, Hekate, Android etc! Available for Windows, MacOS and Linux.
[Winrarer-Ransomware](https://github.com/kuqadk3/Winrarer-Ransomware)
[FedIoT](https://github.com/FedML-AI/FedIoT): Federated Learning for Internet of Things: A Federated Learning Framework for On-device Anomaly Data Detection, backed by FedML, Inc.
[log4jscanwin](https://github.com/Qualys/log4jscanwin): Log4j Vulnerability Scanner for Windows
[boast](https://github.com/marcoagner/boast): The BOAST Outpost for AppSec Testing (v0.1.0)
[jwtXploiter](https://github.com/DontPanicO/jwtXploiter): A tool to test security of json web token
[MSF-Self-Defence](https://github.com/EgeBalci/MSF-Self-Defence): Self defense post module for metasploit
[envkey-source](https://github.com/envkey/envkey-source): Set OS-level shell environment variables with EnvKey. Allows EnvKey to be used with any language. Pairs well with Docker.
[Threshold](https://github.com/jnm2/Threshold): Paper backup requiring a chosen K of N pieces to decrypt. Useful for storing passwords, private keys for PGP or Bitcoin, recovery codes, secret instructions, and small files. Work in progress.
[rpl-attacks](https://github.com/dhondta/rpl-attacks): RPL attacks framework for simulating WSN with a malicious mote based on Contiki
[nano-can](https://github.com/mintynet/nano-can): Arduino code for use with nano can PCB
[feuerfuchs](https://github.com/saelo/feuerfuchs): Files for the "feuerfuchs" challenge of 33C3 CTF. See the greeting message in server.py for more information about the challenge
[buttercup-desktop](https://github.com/buttercup/buttercup-desktop): :key: Cross-Platform Passwords & Secrets Vault
[LeakGenerator](https://github.com/op7ic/LeakGenerator): Generate your own personal data leak
[IPBan](https://github.com/danielsanleo/IPBan): Baneo de IPs para SSH y registro en MySQL
[chronos](https://github.com/otoriocyber/chronos): python framework to parse logs for IR
[awesome-java-security](https://github.com/guardrailsio/awesome-java-security): Awesome Java Security Resources 🕶☕🔐
[xxexploiter](https://github.com/luisfontes19/xxexploiter): Tool to help exploit XXE vulnerabilities
[blackholebots](https://github.com/getdatakick/blackholebots): Free module for prestashop and thirtybees platforms that will automagically ban bots that don't follow robots.txt instructions
[RemoteMouse-3.008-Exploit](https://github.com/p0dalirius/RemoteMouse-3.008-Exploit): This exploit allows to connect to the remote RemoteMouse 3.008 service to virtually press arbitrary keys and execute code on the machine.
[ActiveDirectoryAttackTool](https://github.com/The-Viper-One/ActiveDirectoryAttackTool): ADAT is a small tool used to assist CTF players and Penetration testers with easy commands to run against an Active Directory Domain Controller. This tool is is best utilized using a set of known credentials against the host.
[gina-ldap-client](https://github.com/republique-et-canton-de-geneve/gina-ldap-client): Client Java d'accès à l'annuaire LDAP de l'État de Genève.
[Magento2_SomethingDigital_InvalidateAdminPasswords](https://github.com/sdinteractive/Magento2_SomethingDigital_InvalidateAdminPasswords): Module to invalidate all admin passwords on Magento 2
[longtongue](https://github.com/edoardottt/longtongue): Customized Password/Passphrase List inputting Target Info
[lazy-oauth2-service-worker-vault](https://github.com/aidant/lazy-oauth2-service-worker-vault): Keep your OAuth 2.0 tokens secure and up-to-date.
[subdomain_scanner](https://github.com/dogukankurnaz/subdomain_scanner): Subdomain Scanner on Shell
[Go-Security](https://github.com/parsiya/Go-Security): My Go security projects
[Lazysploit](https://github.com/50UM3N/Lazysploit): I made this tool for beginner who start ethical hacking. This tool help you to make payload with msfvenom without writing a single line of command.
[NetWorm](https://github.com/pylyf/NetWorm): Python network worm that spreads on the local network and gives the attacker control of these machines.
[udcide](https://github.com/UDcide/udcide): Android Malware Behavior Deleter
[Attiny85](https://github.com/MTK911/Attiny85): RubberDucky like payloads for DigiSpark Attiny85
[androsec-rl](https://github.com/liadber/androsec-rl): Efficient Android Malware detection using Random - Protype of BA's final project (Efficient Android Malware Detection using RL) - Amit Moshe (@Amit223) & Inbar Roth (@inbaroth) & Liad Bercovich (@liadber)
[nerdbug](https://github.com/iamthefrogy/nerdbug): Full Nuclei automation script with logic explanation.
[WifiPassword-Stealer](https://github.com/aydinnyunus/WifiPassword-Stealer): Get All Registered Wifi Passwords from Target Computer.
[VoiceSens](https://github.com/bedangSen/VoiceSens): A Voice Biometric Application using Watson Speech to Text
[ktcal2](https://github.com/cr0hn/ktcal2): SSH brute forcer tool and library, using AsyncIO of Python 3.4
[struts-pwn_CVE-2018-11776](https://github.com/mazen160/struts-pwn_CVE-2018-11776): An exploit for Apache Struts CVE-2018-11776
[phomber](https://github.com/s41r4j/phomber): Phomber is infomation grathering tool that reverse search phone numbers and get their details, written in python3.
[DFBreak](https://github.com/173210/DFBreak): DAYFILER Rooting Tool
[Awesome-Cybersecurity-Datasets](https://github.com/shramos/Awesome-Cybersecurity-Datasets): A curated list of amazingly awesome Cybersecurity datasets
[EQGRP](https://github.com/x0rz/EQGRP): Decrypted content of eqgrp-auction-file.tar.xz
[SecurIA](https://github.com/nicolaemolnar/SecurIA): Proyecto "Seguridad en la vivienda". Sistema IoT de videovigilancia controlada por IA para una vivienda, dispone de aplicación android y web para la interfaz de usuario.
[Confiscate](https://github.com/kangarko/Confiscate): Discover duplication glitches, abusive staff giving items, x-ray or simply poor server economy.
[cybersecurity-cross-site-scripting](https://github.com/paulveillard/cybersecurity-cross-site-scripting): An ongoing curated collection of awesome XSS software, libraries, frameworks, learning tutorials & practical resources cross-site scripting.
[ARM_Exploit](https://github.com/owlinux1000/ARM_Exploit): ARM Exploit 開発のためのトレーニングリポジトリ
[connectors](https://github.com/OpenCTI-Platform/connectors): OpenCTI Connectors
[Automating-VirusTotal-APIv3-for-IPs-and-URLs](https://github.com/b-fullam/Automating-VirusTotal-APIv3-for-IPs-and-URLs): Automating VirusTotal's API v3 for IP address and URL analysis w/HTML Reporting. Python script that functions like a CLI tool to interact programmatically with VirusTotal API v3.
[digital-security-coach](https://github.com/dguo/digital-security-coach): :lock: Accessible crash course on digital security
[BlackMamba](https://github.com/loseys/BlackMamba): C2/post-exploitation framework
[googlephotos-filestorage](https://github.com/jakebacker/googlephotos-filestorage): Exploiting Google Photos' unlimited photo storage
[Lilith](https://github.com/werkamsus/Lilith): Lilith, The Open Source C++ Remote Administration Tool (RAT)
[burp-exporter](https://github.com/artssec/burp-exporter): Exporter is a Burp Suite extension to copy a request to a file or the clipboard as multiple programming languages functions.
[pentesterlabpro_notes](https://github.com/whoami-anoint/pentesterlabpro_notes): This is collection of my notes on pentesterlab which I made while solving these pentesterlab pro exercises.
[Authorized](https://github.com/zdnk/Authorized): 🔐 Simple way to authorize user actions on resources for Vapor 3
[SECMON](https://github.com/Guezone/SECMON): SECMON is a web-based tool for the automation of infosec watching and vulnerability management with a web interface.
[awesome-rtc-hacking](https://github.com/EnableSecurity/awesome-rtc-hacking): a list of awesome resources related to security and hacking of VoIP, WebRTC and VoLTE
[rapidscan](https://github.com/skavngr/rapidscan): :new: The Multi-Tool Web Vulnerability Scanner.
[MarkdownBlogPosts](https://github.com/sunnyMiglani/MarkdownBlogPosts): Essentially just notes I take, via a markdown app called Dillinger
[doublepulsar-detection-script](https://github.com/WithSecureLabs/doublepulsar-detection-script): A python2 script for sweeping a network to find windows systems compromised with the DOUBLEPULSAR implant.
[nlp](https://github.com/duoergun0729/nlp): 兜哥出品 <一本开源的NLP入门书籍>
[WP-Exploiter](https://github.com/eliranmaman/WP-Exploiter): WP-Exploiter is a tool for testing and exploiting a wide range of WordPress websites.
[laravel-csp](https://github.com/spatie/laravel-csp): Set content security policy headers in a Laravel app
[overwhelm](https://github.com/cloudsriseup/overwhelm): Overwhelm's Vanquish is a Kali Linux based Enumeration Orchestrator built in Python running inside a docker container. Vanquish leverages the opensource enumeration tools on Kali to perform multiple active information gathering phases. The results of each phase are fed into the next phase to identify vulnerabilities that could be leveraged for a remote shell
[nullbinder](https://github.com/gfrancqu/nullbinder): Tools to exploit misconfiguration into LDAP directory
[ghost_eye](https://github.com/BullsEye0/ghost_eye): Ghost Eye Informationgathering Footprinting Scanner and Recon Tool Release. Ghost Eye is an Information Gathering Tool I made in python 3. To run Ghost Eye, it only needs a domain or ip. Ghost Eye can work with any Linux distros if they support Python 3. Author: Jolanda de Koff
[raptor](https://github.com/dpnishant/raptor): Web-based Source Code Vulnerability Scanner
[substack](https://github.com/everping/substack): Sub-domains enumeration framework
[juice-shop](https://github.com/juice-shop/juice-shop): OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
[4depcheck](https://github.com/eliasgranderubio/4depcheck): a tool to analyze and detect vulnerable dependencies/libraries from different programming languages
[Cyber-Christmas](https://github.com/kaiiyer/Cyber-Christmas): A curated list of resources for Cyber Professionals
[nosurf](https://github.com/justinas/nosurf): CSRF protection middleware for Go.
[cornerstone](https://github.com/momosecurity/cornerstone): Linux命令转发记录
[tbms](https://github.com/ZFPSystems/tbms): Tor-Browser Sandbox for macOS - security tool to reduce tor-browser access to macOS system
[SafePad](https://github.com/stephenhaunts/SafePad): SafePad : Encrypted Text Editor. This text editor uses very strong encryption to let you protect your secrets. Great for storing passwords, credit card details or any else that you want to keep safe.
[find-sec-bugs](https://github.com/find-sec-bugs/find-sec-bugs): The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
[PyIris](https://github.com/angus-y/PyIris): PyIris is a modular remote access trojan toolkit written in python targeting Windows and Linux systems.
[best-practices-badge](https://github.com/coreinfrastructure/best-practices-badge): 🏆Open Source Security Foundation (OpenSSF) Best Practices Badge (formerly Core Infrastructure Initiative (CII) Best Practices Badge)
[RansomwareDetectionService](https://github.com/prestoncooper/RansomwareDetectionService): This program detects all present and future ransomware in Windows file shares or local drives for Windows file servers. I created this windows service to aide system administrators not average users.
[IAT_API](https://github.com/EgeBalci/IAT_API): Assembly block for finding and calling the windows API functions inside import address table(IAT) of the running PE file.
[cybernethunter-armory](https://github.com/darkquasar/cybernethunter-armory): Tactical Cyber Tradecraft
[awesome-anti-forensic](https://github.com/shadawck/awesome-anti-forensic): Tools and packages that are used for countering forensic activities, including encryption, steganography, and anything that modify attributes. This all includes tools to work with anything in general that makes changes to a system for the purposes of hiding information.
[Nginx-Lua-Anti-DDoS](https://github.com/C0nw0nk/Nginx-Lua-Anti-DDoS): A Anti-DDoS script to protect Nginx web servers using Lua with a HTML Javascript based authentication puzzle inspired by Cloudflare I am under attack mode an Anti-DDoS authentication page protect yourself from every attack type All Layer 7 Attacks Mitigating Historic Attacks DoS DoS Implications DDoS All Brute Force Attacks Zero day exploits Social Engineering Rainbow Tables Password Cracking Tools Password Lists Dictionary Attacks Time Delay Any Hosting Provider Any CMS or Custom Website Unlimited Attempt Frequency Search Attacks HTTP Basic Authentication HTTP Digest Authentication HTML Form Based Authentication Mask Attacks Rule-Based Search Attacks Combinator Attacks Botnet Attacks Unauthorized IPs IP Whitelisting Bruter THC Hydra John the Ripper Brutus Ophcrack unauthorized logins Injection Broken Authentication and Session Management Sensitive Data Exposure XML External Entities (XXE) Broken Access Control Security Misconfiguration Cross-Site Scripting (XSS) Insecure Deserialization Using Components with Known Vulnerabilities Insufficient Logging & Monitoring Drupal WordPress Joomla Flash Magento PHP Plone WHMCS Atlassian Products malicious traffic Adult video script avs KVS Kernel Video Sharing Clip Bucket Tube sites Content Management Systems Social networks scripts backends proxy proxies PHP Python Porn sites xxx adult gaming networks servers sites forums vbulletin phpbb mybb smf simple machines forum xenforo web hosting video streaming buffering ldap upstream downstream download upload rtmp vod video over dl hls dash hds mss livestream drm mp4 mp3 swf css js html php python sex m3u zip rar archive compressed mitigation code source sourcecode chan 4chan 4chan.org 8chan.net 8ch 8ch.net infinite chan 8kun 8kun.net anonymous anon tor services .onion torproject.org nginx.org nginx.com openresty.org darknet dark net deepweb deep web darkweb dark web mirror vpn reddit reddit.com adobe flash hackthissite.org dreamhack hack hacked hacking hacker hackers hackerz hackz hacks code coding script scripting scripter source leaks leaked leaking cve vulnerability great firewall china america japan russia .gov government http1 http2 http3 quic q3 litespeedtech litespeed apache torrents torrent torrenting webtorrent bittorrent bitorrent bit-torrent cyberlocker cyberlockers cyber locker cyberbunker warez keygen key generator free irc internet relay chat peer-to-peer p2p cryptocurrency crypto bitcoin miner browser xmr monero coinhive coin hive coin-hive litecoin ethereum cpu cycles popads pop-ads advert advertisement networks banner ads protect ovh blazingfast.io amazon steampowered valve store.steampowered.com steamcommunity thepiratebay lulzsec antisec xhamster pornhub porn.com pornhub.com xhamster.com xvideos xvdideos.com xnxx xnxx.com popads popcash cpm ppc
[BananaPhone](https://github.com/C-Sto/BananaPhone): It's a go variant of Hells gate! (directly calling windows kernel functions, but from Go!)
[Splunk_Remediation_Scripts](https://github.com/dc401/Splunk_Remediation_Scripts): Scripts for Splunk Alerts
[unlockdown](https://github.com/xairy/unlockdown): Disabling kernel lockdown on Ubuntu without physical access
[go-metadataproxy](https://github.com/jippi/go-metadataproxy): A proxy for AWS's metadata service that gives out scoped IAM credentials from STS
[Admin-Scanner](https://github.com/alienwhatever/Admin-Scanner): This tool is design to find admin panel of any website by using custom wordlist or default wordlist easily and allow you to find admin panel trough a proxy server
[dismap](https://github.com/zhzyker/dismap): Asset discovery and identification tools 快速识别 Web 指纹信息,定位资产类型。辅助红队快速定位目标资产信息,辅助蓝队发现疑似脆弱点
[frontend-tech-list](https://github.com/alienzhou/frontend-tech-list): 📝 Frontend Tech List for Developers 💡
[ContainerSSH](https://github.com/ContainerSSH/ContainerSSH): ContainerSSH: Launch containers on demand
[Encryption-Techniques](https://github.com/ifarshgar/Encryption-Techniques): Eventually, I mean to implement multiple famous encryption/decryption techniques here.
[Ultimate-Guitar-Hack](https://github.com/noahmaranesi/Ultimate-Guitar-Hack): The first tool to download any Guitar Pro file, including 'Official' from Ultimate Guitar
[Python-Cybrary-Code](https://github.com/c0d14k/Python-Cybrary-Code): python code correlating with my cybrary lesson blogs
[CVE-2019-11708](https://github.com/0vercl0k/CVE-2019-11708): Full exploit chain (CVE-2019-11708 & CVE-2019-9810) against Firefox on Windows 64-bit.
[loopback4-helmet](https://github.com/sourcefuse/loopback4-helmet): A loopback4 extension for helmetjs integration
[cybersecurity-threat-intelligence](https://github.com/paulveillard/cybersecurity-threat-intelligence): An ongoing & curated collection of awesome software best practices and remediation techniques, libraries and frameworks, E-books and videos, Technical guidelines and important resources about Threat Intelligence.
[linuxallenum](https://github.com/FabioDefilippo/linuxallenum): this bash script is for remote linux and macos hosts hacked!
[HelpUKR-master](https://github.com/rmellis/HelpUKR-master): This website is a collection of content that can be used to help Ukraine in the Cyber War from your browser, it also contains WebApps, News from many sources and lots of ways to donate directly to Ukraine from verified charity’s and lots more. We even have some pages on here we recovered from Google Web Cache’s after being destroyed by Russian attacks.
[CVE2020-0796](https://github.com/Aurum2008/CVE2020-0796): Exploit for win10 SMB3.1
[hack-pet](https://github.com/hahwul/hack-pet): 🐰 Managing command snippets for hackers/bug bounty hunters. with pet.
[urlhunter](https://github.com/utkusen/urlhunter): a recon tool that allows searching on URLs that are exposed via shortener services
[DemonHunter](https://github.com/RevengeComing/DemonHunter): Distributed Honeypot
[FunctionStomping](https://github.com/Idov31/FunctionStomping): A new shellcode injection technique. Given as C++ header, standalone Rust program or library.
[BAR-Tender](https://github.com/defparam/BAR-Tender): An FPGA I/O Device which services physical memory reads/writes via UMDF2 driver
[Offensive-Reverse-Shell-Cheat-Sheet](https://github.com/d4t4s3c/Offensive-Reverse-Shell-Cheat-Sheet): Offensive Reverse Shell (Cheat Sheet)
[Pentest-Notes](https://github.com/SofianeHamlaoui/Pentest-Notes): Collection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec)
[sigmavpn](https://github.com/neilalexander/sigmavpn): Light-weight, secure and modular VPN solution which makes use of NaCl encryption (also available for Android using jnacl in "sigmavpn-android")
[phishEye](https://github.com/sky9262/phishEye): phishEye is an ultimate phishing tool in python. Includes popular websites like Facebook, Twitter, Instagram, LinkedIn, GitHub, Dropbox, and many others. Created with Flask, custom templates, and tunneled with ngrok and localhost.run.
[kernelpwn](https://github.com/smallkirby/kernelpwn): kernel-pwn and writeup collection
[awesome-vulnerable-apps](https://github.com/vavkamil/awesome-vulnerable-apps): Awesome Vulnerable Applications
[Burp-Selection-Size-Calculator](https://github.com/rauschecker/Burp-Selection-Size-Calculator): Burp extension to calculate the byte size of selections made in text windows
[CVE-2022-26809](https://github.com/XmasSnowISBACK/CVE-2022-26809): CVE-2022-26809 is a vulnerability in Remote Procedure Call Runtime
[exifcleaner](https://github.com/szTheory/exifcleaner): Cross-platform desktop GUI app to clean image metadata
[antifuzzer](https://github.com/webox-dev/antifuzzer)
[uxss-db](https://github.com/Metnew/uxss-db): 🔪Browser logic vulnerabilities :skull_and_crossbones:
[kernel-mii](https://github.com/tijme/kernel-mii): Cobalt Strike (CS) Beacon Object File (BOF) foundation for kernel exploitation using CVE-2021-21551.
[dnxfirewall](https://github.com/DOWRIGHTTV/dnxfirewall): DNXFIREWALL (dad's next-generation firewall), a C/CPython hybrid next generation firewall built on top of Linux and bound to kernel/ netfilter hooks for packet control.
[Cyber-Risk-Research-FULL-WORK](https://github.com/Cameron-Noakes/Cyber-Risk-Research-FULL-WORK): All of my work for the past 6 months as a cyber risk researcher for University of Greenwich. A total of 41 literature reviews and analysis as white papers to develop the final survey paper
[awesome-sec-challenges](https://github.com/mikeprivette/awesome-sec-challenges): A curated list of Awesome Security Challenges.
[Firmware_Slap](https://github.com/ChrisTheCoolHut/Firmware_Slap): Discovering vulnerabilities in firmware through concolic analysis and function clustering.
[R2R--OnePunchInstaller](https://github.com/Bl4cKc34sEr/R2R--OnePunchInstaller): R2R is the short for Ready-To-Recon, This is a shell script written to install the major Known Reconnaissance tools in your Ubuntu-Linux-Fedora etc, Operating Systems to get started with Penetration Testing and Web App security with these tools.
[kube-scan](https://github.com/octarinesec/kube-scan): kube-scan: Octarine k8s cluster risk assessment tool
[Codium-Crypter-1.8.6](https://github.com/CodiumAlgorithm/Codium-Crypter-1.8.6): Codium Algorithm, We Provide Strong Encryption, And Stable Crypter, And Weekly-Daily Updates.
[BigBountyRecon](https://github.com/Viralmaniar/BigBountyRecon): BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.
[HackerOne-Lessons](https://github.com/ttiagojm/HackerOne-Lessons): Transcribed video lessons of HackerOne to pdf's
[Psonic](https://github.com/michellehwin/Psonic): Psonic is a password manager, equipped with password and mnemonic generation and encrypted storage.
[rudy](https://github.com/darkweak/rudy): RUDY is an acronym used to describe a Denial of Service (DoS) tool used by hackers to perform slow-rate a.k.a. “Low and slow” attacks.
[Open-source-tools-for-CTI](https://github.com/BushidoUK/Open-source-tools-for-CTI): Public Repository of Open Source Tools for Cyber Threat Intelligence Analysts and Researchers
[TCPHound](https://github.com/limbenjamin/TCPHound): Win32 utility for auditing TCP connections
[AIL-framework](https://github.com/CIRCL/AIL-framework): AIL framework - Analysis Information Leak framework. Project moved to https://github.com/ail-project
[pythonidae-challenge](https://github.com/MII-Cybersec/pythonidae-challenge): Set of Python programming challenge for cyber security (offensive / defensive)
[Jpg-Png-Exploit-Downloader-Fud-Cryter-Malware-Builder-Cve-2022](https://github.com/VortexRadiation/Jpg-Png-Exploit-Downloader-Fud-Cryter-Malware-Builder-Cve-2022): Vulnerability Disclosure Timeline Closer inspection of the Exploit JPG content reveals the malicious link as well as the URL Download and Execute of the tool used to generate the Exploit JPG from Python encrypted code content which we also implement in couple of our builders.Silent JPG Exploit There are multiple Exploit JPG in Silent JPG Exploit, a package commonly used by web services to process Exploit JPG File. One of the vulnerabilities can lead to remote code execution (RCE) if you process user submitted JPG. The exploit for this vulnerability is being used in the wild.Why Are You Disclosing A Exploit JPG
[ScoutSuite](https://github.com/nccgroup/ScoutSuite): Multi-Cloud Security Auditing Tool
[qvm-create-windows-qube](https://github.com/elliotkillick/qvm-create-windows-qube): Spin up new Windows qubes quickly, effortlessly and securely on Qubes OS
[privacy-respecting](https://github.com/nikitavoloboev/privacy-respecting): Curated List of Privacy Respecting Services and Software
[FazScan](https://github.com/mfazrinizar/FazScan): | FazScan is a Perl program to do some vulnerability scanning and pentesting |
[go-dork](https://github.com/dwisiswant0/go-dork): The fastest dork scanner written in Go.
[brute-force-seed-bitcoin](https://github.com/ipsBruno/brute-force-seed-bitcoin): Find used seeds in blockchain
[CVE-2021-40845](https://github.com/ricardojoserf/CVE-2021-40845): AlphaWeb XE, the embedded web server running on AlphaCom XE, has a vulnerability which allows to upload PHP files leading to RCE once the authentication is successful - https://ricardojoserf.github.io/CVE-2021-40845/
[kubernetes-network-policy-recipes](https://github.com/ahmetb/kubernetes-network-policy-recipes): Example recipes for Kubernetes Network Policies that you can just copy paste
[pidrila](https://github.com/enemy-submarine/pidrila): Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer
[fbspider](https://github.com/r3nt0n/fbspider): Scraping Facebook information
[security-analytics](https://github.com/GoogleCloudPlatform/security-analytics): Community Security Analytics provides a set of community-driven audit & threat queries for Google Cloud
[blackhat-arsenal-tools](https://github.com/toolswatch/blackhat-arsenal-tools): Official Black Hat Arsenal Security Tools Repository
[PwnKit-Exploit](https://github.com/luijait/PwnKit-Exploit): Proof of Concept (PoC) CVE-2021-4034
[KaliLadon](https://github.com/k8gege/KaliLadon): Ladon for Linux (Kali), Large Network Penetration Scanner, vulnerability / exploit / detection / MS17010 / password
[secrets-auth](https://github.com/guptasajal411/secrets-auth): 🤫 This application is made for learning Authentication and Security in web applications. I am learning from basics of Authentication to the advanced level.
[Search-That-Hash](https://github.com/HashPals/Search-That-Hash): 🔎Searches Hash APIs to crack your hash quickly🔎 If hash is not found, automatically pipes into HashCat⚡
[Metasploit-termux](https://github.com/h4ck3r0/Metasploit-termux): Metasploit 6 , No Error , Maintained, Termux
[Automap](https://github.com/wobegone/Automap): An automated tool for nmap scaning. It include several options such as vulnerabilities scanner, port scanner, sub-network scan and much more!
[pyprotect](https://github.com/ga0/pyprotect): A lightweight python code protector, makes your python project harder to reverse engineer
[PossumBot](https://github.com/WANstorm/PossumBot): A bot that will allow you to destroy discord servers.
[ByeLog4Shell](https://github.com/Qerim-iseni09/ByeLog4Shell): Use Log4Shell vulnerability to vaccinate a victim server against Log4Shell
[angular-auth-oidc-client](https://github.com/damienbod/angular-auth-oidc-client): npm package for OpenID Connect, OAuth Code Flow with PKCE, Refresh tokens, Implicit Flow
[bCTF](https://github.com/spiperac/bCTF): CTF scoreboard and framework. https://b-ctf.io
[SprayingToolkit](https://github.com/byt3bl33d3r/SprayingToolkit): Scripts to make password spraying attacks against Lync/S4B, OWA & O365 a lot quicker, less painful and more efficient
[PyLogger](https://github.com/Lexxrt/PyLogger): ⌨ᴀᴅᴠᴀɴᴄᴇᴅ ᴘʏᴛʜᴏɴ ᴋᴇʏʟᴏɢɢᴇʀ⌨
[awesome-golang-security](https://github.com/guardrailsio/awesome-golang-security): Awesome Golang Security resources 🕶🔐
[Memory-Overwriter](https://github.com/Basztal/Memory-Overwriter): Simple memory editing program written in C++
[Phishing-URL-v5-IBM](https://github.com/Hritiksum/Phishing-URL-v5-IBM): Phishing Url detector detects cyber thefts and cyber frauds using machine learning and data science technology. TECH used- Python, Django(Backend), SQLite, IBM cloud, data science, machine learning.
[staystaystay](https://github.com/jbaines-r7/staystaystay): Proof of Concept for CVE-2021-1585: Cisco ASA Device Manager RCE
[D4rkXSS](https://github.com/R0X4R/D4rkXSS): A list of useful payloads and Bypass for Web Application Security and Bug Bounty/CTF
[WordPress-Plugins-List](https://github.com/Perfectdotexe/WordPress-Plugins-List): Wordpress Plugins List
[StegoCracker](https://github.com/W1LDN16H7/StegoCracker): Stego is an open-source and free steganography tool that lets you hide your secret message in an image or audio file. You will not notice any change in the image or audio file. However, your secret message will be inside the original image or audio file
[bscValueDefi-Exploit](https://github.com/WP-LKL/bscValueDefi-Exploit): Abusing delayed share calculations on 4000% APR staking.
[SecureSignIn-v3a](https://github.com/Zander-Labuschagne/SecureSignIn-v3a): A Java CLI application I have created in an attempt to improve my online account security
[cercat](https://github.com/Issif/cercat): Monitor issued certificates in real-time and send alerts to Slack when a domain matches.
[kernelpop](https://github.com/spencerdodd/kernelpop): kernel privilege escalation enumeration and exploitation framework
[Beam-On-Join](https://github.com/tizxr/Beam-On-Join): I saw some kid scamming kids and making them this tool for 10$ or something so uh like why not remake it and give it for free :D!
[elasticsearch-readonlyrest-plugin](https://github.com/sscarduzio/elasticsearch-readonlyrest-plugin): Free Elasticsearch security plugin and Kibana security plugin: super-easy Kibana multi-tenancy, Encryption, Authentication, Authorization, Auditing
[bds03-security](https://github.com/andreluas/bds03-security): Desafio do boocamp da devsuperior, onde coloquei em prática o módulo de spring security.
[decker](https://github.com/stevenaldinger/decker): Declarative penetration testing orchestration framework
[EFIgy](https://github.com/duo-labs/EFIgy): A small client application that uses the Duo Labs EFIgy API to inform you about the state of your Mac EFI firmware
[dinkleberg](https://github.com/oSumAtrIX/dinkleberg): 🕵️♂️ Catch users faking their offline status on Discord with an exploit written in Rust
[Python-Honeypot](https://github.com/OWASP/Python-Honeypot): OWASP Honeypot, Automated Deception Framework.
[djangorestframework-api-key](https://github.com/florimondmanca/djangorestframework-api-key): 🔐 API key permissions for Django REST Framework
[meltdown-spectre-poc-grabber](https://github.com/willyb321/meltdown-spectre-poc-grabber): Script I wrote in about 10 minutes to grab Meltdown/Spectre PoC's and download them.
[Discord-Bots-Hack](https://github.com/REVENGE977/Discord-Bots-Hack): Discord Bots Hacking
[owtf](https://github.com/owtf/owtf): Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp
[httpx](https://github.com/projectdiscovery/httpx): httpx is a fast and multi-purpose HTTP toolkit allows to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads.
[gosec](https://github.com/securego/gosec): Golang security checker
[Hacking-Tools-Repository](https://github.com/Gexos/Hacking-Tools-Repository): A list of security/hacking tools that have been collected from the internet. Suggestions are welcomed.
[admin-finder](https://github.com/Ramalingasamy012/admin-finder): This tool is used to find the admin login page of a website.
[pdfcrack](https://github.com/machine1337/pdfcrack): An Advanced tool to Crack Any Password Protected PDF file. A very user friendly script especially for noob hackers.
[FEUP-FSI](https://github.com/marhcouto/FEUP-FSI): :mortar_board: FSI -> L.EIC/M.EIC - FEUP, 2021-2022
[pre-commit-hooks-nodejs-reactjs](https://github.com/SarasaGunawardhana/pre-commit-hooks-nodejs-reactjs): Git hook scripts are useful for identifying simple issues before submission to code review. We run our hooks on every commit to automatically point out issues like npm high & critical vulnerabilities, npm test, eslint, branch naming
[Slient-Url-Exploit-New-Cve-Chrome-Exploit-Html-Downloader-Put-Your-Link](https://github.com/AZMagic/Slient-Url-Exploit-New-Cve-Chrome-Exploit-Html-Downloader-Put-Your-Link): URL Infection (Silent Java Drive By) URL Infection Exploit Silent Java Drive by downloads may happen when visiting a site, opening an e-mail message. It may even happen by clicking on a malicious pop-up window: by clicking on the window in the belief that it concerns an error report from the computer’s OS, for example.
[AzureKeyVault](https://github.com/cloudyr/AzureKeyVault): R interface to Azure Key Vault. Submit issues and PRs at https://github.com/Azure/AzureKeyVault
[Phobos-config](https://github.com/InternetNotFound/Phobos-config): This is a config for Phobos 1.7 to 1.9.0
[InfoSec_Practice](https://github.com/magicansk/InfoSec_Practice): https://magicansk.github.io/InfoSec_Practice/TOC
[pan-academy-blue-bank](https://github.com/williamjesusdev/pan-academy-blue-bank): Blue Bank é uma API de transações bancárias, desenvolvida durante o Bootcamp Pan Academy da Gama em parceria com o banco PAN.
[NoSQLMap](https://github.com/codingo/NoSQLMap): Automated NoSQL database enumeration and web application exploitation tool.
[vigrid](https://github.com/llevier/vigrid): Vigrid is a Cyber Range redesign of the GNS3 tool able to virtualize almost any physical device on many CPU. It is also able to virtualize entire networks not visible between them. Vigrid adds industrial cloning. clientless console accesses. snapshots. unlimited scalability. standalone or infrastructure and cloud designs.
[0x04-ARM-32-Hacking-Double](https://github.com/mytechnotalent/0x04-ARM-32-Hacking-Double): ARM 32-bit Raspberry Pi Hacking Double example in Kali Linux.
[email2phonenumber](https://github.com/martinvigo/email2phonenumber): A OSINT tool to obtain a target's phone number just by having his email address
[TracceDigitali](https://github.com/marcogovoni/TracceDigitali): OSINT: come iniziare. Strumenti e idee per raccogliere e analizzare fonti aperte.
[nzyme](https://github.com/lennartkoopmann/nzyme): Nzyme is a free and open next-generation WiFi defense system. Go to www.nzyme.org for more information.
[PasswordStealer](https://github.com/shashankchandak/PasswordStealer)
[ReverseGoShell](https://github.com/TheKingOfDuck/ReverseGoShell): A Golang Reverse Shell Tool With AES Dynamic Encryption
[wp-cloudflare-guard](https://github.com/TypistTech/wp-cloudflare-guard): Connecting WordPress with Cloudflare firewall, protect your WordPress site at DNS level. Automatically create firewall rules to block dangerous IPs
[LaravelENV](https://github.com/zerobyte-id-bak/LaravelENV)
[IoT_Scanner](https://github.com/adamatasi/IoT_Scanner): IoT Scanner by ASA - Scan for active IoT devices and find their vulnerabilities
[dotdotslash](https://github.com/jcesarstef/dotdotslash): Search for Directory Traversal Vulnerabilities
[Code-Audit-Challenges](https://github.com/CHYbeta/Code-Audit-Challenges): Code-Audit-Challenges
[solved-hacking-problem](https://github.com/Qwaz/solved-hacking-problem): :heavy_check_mark: My solutions for CTF & wargame challenges
[CSCI4349_Week7_WpPentest](https://github.com/harrystaley/CSCI4349_Week7_WpPentest): Course code for TAMUSA CSCI 4349.
[seminar](https://github.com/derOtto/seminar): Seminar – IT-Sicherheitsgesetz 2.0
[CTF-OverTheWire](https://github.com/WillGreen98/CTF-OverTheWire): Breakdown of OverTheWire CTF Game
[cloudquery](https://github.com/cloudquery/cloudquery): The open-source cloud asset inventory powered by SQL.
[shadowbroker-smb-scanner](https://github.com/op7ic/shadowbroker-smb-scanner): shadowbroker SMB exploit scanner. Scans for ETERNALSYNERGY ETERNALBLUE ETERNALROMANCE ETHERNALCHAMPION
[favtools](https://github.com/matesz44/favtools): Tools that i use n love :D
[linuxallremote](https://github.com/FabioDefilippo/linuxallremote): This bash scripts will help you to hack remote hosts. You can choose and run one of them.
[Goblyn](https://github.com/loseys/Goblyn): Goblyn is a Python tool focused to enumeration and capture of website files metadata.
[cloud-discovery](https://github.com/twistlock/cloud-discovery): Cloud Discovery provides a point in time enumeration of all the cloud native platform services
[Windows-exploits](https://github.com/lyshark/Windows-exploits): 🎯 Windows 平台提权漏洞大合集,长期收集各种提权漏洞利用工具。 A large collection of rights raising vulnerabilities on the windows platform, which collects various rights raising vulnerability utilization tools for a long time.
[Packet-Sniffing-and-Spoofing](https://github.com/adamalston/Packet-Sniffing-and-Spoofing): Packet sniffing and spoofing 🗃️
[web-hacking-toolkit](https://github.com/hueristiq/web-hacking-toolkit): A web hacking toolkit (docker image).
[unauthd](https://github.com/A2nkF/unauthd): A local privilege escalation chain from user to kernel for MacOS < 10.15.5. CVE-2020–9854
[hubble](https://github.com/hubblestack/hubble): Hubble is a modular, open-source security compliance framework. The project provides on-demand profile-based auditing, real-time security event notifications, alerting, and reporting. HubbleStack is a free and open source project made possible by Adobe. https://github.com/adobe
[Win7Blue](https://github.com/d4t4s3c/Win7Blue): Scan/Exploit - EternalBlue MS17-010 - Windows 7 x86/x64
[WordListGen](https://github.com/frizb/WordListGen): Super Simple Python Word List Generator for Fuzzing and Brute Forcing in Python
[WhatCMS](https://github.com/GONZOsint/WhatCMS): CMS Detection and Exploit Kit based on Whatcms.org API
[awesome-python-security](https://github.com/guardrailsio/awesome-python-security): Awesome Python Security resources 🕶🐍🔐
[gsocket](https://github.com/hackerschoice/gsocket): Connect like there is no firewall. Securely.
[ByteCodeDL](https://github.com/BytecodeDL/ByteCodeDL): A declarative static analysis tool for jvm bytecode based Datalog like CodeQL
[logkeys](https://github.com/kernc/logkeys): :memo: :keyboard: A GNU/Linux keylogger that works!
[cfscan](https://github.com/cloudhound-io/cfscan): open-source security and vulnerability scanner for cloud foundry environments
[CompTIA-Security-](https://github.com/screeck/CompTIA-Security-)
[s3s_doc](https://github.com/3nock/s3s_doc): Sub3 Suite Documentation
[docker-dvwa](https://github.com/HightechSec/docker-dvwa): Latest Docker DVWA running on Debian 9.3
[Phishpedia](https://github.com/lindsey98/Phishpedia): Official Implementation of "Phishpedia: A Hybrid Deep Learning Based Approach to Visually Identify Phishing Webpages" USENIX'21
[433MHz-Cloner](https://github.com/franc205/433MHz-Cloner): Just hack any 433MHz device!
[Vulcan](https://github.com/XTeam-Wing/Vulcan): VulCan资产管理系统|漏洞扫描|资产探测|定时扫描
[PPF](https://github.com/PinkP4nther/PPF): A modular pentesting framework implemented in C
[osv.dev](https://github.com/google/osv.dev): Open source vulnerability DB and triage service.
[RedBook](https://github.com/satan1a/RedBook): 基于Threathunting-book基础上完善的狩猎视角红队handbook
[SentryPeer](https://github.com/SentryPeer/SentryPeer): Protect your SIP Servers from bad actors.
[anchore-engine](https://github.com/anchore/anchore-engine): A service that analyzes docker images and scans for vulnerabilities
[libdft64](https://github.com/AngoraFuzzer/libdft64): libdft for Intel Pin 3.x and 64 bit platform. (Dynamic taint tracking, taint analysis)
[EhLab](https://github.com/proxyanon/EhLab): O EhLab (Ethical Hacker Laboratory) é um laboratório de pentest grátis e de código aberto, altere e adquira conhecimento de forma livre com nosso lab
[Zeek-Network-Security-Monitor](https://github.com/mytechnotalent/Zeek-Network-Security-Monitor): A Zeek Network Security Monitor tutorial that will cover the basics of creating a Zeek instance on your network in addition to all of the necessary hardware and setup and finally provide some examples of how you can use the power of Zeek to have absolute control over your network.
[cowrie](https://github.com/cowrie/cowrie): Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.io
[TryHackMe-Writeups](https://github.com/dnts3110/TryHackMe-Writeups): My TryHackMe writeups and notes
[vm2](https://github.com/patriksimek/vm2): Advanced vm/sandbox for Node.js
[mosec-node-plugin](https://github.com/momosecurity/mosec-node-plugin): 用于检测 node 项目的第三方依赖组件是否存在安全漏洞。
[Dr_Quine](https://github.com/anyaschukin/Dr_Quine): A self-replicating virus in C, ASM, python.
[AppLocker](https://github.com/Ryasnoy/AppLocker): AppLocker - simple lock screen for iOS Application ( Swift 4+, iOS 9.0+) Touch ID / Face ID
[breaking-telegram](https://github.com/matteounitn/breaking-telegram): Simple PoC script that allows you to exploit telegram's "send with timer" feature by saving any media sent with this functionality.
[kata-containers](https://github.com/kata-containers/kata-containers): Kata Containers version 2.x repository. Kata Containers is an open source project and community working to build a standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs. https://katacontainers.io/
[storefront_cloner](https://github.com/gh0x0st/storefront_cloner): A python approach to clone Citrix Storefront portals
[lzr](https://github.com/stanford-esrg/lzr): LZR quickly detects and fingerprints unexpected services running on unexpected ports.
[Shuffle](https://github.com/Shuffle/Shuffle): Shuffle: A general purpose security automation platform. Our focus is on collaboration and resource sharing.
[pentest-book](https://github.com/six2dez/pentest-book)
[Penetration-Testing-Cheat-Sheet](https://github.com/curtishoughton/Penetration-Testing-Cheat-Sheet): A guide to help people who are new to penetration testing and are looking to gain an overview of the penetration testing process. This guide will help anyone hoping to take the CREST CRT or Offensive Security's OSCP exam and will aim to cover each stage of compromising a host.
[RedisPushIptables](https://github.com/limithit/RedisPushIptables): RedisPushIptables is used to update firewall rules to reject the IP addresses for a specified amount of time or forever reject.
[AESJniEncrypt](https://github.com/BruceWind/AESJniEncrypt): Make safest code in Android. (基于libsodium实现chacha20算法,key在native中,防止被二次打包){长期维护,请star,勿fork}
[chrome_enum](https://github.com/henryreed/chrome_enum): Decrypts and dumps Chrome-based browser cookies and passwords in Microsoft Windows.
[tamperchrome](https://github.com/google/tamperchrome): Tamper Dev is an extension that allows you to intercept and edit HTTP/HTTPS requests and responses as they happen without the need of a proxy. Works across all operating systems (including Chrome OS).
[AdvancedKeyHacks](https://github.com/udit-thakkur/AdvancedKeyHacks): API Key/Token Exploitation Made easy.
[piknik](https://github.com/jedisct1/piknik): Copy/paste anything over the network.
[WireBug](https://github.com/SySS-Research/WireBug): WireBug is a toolset for Voice-over-IP penetration testing
[jupyter-widget-stixview](https://github.com/traut/jupyter-widget-stixview): STIX2 graph widget for Jupyter notebooks, powered by stixview library
[HackBrowserData](https://github.com/moonD4rk/HackBrowserData): Decrypt passwords/cookies/history/bookmarks from the browser. 一款可全平台运行的浏览器数据导出解密工具。
[Shodan_Search](https://github.com/abdulkadir-gungor/Shodan_Search): Based on the Shodan API, it displays the open ports and security vulnerabilities of the server related to the entered ip or hostname.
[neoss](https://github.com/PabloLec/neoss): :heavy_check_mark: User-friendly and detailed socket statistics with a Terminal UI.
[AndroPyDucky](https://github.com/proxyanon/AndroPyDucky): Ferramenta para criação de payloads HID (human interface device) para android sem nethunter ou rubber ducky
[K-Tool](https://github.com/mrprogrammer2938/K-Tool): K-Tool
[security-core](https://github.com/symfony/security-core): Security provides an infrastructure for sophisticated authorization systems, which makes it possible to easily separate the actual authorization logic from so called user providers that hold the users credentials. It is inspired by the Java Spring framework.
[search-libc](https://github.com/blukat29/search-libc): Web wrapper of niklasb/libc-database
[dfir-ioc-ut](https://github.com/jipegit/dfir-ioc-ut): DFIR IoC Unit Testing
[minishmaker](https://github.com/minishmaker/minishmaker): Level editing suite for The Legend of Zelda: The Minish Cap
[Image_Steganography](https://github.com/rohanailoni/Image_Steganography): It is just an Experiment on Image Strgaography to Demostrate the uses of Hiding data in picture and Also Detecting it using Neural Network w.r.t noise in the malware image
[shoulditrust](https://github.com/micheleriva/shoulditrust): 🤔Check if an IP address is safe or not!
[rbac-tool](https://github.com/alcideio/rbac-tool): Rapid7 | insightCloudSec | Kubernetes RBAC Power Toys - Visualize, Analyze, Generate & Query
[CyberSec-Books](https://github.com/ad0x99/CyberSec-Books): Cyber Security Books
[domain-protect](https://github.com/ovotech/domain-protect): Protect against subdomain takeover
[turbo-attack](https://github.com/mytechnotalent/turbo-attack): A turbo traffic generator pentesting tool to generate random traffic with random mac and ip addresses in addition to random sequence numbers to a particular ip and port.
[Canvass](https://github.com/sayonsom/Canvass): An open source tool chain to simulate cyber attacks in the power system
[ActiveReign](https://github.com/m8sec/ActiveReign): A Network Enumeration and Attack Toolset for Windows Active Directory Environments.
[security-101-for-saas-startups](https://github.com/forter/security-101-for-saas-startups): security tips for startups
[wifi-cracking](https://github.com/brannondorsey/wifi-cracking): Crack WPA/WPA2 Wi-Fi Routers with Airodump-ng and Aircrack-ng/Hashcat
[VAC-Bypass](https://github.com/Jackbail4/VAC-Bypass): Full VAC Bypass. Inject detected cheats and not get VAC banned.
[aeacus](https://github.com/elysium-suite/aeacus): 🔐 Vulnerability remediation scoring system
[printix-CVE-2022-25090](https://github.com/ComparedArray/printix-CVE-2022-25090): A "Creation of Temporary Files in Directory with Insecure Permissions" vulnerability in PrintixService.exe, in Printix's "Printix Secure Cloud Print Management", Version 1.3.1106.0 and below allows any logged in user to elevate any executable or file to the SYSTEM context. This is achieved by exploiting race conditions in the Installer.
[netizenship](https://github.com/rahulrajpl/netizenship): a commandline #OSINT tool to find the online presence of a username in popular social media websites like Facebook, Instagram, Twitter, etc.
[RapidRepoPull](https://github.com/tbalz2319/RapidRepoPull): The goal of this program is to quickly pull and install repos from its list
[jigg](https://github.com/multiparty/jigg): JavaScript implementation of garbled gates and 2PC boolean circuit protocols
[WSSAT](https://github.com/YalcinYolalan/WSSAT): WEB SERVICE SECURITY ASSESSMENT TOOL
[AzureHunter](https://github.com/darkquasar/AzureHunter): A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365
[badusb_botnet](https://github.com/alexfrancow/badusb_botnet): :busts_in_silhouette::smiling_imp: Infect a pc with badusb and establish a connection through telegram.
[go-safeweb](https://github.com/google/go-safeweb): Secure-by-default HTTP servers in Go.
[ITWSV](https://github.com/penetrate2hack/ITWSV): ITWSV- Integrated Tool for Web Security Vulnerability
[SLMail_PoC](https://github.com/PinkP4nther/SLMail_PoC): Simple RCE PoC for SLMail server on Windows XP SP3
[samson](https://github.com/wildcardcorp/samson): Cryptanalysis and attack library
[graphite](https://github.com/Graphite-Docs/graphite): Encrypted, secure, user-owned productivity suite
[DataProfiler](https://github.com/capitalone/DataProfiler): What's in your data? Extract schema, statistics and entities from datasets
[CVE-2019-12840_POC](https://github.com/bkaraceylan/CVE-2019-12840_POC): PoC for Webmin Package Update Authenticated Remote Command Execution
[gsvsoc_working-from-home-infoseries](https://github.com/guardsight/gsvsoc_working-from-home-infoseries): Cybersecurity Tips When Working Remote
[zeek-plugin-tds](https://github.com/amzn/zeek-plugin-tds): Zeek network security monitor plugin that enables parsing of the Tabular Data Stream (TDS) protocol
[Lets_Pentest](https://github.com/aniketambore/Lets_Pentest): ☠A collection of Penetration Testing scripts I'd written to use in Pentests.💉
[gitlab_RCE](https://github.com/dotPY-hax/gitlab_RCE): RCE for old gitlab version <= 11.4.7 & 12.4.0-12.8.1 and LFI for old gitlab versions 10.4 - 12.8.1
[RouterTestApp](https://github.com/freitaspedro/RouterTestApp): Aplicativo Android desenvolvido para a disciplina de Projeto de Aplicação II da Universidade Federal Fluminense. O objetivo do aplicativo é promover testes em roteadores domésticos com intuito de tornar pública as vulnerabilidades contidas neles.
[Basic-Keylogger-python](https://github.com/manavarya999/Basic-Keylogger-python): A simple keylogger that sends the keystrokes to the provided email id.
[TelemetrySourcerer](https://github.com/jthuraisamy/TelemetrySourcerer): Enumerate and disable common sources of telemetry used by AV/EDR.
[osx-and-ios-security-awesome](https://github.com/ashishb/osx-and-ios-security-awesome): OSX and iOS related security tools
[PhishAPI](https://github.com/curtbraz/PhishAPI): Comprehensive Web Based Phishing Suite for Rapid Deployment and Real-Time Alerting!
[security-threats](https://github.com/prashanth-sams/security-threats): Real time analysis of information security vulnerabilities
[ServerTelegramBot](https://github.com/i4specete/ServerTelegramBot): Hacking from your phone
[covermyass](https://github.com/sundowndev/covermyass): Shell script to cover your tracks on UNIX systems. Designed for pen testing "covering tracks" phase, before exiting the infected server. Or, permanently disable system logs for post-exploitation.
[gray_hat_csharp_code](https://github.com/brandonprry/gray_hat_csharp_code): This repository contains full code examples from the book Gray Hat C#
[dontclickshit](https://github.com/sapran/dontclickshit): Як не стати кібер-жертвою
[CVE-2020-7247](https://github.com/f4T1H21/CVE-2020-7247): PoC exploit for CVE-2020-7247 OpenSMTPD 6.4.0 < 6.6.1 Remote Code Execution
[wpscan](https://github.com/wpscanteam/wpscan): WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites.
[virustotal](https://github.com/themains/virustotal): R client for the Virustotal Public API. Virustotal is a Google service that analyzes files and URLs for viruses etc.
[skjold](https://github.com/twu/skjold): Security audit Python project dependencies against security advisory databases.
[traft](https://github.com/danielpygo/traft)
[PredictionPipelineMS2020](https://github.com/JakobDohrmann/PredictionPipelineMS2020): Source code and dataset used in M.S. Thesis "Optimizing a prediction pipeline by prepending an efficient low-fidelity model", 2020
[siemstress](https://github.com/dogoncouch/siemstress): Very basic CLI SIEM (Security Information and Event Management system).
[loctrack](https://github.com/cipheras/loctrack): A tool to locate people using social engineering. :rocket:
[Cryptolocker](https://github.com/ajayrandhawa/Cryptolocker): CryptoLocker is open source files encrypt-er. Crypto is developed in Visual C++. It has features encrypt all file, lock down the system and send keys back to the server. Multi-threaded functionality helps to this tool make encryption faster.
[skipmcgee.github.io](https://github.com/skipmcgee/skipmcgee.github.io): Welcome to Skip McGee's page: a personal introduction to my code and projects!
[buildAPKs](https://github.com/SDRausty/buildAPKs): Really quickly build APKs on handheld device (smartphone or tablet) in Amazon, Android, Chromebook and Windows📲 See https://buildapks.github.io/docsBuildAPKs/setup to start building APKs.
[NoGPKI](https://github.com/Alex4386/NoGPKI): Distrusts GPKI Root CA Certificate because their security and certificate management is bad as F***
[awesome-cloud-security](https://github.com/4ndersonLin/awesome-cloud-security): 🛡️ Awesome Cloud Security Resources ⚔️
[rop-tool](https://github.com/t00sh/rop-tool): A tool to help you write binary exploits
[eccube-acl-chmod](https://github.com/havill/eccube-acl-chmod): Adds ACLs to EC-CUBE 4.x, each group of allowed access represented by a bit in an octet like Unix.
[linux-keylogger](https://github.com/y0g3sh-99/linux-keylogger): Linux keylogger written in C
[trj](https://github.com/pablocorbalann/trj): Execute any command in other's computer using a trojan horse coded and compiled in C. Just for educational purpose.
[phpvuln](https://github.com/ecriminal/phpvuln): 🕸️ Audit tool to find common vulnerabilities in PHP source code
[CompTIA-Security-Hands-on-Labs-](https://github.com/francoisarthanas/CompTIA-Security-Hands-on-Labs-): Maybe you are studying for the CompTIA Security+ Course and don't have the hands-on labs that goes with it. This Free course is designed to help you close your hands-on knowledge gaps.
[QuickLock](https://github.com/LiteTools/QuickLock): Sometimes locking your computer can take a long time if you have a tight schedeule or don't want to navigate Windows's menus. QuickLock solves all these problems by having an easy to click lock button.
[pdfrip](https://github.com/mufeedvh/pdfrip): A multi-threaded PDF password cracking utility equipped with commonly encountered password format builders and dictionary attacks.
[hack.python](https://github.com/exitmsconfig/hack.python): 白帽SEO是一种精神!
[occlum](https://github.com/occlum/occlum): Occlum is a memory-safe, multi-process library OS for Intel SGX
[shadowspace-curzor](https://github.com/not-so-cool-anymore/shadowspace-curzor): Shadowrange is a cyberragne for active cybersecurity trainings and exercises. Curzor is one of the basics parts of that range - a web app containing multuple security vulnerabilities.
[docker-spectre](https://github.com/feffi/docker-spectre): Spectre and Meltdown in a docker containerized test
[graudit](https://github.com/wireghoul/graudit): grep rough audit - source code auditing tool
[CloudFrontier](https://github.com/riskprofiler/CloudFrontier): Monitor the internet attack surface of various public cloud environments. Currently supports AWS, GCP, Azure, DigitalOcean and Oracle Cloud.
[survivio-icehacks-aimbot-v1.0](https://github.com/Michal2SAB/survivio-icehacks-aimbot-v1.0): A compiled surviv.io cheat (by IceHacks) with an old aimbot (v 1.0) for @VN BPM (on youtube).
[torch](https://github.com/CameronLonsdale/torch): Command-line Cryptanalysis
[Hande-Stealer](https://github.com/swagkarna/Hande-Stealer): Powerful Discord Stealer written in python
[fwexpl](https://github.com/Cr4sh/fwexpl): PC firmware exploitation tool and library
[OWASP-Calculator](https://github.com/JavierOlmedo/OWASP-Calculator): 🧮 An online calculator to assess the risk of web vulnerabilities based on OWASP Risk Assessment
[cryptonice](https://github.com/F5-Labs/cryptonice): CryptoNice is both a command line tool and library which provides the ability to scan and report on the configuration of SSL/TLS for your internet or internal facing web services. Built using the sslyze API and ssl, http-client and dns libraries, cryptonice collects data on a given domain and performs a series of tests to check TLS configuration and supporting protocols such as HTTP2 and DNS.
[tag-security](https://github.com/cncf/tag-security): 🔐CNCF Security Technical Advisory Group -- secure access, policy control, privacy, auditing, explainability and more!
[Vulhub-Reproduce](https://github.com/Threekiii/Vulhub-Reproduce): 一个Vulhub漏洞复现知识库
[SpamSlam](https://github.com/Parsons-IT-Solutions/SpamSlam): SpamSlam is a script I created to create accounts using the victim's cellphone number and as a result the victim will receive a ton of verification codes.
[Project-Guardian](https://github.com/LEM-Security/Project-Guardian): Project Guardian is designed as an open source and free portable Intrustion Detection System (IDS) and Firewall. Project Guardian was built on the Odroid XU-4 platform and is currently the only hardware officially supported by LEM Security LLC. Project Guardian is officially tested on the ARM version of Ubuntu 18.04 and in its current form should work just fine.
[advisor-action](https://github.com/alcideio/advisor-action): Alcide Advisor GitHub Action
[Domain_Vulnerability_Detector](https://github.com/AdrianVillamayor/Domain_Vulnerability_Detector): This script allows vulnerability testing to avoid penetration attacks by urls.
[spectreScope](https://github.com/ixtal23/spectreScope): The demo of the speculative execution attack Spectre (CVE-2017-5753, CVE-2017-5715).
[How-to-get-a-Entry-Level-Cybersecurity-Job](https://github.com/AirtightSecurity/How-to-get-a-Entry-Level-Cybersecurity-Job): This repository is the store of all the main points and suggestions I have come across on LinkedIn, podcasts and YouTube related to finding an entry level cybersecurity job.
[inputs](https://github.com/victornavarrete/inputs): Clase para obtener entradas seguras GET, POST, HEADERS y más utilidades utilizables para APIS
[jose-jwt](https://github.com/dvsekhvalnov/jose-jwt): Ultimate Javascript Object Signing and Encryption (JOSE), JSON Web Token (JWT) and Json Web Keys (JWK) Implementation for .NET and .NET Core
[vector-addon](https://github.com/cally72jhb/vector-addon): A powerful open-source addon for Meteor Client.
[snopf](https://github.com/snopf/snopf): snopf USB password token
[research-threats](https://github.com/disclose/research-threats): Collection of legal threats against good faith Security Researchers; vulnerability disclosure gone wrong. A continuation of work started by @attritionorg
[owasp-fstm](https://github.com/scriptingxss/owasp-fstm): The Firmware Security Testing Methodology (FSTM) is composed of nine stages tailored to enable security researchers, software developers, consultants, and Information Security professionals with conducting firmware security assessments.
[shotdroid](https://github.com/kp300/shotdroid): ShotDroid is a pentesting tool for android. There are 3 tools that have their respective functions, Get files from Android directory, internal and external storage, Android Keylogger + Reverse Shell and Take a webcam shot of the face from the front camera of the phone and PC.
[RS-Generator](https://github.com/mrx04programmer/RS-Generator): Generador de Reverse Shell para distintos lenguajes de programación y sistemas operativos.
[h1domains](https://github.com/zricethezav/h1domains): HackerOne "in scope" domains
[Cryptography-Communication-System](https://github.com/Vatshayan/Cryptography-Communication-System): B.tech College Project for Secure Message Communication though Cryptography Algorithm
[exploitation_docker](https://github.com/Neetx/exploitation_docker): Docker container with exploitation technique examples, used in my master thesis
[awesome-security-feed](https://github.com/mrtouch93/awesome-security-feed): A semi-curated list of Security Feeds
[trafficker](https://github.com/gvb84/trafficker): Code written for the Google Maps traffic analysis demo. See the demo video at https://www.youtube.com/watch?v=skQNwd9Jij4 or the whitepaper which can be found in doc/. Talks about this were given at 44Con and Ruxcon.
[reverser](https://github.com/eitanh/reverser): Reverser - tiny 12k http based reverse tunnel using c++ as client and python3 as server
[logiweb-microservices](https://github.com/tuanalexeu/logiweb-microservices): First-part-application for T-Systems Java School
[jsafer](https://github.com/avilum/jsafer): A simple JS source code obfuscator/minifier that doesn't hurt consistency or speed.
[steganographer](https://github.com/priyansh-anand/steganographer): Steganograpy in Python | Hide files or data in Image Files
[SecureBPMN](https://github.com/logicalhacking/SecureBPMN): SecureBPMN is a domain-specific modeling language that allows to model security aspects (e.g., access control, separation of duty, confidentiality).
[BrainDamage](https://github.com/mehulj94/BrainDamage): Remote administration tool which uses Telegram as a C&C server
[tomcatWarDeployer](https://github.com/mgeeky/tomcatWarDeployer): Apache Tomcat auto WAR deployment & pwning penetration testing tool.
[revive-cc](https://github.com/sivachokkapu/revive-cc): Static analysis tool for Hyperledger Frabric smart contracts written in Go.
[AutoBlur-CNN-Features](https://github.com/efidalgo/AutoBlur-CNN-Features): Script to extract CNN deep features with different ConvNets, and then use them for an Image Classification task with a SVM classifier with lineal kernel over the following small datasets: Soccer [1], Birds [2], 17flowers [3], ImageNet-6Weapons[4] and ImageNet-7Arthropods[4].
[Hexxo-Starl-client](https://github.com/CoastStarlight/Hexxo-Starl-client): n-gon hack client
[DYFKeychain](https://github.com/chenxing640/DYFKeychain): ([Swift] https://github.com/dgynfi/DYFSwiftKeychain) This library is used to store text and data in Keychain securely for iOS, OS X, tvOS and watchOS. (Objective-C)
[AllThingsOpen2018](https://github.com/nomadicmehul/AllThingsOpen2018): All Things Open is the largest "Open" technology event on the east coast.
[WizardOpium](https://github.com/forrest-orr/WizardOpium): Google Chrome Use After Free
[graph-adversarial-learning-literature](https://github.com/safe-graph/graph-adversarial-learning-literature): A curated list of adversarial attacks and defenses papers on graph-structured data.
[csgo_memory_hacking_examples](https://github.com/atiksoftware/csgo_memory_hacking_examples): CsGO Memory Hacking C++ code examples. Ex: Read HP,Name,Coord,Bones,Weapons,items etc.
[msspray](https://github.com/0xZDH/msspray): A basic username enumeration and password spraying tool aimed at spraying Microsoft's DOM based authentication using selenium.
[zxcvbn-python](https://github.com/dwolfhub/zxcvbn-python): Python implementation of Dropbox's realistic password strength estimator
[shellfinder](https://github.com/Lekssays/shellfinder): A Simple Tool to Find Shells and Some Interesting Endpoints in Websites
[dms-filter](https://github.com/rdohms/dms-filter): Library that offers Input Filtering based on Annotations for use with Objects. Check out 2.dev for 2.0 pre-release.
[Shield.Dotnet.Client](https://github.com/dotnetsafer/Shield.Dotnet.Client): The shield client for .NET allows you to interact with dotnetsafer shield from any environment and protect your software in an integrated way.
[the-dao-hack-simulation](https://github.com/ssteiger/the-dao-hack-simulation): A simulation of the infamous DAO hack from 2016
[gokart](https://github.com/praetorian-inc/gokart): A static analysis tool for securing Go code
[RIPv6](https://github.com/scipag/RIPv6): Random IPv6 - circumvents restrictive IP address-based filter and blocking rules
[Staticot](https://github.com/umair9747/Staticot): A BASH script to automate simple tasks related to static malware analysis
[secure-open](https://github.com/lapwat/secure-open): A Docker environment to securely open images, videos, sounds and more.
[Log4Shell-IOCs](https://github.com/curated-intel/Log4Shell-IOCs): A collection of intelligence about Log4Shell and its exploitation activity.
[stronghold](https://github.com/alichtman/stronghold): Easily configure macOS security settings from the terminal.
[ipa-medit](https://github.com/aktsk/ipa-medit): Memory modification tool for re-signed ipa supports iOS apps running on iPhone and Apple Silicon Mac without jailbreaking.
[dumpall](https://github.com/0xHJK/dumpall): 一款信息泄漏利用工具,适用于.git/.svn/.DS_Store泄漏和目录列出
[kindle-pw2-5.6.5-jailbreak](https://github.com/esno/kindle-pw2-5.6.5-jailbreak): jailbreak for the kindle paperwhite 2 firmware version 5.6.5
[ssl-proxy](https://github.com/suyashkumar/ssl-proxy): :lock: Simple zero-config SSL reverse proxy with real autogenerated certificates (LetsEncrypt, self-signed, provided)
[pwdsafety](https://github.com/edoardottt/pwdsafety): 🔒command line tool checking password safety🔒
[magicpad](https://github.com/hyundotio/magicpad): MagicPad is an encryption suite for beginners. It is designed to be run standalone via the browser or executable (Electron).
[Python-For-Ethical-Hacking](https://github.com/saadhaxxan/Python-For-Ethical-Hacking): This is a complete project series on implementing hacking tools available in Kali Linux into python.
[envkeygo](https://github.com/envkey/envkeygo): EnvKey's official Go client library
[Debugger](https://github.com/GameHackingAcademy/Debugger): An example of a Windows debugger that will attach to a running Assault Cube 1.2.0.2 process, change a specific instruction to an int 3 instruction (0xCC), and then restore the original instruction when the breakpoint is hit.
[stig-cli](https://github.com/MindPointGroup/stig-cli): A CLI for perusing DISA STIG content Mac, Linux, and Windows Compatible
[quay-workshop](https://github.com/cmcornejocrespo/quay-workshop): This repository contains the source code for the Quay workshop.
[password-wordlist-generator-cpp](https://github.com/BernardoPiedade/password-wordlist-generator-cpp): Simple wordlist generator, made in c++. It's still in development. It can be a helpfull tool for pentesters trying out wordlist attacks.
[DiscordExploit](https://github.com/maximkha/DiscordExploit): This permission-less exploit can hijack a discord account
[chef-postgres-hardening](https://github.com/dev-sec/chef-postgres-hardening): This chef cookbook provides security configuration for PostgreSQL.
[AlanFramework](https://github.com/enkomio/AlanFramework): A C2 post-exploitation framework
[AuthMeReloaded](https://github.com/AuthMe/AuthMeReloaded): The best authentication plugin for the Bukkit/Spigot API!
[BeFree](https://github.com/Mahi2/BeFree): Website Security, Antivirus & Firewall || a powerful application that can secure your website against hackers, attacks and other incidents of abuse
[grapX](https://github.com/kabilan1290/grapX): grapX will iterate through the URLs and grep the endpoints with all possible extensions.
[n00bRAT](https://github.com/abhishekkr/n00bRAT): Remote Administration Toolkit (or Trojan) for POSiX (Linux/Unix) system working as a Web Service
[Kali-Linux-Tools-Interface](https://github.com/lucasfrag/Kali-Linux-Tools-Interface): Graphical Web interface developed to facilitate the use of security information tools.
[aau-security](https://github.com/jwindelborg/aau-security): Web application security project
[X_INSTA](https://github.com/ALDON94/X_INSTA): X_INSTA Powerful INSTAGRAM Password Brute Force Tool For Windows
[ProxyLogon](https://github.com/p0wershe11/ProxyLogon): ProxyLogon(CVE-2021-26855+CVE-2021-27065) Exchange Server RCE(SSRF->GetWebShell)
[kics](https://github.com/Checkmarx/kics): Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
[UniTools-Termux](https://github.com/Zian25/UniTools-Termux): Instalador hacking para termux
[Defender.Net](https://github.com/YaroslavChelentano/Defender.Net): This is a project of the DevSec team, and I am their mentor Yaroslav. Defender.NET is a service that provides consultations, diagnostics and any help to secure your PC.
[tpm2-tools](https://github.com/tpm2-software/tpm2-tools): The source repository for the Trusted Platform Module (TPM2.0) tools
[FlowMeter](https://github.com/deepfence/FlowMeter): ⭐ ⭐ Use ML to classify flows and packets as benign or malicious. ⭐ ⭐
[pOSINT](https://github.com/ecstatic-nobel/pOSINT): Gather Open-Source Intelligence using PowerShell.
[wpgarlic](https://github.com/kazet/wpgarlic): A proof-of-concept WordPress plugin fuzzer
[npq](https://github.com/lirantal/npq): 🎖safely* install packages with npm or yarn by auditing them as part of your install process
[CVE-2019-8561](https://github.com/0xmachos/CVE-2019-8561): Proof of concept exploit for CVE-2019-8561 discovered by @jbradley89
[iSOC](https://github.com/alexfrancow/iSOC): :bar_chart: Deploy an "illegal" SOC to manage vulnerabilities on your city servers in minutes.
[python_hacking_tools](https://github.com/steamedeo/python_hacking_tools): A set of hacking tools written in Python
[HackingVigenereCipher](https://github.com/siggb/HackingVigenereCipher): Hacking using Markov chains and Python
[UAC-Bypass](https://github.com/exploitblizzard/UAC-Bypass): Bypassing windows uac, however its an old approach/method but its still unpatched ¯\_(ツ)_/¯
[pyWhat](https://github.com/bee-san/pyWhat): 🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙♀️
[centos7-tutorial](https://github.com/wh211212/centos7-tutorial): :octocat: CentOS 7 运维实战🎬💥
[Sojobo](https://github.com/enkomio/Sojobo): A binary analysis framework
[DLC-2018](https://github.com/vinayakumarr/DLC-2018): Application of deep learning for cyber security
[Crips](https://github.com/Manisso/Crips): IP Tools To quickly get information about IP Address's, Web Pages and DNS records.
[kubernetes-security-best-practice](https://github.com/freach/kubernetes-security-best-practice): Kubernetes Security - Best Practice Guide
[Exploit-Vulnerabilities](https://github.com/JulienCheny/Exploit-Vulnerabilities): Where can I find exploits and how to use them ?
[samlists](https://github.com/the-xentropy/samlists): Free, libre, effective, and data-driven wordlists for all!
[icestick-lpc-tpm-sniffer](https://github.com/SySS-Research/icestick-lpc-tpm-sniffer): FPGA-based LPC bus sniffing tool for Lattice iCEstick Evaluation Kit
[js-pp-poc](https://github.com/mostafa/js-pp-poc): Proof of concept for prototype pollution attack on Redis drivers (node-redis & ioredis) for Node.js
[awsEnum](https://github.com/bassammaged/awsEnum): Enumerate AWS cloud resources based on provided credential
[blueborne-dockerized](https://github.com/cybersecsi/blueborne-dockerized): Repo code for the related post on SecSI Blog: https://secsi.io/blog/blueborne-kill-chain-on-dockerized-android
[vulners-agent](https://github.com/vulnersCom/vulners-agent): Agent scanner for vulners.com
[ufw-docker](https://github.com/chaifeng/ufw-docker): To fix the Docker and UFW security flaw without disabling iptables
[scant3r](https://github.com/knassar702/scant3r): ScanT3r - Module based Bug Bounty Automation Tool
[MalwareScripts](https://github.com/SantiagoPujana/MalwareScripts): Malware scripts coded in C++ and BATCH.
[DiamondHardLAMP](https://github.com/Brets0150/DiamondHardLAMP): A script to build and manage a Diamond Hard secure Linux, Apache MariaDB, PHP(LAMP) Webhosting server. Builds and configure a LAMP stack with AppArmor, ModSecurity, ClamAV, LetsEncrypt, Fail2Ban, OSSEC, and UnattendedUpgrades.
[CVE-2016-2098](https://github.com/0x00-0x00/CVE-2016-2098): Ruby On Rails unrestricted render() exploit
[nanoid](https://github.com/jkomyno/nanoid): Golang port of ai/nanoid (originally written in JavaScript)
[printix-CVE-2022-25089](https://github.com/ComparedArray/printix-CVE-2022-25089): An "Incorrect Use of a Privileged API" vulnerability in PrintixService.exe, in Printix's "Printix Secure Cloud Print Management", Version 1.3.1106.0 and below allows a Local Or Remote attacker the ability change all HKEY Windows Registry values as SYSTEM context via the UITasks.PersistentRegistryData parameter.
[BoopSuite](https://github.com/MisterBianco/BoopSuite): A Suite of Tools written in Python for wireless auditing and security testing.
[Application-Gateway](https://github.com/Janusec/Application-Gateway): Janusec Application Gateway, an application security solution which provides ACME HTTPS, WAF (Web Application Firewall), CC defense, OAuth2 Authentication and load balancing. Janusec应用网关,提供ACME自动化证书与HTTPS接入、WAF (Web Application Firewall)、CC防御、OAuth2身份认证、负载均衡等功能。
[ssltest-stls](https://github.com/decal/ssltest-stls): :hammer_and_wrench: Proof-of-concept code for Heartbleed a.k.a. CVE2014-0160 with STARTTLS support for various protocols
[AngelSword](https://github.com/Lucifer1993/AngelSword): Python3编写的CMS漏洞检测框架
[spring4shell](https://github.com/Leovalcante/spring4shell): Spring4Shell RCE exploit
[Pacman-DDOS-Script](https://github.com/AnandaRauf/Pacman-DDOS-Script): Pentesting Website Pacman Version 1.0 DDOS
[markransom](https://github.com/r3nt0n/markransom): Simple but sharp ransomware
[SpeckNet](https://github.com/aegis-dev/SpeckNet): C# implementation of Speck cipher
[Python-ByteBeat](https://github.com/Itzsten/Python-ByteBeat): Run ByteBeat in python 3!
[nix-security-box](https://github.com/fabaff/nix-security-box): Tool set for Information security professionals and all others
[SWEP](https://github.com/Sup0rsonic/SWEP): SWEP - the open-source Web Exploit Project, the development of the project has stopped, and under a complete rework. The name of the new project will be NEKOThreat.
[ASU](https://github.com/LOoLzeC/ASU): facebook hacking toolkit
[linux-container-security-docs](https://github.com/makash/linux-container-security-docs): A gitbook for doing a null Bangalore session on linux container security to discuss and teach namespaces, cgroups etc.
[php-8.1.0-dev-backdoor-rce](https://github.com/flast101/php-8.1.0-dev-backdoor-rce): PHP 8.1.0-dev Backdoor System Shell Script
[Ukraine-infosec-conferences](https://github.com/sapran/Ukraine-infosec-conferences): Анонси, програми та архів матеріалів українських конференцій з кібер-безпеки.
[Fuerza-Bruta](https://github.com/Andres-Hernandez-Mata/Fuerza-Bruta): Un ataque de fuerza bruta es aquel donde se intenta recuperar una clave o contraseña probando todas las combinaciones posibles hasta encontrar la que permite el acceso. Por lo general, los ataques de fuerza bruta se combinan con ataques de diccionario, que consiste en intentar averiguar una clave o contraseña probando todas las palabras de un diccionario. Este último tipo de ataque suele ser exitoso cuando las contraseñas están formadas por palabras comunes.
[twofactorauth](https://github.com/2factorauth/twofactorauth): List of sites with two factor auth support which includes SMS, email, phone calls, hardware, and software.
[Analyst-Tool](https://github.com/cybersheepdog/Analyst-Tool): Analyst Tool to automate some of an analyst's daily investigation tasks. In both python script and Jupyter Notebook format.
[psvita-webkit](https://github.com/173210/psvita-webkit): PSVita Webkit Exploit
[Penetration-Testing-Tools](https://github.com/mgeeky/Penetration-Testing-Tools): A collection of more than 170+ tools, scripts, cheatsheets and other loots that I've developed over years for Red Teaming/Pentesting/IT Security audits purposes.
[CyberPhish](https://github.com/Cyber-Dioxide/CyberPhish): A heavily armed customizable phishing tool for educational purpose only
[b2k4](https://github.com/BotolMehedi/b2k4): B2K4 - New Facebook OLD Id Cloner Tool | 2003-2011 Facebook Account Cloner | Custom Cloner Maker | Number + UID Cloner | Crack From Friendlist | Crack From Public | Crack From File | File Cloner | Without Login Cloner | With 50+ Extra Passwords Cracker | No Checkpoint JUST NOW LOGIN | All New APIs For Cracking | [ PAID + FREE TOOL ]
[anonfiles-xss-0day](https://github.com/BoofSec/anonfiles-xss-0day): anonfiles.com XSS 0day exploit
[Android-SSL-Pinning-WebViews](https://github.com/menjoo/Android-SSL-Pinning-WebViews): A simple demo app that demonstrates Certificate pinning and scheme/domain whitelisting in Android WebViews
[c-jwt-cracker](https://github.com/brendan-rius/c-jwt-cracker): JWT brute force cracker written in C
[JSShell](https://github.com/Den1al/JSShell): An interactive multi-user web JS shell
[HtmlSmuggling](https://github.com/abdulkadir-gungor/HtmlSmuggling): HTML smuggling is a malicious technique used by hackers to hide malware payloads in an encoded script in a specially crafted HTML attachment or web page. The malicious script decodes and deploys the payload on the targeted device when the victim opens/clicks the HTML attachment/link. The HTML smuggling technique leverages legitimate HTML5 and JavaScript features to hide malicious payloads and evade security detections. The HTML smuggling method is highly evasive. It could bypass standard perimeter security controls like web proxies and email gateways, which only check for suspicious attachments like EXE, DLL, ZIP, RAR, DOCX or PDF
[shakeitoff](https://github.com/jbaines-r7/shakeitoff): Windows MSI Installer LPE (CVE-2021-43883)
[springShodanBash](https://github.com/ja1sh/springShodanBash): Bash Script for Enumerating Spring Applications
[SecureFolderFS](https://github.com/securefolderfs-community/SecureFolderFS): Powerful, secure, modern way to keep your files protected.
[webkiller](https://github.com/ultrasecurity/webkiller): Tool Information Gathering Write By Python.
[Hive2Hive](https://github.com/Hive2Hive/Hive2Hive): Java library for secure, distributed, P2P-based file synchronization and sharing.
[express-gateway](https://github.com/ExpressGateway/express-gateway): A microservices API Gateway built on top of Express.js
[checkforce.js](https://github.com/jaimeneeves/checkforce.js): :muscle: A library that helps to perform tasks to test strength of passwords
[CVE-2020-0688_EXP](https://github.com/Yt1g3r/CVE-2020-0688_EXP): CVE-2020-0688_EXP Auto trigger payload & encrypt method
[PyCPU](https://github.com/education-script-projects/PyCPU): Central Processing Unit Information Gathering Tool
[Crypto-OpSec-SelfGuard-RoadMap](https://github.com/OffcierCia/Crypto-OpSec-SelfGuard-RoadMap): Here we collect and discuss the best DeFi,Blockchain and crypto-related OpSec researches and data terminals - contributions are welcome.
[rawsec-cybersecurity-inventory](https://github.com/noraj/rawsec-cybersecurity-inventory): An inventory of tools and resources about CyberSecurity that aims to help people to find everything related to CyberSecurity.
[njsscan](https://github.com/ajinabraham/njsscan): njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
[laravel-zxcvbn](https://github.com/ziming/laravel-zxcvbn): @dropbox Zxcvbn Password validation rule for Laravel 9 and above
[A-New-Approach-of-Image-Encryption-Using-3D](https://github.com/billalkuet07/A-New-Approach-of-Image-Encryption-Using-3D)
[cakephp3-captcha](https://github.com/inimist/cakephp3-captcha): Cakephp 3 Captcha Plugin - Image Captcha, Google Recaptcha & Simple Match Question Challenge to protect form submission data from spam
[Vulny-Code-Static-Analysis](https://github.com/swisskyrepo/Vulny-Code-Static-Analysis): Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex
[WhiteHat](https://github.com/urcuqui/WhiteHat): Information about my experiences in cybersecurity :skull:
[device_google_coral](https://github.com/GrapheneOS/device_google_coral): Pixel 4 and Pixel 4 XL device sources.
[phuck](https://github.com/vaibhavpandeyvpz/phuck): Single-file shell to f__k vulnerable PHP servers, solely for educational and research purposes. Powered by Bootstrap and React.js, features a file browser and browser based, SSH like terminal.
[dropwizard-pac4j](https://github.com/pac4j/dropwizard-pac4j): A Dropwizard bundle for securing REST endpoints using pac4j
[hacktricks](https://github.com/carlospolop/hacktricks): Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
[Protocol-Analyzer](https://github.com/Vitaliy-Grigoriev/Protocol-Analyzer): Fuzz testing framework for network protocols.
[linux-rootkits-red-blue-teams](https://github.com/pentesteracademy/linux-rootkits-red-blue-teams): Linux Rootkits (4.x Kernel)
[testssl.sh-alerts](https://github.com/bitsofinfo/testssl.sh-alerts): Alerting engine (slack etc) for testssl.sh JSON result output files
[VisualBasicObfuscator](https://github.com/mgeeky/VisualBasicObfuscator): Visual Basic Code universal Obfuscator intended to be used during penetration testing assignments.
[CaptfEncoder](https://github.com/guyoung/CaptfEncoder): Captfencoder is a rapid cross platform network security tool suite, providing network security related code conversion, classical cryptography, cryptography, asymmetric encryption, miscellaneous tools, and aggregating all kinds of online tools.
[cs-suite](https://github.com/SecurityFTW/cs-suite): Cloud Security Suite - One stop tool for auditing the security posture of AWS/GCP/Azure infrastructure.
[IPRotate_Burp_Extension](https://github.com/RhinoSecurityLabs/IPRotate_Burp_Extension): Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.
[udemy-PythonOffensivePentesting](https://github.com/Vealor/udemy-PythonOffensivePentesting): https://www.udemy.com/python-for-offensive-security-practical-course
[sublert](https://github.com/yassineaboukir/sublert): Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.
[MetaInject](https://github.com/swagkarna/MetaInject): Inject Metasploit Shell Code in Legitimate Process
[dawnscanner](https://github.com/thesp0nge/dawnscanner): Dawn is a static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.
[JAFE](https://github.com/pedro-javierf/JAFE): Just Another Fifa Exploit: Unsigned code execution for FIFA Soccer 06 (USA) for the NDS
[shhgit](https://github.com/eth0izzle/shhgit): Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories: www.shhgit.com
[awesome-privacy](https://github.com/Lissy93/awesome-privacy): 🦄 A curated list of privacy & security-focused software and services
[steampipe](https://github.com/turbot/steampipe): Use SQL to instantly query your cloud services (AWS, Azure, GCP and more). Open source CLI. No DB required.
[LAZYPARIAH](https://github.com/octetsplicer/LAZYPARIAH): A tool for generating reverse shell payloads on the fly.
[eyeballer](https://github.com/BishopFox/eyeballer): Convolutional neural network for analyzing pentest screenshots
[kernel_google_coral_techpack_audio](https://github.com/GrapheneOS/kernel_google_coral_techpack_audio): Pixel 4, Pixel 4 XL and Pixel 4a audio driver sources.
[security-apis](https://github.com/jaegeral/security-apis): A collective list of public APIs for use in security. Contributions welcome
[AMDH](https://github.com/A-YATTA/AMDH): Android Mobile Device Hardening
[CodeTest](https://github.com/codeyso/CodeTest): 脚本工具合集GUI版本,内置漏洞验证、利用模块,可自定义脚本实现批量验证。
[web-fuzz-wordlists](https://github.com/kaimi-io/web-fuzz-wordlists): Common Web Managers Fuzz Wordlists
[blokada](https://github.com/blokadaorg/blokada): The official repo for Blokada for Android and iOS.
[maching-learning-CDAC-Technopark](https://github.com/vinayakumarr/maching-learning-CDAC-Technopark): Maching learning workshop at CDAC, Technopark, Thiruvananthapuram
[binserve](https://github.com/mufeedvh/binserve): A fast production-ready static web server with TLS (HTTPS), routing, hot reloading, caching, templating, and security in a single-binary you can set up with zero code. :zap:
[phishing-frenzy](https://github.com/pentestgeek/phishing-frenzy): Ruby on Rails Phishing Framework
[NTLMRecon](https://github.com/pwnfoo/NTLMRecon): Enumerate information from NTLM authentication enabled web endpoints 🔎
[CertEagle](https://github.com/devanshbatham/CertEagle): Weaponizing Live CT logs for automated monitoring of assets
[Amphetamine](https://github.com/nadmk/Amphetamine): A Browser corruption Exploit written in JS FIXED!
[overwatch-aimbot](https://github.com/HarrisonKeeling/overwatch-aimbot): 🔫🎮 An OpenCV based Overwatch Aimbot for Windows
[CVE-2021-36260](https://github.com/Cuerz/CVE-2021-36260): 海康威视RCE漏洞 批量检测和利用工具
[docker-k8s-practica-2020](https://github.com/cyberhades/docker-k8s-practica-2020): Ejercicio práctico para demostrar los conocimientos adquiridos sobre Docker, Kubernetes y buenas prácticas de seguridad
[tetragon](https://github.com/cilium/tetragon): eBPF-based Security Observability and Runtime Enforcement
[Hacking-With-Golang](https://github.com/AV1080p/Hacking-With-Golang): Golang安全资源合集
[Cybercrime-Report-Template](https://github.com/bartblaze/Cybercrime-Report-Template): Template to use when you've fallen victim of a cybercrime.
[O-MEGA_VIRUS_2](https://github.com/ABC123USA/O-MEGA_VIRUS_2): O-MEGA VIRUS_V2
[mona-ropshell](https://github.com/VoidSec/mona-ropshell): For all loaded modules (DLLs), fetch ROP gadgets querying Ropshell DB
[eReKon](https://github.com/slithery0/eReKon): Yet another web recon tool But beautiful
[Memory-Hacking-Class](https://github.com/T-vK/Memory-Hacking-Class): Easy-to-use class to read and modify other processes memory.
[HTTPUploadExfil](https://github.com/IngoKl/HTTPUploadExfil): A simple HTTP server for delivering and exfiltrating files/data during, for example, CTFs.
[PocOrExp_in_Github](https://github.com/ycdxsb/PocOrExp_in_Github): 聚合Github上已有的Poc或者Exp,CVE信息来自CVE官网。Auto Collect Poc Or Exp from Github by CVE ID.
[hacl-star](https://github.com/project-everest/hacl-star): HACL*, a formally verified cryptographic library written in F*
[metin2-akira-metasploit](https://github.com/christian-roggia/metin2-akira-metasploit): Hybrid client emulator (python and C++) for Metin2.
[spookey](https://github.com/watersalesman/spookey): SpooKey is a keylogger written in C++ that uses kernel-level APIs to capture keystrokes (Linux only. Windows is a work in progress)
[magicRecon](https://github.com/robotshell/magicRecon): MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.
[vmware_guest_auth_bypass](https://github.com/guardicore/vmware_guest_auth_bypass): Proof of concept of VMSA-2017-0012
[mageni](https://github.com/mageni/mageni): ⚡️ Zero-friction Vulnerability Management
[sandmap](https://github.com/trimstray/sandmap): Nmap on steroids. Simple CLI with the ability to run pure Nmap engine, 31 modules with 459 scan profiles.
[DNS-Discovery](https://github.com/m0nad/DNS-Discovery): DNS-Discovery is a multithreaded subdomain bruteforcer.
[nodebb-demo](https://github.com/bluefyreio/nodebb-demo): Fork of NodeBB project v1.7.5 optimized for Kubernetes with Bluefyre
[SATANKLGR](https://github.com/FZGbzuw412/SATANKLGR): ⛤Keylogger Generator for Windows written in Python⛤
[PHISHLET-EVILGINX2-](https://github.com/trewisscotch/PHISHLET-EVILGINX2-): PHISHLET [EVILGINX2] Settings for phishing sites are written in the yaml language. This is a long development of my collection that I have been working on for the last 3 months due to changes in site security rules in particular scripts for bypassing the CloudFlare security. 🙌 I PRESENT to you my collection from the sites : 1Password / Binance / Bitfinex / Bittrex / Bitwarden / Blockchain / Cex.io / Coinbase / Dashlane / Enpass / Enterprise WebAccountManager / Exmo / FTX Trading / Google / Huobi / Keeper / Korbit / Kraken / LastPass / MultiPassword / O365 / Yahoo Contributing If you are interested in creating an email or phishing website template, contact me at [twitter or tlgrm] DEVELOPER DO NOT SUPPORT ANY OF THE ILLEGAL ACTIVITIES. Contact Me on telegram or twitter: https://twitter.com/TrewisScotch / https://t.me/HiroSCOTCH
[threat-modelling](https://github.com/C3-Security/threat-modelling): Threat Modelling Assets (STRIDE, DREAD, etc. cheat sheets)
[DevSecOps-Playbook](https://github.com/6mile/DevSecOps-Playbook): This is a step-by-step guide to implementing a DevSecOps program for any size organization
[THE_HIVE](https://github.com/7h3w4lk3r/THE_HIVE): A public repository for red team/blue team stuff
[heapinspect](https://github.com/matrix1001/heapinspect): 🔍Heap analysis tool for CTF pwn.
[CTF-Write-UP](https://github.com/MOCSCTF/CTF-Write-UP): 澳門網絡安全暨奪旗競賽協會(Macau Cyber Security and Capture The Flag Association)MOCSCTF/MOCTF
[wafparan01d3](https://github.com/alt3kx/wafparan01d3): Quick WAF "paranoid" Doctor Evaluation | WAFPARAN01D3 Tool
[metabigor](https://github.com/j3ssie/metabigor): Intelligence tool but without API key
[ApkAnalyser](https://github.com/TheKingOfDuck/ApkAnalyser): 一键提取安卓应用中可能存在的敏感信息。
[Carilana](https://github.com/Gowixx/Carilana): Scripts developed for the LiquidBounce script api.
[SublimeXssEncode](https://github.com/Medicean/SublimeXssEncode): Converts characters from one encoding to another using a transformation.
[laravel-acl](https://github.com/mateusjunges/laravel-acl): This package helps you to associate users with permissions and permission groups with laravel framework
[Python-Metasploit-Framework-Database-Management](https://github.com/sectool/Python-Metasploit-Framework-Database-Management): Python - Metasploit-Framework Database Management
[RootTheBox](https://github.com/moloch--/RootTheBox): A Game of Hackers (CTF Scoreboard & Game Manager)
[BeeF-Over-Wan](https://github.com/stormshadow07/BeeF-Over-Wan): Browser Exploitation Framework is a Open-source penetration testing tool that focuses on browser-based vulnerabilities .This Python Script does the changes Required to make hooked Linked Accessible Over WAN .So anyone can use this framework and Attack Over WAN without Port Forwarding [NGROK or any Localhost to Webhost Service Required ]
[Log-killer](https://github.com/Rizer0/Log-killer): Clear all your logs in [linux/windows] servers 🛡️
[Biometric-Attack](https://github.com/Royz2123/Biometric-Attack): This project has been created as a Final project for my B.A. in CS. The project attempts to find the actual security of state-of-the-art facial recognition technologies, and attempts to prove that they are vulnerable to fairly complex brute-force attacks.
[wahh_extras](https://github.com/six2dez/wahh_extras): The Web Application Hacker's Handbook - Extra Content
[Vxscan](https://github.com/al0ne/Vxscan): python3写的综合扫描工具,主要用来存活验证,敏感文件探测(目录扫描/js泄露接口/html注释泄露),WAF/CDN识别,端口扫描,指纹/服务识别,操作系统识别,POC扫描,SQL注入,绕过CDN,查询旁站等功能,主要用来甲方自测或乙方授权测试,请勿用来搞破坏。
[CyberMachine](https://github.com/emr4h/CyberMachine): Detects cyber threats to the end user with machine learning. This tool can do malware analysis of given exe file, spam analysis of given url and mail.
[aleph-docker](https://github.com/Pr0teus/aleph-docker): An docker compose to quickly load your Aleph for malware analysis.
[sa-secure-audit-rkhunter](https://github.com/softasap/sa-secure-audit-rkhunter): rkhunter (Rootkit Hunter) is a Unix-based tool that scans for rootkits, backdoors and possible local exploits. It does this by comparing SHA-1 hashes of important files with known good ones in online databases, searching for default directories (of rootkits), wrong permissions, hidden files, suspicious strings in kernel modules, and special tests for Linux and FreeBSD.
[HCSystem](https://github.com/Hacker-Combat-Organization/HCSystem): Hacker Combat is an experimental game environment enabling head-to-head competition using Cyber Security, and Computer Science
[dooked](https://github.com/codingo/dooked): DNS and Target HTTP History Local Storage and Search
[WSO-SHELL](https://github.com/H3llSh3ll/WSO-SHELL): W.S.O Is A Php Based WebShell. With The Help Of This Shell You Can Bypass Many Web Server.
[verimqtt](https://github.com/TakuKitamura/verimqtt): verimqtt, a formally verified mqtt library written in F*.一定の条件下であればバグがないMQTT実装。
[Malware_Classification_Final_Project](https://github.com/tomergill/Malware_Classification_Final_Project): Yossi Mandil & Tomer Gill's Bachelor Degree Final Project under the BIU Cyber Center - Malware & Benign File Classification using Machine Learning & Deep Learning
[DiscordDataGrabber](https://github.com/Zeczero/DiscordDataGrabber): 🔧 The program that allows you to grab certain info about the victim
[apple-knowledge](https://github.com/hack-different/apple-knowledge): A collection of reverse engineered Apple things, as well as a machine-readable database of Apple hardware
[laravel-firewall](https://github.com/akaunting/laravel-firewall): Web Application Firewall (WAF) package for Laravel
[awesome-phishing](https://github.com/PhishyAlice/awesome-phishing): Collection of resources related to phishing
[hexo-leancloud-counter-security](https://github.com/theme-next/hexo-leancloud-counter-security): A plugin to fix a serious security bug in leancloud visitor counter for NexT.
[shodanalyzer](https://github.com/cataiovita/shodanalyzer): Ports scanner, web technologies viewer, CVEs tracker and geolocator, based on shodan.io
[Mailpile](https://github.com/mailpile/Mailpile): A free & open modern, fast email client with user-friendly encryption and privacy features
[CVE-2022-30780-lighttpd-denial-of-service](https://github.com/p0dalirius/CVE-2022-30780-lighttpd-denial-of-service): CVE-2022-30780 - lighttpd remote denial of service
[caldera_pathfinder](https://github.com/center-for-threat-informed-defense/caldera_pathfinder): Pathfinder is a plugin for mapping network vulnerabilities, scanned by CALDERA or imported by a supported network scanner, and translating those scans into adversaries for network traversal.
[GScan](https://github.com/grayddq/GScan): 本程序旨在为安全应急响应人员对Linux主机排查时提供便利,实现主机侧Checklist的自动全面化检测,根据检测结果自动数据聚合,进行黑客攻击路径溯源。
[rabbit-shell](https://github.com/greedalbadi/rabbit-shell): Rabbit shell reverse shell tool.
[SecurityTools](https://github.com/birdhan/SecurityTools): 渗透测试工具包 | 开源安全测试工具 | 网络安全工具
[snow-crash](https://github.com/kema-dev/snow-crash): 42 | Privilege escalation exercices on a system image
[linux-smart-enumeration](https://github.com/diego-treitos/linux-smart-enumeration): Linux enumeration tool for pentesting and CTFs with verbosity levels
[zeek-plugin-bacnet](https://github.com/amzn/zeek-plugin-bacnet): Zeek network security monitor plugin that enables parsing of the BACnet standard building controls protocol
[VMR-MDK-K2-2017R-012x4](https://github.com/chunkingz/VMR-MDK-K2-2017R-012x4): VMR-MDK is a script/tool for hacking wps wireless networks
[SSAM](https://github.com/salaheddin-darwish/SSAM): The Server-based Security Architecture Model (SSAM) - OMNeT++ 4.1
[ARL-plus-docker](https://github.com/ki9mu/ARL-plus-docker): 基于斗象灯塔ARL修改后的版本。相比原版,增加了OneForAll、中央数据库,修改了altDns
[awesome-detection-engineering](https://github.com/infosecB/awesome-detection-engineering): A list of useful Detection Engineering-related resources.
[bottle-cork](https://github.com/FedericoCeratto/bottle-cork): Authentication module for the Bottle and Flask web frameworks
[xiu](https://github.com/harlanc/xiu): A simple and secure live media server in pure Rust (RTMP/HTTP-FLV/HLS/Relay).🦀
[projeto_python](https://github.com/nenodias/projeto_python): Projeto Python segundo o livro da casa do código
[cicd-goat](https://github.com/cider-security-research/cicd-goat): A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.
[kepler](https://github.com/Exein-io/kepler): NIST-based CVE lookup store and API powered by Rust.
[socialfake](https://github.com/thisiskeanyvy/socialfake): A powerful tool for carrying out social engineering attacks.
[nocom-viewer](https://github.com/nerdsinspace/nocom-viewer): High memory usage reference implementation.
[better-errors-rce](https://github.com/Mythra/better-errors-rce): Shows off an RCE with better_errors w/ binding_of_caller using DNS Rebinding
[SLAE](https://github.com/VoidSec/SLAE): SecurityTube Linux Assembly Expert x86 Exam
[afl_pidgin](https://github.com/wh1t3h47/afl_pidgin): Fuzz pidgin dbus by using AFL++ and clang's ASAN
[VAnalyzer](https://github.com/cyberchiranjit/VAnalyzer): VAnalyzer is a python tool designed to automate the reconnaissance or information gathering process.
[inseca](https://github.com/DGAC/inseca): INSECA is a set of tools to build and manage very secure live Linux based endpoint systems.
[CVE-2013-2028-Exploit](https://github.com/m4drat/CVE-2013-2028-Exploit): CVE-2013-2028 python exploit
[keystone](https://github.com/keystone-engine/keystone): Keystone assembler framework: Core (Arm, Arm64, Hexagon, Mips, PowerPC, Sparc, SystemZ & X86) + bindings
[SECR](https://github.com/secrdev/SECR): Application security made easy
[pakcrack](https://github.com/htr-tech/pakcrack): All in 1 Pakisthani Facebook Cloner [ 7/8/9/10/11 DIGIT ]
[dc-sonar](https://github.com/ST1LLY/dc-sonar): Analyzing AD domains for security risks related to user accounts
[webappsec-trusted-types](https://github.com/w3c/webappsec-trusted-types): A browser API to prevent DOM-Based Cross Site Scripting in modern web applications.
[cuc-wiki](https://github.com/c4pr1c3/cuc-wiki): 个人教学 Wiki
[d00r](https://github.com/CYB3RMX/d00r): Simple directory brute-force tool written with python.
[homebridge-unifi-protect](https://github.com/hjdhjd/homebridge-unifi-protect): :video_camera: Complete HomeKit integration for UniFi Protect with full support for most features including autoconfiguration, motion detection, and multiple controllers: https://homebridge.io
[guia-ackercode](https://github.com/alestanalves/guia-ackercode): Guia Acker Code de Programação e Hacking
[S.A.N.E.-AI](https://github.com/Reiningecho90/S.A.N.E.-AI): Repo for S.A.N.E. (more info can be found under the public project), this is my current project to assist in learning the basics of Python.
[forthectf](https://github.com/AlaaZorkane/forthectf): A library of tools I assembled from various sources in preparation for the REDEYE hack night ctf
[APACHE-2.4-CIS](https://github.com/ansible-lockdown/APACHE-2.4-CIS): CIS Baseline Ansible Role for Apache 2.4
[PicoCTF2021-Writeup](https://github.com/vivian-dai/PicoCTF2021-Writeup): Solutions (that we managed to find) for the 2021 PicoCTF
[kraken](https://github.com/arcaneiceman/kraken): Kraken: A multi-platform distributed brute-force password cracking system
[docker-slim](https://github.com/docker-slim/docker-slim): DockerSlim (docker-slim): Don't change anything in your Docker container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)
[optiga-trust-x](https://github.com/Infineon/optiga-trust-x): OPTIGA™ Trust X Software Framework
[svm](https://github.com/simplevulnerabilitymanager/svm): Program to perform vulnerability analysis and automatically generate a report
[CTF-Solve](https://github.com/r888800009/CTF-Solve)
[Port_Scanner](https://github.com/Sedatyf/Port_Scanner): This is my take on creating a port scanner script. I kept different version for learning purposes
[pie-my-vulns](https://github.com/lirantal/pie-my-vulns): Visualize your project security vulnerabilities as a pie chart in the terminal
[google-translate-exploit](https://github.com/ljmf00/google-translate-exploit): Google Translate Translation Exploit
[IpHack](https://github.com/mishakorzik/IpHack): Track Location With Live Address And City in Termux
[Elysian](https://github.com/maso892/Elysian): Source code to Austins, "Elysian" exploit.
[awesome-ml-for-threat-detection](https://github.com/patternex/awesome-ml-for-threat-detection): A curated list of resources to deep dive into the intersection of applied machine learning and threat detection.
[eks-creation-engine](https://github.com/lightspin-tech/eks-creation-engine): The Amazon Elastic Kubernetes Service (EKS) Creation Engine (ECE) is a Python command-line program created by the Lightspin Office of the CISO to facilitate the creation and enablement of secure EKS Clusters.
[clr-meterpreter](https://github.com/OJ/clr-meterpreter): The full story of the CLR implementation of Meterpreter
[DeadRinger](https://github.com/hungtruong/DeadRinger): A proof of concept iPhone X lock screen spoof
[PenTestKit](https://github.com/maldevel/PenTestKit): Tools, scripts and tips useful during Penetration Testing engagements.
[Squid-Password-Bruteforcer](https://github.com/H4rryp0tt3r/Squid-Password-Bruteforcer): A Python snippet for Bruteforcing my University Squid Proxy server with a list of common passwords.
[master_librarian](https://github.com/CoolerVoid/master_librarian): A simple tool to audit Unix/*BSD/Linux system libraries to find public security vulnerabilities
[HackThisAI](https://github.com/JosephTLucas/HackThisAI): Adversarial Machine Learning (AML) Capture the Flag (CTF)
[Cyber-Tech-Articles](https://github.com/idvlecio3silva/Cyber-Tech-Articles): Repositório que a apresenta os meus artigos sobre tecnologia - Linux, Cibersegurança, Computação Forense e Gestão de Projectos
[upi-recon-cli](https://github.com/LuD1161/upi-recon-cli): UPI Reconnaissance tool
[go-spyse](https://github.com/spyse-com/go-spyse): The official wrapper for spyse.com API, written in Go, aimed to help developers build their integrations with Spyse.
[Login-System-API](https://github.com/susyabashti/Login-System-API): AMXX Project
[SMB-Utility](https://github.com/Maseya/SMB-Utility): An SMB editor originally created by M.K.S
[XDEBUG-Exploit](https://github.com/D3Ext/XDEBUG-Exploit): An automated xdebug 2.5.5 vulnerability exploit
[security-notes](https://github.com/jaybosamiya/security-notes): :notebook: Some security related notes
[Phishing-URL-Detection](https://github.com/VaibhavBichave/Phishing-URL-Detection): Phishers use the websites which are visually and semantically similar to those real websites. So, we develop this website to come to know user whether the URL is phishing or not before using it.
[columbo](https://github.com/visma-prodsec/columbo): Columbo is a computer forensic analysis tool used to simplify and identify specific patterns in compromised datasets.
[spearmint](https://github.com/open-source-labs/spearmint): Testing, simplified. || An inclusive, accessibility-first GUI for generating clean, semantic Javascript tests in only a few clicks of a button.
[technical-whitepapers](https://github.com/trimstray/technical-whitepapers): Collection of IT whitepapers, presentations, pdfs; hacking, web app security, db, reverse engineering and more; EN/PL.
[Awesome-RCE-techniques](https://github.com/p0dalirius/Awesome-RCE-techniques): Awesome list of step by step techniques to achieve Remote Code Execution on various apps!
[dtrack-audit](https://github.com/ozontech/dtrack-audit): OWASP Dependency Track API client for intergration into CI/CD pipeline
[Oracle_Attip_XML_Entity_Exploit](https://github.com/omurugur/Oracle_Attip_XML_Entity_Exploit): Oracle Attip XML Entity Exploit
[SatanBomb](https://github.com/GuilhermeIsNotUnix/SatanBomb): SatanBomb é uma simples Fork Bomb Cross-Platform (macOS, Linux, Windows 32/64 bits) feita em C.
[ice_narytree](https://github.com/CoolerVoid/ice_narytree): C library to use Generic tree creation with resources to carry custom data and common functions(n-ary, traversal, search,create, insert childs/siblings,remove childs, destroy trees...)
[PicoCTF2022](https://github.com/EShelley/PicoCTF2022): My Writeup's for challenges I completed during PicoCTF2022
[practical-ml-for-cybersecurity](https://github.com/shramos/practical-ml-for-cybersecurity): More than twenty practical cases with real datasets of application of Machine Learning to the field of Cybersecurity
[jailbreakme-unified](https://github.com/userlandkernel/jailbreakme-unified): Framework for iOS browser exploitation to kernel privileges and rootfs remount
[winchecksec](https://github.com/trailofbits/winchecksec): Checksec, but for Windows: static detection of security mitigations in executables
[android-malware-detection](https://github.com/anoopmsivadas/android-malware-detection): Android Malware Detection Using Machine Learning Classifiers ( Using Permissions requested by Apps)
[AzureAD-incident-response](https://github.com/WillOram/AzureAD-incident-response): Notes on responding to security breaches relating to Azure AD
[vulristics](https://github.com/leonov-av/vulristics): Extensible framework for analyzing publicly available information about vulnerabilities
[xxe-injection-payload-list](https://github.com/payloadbox/xxe-injection-payload-list): 🎯 XML External Entity (XXE) Injection Payload List
[npm-lint](https://github.com/tanepiper/npm-lint): A linter for npm & node package.json files with a focus on dependency security
[whalescan](https://github.com/nccgroup/whalescan): Whalescan is a vulnerability scanner for Windows containers, which performs several benchmark checks, as well as checking for CVEs/vulnerable packages on the container
[K55](https://github.com/josh0xA/K55): Linux x86_64 Process Injection Utility | Manipulate Processes With Customized Payloads (beta)
[CanIBeSpoofed](https://github.com/Rices/CanIBeSpoofed): CanIBeSpoofed is a console project utilising functionality built for the https://caniphish.com/free-phishing-tools/email-spoofing-test website. This project facilitates scanning of domains to gain visibility over email supply chain and SPF/DMARC vulnerabilities.
[badchars](https://github.com/cytopia/badchars): Bad char generator to instruct encoders such as shikata-ga-nai to transform those to other chars.
[intrusion-detection-engine](https://github.com/doneria-anjali/intrusion-detection-engine): Intrusion detection engine for Cloud Systems built using Alternative Fuzzy C-mean Clustering and Artificial Neural Network
[SolrExp](https://github.com/k8gege/SolrExp): Apache Solr <=8.2.0 Velocity Template 0day Exploit
[CVE-2016-10924](https://github.com/rvizx/CVE-2016-10924): CVE-2016-10924 - Directory traversal vulnerability in WordPress ebook-download plugin(<1.2). PoC + PID Bruteforce in Python.
[Smtp-cracker](https://github.com/Aron-Tn/Smtp-cracker): [NEW] : Simple Mail Transfer Protocol (SMTP) CHECKER - CRACKER Tool V2
[iot-security-wiki](https://github.com/yaseng/iot-security-wiki): IOT security wiki
[filezilla-decode](https://github.com/chrismeistre/filezilla-decode): Decode passwords from Filezilla's Sitemanager
[DDoS-Script](https://github.com/cqHack/DDoS-Script): A script written in perl for ddos with automatic detection of open and vulnerable port that gives up to 1.5 gb packages / s
[ctf-kali-linux](https://github.com/sgama/ctf-kali-linux): A docker image for CTFs
[fuzzable](https://github.com/ex0dus-0x/fuzzable): Framework for Automating Fuzzable Target Discovery with Static Analysis. Featured at Black Hat Arsenal USA 2022.
[CVE-2021-3129_exploit](https://github.com/nth347/CVE-2021-3129_exploit): Exploit for CVE-2021-3129
[passive-scan-client](https://github.com/c0ny1/passive-scan-client): Burp被动扫描流量转发插件
[asu-v5](https://github.com/ASU-LAB/asu-v5): Hacking is your weapon :)
[CVE-2019-5624](https://github.com/VoidSec/CVE-2019-5624): A proof of concept for Metasploit's CVE-2019-5624 vulnerability (Rubyzip insecure ZIP handling RCE)
[VpsStealerFiveM](https://github.com/werp420/VpsStealerFiveM): Dette er basic runcode. Brug CEVA eller noget andet til at test lortet. Tak til @servercfg for den orginalle backdoor da vi fik ideen ud fra dem.
[apache-project-safeguard](https://github.com/bjoern-hempel/apache-project-safeguard): A script that set all folders and files of a given project directory to readonly. Excepting some user interactive directories like uploads, etc.
[CVE-2017-0781](https://github.com/ojasookert/CVE-2017-0781): Blueborne CVE-2017-0781 Android heap overflow vulnerability
[wifibang](https://github.com/Leviathan36/wifibang): wifi attacks suite
[skanuvaty](https://github.com/Esc4iCEscEsc/skanuvaty): Dangerously fast DNS/network/port scanner
[nimc2](https://github.com/d4rckh/nimc2): a c2 fully written in nim
[MongoDB-HoneyProxy](https://github.com/Plazmaz/MongoDB-HoneyProxy): A honeypot proxy for mongodb. When run, this will proxy and log all traffic to a dummy mongodb server.
[vulscanpro](https://github.com/thenurhabib/vulscanpro): Automatic Web Vulnerability Scanner.
[cutter](https://github.com/rizinorg/cutter): Free and Open Source Reverse Engineering Platform powered by rizin
[gotestwaf](https://github.com/wallarm/gotestwaf): An open-source project in Golang to test different web application firewalls (WAF) for detection logic and bypasses
[rucaptcha](https://github.com/huacnlee/rucaptcha): Captcha gem for Rails Application. No dependencies. No ImageMagick, No RMagick.
[github-dorks](https://github.com/techgaun/github-dorks): Find leaked secrets via github search
[lostnintendohistory.github.io](https://github.com/LostNintendoHistory/lostnintendohistory.github.io): Lost Nintendo History website - check out all the projects!
[Hexa_Payload_Decoder](https://github.com/stratosphereips/Hexa_Payload_Decoder): A tool to automatically decode and translate any TCP hexa payload data form any language to english.
[Ethical-Hacking-Tools](https://github.com/hhhrrrttt222111/Ethical-Hacking-Tools): Complete Listing and Usage of Tools used for Ethical Hacking
[VPS](https://github.com/Xu-Jian/VPS): 个人笔记汇总
[ALOD](https://github.com/rommelfs/ALOD): automatic launch object detection for Mac OS X
[DeepImageSpam](https://github.com/dineshresearch/DeepImageSpam): Deep Learning based Image Spam Detection
[securewebapp](https://github.com/sinipelto/securewebapp): SecureWebApp - Secure Web Application Template for ASP.NET Core 5.0
[vsaudit](https://github.com/ociredefz/vsaudit): VOIP Security Audit Framework
[Rrhododendron](https://github.com/0x802/Rrhododendron): Examine target ip address ports, extract information, and search 41,000 gaps for exploitation
[Fingerprinter](https://github.com/erwanlr/Fingerprinter): CMS/LMS/Library etc Versions Fingerprinter
[hackers-tool-kit](https://github.com/unkn0wnh4ckr/hackers-tool-kit): Its a framework filled with alot of options and hacking tools you use directly in the script from brute forcing to payload making im still adding more stuff i now have another tool out called htkl-lite its hackers-tool-kit just not as big and messy to see updates check on my instagram @tuf_unkn0wn or if there are any problems message me on instagram
[lblfixer_cve_2022_31181](https://github.com/drkbcn/lblfixer_cve_2022_31181): Module for PrestaShop 1.6.1.X/1.7.X to fix CVE-2022-31181 / CVE-2022-36408 vulnerability (Chain SQL Injection)
[Kernal-cheat-Injector](https://github.com/Skengdoo/Kernal-cheat-Injector): safe and easy to use injector for intel and AMD cpus
[ReversePowerShell](https://github.com/tobor88/ReversePowerShell): Functions that can be used to gain Reverse Shells with PowerShell
[Discord-Exploit-Collection](https://github.com/ecriminal/Discord-Exploit-Collection): 👾 A collection of Discord bugs and exploits
[tld-scan](https://github.com/1ultimat3/tld-scan): Top level domain scanner in Go
[nli-exploits](https://github.com/NitescuLucian/nli-exploits): Some lazy but working exploits written, modded or collected by me. But the scope is to write my own exploits and store them in this repository. Of course if I let you see.
[RedELK](https://github.com/outflanknl/RedELK): Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
[malwarescanner](https://github.com/password123456/malwarescanner): Simple Malware Scanner written in python
[inject-sec-to-devops](https://github.com/fabidick22/inject-sec-to-devops): Security tools that you can inject into devops
[id0-rsa.pub](https://github.com/rahiel/id0-rsa.pub): Solutions to the security/cryptography problems at https://id0-rsa.pub
[docker-elk-suricata](https://github.com/blanboom/docker-elk-suricata): ELK Stack for pfSense and Suricata, optimized for Synology NAS
[ICAN--Implementation-with-Configuration-Architecture-of-university-Network](https://github.com/notnue/ICAN--Implementation-with-Configuration-Architecture-of-university-Network): Dynamic B.Tech network design with configurations and implementations of 𝗢𝗦𝗣𝗙, 𝗔𝗖𝗟𝘀, 𝗡𝗔𝗧, 𝗗𝗛𝗖𝗣 𝘀𝗲𝗿𝘃𝗲𝗿, 𝗗𝗡𝗦 𝗿𝗲𝘀𝗼𝗹𝘂𝘁𝗶𝗼𝗻𝘀 etc. Each devices are configured with strong passphrases --> can't be breached with rockyou.txt, if you try! ;)
[HTTPFuzz](https://github.com/maxpl0it/HTTPFuzz): A fast generative fuzzer for HTTP
[CMSScan](https://github.com/ajinabraham/CMSScan): CMS Scanner: Scan Wordpress, Drupal, Joomla, vBulletin websites for Security issues
[ESP-8266-Captive-Portal-GET-Authentication-Phisher](https://github.com/reedhaffner/ESP-8266-Captive-Portal-GET-Authentication-Phisher): Uses the ESP 8266 to create a free Wi-Fi AP, which requires the user to "sign in," when the user logs in, all GET requests are sent to the Serial Monitor.
[sudo_pair](https://github.com/square/sudo_pair): Plugin for sudo that requires another human to approve and monitor privileged sudo sessions
[MSF-Venom-Cheatsheet](https://github.com/frizb/MSF-Venom-Cheatsheet): Single Page Cheatsheet for common MSF Venom One Liners
[authpass](https://github.com/authpass/authpass): AuthPass - Password Manager based on Flutter for all platforms. Keepass 2.x (kdbx 3.x) compatible.
[Pwdlyser-CLI](https://github.com/ins1gn1a/Pwdlyser-CLI): Python-based CLI Password Analyser (Reporting Tool)
[winallenum](https://github.com/FabioDefilippo/winallenum): This powershell script has got to run in remote hacked windows host, even for pivoting
[nrf24-playset](https://github.com/SySS-Research/nrf24-playset): Software tools for Nordic Semiconductor nRF24-based devices like wireless keyboards, mice, and presenters
[weblogic_java_des](https://github.com/hktalent/weblogic_java_des): weblogic T3 collections java InvokerTransformer Transformer InvokerTransformer weblogic.jndi.WLInitialContextFactory
[progpilot](https://github.com/designsecurity/progpilot): A static analysis tool for security
[CySecTools](https://github.com/SofianeHamlaoui/CySecTools): Cyber Security Tools Collection that I use
[WALKOFF](https://github.com/nsacyber/WALKOFF): A flexible, easy to use, automation framework allowing users to integrate their capabilities and devices to cut through the repetitive, tedious tasks slowing them down. #nsacyber
[PEGuarder](https://github.com/jsc0218/PEGuarder): a security tool checking the portable executable (PE) files in windows
[retire.js](https://github.com/RetireJS/retire.js): scanner detecting the use of JavaScript libraries with known vulnerabilities
[Minesweeper-Frida](https://github.com/anirudhrata/Minesweeper-Frida): Frida script to hack Minesweeper on Windows 7
[wordpress-code-review](https://github.com/markjivko/wordpress-code-review): Automatic WordPress plugin review tool
[kdigger](https://github.com/quarkslab/kdigger): Kubernetes focused container assessment and context discovery tool for penetration testing
[social-analyzer](https://github.com/qeeqbox/social-analyzer): API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites
[crypto-methods-of-data-protection](https://github.com/amsavchenko/crypto-methods-of-data-protection): 🔍🕵🏻♂️ Лабораторные работы по курсу "Криптографические методы защиты информации"
[blorg](https://github.com/yurrriq/blorg): C-c C-e P p >>=
[Nivistealer](https://github.com/swagkarna/Nivistealer): steal victim images exact location device info and much more
[saferwall](https://github.com/saferwall/saferwall): :cloud: Collaborative and Streamlined Threat Analysis at Scale
[CVE-2022-1040](https://github.com/APTIRAN/CVE-2022-1040): This vulnerability allows an attacker to gain unauthorized access to the firewall management space by bypassing authentication
[solution-architecture-patterns](https://github.com/chanakaudaya/solution-architecture-patterns): Reusable, vendor-neutral, industry-specific, vendor-specific solution architecture patterns for enterprise
[wifiBuddy](https://github.com/s0m3-1/wifiBuddy): A Buddy u ain't wanna be missing
[pywallet](https://github.com/gcnaccount/pywallet): Offline Multicoin Wallet Generation in Python
[Technical-Capabilities](https://github.com/SpartanMike/Technical-Capabilities): Certifications: CompTIA CySA+ (verification code: GKYCNPRFWKFQQF3R) ● Graduate of the University of San Diego Cyber Bootcamp, San Diego, CA in July 2021. Instructed by Fullstack Academy, Certificate in Cyber Security ● Udemy CompTIA CySA+ Course: Certification no: UC-4b3857c-Odc8-4cbc-952b-a19b28fe83c8 ● Proficient: Kali Linux, HTML3, Windows ● Knowledgeable: Splunk, Nessus, SNORT, Python 3, Networking Fundamentals, Metasploit, Wireshark, Netcat, NMAP, Dirbuster, Nikto, Virtual Machines, John, iptables, penetration testing, SIEM tools, Microsoft Windows 2019 server, network fundamentals
[dradis-ce](https://github.com/dradis/dradis-ce): Dradis Framework: Colllaboration and reporting for IT Security teams
[sqlvet](https://github.com/houqp/sqlvet): Go fearless SQL. Sqlvet performs static analysis on raw SQL queries in your Go code base.
[netinfo](https://github.com/9b/netinfo): Simple IP enrichment service and API wrapping PyASN and MaxMind GeoIP.
[libsodium-php](https://github.com/jedisct1/libsodium-php): The PHP extension for libsodium.
[catnip](https://github.com/baguswiratmaadi/catnip): Cat-Nip Automated Basic Pentest Tool - Designed For Kali Linux
[policy_sentry](https://github.com/salesforce/policy_sentry): IAM Least Privilege Policy Generator
[Cyberpolygon_](https://github.com/diurs/Cyberpolygon_): cyberpolygon 1 for information security training
[aura-botnet](https://github.com/watersalesman/aura-botnet): A super portable botnet framework with a Django-based C2 server. The client is written in C++, with alternate clients written in Rust, Bash, and Powershell.
[landing-zone](https://github.com/TrenchBoot/landing-zone): An open source implementation of an AMD-V Secure Loader.
[synopsys-detect-bash-completion](https://github.com/thaljef/synopsys-detect-bash-completion): Command completion for Synopsys (Black Duck) Detect commands
[ICSVerifiedSoftwareProject](https://github.com/mssabr01/ICSVerifiedSoftwareProject): A formally verified implementation of a bolt-on security device for ICS networks. Designed with TLA+ and written/proved in F*
[cross-platform-node-guide](https://github.com/ehmicky/cross-platform-node-guide): 📗 How to write cross-platform Node.js code
[reverse-engineering](https://github.com/tijme/reverse-engineering): This repository contains some of the executables that I've cracked.
[githack](https://github.com/OwenChia/githack): A .git/ folder disclosure exploit
[CDAS](https://github.com/cmu-sei/CDAS): This program generates cyber attack scenarios for use in cyber training exercises, red team planning, blue team planning, automated attack execution, and cybersecurity policy analysis.
[ysoserial](https://github.com/frohoff/ysoserial): A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
[lampas](https://github.com/ziozzang/lampas): "Lampas" is Generic Linux Package security scanning tool.(include non-docker)
[pwn_jenkins](https://github.com/gquere/pwn_jenkins): Notes about attacking Jenkins servers
[infosec-arsenal](https://github.com/umair9747/infosec-arsenal): A curated list of tools which you can use in Infosec!
[Redcloud](https://github.com/khast3x/Redcloud): Automated Red Team Infrastructure deployement using Docker
[keyctl-unmask](https://github.com/antitree/keyctl-unmask): Going Florida on container keyring masks. A tool to demonstrate the ineffectivity containers have on isolating Linux Kernel keyrings.
[GourdScanV2](https://github.com/ysrc/GourdScanV2): 被动式漏洞扫描系统
[doona](https://github.com/wireghoul/doona): Network based protocol fuzzer
[assisted-log-enabler-for-aws](https://github.com/awslabs/assisted-log-enabler-for-aws): Assisted Log Enabler for AWS - Find AWS resources that are not logging, and turn them on.
[exim-rce-cve-2018-6789](https://github.com/martinclauss/exim-rce-cve-2018-6789): This repository provides a learning environment to understand how an Exim RCE exploit for CVE-2018-6789 works.
[CVE-2019-1253](https://github.com/sgabe/CVE-2019-1253): AppXSvc Arbitrary File Security Descriptor Overwrite EoP
[r00tz2017](https://github.com/danielklim/r00tz2017): An Intro to Penetration Testing Workshop
[github-watchman](https://github.com/PaperMtn/github-watchman): Monitoring GitHub for sensitive data shared publicly
[DeauthDetector](https://github.com/SpacehuhnTech/DeauthDetector): Detect deauthentication frames using an ESP8266
[SecureSoftwareDevelopement-Fuzzer](https://github.com/ellietoulabi/SecureSoftwareDevelopement-Fuzzer): A Fuzzer For Detecting Security Vulnerabilities in Web Applications
[goBox](https://github.com/nishitm/goBox): GO sandbox to run untrusted code
[Axis_Vuln_Webcam](https://github.com/bikashdash/Axis_Vuln_Webcam): This particular .NSE will find vulnerable Axis webcam and exploit
[Passy](https://github.com/PositronPiercer/Passy): 3 level password system
[CodeView-Security-Toolkit](https://github.com/CodeViewDevops/CodeView-Security-Toolkit): CST - CodeView Security Toolkit é uma ferramenta projetada para auxiliar na implementação de BASELINES de segurança em sistemas operacionais Unix. A ferramenta e composta por uma serie de scripts Shell que realiza a correção e aplica regras de segurança em sistemas Linux sem afetar seu funcionamento.
[serenity-exploits](https://github.com/bcoles/serenity-exploits): Various exploits for SerenityOS
[laravel-composer-security](https://github.com/padosoft/laravel-composer-security): Laravel command to test security vulnerabilities in your composer files.
[AdvancedHuntingQueries](https://github.com/lawndoc/AdvancedHuntingQueries): Microsoft 365 Advanced Hunting Queries
[pynode](https://github.com/okdocker/pynode): Python 3.6 + Node.js + Yarn docker image recipe.
[Aptiocalypsis](https://github.com/Cr4sh/Aptiocalypsis): Arbitrary SMM code execution exploit for industry-wide 0day vulnerability in AMI Aptio based firmwares
[SP-Proxy](https://github.com/MBHudson/SP-Proxy): 🥇Self-Propagating ProxyChains: Beta v0.1 Auto-Sourced ProxyChains, SOCK4/5 & HTTP(S) - Downloaded, Verified, Formatted and Ready For Your "proxychains4.conf"
[DirDar](https://github.com/M4DM0e/DirDar): DirDar is a tool that searches for (403-Forbidden) directories to break it and get dir listing on it
[ETHICAL-HACKING](https://github.com/MSCKIIT/ETHICAL-HACKING): Notes and Resources for beginners in Ethical-Hacking and Cyber Security Field.
[m.app](https://github.com/4k-developer/m.app): m.app (Malicious App) - Google Chrome apps and extensions that have malicious code
[k-rail](https://github.com/cruise-automation/k-rail): Kubernetes security tool for policy enforcement
[CVE-2018-16763-FuelCMS-1.4.1-RCE](https://github.com/p0dalirius/CVE-2018-16763-FuelCMS-1.4.1-RCE): Exploit to trigger RCE for CVE-2018-16763 on FuelCMS <= 1.4.1 and interactive shell.
[ansible-privilege-escalation](https://github.com/iamnasef/ansible-privilege-escalation): ansible-privilege-escalation is an ansible playbook you can use to make linux privilege escalation attack from user A to user B
[pycDcode](https://github.com/BarakAharoni/pycDcode): Python PYC file analysis using bytecode decompilation.
[AFLplusplus](https://github.com/AFLplusplus/AFLplusplus): The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!
[FaceRecognitionSecurity](https://github.com/aydinnyunus/FaceRecognitionSecurity): Face Recognition Security
[SecurityInterviewGuide](https://github.com/FeeiCN/SecurityInterviewGuide): 网络信息安全从业者面试指南
[GIT_THEM](https://github.com/Clutchisback1/GIT_THEM): Just a quick and dirty little script import all the github goodies I like to play with.
[gsvsoc_cybersecurity-incident-response-plan](https://github.com/guardsight/gsvsoc_cybersecurity-incident-response-plan): Cybersecurity Incident Response Plan
[DigiSparkBadUSB](https://github.com/neogret/DigiSparkBadUSB): DigiSpark like a UsbRubberDucky: with a USB drive as storage device.
[LogMePwn](https://github.com/0xInfection/LogMePwn): A fully automated, reliable, super-fast, mass scanning and validation toolkit for the Log4J RCE CVE-2021-44228 vulnerability.
[chan-vy](https://github.com/oanderoficial/chan-vy): Chan-vy é um script que baixa o código-fonte de todas as ferramentas disponíveis no Kali Linux, direto dos seus repositórios oficiais e de repositórios confiáveis.
[HunterCatNFC](https://github.com/ElectronicCats/HunterCatNFC): The Hunter Cat NFC is the latest security tool for contactless (Near Field Communication) used in access control, identification and bank cards. Specially created to identify NFC readers and sniffing tools, with this tool you can audit, read or emulate cards of different types.
[WebWhatsappBot](https://github.com/ZetDeveloper/WebWhatsappBot): Core to automatize whatsapp - working 11/2018
[php-malware-detector](https://github.com/ollyxar/php-malware-detector): PHP malware detector
[know_your_ip](https://github.com/themains/know_your_ip): Know Your IP: Get location, blacklist status, shodan and censys results, and more.
[chaos-ctf](https://github.com/rdvdev2/chaos-ctf): A simple 5 level CTF
[CepFinder](https://github.com/CybeSecurityOficial/CepFinder): CepFinder é uma tool feita para consultar CEP (codigo postal brasileiro), ela foi feita em Python usando a lib Requests para fazer o request para a API Viacep
[SkyArk](https://github.com/cyberark/SkyArk): SkyArk helps to discover, assess and secure the most privileged entities in Azure and AWS
[EvilTwinFramework](https://github.com/Esser50K/EvilTwinFramework): A framework for pentesters that facilitates evil twin attacks as well as exploiting other wifi vulnerabilities
[wasabi-aeg](https://github.com/macaron-et/wasabi-aeg): Yet another implementation of AEG (Automated Exploit Generation) using symbolic execution engine Triton.
[mksub](https://github.com/trickest/mksub): Generate tens of thousands of subdomain combinations in a matter of seconds
[target-blank-vulnerabilities-features](https://github.com/apal21/target-blank-vulnerabilities-features): Examples of some features and the vulnerabilities that can exploit any webpage if target="_blank" is used without rel="noopener"
[XML-injections](https://github.com/Salvatore-Rendo/XML-injections): Project for the Internet Security course at my university
[bag-of-holding](https://github.com/aparsons/bag-of-holding): An application to assist in the organization and prioritization of software security activities.
[P1sty](https://github.com/jonathan6661/P1sty): Fraud prevention tool
[BerylEnigma](https://github.com/ffffffff0x/BerylEnigma): 一个为渗透测试与CTF而制作的工具集,主要实现一些加解密的功能。
[VulnPOC](https://github.com/mu0gua/VulnPOC): POC Repository
[W3knd](https://github.com/W3knd/W3knd): Hey,I'm the W3knd you get it like the weekend anyway ah welcome to my GitHub don't know how you got here but stick around if you want to.
[powershell-credential-encryption-tools](https://github.com/bitsofinfo/powershell-credential-encryption-tools): Set of small tools for managing AES encrypted credentials for powershell scripts
[gsvsoc_cirt-playbook-battle-cards](https://github.com/guardsight/gsvsoc_cirt-playbook-battle-cards): Cyber Incident Response Team Playbook Battle Cards
[voicemailautomator](https://github.com/martinvigo/voicemailautomator): A tool that serves as a Proof of Concept for the research I presented at DEF CON 26, "Compromising online accounts by cracking voicemail systems"
[CTF-Practice](https://github.com/HaxonicOfficial/CTF-Practice): CTF problems for the practice of Beginners in Cyber Forensics.
[Favicon_Recon](https://github.com/BlackSnufkin/Favicon_Recon): Search in shodan foe relted hosts with the same hash of the favicon of website
[Machine-Learning-approach-for-Malware-Detection](https://github.com/surajr/Machine-Learning-approach-for-Malware-Detection): A Machine Learning approach for classifying a file as Malicious or Legitimate
[node-opcua](https://github.com/node-opcua/node-opcua): an implementation of a OPC UA stack fully written in javascript and nodejs - http://node-opcua.github.io/
[black-hat-python3-code](https://github.com/edoardottt/black-hat-python3-code): 🏴☠️ tools (py3 version) of Black Hat Python book 🏴☠️
[awesome-DGA](https://github.com/chhayac/awesome-DGA): Domain Generation Algorithms research papers, datasets and code
[CVE-2020-1472](https://github.com/VoidSec/CVE-2020-1472): Exploit Code for CVE-2020-1472 aka Zerologon
[utsanjan](https://github.com/utsanjan/utsanjan): Utsanjan's GitHub Profile Bio
[Raptor](https://github.com/HJ23/Raptor): Passive subdomain enumeration tool with http-probe.
[NXLoader](https://github.com/DavidBuchanan314/NXLoader): My first Android app: Launch Fusée Gelée payloads from stock Android (CVE-2018-6242)
[bromite](https://github.com/bromite/bromite): Bromite is a Chromium fork with ad blocking and privacy enhancements; take back your browser!
[Code-Injector](https://github.com/cr7pt0pl4gu3/Code-Injector): Simple Linux Code-Injector by Ravehorn. Built using SNFQ.
[CVE-2020-8816](https://github.com/team0se7en/CVE-2020-8816): Pi-hole ( <= 4.3.2) authenticated remote code execution.
[wolfMQTT](https://github.com/wolfSSL/wolfMQTT): wolfMQTT is a small, fast, portable MQTT client implementation, including support for TLS 1.3.
[lsd-pl-exploits](https://github.com/sepehrdaddev/lsd-pl-exploits)
[qnsm](https://github.com/iqiyi/qnsm): QNSM is network security monitoring framework based on DPDK.
[Phishing-URL-Detector](https://github.com/srimani-programmer/Phishing-URL-Detector): A Flask Based Web Application which is used to detect the phishing URL's.
[bank-vaults](https://github.com/banzaicloud/bank-vaults): A Vault swiss-army knife: a K8s operator, Go client with automatic token renewal, automatic configuration, multiple unseal options and more. A CLI tool to init, unseal and configure Vault (auth methods, secret engines). Direct secret injection into Pods.
[box-Staff-Manager](https://github.com/boxproject/box-Staff-Manager): Employee App is used for initialize transactions, user management, authorise flow so that enteripise digital assets can be managed by stakeholders and partners.
[blackhat-python3](https://github.com/EONRaider/blackhat-python3): Source code for the book "Black Hat Python" by Justin Seitz. The code has been fully converted to Python 3, reformatted to comply with PEP8 standards and refactored to eliminate dependency issues involving the implementation of deprecated libraries.
[GlobaLeaks](https://github.com/globaleaks/GlobaLeaks): GlobaLeaks is free, open source software enabling anyone to easily set up and maintain a secure whistleblowing platform.
[Hacker_Social_Networks](https://github.com/SOUMAJYOTI/Hacker_Social_Networks): Mining user networks for predicting cyber attacks
[OpenUBA](https://github.com/GACWR/OpenUBA): A robust, and flexible open source User & Entity Behavior Analytics (UEBA) framework used for Security Analytics. Developed with luv by Data Scientists & Security Analysts from the Cyber Security Industry. [PRE-ALPHA]
[solr-injection](https://github.com/veracode-research/solr-injection): Apache Solr Injection Research
[teye_scanner_for_book](https://github.com/imiyoo2010/teye_scanner_for_book): 《白帽子讲Web扫描》书籍参考代码
[wp-sniff](https://github.com/alexmacarthur/wp-sniff): A Python script that searches a site's source code for signs that it runs on WordPress.
[supply-chain-goat](https://github.com/step-security/supply-chain-goat): 🐐Hands-on tutorials to learn about software supply chain security
[Ticketbleed](https://github.com/EgeBalci/Ticketbleed): This is a tool for exploiting Ticketbleed (CVE-2016-9244) vulnerability.
[Swift-Keylogger](https://github.com/SkrewEverything/Swift-Keylogger): Keylogger for mac written in Swift using HID
[Splunk-Cyences-App-for-Splunk](https://github.com/VatsalJagani/Splunk-Cyences-App-for-Splunk): Cyences App (Cyber Defense) built by CrossRealms International - https://splunkbase.splunk.com/app/5351/
[dorky](https://github.com/garthhumphreys/dorky): Dorky is a tool to automate [Google Dorking](https://en.wikipedia.org/wiki/Google_hacking)
[CamPhish](https://github.com/techchipnet/CamPhish): Grab cam shots from target's phone front camera or PC webcam just sending a link.
[protravel](https://github.com/Sjord/protravel): Recursively exploit path traversal vulnerability
[Besder-6024PB-XMA501-ip-camera-security-investigation](https://github.com/KostasEreksonas/Besder-6024PB-XMA501-ip-camera-security-investigation): Security investigation of Besder 6024PB-XMA501 ip camera.
[Bluetooth-Unlock](https://github.com/LethalEthan/Bluetooth-Unlock): Simple script to unlock your Linux based Computer using a Bluetooth device when nearby
[pycryptodome](https://github.com/Legrandin/pycryptodome): A self-contained cryptographic library for Python
[osx-root-installer](https://github.com/dreadl0ck/osx-root-installer): OSX ElCapitan Privilege Escalation Proof Of Concept
[AspNet6IdentityServer4AngularOidcFlows](https://github.com/damienbod/AspNet6IdentityServer4AngularOidcFlows): OpenID Connect Code Flow PKCE / Implicit Flow with Angular and ASP.NET Core 6 IdentityServer4
[cerbos](https://github.com/cerbos/cerbos): Cerbos is the open core, language-agnostic, scalable authorization solution that makes user permissions and authorization simple to implement and manage by writing context-aware access control policies for your application resources.
[Netdog](https://github.com/D3dSecX/Netdog): Herramienta para hacer reverse shell :D
[nforceit_IoT](https://github.com/arunsigood/nforceit_IoT): This programm is used to auto discover vulnerabilities from extracted IoT device firmware
[advertorch](https://github.com/BorealisAI/advertorch): A Toolbox for Adversarial Robustness Research
[RegexPassive](https://github.com/hahwul/RegexPassive): 🔭 Collection of regexp pattern for security passive scanning
[GOverwatch](https://github.com/tyler-tee/GOverwatch): GOverwatch is an early Go port of Overwatch. Intended to leverage Masscan's speed and Nmap's versatility, but with Go's portability and minimal overhead.
[Turtle](https://github.com/YasPHP/Turtle): A computer vision tool that protects children's video identities during online video conferencing with anonymizing snapchat-like filters and face recognition tracking. It's a different kind of mask, a fun one! :turtle:
[K9-BruteForcer](https://github.com/avdaredevil/K9-BruteForcer): Bruteforces a common security suite [BlueCoat K9 Web Protection] used to protect large scale network environments from different types of internet traffic.
[apiosintDS](https://github.com/davidonzo/apiosintDS): On demand query API for https://github.com/davidonzo/Threat-Intel project.
[MTJailed-Native](https://github.com/MTJailed/MTJailed-Native): A terminal emulator with remote shell for non-jailbroken iOS devices
[instagram-hacking-tool](https://github.com/SwetabhOfficial/instagram-hacking-tool): Instagram Hacking Tool is a phishing tool, it will help you to hack Instagram Accounts using fake login page.
[Malware-Development](https://github.com/AhmedRaja1/Malware-Development): Malware Development
[w3a_SOC](https://github.com/smarttang/w3a_SOC): 元豚科技 - 基于日志安全分析做切入,做最好用的「云原生安全运维工作台」
[kubeclarity](https://github.com/openclarity/kubeclarity): KubeClarity is a tool for detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems
[steady](https://github.com/eclipse/steady): Analyses your Java and Python applications for open-source dependencies with known vulnerabilities, using both static analysis and testing to determine code context and usage for greater accuracy. https://eclipse.github.io/steady/
[Mikrotik-Blacklist](https://github.com/pwlgrzs/Mikrotik-Blacklist): Mikrotik friendly blacklist to filter all these damn hackers.
[typedb-cti](https://github.com/typedb-osi/typedb-cti): Open Source Threat Intelligence Platform
[Wordpress-XMLRPC-Brute-Force-Exploit](https://github.com/1N3/Wordpress-XMLRPC-Brute-Force-Exploit): Wordpress XMLRPC System Multicall Brute Force Exploit (0day) by 1N3 @ CrowdShield
[neuropil](https://github.com/pi-lar/neuropil): (this is a gitlab mirror of) neuropil cybersecurity mesh
[stretcher](https://github.com/jimywork/stretcher): Tool designed to help identify open Elasticsearch servers that are exposing sensitive information
[hellokitty](https://github.com/Sevenqin/hellokitty)
[netmaker](https://github.com/gravitl/netmaker): Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
[amicontained](https://github.com/genuinetools/amicontained): Container introspection tool. Find out what container runtime is being used as well as features available.
[VulnServer-BOF](https://github.com/loneicewolf/VulnServer-BOF): My approach to the VulnServer BOF (Windows 10 - SYSTEM gained)
[windows-privilege-escalation](https://github.com/sscholbe/windows-privilege-escalation): Proof of concept for process privilege escalation on Windows 7 (SP 1, x64) using the vulnerable driver of the program SpeedFan 4.51.
[Cyberattack-detection-with-AI](https://github.com/franckdeturchedura/Cyberattack-detection-with-AI): Feed Forward Neural Network (FFNN) visant à détecter une cyber attaque sur une VM par l'analyse de sondes.
[ChopChop](https://github.com/michelin/ChopChop): ChopChop is a CLI to help developers scanning endpoints and identifying exposition of sensitive services/files/folders.
[cytrone](https://github.com/crond-jaist/cytrone): CyTrONE: Integrated Cybersecurity Training Framework
[Apache-Struts-2.5-RCE-Exploit](https://github.com/h4x0r-dz/Apache-Struts-2.5-RCE-Exploit)
[LogAnalysisBeta](https://github.com/lorenzo-papa/LogAnalysisBeta): LogAnalysisTool: provide a new approach for pattern attack search and for calculation of severity of logins in Linux's Wtmp, Btmp and Secure log. Searched patterns: Brute Force, Password Spraying. Also check of IPWhois and Reputation.
[4_security_Wi-Fi](https://github.com/ryuuzaki42/4_security_Wi-Fi): Alguns testes com Wi-Fi (e.g., WEP, WPA e WPA2) e os programas usado compilados para Slackware
[curiefense](https://github.com/curiefense/curiefense): Curiefense is a unified, open source platform protecting cloud native applications.
[tg-nearby](https://github.com/JoogsWasTaken/tg-nearby): Using Telegram's "People Nearby" feature to pinpoint people (technically) around the globe
[Red-Teaming-Toolkit](https://github.com/infosecn1nja/Red-Teaming-Toolkit): This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
[cybersecurity-JavaFX](https://github.com/SergeyMyssak/cybersecurity-JavaFX): E-textbook on the "Cybersecurity" course (JavaFX)
[ctf-party](https://github.com/Orange-Cyberdefense/ctf-party): :flags: A library to enhance and speed up script/exploit writing for CTF players
[criptowiki](https://github.com/criptowiki/criptowiki): criptowiki official website
[readhook](https://github.com/PLEXSolutions/readhook): Red-team tool to hook libc read syscall with a buffer overflow vulnerability.
[sig-716i](https://github.com/Narasimha1997/sig-716i): A CLI tool that can be used to disrupt wireless connectivity in your area by jamming all the wireless devices connected to multiple access points.
[CVE-2021-3560-Polkit-DBus](https://github.com/f4T1H21/CVE-2021-3560-Polkit-DBus): f4T1H's PoC script for CVE-2021-3560 Polkit D-Bus Privilege Escalation
[hack-this](https://github.com/lambdacasserole/hack-this): A collection of common web programming security mistakes.
[PasswordManager](https://github.com/cout970/PasswordManager): Password manager that doesn't need to store credencials
[screenMelter](https://github.com/aliberro39109/screenMelter): A simple C++ program that uses GDI to mimic the effect of screen being melt.
[wordpress-malware](https://github.com/stefanpejcic/wordpress-malware): Collection of malware files found on WordPress sites
[EIMI](https://github.com/KM-11/EIMI): Multiarchitecture platform designed for IoT malware execution, characterization and classification.
[klar](https://github.com/optiopay/klar): Integration of Clair and Docker Registry
[payloadmask](https://github.com/CoolerVoid/payloadmask): Web Payload list editor to use techniques to try bypass web application firewall - version 0.2
[LinPwn](https://github.com/3XPL017/LinPwn): Interactive Post Exploitation Tool
[PoC-in-GitHub](https://github.com/nomi-sec/PoC-in-GitHub): 📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
[trickster](https://github.com/neg4n/trickster): user-friendly linux memory hacking library
[dockovpn](https://github.com/dockovpn/dockovpn): 🔐 Out of the box stateless openvpn-server docker image which starts in less than 2 seconds
[magpie](https://github.com/openraven/magpie): A Cloud Security Posture Manager or CSPM with a focus on security analysis for the modern cloud stack and a focus on the emerging threat landscape such as cloud ransomware and supply chain attacks.
[hardened_malloc](https://github.com/GrapheneOS/hardened_malloc): Hardened allocator designed for modern systems. It has integration into Android's Bionic libc and can be used externally with musl and glibc as a dynamic library for use on other Linux-based platforms. It will gain more portability / integration over time.
[OWDemo](https://github.com/rakijah/OWDemo): A tool for Counter-Strike: Global Offensive which allows you to find the unencrypted demo of your Overwatch case.
[IOSurfaceRootUserClientUAF](https://github.com/TylerJaacks/IOSurfaceRootUserClientUAF): IOSurfaceRootUserClient UAF based on the Pangu blog post.
[bulwark](https://github.com/softrams/bulwark): An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.
[RSF](https://github.com/aliasrobotics/RSF): The Robot Security Framework (RSF), Robot Security Framework (RSF), a standardized methodology to perform security assessments in robotics.
[vulnerable-python-contrast](https://github.com/mowsec/vulnerable-python-contrast): A sample vulnerable Python Flask application instrumented with the Contrast Security Agent. Used for evaluating the Contrast Security agent and platform.
[xsymlink](https://github.com/Xenomega/xsymlink): Xbox One Symbolic Link Exploit: Access restricted/encrypted volumes using the Xbox File Explorer.
[DefGen](https://github.com/Err0r-ICA/DefGen): Deface HTML Page Generator
[angular-sso](https://github.com/hamza-ml/angular-sso): OAuth 2 and OpenId Connect in an angular application using login via Code Flow w.r.t PKCE for user login.
[SimplyEmail](https://github.com/SimplySecurity/SimplyEmail): Email recon made fast and easy, with a framework to build on
[CVE-2021-31159](https://github.com/ricardojoserf/CVE-2021-31159): Zoho ManageEngine ServiceDesk Plus MSP - Active Directory User Enumeration (CVE-2021-31159) - https://ricardojoserf.github.io/CVE-2021-31159/
[GoogleITCourse](https://github.com/rakibhhridoy/GoogleITCourse): This is a hands on specialization of Coursera Google IT Support Professional Certifications
[rc4-variants](https://github.com/slightlyskepticalpotat/rc4-variants): Sample Python 3 implementation of various RC4 variants, including regular RC4 (ARC4), RC4A, and RC4-drop[n] (MARK-4). RC4A uses two state arrays and keys instead as one, whereas RC4-drop[n] discards the first n bytes of the keystream after key scheduling to improve security.
[tabby](https://github.com/wh1t3p1g/tabby): A CAT called tabby ( Code Analysis Tool )
[YubiKey-Guide](https://github.com/drduh/YubiKey-Guide): Guide to using YubiKey for GPG and SSH
[Vulnerability-Analysis](https://github.com/rainmakerho/Vulnerability-Analysis): 多收集一些資安檢測問題, 來跟大家討論它是否真的需要修正, 或是用什麼方式俢正會來得比較好。
[ronin](https://github.com/ronin-rb/ronin): Ronin is a Ruby platform for vulnerability research and exploit development. Ronin allows for the rapid development and distribution of code, Exploits or Payloads, Scanners, etc, via Repositories.
[Hacking-Windows](https://github.com/mytechnotalent/Hacking-Windows): A FREE Windows C development course where we will learn the Win32API and reverse engineer each step utilizing IDA Free in both an x86 and x64 environment.
[Python-shell-cheat-sheet](https://github.com/shelld3v/Python-shell-cheat-sheet): Full python reverse shell and bind shell payloads
[gophish](https://github.com/gophish/gophish): Open-Source Phishing Toolkit
[honeygrove](https://github.com/UHH-ISS/honeygrove): A multi-purpose, modular medium-interaction honeypot based on Twisted.
[rhizobia_P](https://github.com/momosecurity/rhizobia_P): PHP安全SDK及编码规范
[broxy](https://github.com/rhaidiz/broxy): An HTTP/HTTPS intercept proxy written in Go.
[42Cyber](https://github.com/somedevv/42Cyber): Index repository for all the work I do at the Cybersecutiry Bootcamp of 42 Madrid Fundación Telefónica
[uspno.9](https://github.com/lojikil/uspno.9): Unnamed SymbEx Project No. 9
[docker-misp](https://github.com/coolacid/docker-misp): A (nearly) production ready Dockered MISP
[kit_hunter](https://github.com/SteveD3/kit_hunter): A basic phishing kit scanner for dedicated and semi-dedicated hosting
[cyberanom](https://github.com/genimind/cyberanom): Cyber Anomaly Detection using RNN Language model
[cybersecurity-roadmap](https://github.com/jassics/cybersecurity-roadmap): Cybersecurity skills, job roles and career roadmap with the starting points and guidelines, resources, etc.
[hackerone-reports](https://github.com/reddelexc/hackerone-reports): Top disclosed reports from HackerOne
[CamRaptor](https://github.com/EntySec/CamRaptor): CamRaptor is a tool that exploits several vulnerabilities in popular DVR cameras to obtain network camera credentials.
[ChromeBluetooth](https://github.com/aydinakcasu/ChromeBluetooth): Demo of a "Stress Display" using Chrome Bluetooth. Reads Heart-rate data, and displays "stress" colors to a smart bulb. (Uses a SBT5007 smart bulb)
[HOUDINI](https://github.com/cybersecsi/HOUDINI): Hundreds of Offensive and Useful Docker Images for Network Intrusion. The name says it all.
[ColdevProLayer](https://github.com/coldev/ColdevProLayer): Protect your PHP code with obfuscation and encryption
[v1ew-s0urce](https://github.com/CRO-THEHACKER/v1ew-s0urce): v1ew-s0urce a recon tool built by the 5/9Dark team.
[MailFinder](https://github.com/mishakorzik/MailFinder): OSINT tool for finding email by first and last name
[ATM-DebugKit](https://github.com/lambia/ATM-DebugKit): This is a personal tool I'm developing to help myself debuggin some stuff for the public transport in Milan. Educational and security purpose only.
[MySQLMonitor](https://github.com/Buzz2d0/MySQLMonitor): 监控 MySQL 执行语句并实时打印的工具 🤖️
[mXtract](https://github.com/rek7/mXtract): mXtract - Memory Extractor & Analyzer
[intelspy](https://github.com/maldevel/intelspy): Perform automated network reconnaissance scans
[PrivateBin](https://github.com/PrivateBin/PrivateBin): A minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bits AES.
[callow](https://github.com/maximousblk/callow): Dead simple brute force tool for website login forms
[apache-http-logs](https://github.com/ocatak/apache-http-logs): to detect vulnerability scans, XSS and SQLI attacks, examine access log files for detections.
[wrathofeagle](https://github.com/Luigi632-qc/wrathofeagle): Guida sulle vulnerabilità e sull'analisi di esse.
[CVE-2021-3345](https://github.com/MLGRadish/CVE-2021-3345): POC exploit of CVE-2021-3345, a vulnerability in libgcrypt version 1.9.0
[chipwhisperer](https://github.com/newaetech/chipwhisperer): ChipWhisperer - the complete open-source toolchain for side-channel power analysis and glitching attacks
[toh](https://github.com/EtherDream/toh): TCP over HTTP. 隐藏网站的管理服务
[linux-privilege-escalation](https://github.com/rexpository/linux-privilege-escalation): Scripted Linux Privilege Escalation for the CVE-2022-0847 "Dirty Pipe" vulnerability
[LP3](https://github.com/iamrohitsuthar/LP3): SPPU BE COMP LP3 Codes - Machine Learning (ML) and Information and Cyber Security (ICS)
[Ultimate-Hacker-Roadmap](https://github.com/Kennyslaboratory/Ultimate-Hacker-Roadmap): Don't know what to focus on to become a Penetration Tester..? This is the BEST roadmap for becoming a modern penetration tester. Everything you need to know to land a paying job, categorized in 5 skill levels.
[Omnispray](https://github.com/0xZDH/Omnispray): Modular Enumeration and Password Spraying Framework
[rimrafall](https://github.com/joaojeronimo/rimrafall): npm install could be dangerous
[prada-protecting-against-dnn-model-stealing-attacks](https://github.com/SSGAalto/prada-protecting-against-dnn-model-stealing-attacks): Reference implementation of the PRADA model stealing defense.
[k8s-sec.github.io](https://github.com/k8s-sec/k8s-sec.github.io): Links and resources for the O'Reilly Kubernetes Security book
[SINF](https://github.com/sergio-faraldo/SINF): Entregas de la asignatura Seguridad de la información (criptografía)
[Awesome-Security-Repos](https://github.com/njmulsqb/Awesome-Security-Repos): Here's a list of cyber security related github repos and tools that I believe are awesome and should be promoted and used.
[blockchain_c2c](https://github.com/i3visio/blockchain_c2c): A Proof of Concept to show how blockchain can solve C2C persistence. PoC originally presented at EuskalHack Security Congress 2017, updated and improved for Cybercamp 2017.
[YAPS](https://github.com/Nickguitar/YAPS): Yet Another PHP Shell - The most complete PHP reverse shell
[injectR](https://github.com/O1sims/injectR): :syringe: SQLi and XSS detection for R
[DestructiveFarm](https://github.com/DestructiveVoice/DestructiveFarm): 📢 🔒 Exploit manager for attack-defense CTF competitions
[android-inline-hook](https://github.com/bytedance/android-inline-hook): :fire: ShadowHook is an Android inline hook library which supports thumb, arm32 and arm64.
[whonow](https://github.com/brannondorsey/whonow): A "malicious" DNS server for executing DNS Rebinding attacks on the fly (public instance running on rebind.network:53)
[MadMax](https://github.com/nevillegrech/MadMax): Ethereum Static Vulnerability Detector for Gas-Focussed Vulnerabilities
[totp-keychain](https://github.com/moul/totp-keychain): :lock: TOTP cli backed by the OS X keychain
[redcanary-response-utils](https://github.com/redcanaryco/redcanary-response-utils): Tools to automate and/or expedite response.
[my-links](https://github.com/jturgasen/my-links): Knowledge seeks no man
[faraday-client](https://github.com/infobyte/faraday-client): GTK client of FaradaySEC
[NASL-Plugins](https://github.com/richkmeli/NASL-Plugins): Collection of plugins written in NASL language.
[PeFixup](https://github.com/obscuritylabs/PeFixup): PE File Blessing - To continue or not to continue
[attack-website](https://github.com/mitre-attack/attack-website): MITRE ATT&CK Website
[Valorant-External](https://github.com/SarnaxLii/Valorant-External): Aimbot + Esp + Spoofer / C++
[Simple-Calculator](https://github.com/shidhu/Simple-Calculator): It is a calculator software developed by python. Python version is 3.x. It is my first project on python Graphical User Interface. This project always take the two numbers and do 4 operations (Addition, Subtraction, Multiplication and Division) between that two numbers. User can only entry two numerical values otherwise it will give Error message
[seed-labs](https://github.com/seed-labs/seed-labs): SEED Labs developed in the last 20 years.
[CTF-Difficulty](https://github.com/Ignitetechnologies/CTF-Difficulty): This cheasheet is aimed at the CTF Players and Beginners to help them sort the CTF Challenges on the basis of Difficulties.
[twitcher](https://github.com/bird-house/twitcher): Security Proxy for Web Processing Services (WPS)
[iOS-Jailbreak-Development](https://github.com/GeoSn0w/iOS-Jailbreak-Development): GeoSn0w's majestic knowledge base for iOS 12 / iOS 13 Jailbreak Development.
[BurpSuite-Xkeys](https://github.com/vsec7/BurpSuite-Xkeys): A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.
[gdb-static](https://github.com/hugsy/gdb-static): Public repository of static GDB and GDBServer
[bypass-host-request.github.io](https://github.com/Al0ne-collab/bypass-host-request.github.io): site requests, web scraping etc. Bypass cookies for sites that do not allow this. (it's different for each site. this is usually example exploit for free hosts)
[huntr](https://github.com/418sec/huntr): Public Roadmap | huntr.dev
[PurpleFoxPlus-Stealer](https://github.com/exploitblizzard/PurpleFoxPlus-Stealer): Purple Fox Plus Stealer, Purple Fox Plus Stealer, all chromium and gecko based browser and many more features. serverless stealer.
[ASST](https://github.com/OWASP/ASST): OWASP ASST (Automated Software Security Toolkit) | A Novel Open Source Web Security Scanner.
[device-monitor-client](https://github.com/ibonkonesa/device-monitor-client): Device monitor client based on Quasar framework
[EAPrimer](https://github.com/m8sec/EAPrimer): C# project that Reflectively loads .Net assemblies in memory.
[Retrieve-Windows-Wifi-Passwords](https://github.com/codingo/Retrieve-Windows-Wifi-Passwords): Retreives the SSID names and passwords in cleartext for each Wifi network stored on the computer running this powershell script and output to JSON.
[CTFTools](https://github.com/LvMalware/CTFTools): Some tools I wrote (and will write) for CTF competitions
[hacker-container](https://github.com/madhuakula/hacker-container): The Swiss Army Container for Cloud Native Security. Container with all the list of useful tools/commands while hacking and securing Containers, Kubernetes Clusters, and Cloud Native workloads.
[Zimbra-RCE-exploit](https://github.com/nth347/Zimbra-RCE-exploit): RCE exploit for attack chain in "A Saga of Code Executions on Zimbra" post
[Securinator](https://github.com/jedininja28/Securinator): Securinator will streamline Network Administrationby saving time issuing commands by outputing time consuming commands to a TXT file and then displaying the results in a Command Prompt to avoid having to use long commands repededly. Securinator is good for compairing system and file properties aswell as seeking seeking out malware manually and keeping track of network activitey. I Hope you love it! Thanks
[webdojo](https://github.com/0xffsec/webdojo): A learning and testing environment for web application hacking and pentesting.
[toxic](https://github.com/JFreegman/toxic): A Tox-based instant messaging and video chat client
[quimera-workshop](https://github.com/quimera-project/quimera-workshop): Quimera Workshop almacena los distintos checks y configuraciones de Quimera.
[hstspreload.org](https://github.com/chromium/hstspreload.org): :lock: Chromium's HSTS preload list submission website.
[Authr](https://github.com/JLDevOps/Authr): A visualization tool that can extract information from any server log (i.e. HTTP server/Django/Auth/etc), reverse-search the data, and visualize the origination of the authentication attempts.
[Security-PPT](https://github.com/FeeiCN/Security-PPT): Security-related Slide Presentation & Security Research Report(大安全各领域各公司各会议分享的PPT以及各类安全研究报告)
[shodan-cli](https://github.com/yvesago/shodan-cli): Simple golang shodan cli
[passbolt_api](https://github.com/passbolt/passbolt_api): Passbolt CE Backend, a JSON API written with Cakephp
[cisco_asa_research](https://github.com/jbaines-r7/cisco_asa_research): Cisco ASA Software and ASDM Security Research
[vestigo](https://github.com/crimson-med/vestigo): A tool for exploring and investigating APIs and websites.
[django-security](https://github.com/rasoolsomji/django-security): Django is great! Here are some ways to make it safer
[Backtrack-Patch](https://github.com/J-Tanzanite/Backtrack-Patch): Backtrack patch for Source games like CS:GO, TF2, CS:S, HL2:DM, etc.
[boopkit](https://github.com/kris-nova/boopkit): Linux eBPF backdoor over TCP. Spawn reverse shells, RCE, on prior privileged access. Less Honkin, More Tonkin.
[cargo-auditable](https://github.com/rust-secure-code/cargo-auditable): Make production Rust binaries auditable
[oscp-omnibus](https://github.com/alexiasa/oscp-omnibus): A collection of resources I'm using while working toward the OSCP
[OTP-Verification-in-E-mail](https://github.com/XDoodler/OTP-Verification-in-E-mail): Give your website the most security by One Time Password(OTP) Verification. Written in PHP 5.0. OTP will be dropped in your registered email
[cve-2014-0038](https://github.com/saelo/cve-2014-0038): Linux local root exploit for CVE-2014-0038
[webcve-scan](https://github.com/Practical-Technology/webcve-scan): A simple framework for vulnerability scanner known web CVEs.
[vuejs-serverside-template-xss](https://github.com/dotboris/vuejs-serverside-template-xss): Demo of a Vue.js app that mixes both clientside templates and serverside templates leading to an XSS vulnerability
[CVE-2019-5010](https://github.com/JonathanWilbur/CVE-2019-5010): CVE-2019-5010 Exploit PoC - Python Denial of Service via Malformed X.509v3 Extension
[FreePhone](https://github.com/jorcuad/FreePhone): FreePhone es un proyecto de investigación sobre privacidad en dispositivos móviles. Con este repositorio pretendemos liberar toda la experiencia acumulada durante la creación de un smartphone casero.
[intelmq](https://github.com/certtools/intelmq): IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.
[burp-molly-scanner](https://github.com/yandex/burp-molly-scanner): Turn your Burp suite into headless active web application vulnerability scanner
[findWebshell](https://github.com/he1m4n6a/findWebshell): findWebshell是一款基于python开发的webshell检测工具。
[Smart-Contract-Audits](https://github.com/TechRate/Smart-Contract-Audits): Smart Contract security audit reports
[ControlCompass.github.io](https://github.com/ControlCompass/ControlCompass.github.io): Pointing cybersecurity teams to thousands of detection rules and offensive security tests aligned with common attacker techniques
[wolfssl](https://github.com/wolfSSL/wolfssl): The wolfSSL library is a small, fast, portable implementation of TLS/SSL for embedded devices to the cloud. wolfSSL supports up to TLS 1.3!
[csp-playground](https://github.com/tsureshkumar/csp-playground): A locally hosted playground for experimenting with XSS and Content-Security-Policy
[yafinger](https://github.com/yaseng/yafinger): yet another web fingerprinter
[awesome-infosec](https://github.com/onlurking/awesome-infosec): A curated list of awesome infosec courses and training resources.
[Discord-Shell-POC](https://github.com/brows3r/Discord-Shell-POC): A script that can allow you to get remote access to a machine on Discord via them putting code in the console. Also allows you to crash the BetterDiscord client.
[MalConfScan](https://github.com/JPCERTCC/MalConfScan): Volatility plugin for extracts configuration data of known malware
[Android-Disassembler](https://github.com/KYHSGeekCode/Android-Disassembler): Disassemble ANY files including .so (NDK, JNI), Windows PE(EXE, DLL, SYS, etc), linux binaries, libraries, and any other files such as pictures, audios, etc(for fun)files on Android. Capstone-based disassembler application on android. 안드로이드 NDK 공유 라이브러리, Windows 바이너리, etc,... 리버싱 앱
[cybersecurity-devsecops](https://github.com/paulveillard/cybersecurity-devsecops): An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about DevSecOps in Cybersecurity.
[Deep-Security-Smart-Check-Scan-Action](https://github.com/felipecosta09/Deep-Security-Smart-Check-Scan-Action): :mag: For scanning your images as part of your CI pipeline using Cloud One Container Security (Formerly Deep Security Smart Check)
[SharpCGHunter](https://github.com/tid4l/SharpCGHunter): Receive the status of Windows Defender Credential Guard on network hosts.
[GoAhead-IPCAM-XSS-and-RCE](https://github.com/0x1CA3/GoAhead-IPCAM-XSS-and-RCE): An exploit for an XSS and RCE vulnerability in the GoAhead webserver for embedded devices.
[haveibeenpwned-python](https://github.com/agucova/haveibeenpwned-python): ⚠️ A simple python client for the HaveIBeenPwned API 2.0
[CISSP-Study-Guide](https://github.com/so87/CISSP-Study-Guide): study material used for the 2018 CISSP exam
[snappass](https://github.com/pinterest/snappass): Share passwords securely
[Localroot-ALL-CVE](https://github.com/Snoopy-Sec/Localroot-ALL-CVE): Localroot-ALL-CVE~
[Faceboom](https://github.com/thehassantahir/Faceboom): Faceboom - Social Engineering Application for Facebook
[makersmasher.github.io](https://github.com/makersmasher/makersmasher.github.io): Website for www.makersmasher.com
[FISCO-BCOS](https://github.com/FISCO-BCOS/FISCO-BCOS): FISCO BCOS是由微众牵头的金链盟主导研发、对外开源、安全可控的企业级金融区块链底层技术平台。 单链配置下,性能TPS可达万级。提供群组架构、并行计算、分布式存储、可插拔的共识机制、隐私保护算法、支持全链路国密算法等诸多特性。 经过多个机构、多个应用,长时间在生产环境中的实践检验,具备金融级的高性能、高可用性及高安全性。FISCO BCOS is a secure and reliable financial-grade open-source blockchain platform. The platform provides rich features including group architecture, cross-chain communication protocols, pluggable consensus mechanisms, privacy protection algorithms, OSCCA-approved (Office of State Commercial Cryptography Administration) cryptography algorithms, and distributed storage. Its performance, usability, and security have been testified by many institutional users and successful business applications in a live production environment.
[Multi-Go](https://github.com/TheRedSpy15/Multi-Go): A multi-tool made in Go, and aimed at security experts to make life a little more convenient
[dirtycow](https://github.com/nowsecure/dirtycow): radare2 IO plugin for Linux and Android. Modifies files owned by other users via dirtycow Copy-On-Write cache vulnerability
[OpenSCA-cli](https://github.com/XmirrorSecurity/OpenSCA-cli): OpenSCA is a Software Composition Analysis (SCA) solution that supports detection of open source component dependencies and vulnerabilities.
[ArchiveFuzz](https://github.com/devanshbatham/ArchiveFuzz): Hunt down the secrets from the WebArchives for Fun and Profit
[vbscan](https://github.com/OWASP/vbscan): OWASP VBScan is a Black Box vBulletin Vulnerability Scanner
[Lizard](https://github.com/wr0x00/Lizard): Lizard is a python-based fully automated infiltration script,feature-rich and can run on termux(Android). Lizard是一款基于python的web安全渗透测试工具;支持端口扫描、IP探测、密码爆破、shodan扫描、网站目录后台扫描、whois查询,CMS识别,poc检测;webshell一句话连接,dos攻击,ddos攻击,exp利用;整体采用模块化设计,可自行调用
[NoSight](https://github.com/mematron/NoSight): Disable any video input on a Mac. Putting tape over your iSight won't help you but this will.
[Path_Travelsal_Payload_List](https://github.com/omurugur/Path_Travelsal_Payload_List): Path Traversal Vulnerability Payload List
[RSPET](https://github.com/panagiks/RSPET): RSPET (Reverse Shell and Post Exploitation Tool) is a Python based reverse shell equipped with functionalities that assist in a post exploitation scenario.
[reading_list](https://github.com/bl8nr/reading_list): A very useful reading list of technical documents related to internetworking and cybersecurity.
[netmap.js](https://github.com/serain/netmap.js): Fast browser-based network discovery module
[CVE-2020-1971](https://github.com/MBHudson/CVE-2020-1971): CVE-2020-1971 Auto Scan & Remote Exploit Script. Auto Local Scan & Patch Script.
[G2-Alarmsystem](https://github.com/PerMalmberg/G2-Alarmsystem): Alarmsystem based on the Smooth framework, running on the G2 I/O card.
[The-Not-So-Simple-PHP-Command-Shell](https://github.com/kaotickj/The-Not-So-Simple-PHP-Command-Shell): This tool is intended to be used for on target enumeration to gather and exfiltrate information and then to upload tools such as netcat or msvenom payload for further access to the target.
[victorian_machinery](https://github.com/jbaines-r7/victorian_machinery): Proof of concept exploit for CVE-2022-30525 (Zxyel firewall command injection)
[0x01-ARM-32-Hacking-Hello-World](https://github.com/mytechnotalent/0x01-ARM-32-Hacking-Hello-World): ARM 32-bit Raspberry Pi Hacking Hello World example in Kali Linux.
[Megaploit](https://github.com/JosephFrankFir/Megaploit): A hacking tool(Reverse shell) based on python-3
[arkime](https://github.com/arkime/arkime): Arkime (formerly Moloch) is an open source, large scale, full packet capturing, indexing, and database system.
[CyberThreatHunting](https://github.com/A3sal0n/CyberThreatHunting): A collection of resources for Threat Hunters - Sponsored by Falcon Guard
[Malware-Exhibit](https://github.com/alvin-tosh/Malware-Exhibit): 🧨🧨This is a 🎇Real World🎇 Malware Collection I have created or Compiled/analysed🔥 to understand more about Malware threats😈, analysis and mitigation🧐.
[murphysec](https://github.com/murphysecurity/murphysec): An open source tool focused on software supply chain security. 墨菲安全专注于软件供应链安全,具备专业的软件成分分析(SCA)、漏洞检测、专业漏洞库。
[Public-CTF-Writeups](https://github.com/utcoalition/Public-CTF-Writeups): CTF writeups by UTC team
[AndroidLibrary](https://github.com/StringCare/AndroidLibrary): Android library to reveal or obfuscate strings and assets at runtime
[github-vuln-scraper](https://github.com/PhilipKazmeier/github-vuln-scraper): Vulnerability Scraper for GitHub
[operagbas](https://github.com/thotypous/operagbas): Alternative "security" module for Brazilian banks
[infra1](https://github.com/example-policy-org/infra1): This infra is compliant with version 1.0.0 of the company policy only
[WDIR](https://github.com/gkhan496/WDIR): Good resources about web security that I have read.
[ComputerScience](https://github.com/www-code-in/ComputerScience): CS.CODE.IN is a 1 year online Computer Science education program to equip yourself with modern and cutting edge programming technologies in the competitive world.
[SSRF_Vulnerable_Lab](https://github.com/incredibleindishell/SSRF_Vulnerable_Lab): This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack
[h-sploit](https://github.com/jravis-8520/h-sploit): H-SPLOIT TOOL IS HELP TO INSTALL METASPLOIT-FRAMEWORK IN A TERMUX
[pacu](https://github.com/RhinoSecurityLabs/pacu): The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
[acra](https://github.com/cossacklabs/acra): Database security suite. Database proxy with field-level encryption, search through encrypted data, SQL injections prevention, intrusion detection, honeypots. Supports client-side and proxy-side ("transparent") encryption. SQL, NoSQL.
[voodoo](https://github.com/QKaiser/voodoo): This repository holds proof-of-concepts for the VOOdoo vulnerabilities found in NETGEAR CG3100 and CG3700B cable modems provided by VOO to its subscribers.
[cs-video-courses](https://github.com/Developer-Y/cs-video-courses): List of Computer Science courses with video lectures.
[juice-shop-ctf](https://github.com/juice-shop/juice-shop-ctf): Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop supporting CTFd, FBCTF and RootTheBox
[docker-metasploit](https://github.com/opsxcq/docker-metasploit): Metasploit framework with steroids
[EDRHunt](https://github.com/FourCoreLabs/EDRHunt): Scan installed EDRs and AVs on Windows
[SIPTorch](https://github.com/0xInfection/SIPTorch): A "SIP Torture" (RFC 4475) testing suite.
[aws-security-viz](https://github.com/anaynayak/aws-security-viz): Visualize your aws security groups.
[zohocorp_dc](https://github.com/patois/zohocorp_dc): Zoho ManageEngine Desktop Central CVEs
[m-ld-security-spec](https://github.com/m-ld/m-ld-security-spec): Securing Shared Decentralised Live Information with m-ld
[BrowserBox](https://github.com/crisdosyago/BrowserBox): 📷 BrowserBox - Remote isolated browser API for security, automation visibility and interactivity. Run on our cloud, or bring your own. Full scope double reverse web proxy with multi-tab, mobile-ready browser UI frontend. Plus co-browsing, advanced adaptive streaming, secure document viewing and more! But only in the Pro version. Get BB today! Secure your document needs and internet, today!
[agebox](https://github.com/slok/agebox): Age based repository file encryption gitops tool
[rctf-scenario2](https://github.com/aliasrobotics/rctf-scenario2): Robotics CTF scenario 2
[sec-scannode](https://github.com/wanzywang/sec-scannode): SEC分布式资产扫描系统
[AppleDOS](https://github.com/farisv/AppleDOS): Messing Apple devices on the network with CVE-2018-4407 (heap overflow in bad packet handling)
[exifLooter](https://github.com/aydinnyunus/exifLooter): ExifLooter finds geolocation on all image urls and directories also integrates with OpenStreetMap
[ctf_platform](https://github.com/IRS-Cybersec/ctf_platform): Sieberrsec CTF platform. A Jeopardy CTF platform designed with various neat features to aid in training and learning.
[http-header](https://github.com/TahaT80/http-header): # You can get information such as HTTP Version, Server, Date, Content-Type, Transfer-Encoding, Vary, Expires, X-Frame-Options, Connection, P3P, Keep-Alive, X-DIS-Request-ID, Location, address, Cache-Control, etc.
[P-SAK](https://github.com/leoanggal1/P-SAK): Pentester Swiss Army Knife is a Docker Image with a suite of the most used tools for Hacking and Pentesting.
[pnwgen](https://github.com/toxydose/pnwgen): A very flexible phone number wordlist generator
[LabScripts](https://github.com/ColdFusionX/LabScripts): Scripts that I wrote & used in HackTheBox and other CTF's
[hackerdosyalaridemo](https://github.com/VolexExtreme/hackerdosyalaridemo): Programın Demo Sürümü
[hackerman](https://github.com/AgeOfMarcus/hackerman): A python library for penetration testing, security, development, and fun.
[netcap](https://github.com/dreadl0ck/netcap): A framework for secure and scalable network traffic analysis - https://netcap.io
[100-Days-Of-SwiftUI](https://github.com/PetroOnishchuk/100-Days-Of-SwiftUI): 👨💻👩💻100 Days Of SwiftUI free course from Hacking with Swift. 👨💻👩💻
[Exploring-APT-campaigns](https://github.com/BushidoUK/Exploring-APT-campaigns): Further investigation in to APT campaigns disclosed by private security firms and security agencies
[firewalla](https://github.com/firewalla/firewalla): http://firewalla.com
[CVE-2021-4034-exploit](https://github.com/PentesterSoham/CVE-2021-4034-exploit): I am not the real author of this exploits.. There are two exploits available, use any of one if it doesn't work use another one... Manual for this two exploit has given in README file. Please read that file before using it.. :)
[heap-exploitation](https://github.com/DhavalKapil/heap-exploitation): This book on heap exploitation is a guide to understanding the internals of glibc's heap and various attacks possible on the heap structure.
[inql](https://github.com/doyensec/inql): InQL - A Burp Extension for GraphQL Security Testing
[POFR](https://github.com/gmagklaras/POFR): Penguin OS Forensic (or Flight) Recorder
[awesome-russian-it](https://github.com/unchase/awesome-russian-it): :book: :headphones: :tv: :calendar: Список полезных русскоязычных ресурсов, связанных с ИТ - https://awesomeit.ru
[BPStegano](https://github.com/TapanSoni/BPStegano): BPStegano is a steganography tool built using Python 3. It uses AES-128 encryption a custom LSB random pixel algorithm hiding to hide raw strings and any type of file inside images.
[pickup-webapp](https://github.com/Ninna-log/pickup-webapp): 🛒💰 This is a demo for an e-commerce called Pickup App
[openwrt-useful-tools](https://github.com/adde88/openwrt-useful-tools): A repo containing different tools compiled specifically for the Hak5 WiFi Pineapple MK6 and MK7.
[chkdomain](https://github.com/PeterDaveHello/chkdomain): Check if a domain can be resolved or been blocked by secure DNS services.
[fusee-nano](https://github.com/DavidBuchanan314/fusee-nano): A minimalist re-implementation of the Fusée Gelée exploit (http://memecpy.com), designed to run on embedded Linux devices. (Zero dependencies)
[Virus-tools](https://github.com/Ghost-crypto-exe/Virus-tools): This tool will make hacking much easier and secure. I have created this collection for experienced hackers and beginners to give a start base. I am not responsible for any damage or harm !
[xunfeng](https://github.com/ysrc/xunfeng): 巡风是一款适用于企业内网的漏洞快速应急,巡航扫描系统。
[sethc-patch](https://github.com/catb0t/sethc-patch): Linux source to patch Windows NT's sethc.exe to cmd.exe so that pressing SHIFT 5 times at the login screen opens a SYSTEM level cmd.exe
[better-passwords](https://github.com/riklewis/better-passwords): Stop use of a bad passwords, including those in the Have I Been Pwned breached password database
[cybersecurity-penetration-testing](https://github.com/paulveillard/cybersecurity-penetration-testing): An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about Penetration Testing in Cybersecurity.
[contained.af](https://github.com/genuinetools/contained.af): A stupid game for learning about containers, capabilities, and syscalls.
[SipHash](https://github.com/veorq/SipHash): High-speed secure pseudorandom function for short messages
[exploit-CVE-2018-15139](https://github.com/sec-it/exploit-CVE-2018-15139): OpenEMR < 5.0.1.4 - (Authenticated) File upload - Remote command execution
[YSF](https://github.com/IllidanS4/YSF): YSF Server Functions
[k8badusb](https://github.com/k8gege/k8badusb): BadUSB Teensy downexec exploit support Windows & Linux / Windows Cmd & PowerShell addUser exploit
[NotesToCommands](https://github.com/xozxro/NotesToCommands): NotesToCommands is a powerful command template experience, allowing users to instantly execute terminal commands, with varying arguments, grouped into sections in a note or file. It was originally created for pentesting uses, to avoid the needed remembrance and retyping of sets of commands for various attacks.
[HaboMalHunter](https://github.com/Tencent/HaboMalHunter): HaboMalHunter is a sub-project of Habo Malware Analysis System (https://habo.qq.com), which can be used for automated malware analysis and security assessment on the Linux system.
[bunkerweb](https://github.com/bunkerity/bunkerweb): 🛡️ Make your web services secure by default !
[exploit-CVE-2017-7494](https://github.com/opsxcq/exploit-CVE-2017-7494): SambaCry exploit and vulnerable container (CVE-2017-7494)
[so-you-want-to-fight-the-state](https://github.com/cutealism/so-you-want-to-fight-the-state): So You Want to Fight the State: A How-to Guide
[Twitter-Seclists](https://github.com/securibee/Twitter-Seclists): Curated lists of InfoSec on Twitter. Find out who's awesome to follow!
[shu-shell](https://github.com/linuxsec/shu-shell): Webshell Jumping Edition
[pmanager](https://github.com/yukselberkay/pmanager): Simple, secure password manager for power users that is suitable for enterprise usage, with Rust's safety and performance.
[CVE-2017-0785](https://github.com/ojasookert/CVE-2017-0785): Blueborne CVE-2017-0785 Android information leak vulnerability
[ca-clone](https://github.com/BishopFox/ca-clone): Scripts to clone CA certificates for use in HTTPS client attacks.
[attack-flow](https://github.com/center-for-threat-informed-defense/attack-flow): Attack Flow helps executives, SOC managers, and defenders easily understand how attackers compose ATT&CK techniques into attacks by developing a representation of attack flows, modeling attack flows for a small corpus of incidents, and creating visualization tools to display attack flows.
[netflixparty_exploit](https://github.com/kr-b/netflixparty_exploit): Exploit tool for XSS in Netflix party <=1.7.8
[gsvsoc_docker-system-of-record](https://github.com/guardsight/gsvsoc_docker-system-of-record): A dockerized log server, that has plug and play capabilities.
[djangohunter](https://github.com/jimywork/djangohunter): Tool designed to help identify incorrectly configured Django applications that are exposing sensitive information.
[metabadger](https://github.com/salesforce/metabadger): Prevent SSRF attacks on AWS EC2 via automated upgrades to the more secure Instance Metadata Service v2 (IMDSv2).
[Spydan](https://github.com/adanvillarreal/Spydan): A web spider for shodan.io without using the Developer API.
[windbg-exploit-helper-scripts](https://github.com/tin-z/windbg-exploit-helper-scripts): JS scripts for windbg that i'll made for exploit development purpose
[SensitiveFileFuzzer](https://github.com/begininvoke/SensitiveFileFuzzer): A tool for fuzzing files on the website
[mosec-composer-plugin](https://github.com/momosecurity/mosec-composer-plugin): 用于检测composer项目的第三方依赖组件是否存在安全漏洞。
[IS-6B](https://github.com/thenanosoft/IS-6B): Information Security Notes on Web 1.0
[aws-secure-environment-accelerator](https://github.com/aws-samples/aws-secure-environment-accelerator): The AWS Secure Environment Accelerator is a tool designed to help deploy and operate secure multi-account, multi-region AWS environments on an ongoing basis. The power of the solution is the configuration file which enables the completely automated deployment of customizable architectures within AWS without changing a single line of code.
[CVE-2022-0847-Container-Escape](https://github.com/greenhandatsjtu/CVE-2022-0847-Container-Escape): CVE-2022-0847 used to achieve container escape 利用CVE-2022-0847 (Dirty Pipe) 实现容器逃逸
[gf-patterns](https://github.com/mrofisr/gf-patterns): Collection grep patterns for Tom Hudson a.k.a Tomnomnom tools namely gf
[V2GInjector](https://github.com/FlUxIuS/V2GInjector): V2GInjector - Tool to intrude a V2G PowerLine network, but also to capture and inject V2G packets
[systeminformer](https://github.com/winsiderss/systeminformer): A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Brought to you by Winsider Seminars & Solutions, Inc. @ http://www.windows-internals.com
[cve-2020-9375](https://github.com/thewhiteh4t/cve-2020-9375): TP-Link Archer C50 V3 devices before Build 200318 Rel. 62209 allows remote attackers to cause a denial of service via a crafted HTTP Header containing an unexpected Referer field.
[multizone-sdk-pfsc](https://github.com/hex-five/multizone-sdk-pfsc): MultiZone® Security TEE is the quick and safe way to add security and separation to any RISC-V processors. The RISC-V standard ISA doesn't define TrustZone-like primitives to provide hardware separation. To shield critical functionality from untrusted third-party components, MultiZone provides hardware-enforced, software-defined separation of multiple equally secure worlds. Unlike antiquated hypervisor-like solutions, MultiZone is self-contained, presents an extremely small attack surface, and it is policy driven, meaning that no coding is required – and in fact even allowed. MultiZone works with any 32-bit or 64-bit RISC-V processors with standard Physical Memory Protection unit (PMP) and “U” mode.
[security-privacy](https://github.com/ehsanedalat/security-privacy): This is a repo for all links and tools in the security and privacy field which I have found useful!!
[IZANAMI](https://github.com/NicolasMuras/IZANAMI): Es mi proyecto mas actual. Usted podrá ver como razono, y como aplico algunas metodologías demandadas en el mundo del desarrollo. OOP, Selenium con Python Behave (BDD) y TDD + refactoring.
[linux-baseline](https://github.com/dev-sec/linux-baseline): DevSec Linux Baseline - InSpec Profile
[TpAll](https://github.com/werp420/TpAll): Dette er stadig basic runcode. Brug CEVA eller noget andet til at test om lortet virker på serveren.
[itext7-dotnet](https://github.com/itext/itext7-dotnet): iText 7 for .NET is the .NET version of the iText 7 library, formerly known as iTextSharp, which it replaces. iText 7 represents the next level of SDKs for developers that want to take advantage of the benefits PDF can bring. Equipped with a better document engine, high and low-level programming capabilities and the ability to create, edit and enhance PDF documents, iText 7 can be a boon to nearly every workflow.
[race-the-web](https://github.com/TheHackerDev/race-the-web): Tests for race conditions in web applications. Includes a RESTful API to integrate into a continuous integration pipeline.
[zenco](https://github.com/faizannadeem12/zenco): This tool is developed to quickly get information about IP Address's DNS records etc
[Hacking-with-Go](https://github.com/parsiya/Hacking-with-Go): Golang for Security Professionals
[appsweep-gradle](https://github.com/Guardsquare/appsweep-gradle): This Gradle plugin can be used to continuously integrate app scanning using AppSweep into your Android app build process
[Adding-Security-to-Maven-Spring-WebApp](https://github.com/AdityaKshettri/Adding-Security-to-Maven-Spring-WebApp): In this project, I have worked on Maven Spring Web Application where I have provided Authentication and Authorization security to the web app using Netbeans 11.3
[firefox_tunnel](https://github.com/CoolerVoid/firefox_tunnel): The way to use firefox to make a tunnel to remote communication, bypass any firewall
[OASS](https://github.com/JavierOlmedo/OASS): 📄 OWASP Automatic Scan Script
[myProject](https://github.com/iRaneem/myProject): these are some presentation of projects I worked on through time ( Note* : I did publish other documents despite ppt like source code & report ..etc. in other repository so u can check it out )
[bluubomb](https://github.com/GaryOderNichts/bluubomb): Exploits the Wii U's bluetooth stack to gain IOSU kernel access via bluetooth
[lemur](https://github.com/Netflix/lemur): Repository for the Lemur Certificate Manager
[awesome-bugbounty-tools](https://github.com/vavkamil/awesome-bugbounty-tools): A curated list of various bug bounty tools
[Rakhat](https://github.com/sarah-lishin/Rakhat): Rakhat - a set of deliberately exploitable VM’s designed to provide practice for web exploits for penetration testing.
[golang-tls](https://github.com/denji/golang-tls): Simple Golang HTTPS/TLS Examples
[TendaSpill](https://github.com/shaheemirza/TendaSpill): An exploitation tool to extract passwords using CVE-2015-5995.
[web-devlopment](https://github.com/rishusingh022/web-devlopment): All the stacks which i know in web-development are present here u can have a look
[Hax-Godz](https://github.com/ZTF666/Hax-Godz): 👨💻 This script will turn you into the ultimate H4X0R , the God of the GODZzZzZ . Use its power wisely ! and don't abuse it too much .
[nDPI](https://github.com/ntop/nDPI): Open Source Deep Packet Inspection Software Toolkit
[rpigrab](https://github.com/TheSpeedX/rpigrab): Hack Raspberry Pi(s) across the world using Shodan !!
[infra2](https://github.com/example-policy-org/infra2): This infra is compliant with version 2.0.1 of the company policy
[WSOB](https://github.com/oppsec/WSOB): 😭 WSOB is a python tool created to exploit the new vulnerability on WSO2 assigned as CVE-2022-29464.
[IsDebuggerPresent](https://github.com/killswitch-GUI/IsDebuggerPresent): Debugger checks in 3 ways
[HazProne](https://github.com/stafordtituss/HazProne): HazProne is a Cloud Pentesting Framework that emulates close to Real-World Scenarios by deploying Vulnerable-By-Demand AWS resources enabling you to pentest Vulnerabilities within, and hence, gain a better understanding of what could go wrong and why!!
[Legacy-Botnets-Source-Code-Collection](https://github.com/maxamin/Legacy-Botnets-Source-Code-Collection): legacy Botnets source code Forked from github.com/malwares
[fsf](https://github.com/EmersonElectricCo/fsf): File Scanning Framework
[shadowsocks-rust](https://github.com/shadowsocks/shadowsocks-rust): A Rust port of shadowsocks
[mosec-maven-plugin](https://github.com/momosecurity/mosec-maven-plugin): 用于检测maven项目的第三方依赖组件是否存在安全漏洞。
[App-Partage-d-avis](https://github.com/MarcelintoSpace/App-Partage-d-avis): Application de partage d'avis et photos 🌶️
[strongbox](https://github.com/schibsted/strongbox): A secret manager for AWS
[Simple-Adware](https://github.com/SKocur/Simple-Adware): Script which display image (ad) downloaded from the internet.
[Invoke-PSObfuscation](https://github.com/gh0x0st/Invoke-PSObfuscation): An in-depth approach to obfuscating the individual components of a PowerShell payload whether you're on Windows or Kali Linux.
[udpih](https://github.com/GaryOderNichts/udpih): Exploit for the Wii U's USB Host Stack
[TamperThemAll](https://github.com/francescolacerenza/TamperThemAll): A tampered payload generator to Fuzz Web Application Firewalls
[showdown](https://github.com/stavinski/showdown): Perform OSINT on external targets using Shodan
[wordpress_cve-2018-6389](https://github.com/m3ssap0/wordpress_cve-2018-6389): Tries to exploit a WordPress vulnerability (CVE-2018-6389) which can be used to cause a Denial of Service.
[lm5](https://github.com/jmcph4/lm5): Simple and extensible fuzzer
[awesome-asus-tinker-board](https://github.com/thyrlian/awesome-asus-tinker-board): A curated list of ASUS Tinker Board resources
[gowitness](https://github.com/sensepost/gowitness): 🔍 gowitness - a golang, web screenshot utility using Chrome Headless
[payloadkit](https://github.com/jordanjoewatson/payloadkit): An offensive security framework for writing payloads
[urlcrazy](https://github.com/urbanadventurer/urlcrazy): Generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage.
[cwe_checker](https://github.com/fkie-cad/cwe_checker): cwe_checker finds vulnerable patterns in binary executables
[gef-extras](https://github.com/hugsy/gef-extras): Extra goodies for GEF: Open repository for unfiltered contributions to the project.
[docker-ipsec-vpn-server](https://github.com/hwdsl2/docker-ipsec-vpn-server): Docker image to run an IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2
[yandi-scanner](https://github.com/RASSec/yandi-scanner): Network Security Vulnerability Scanner
[p2psec](https://github.com/gpestana/p2psec): research on privacy and security in p2p and decentralised systems
[OSCP-Automation](https://github.com/C-Cracks/OSCP-Automation): A collection of personal scripts used in hacking excercises.
[MARA_threat_model](https://github.com/AcutronicRobotics/MARA_threat_model): Threat Model analysis for MARA modular robot
[SVScanner](https://github.com/radenvodka/SVScanner): SVScanner - Scanner Vulnerability And MaSsive Exploit.
[Karakurt-Hacking-Team-CTI](https://github.com/infinitumitlabs/Karakurt-Hacking-Team-CTI): IOC Data Obtained From Karakurt Hacking Team's Internal Infrastructure
[Enterprise-Security-Skill](https://github.com/AnyeDuke/Enterprise-Security-Skill): 用于记录企业安全规划,建设,运营,攻防的相关资源
[OffensiveDLR](https://github.com/byt3bl33d3r/OffensiveDLR): Toolbox containing research notes & PoC code for weaponizing .NET's DLR
[mythx-cli](https://github.com/dmuhs/mythx-cli): A command line interface for the MythX smart contract security analysis API
[Fngerprint-based-security-system](https://github.com/arunbsmrstu/Fngerprint-based-security-system): It is a fingerprint based security system.This project is developed with java ,u and u 4500 fingerprint reader .
[Rhme-2017](https://github.com/Riscure/Rhme-2017): Riscure Hack Me embedded hardware CTF 2017-2018.
[RedNixOS](https://github.com/redcode-labs/RedNixOS): NixOS-based 'distro' for cybersecurity enthusiasts
[RCE_Super_Web_Mailer](https://github.com/Dark-Clown-Security/RCE_Super_Web_Mailer): Author : Mr.TenAr
[GoWard](https://github.com/tid4l/GoWard): A robust Red Team proxy written in Go.
[React-Spy-API](https://github.com/ankit0183/React-Spy-API): React Spy API For React Application ( Spy error, Intercept, BrodcastError etc...)A set of utilities for collecting UX-analytics of your React-application.!
[NELphase](https://github.com/cdpxe/NELphase): Network Environment Learning (NEL) Phase for Covert Channels (with a Feedback Channel)
[encryption-with-emoji](https://github.com/ojan2021/encryption-with-emoji): A encryption tool coded to encrpyt and decrypt dynamicly (means every time encryption happens with random algorithm) text with emojis.
[magisk-frida](https://github.com/ViRb3/magisk-frida): 🔐 Run frida-server on boot with Magisk, always up-to-date
[AppmemDumper](https://github.com/dhondta/AppmemDumper): Forensics triage tool relying on Volatility and Foremost
[Intel-One](https://github.com/jkcso/Intel-One): Command line tool for passive reconnaissance, able to gather and link public information to a target domain, company or individual. It can make intelligence gathering faster and more effective by drastically reducing manual user interaction. This is achieved through the engineering of a highly customisable single input to multiple output solution. Tool conceived and developed in my free time as a result of my genuine interest in penetration testing.
[IIS-HTTP-Internal-IP-Finder](https://github.com/KooroshRZ/IIS-HTTP-Internal-IP-Finder): Optimized metasploit module to find internal IP address of vulnerable IIS web servers
[catbox](https://github.com/m-mizutani/catbox): Vulnerability scan and management serverless system for AWS ECR images with Trivy.
[pbscan](https://github.com/gvb84/pbscan): Faster and more efficient stateless SYN scanner and banner grabber due to userland TCP/IP stack usage.
[Kali-Linux-Dockerfile](https://github.com/tsumarios/Kali-Linux-Dockerfile): A simple Dockerfile to build an image starting from the latest official one of Kali Linux and including some useful tools.
[malnet-image](https://github.com/safreita1/malnet-image): A large-scale database of malicious software images
[4-Digit-Brute-Force-Method](https://github.com/ryantwt07/4-Digit-Brute-Force-Method): This machine was developed by Ryan. This machine shows the danger of having a 4-digit password for security purposes.
[praesidio-sdk](https://github.com/marnovandermaas/praesidio-sdk): Complete RISC-V toolchain to evaluate physically isolated enclaves
[RE-iOS-Apps](https://github.com/ivRodriguezCA/RE-iOS-Apps): A completely free, open source and online course about Reverse Engineering iOS Applications.
[GitGot](https://github.com/BishopFox/GitGot): Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.
[Textractor](https://github.com/Artikash/Textractor): Extracts text from video games and visual novels. Highly extensible.
[Android2PrivateLAN](https://github.com/H21lab/Android2PrivateLAN): Android App to tunnel access from HTTPs C&C server into Private LAN
[nessus-file-analyzer](https://github.com/LimberDuck/nessus-file-analyzer): GUI tool which enables you to parse nessus scan files from Nessus and Tenable.SC by (C) Tenable, Inc. and exports results to a Microsoft Excel Workbook for effortless analysis.
[owasp-mstg](https://github.com/OWASP/owasp-mstg): The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).
[teerex-exploits](https://github.com/uni-due-syssec/teerex-exploits): PoC exploits against various SGX enclaves
[Threat-Intelligence-Tradecraft](https://github.com/WeaverHeavy/Threat-Intelligence-Tradecraft)
[GraphCrawler](https://github.com/gsmith257-cyber/GraphCrawler): GraphQL automated security testing toolkit
[exit_code_java](https://github.com/TheCyaniteProject/exit_code_java): ExitCode - The Free, Open-Source, Desktop & Hacking Simulator Game.
[quiver](https://github.com/stevemcilwain/quiver): Quiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.
[cocomelonc.github.io](https://github.com/cocomelonc/cocomelonc.github.io): Cybersecurity blog. Red Team, pentest, malware analysis and dev
[hakip2host](https://github.com/hakluke/hakip2host): hakip2host takes a list of IP addresses via stdin, then does a series of checks to return associated domain names.
[H4CK3R-Installer](https://github.com/noyonarfin26/H4CK3R-Installer): This is auto installaling hacking item program simple run it all is well all thing is auto mode script
[stegreg](https://github.com/0ur4n05/stegreg): A tool that encrypt and hide your data inside your images.
[HTB-Emdee-five-for-life-Solution](https://github.com/localhost-Security/HTB-Emdee-five-for-life-Solution): Python script to solve the 'Emdee five for life' Challenge on hackthebox.eu
[awesome-windows-security](https://github.com/chryzsh/awesome-windows-security): List of Awesome Windows Security Resources
[soup](https://github.com/Jfaler/soup): ☎️ Original open source call flooder using Twilio's API.
[Fedora-Guide](https://github.com/mikeroyal/Fedora-Guide): Fedora/CentOS Stream/Red Hat Enterprise Linux Guide
[scan-for-webcams](https://github.com/JettChenT/scan-for-webcams): scan for webcams on the internet
[dnsmonster](https://github.com/mosajjal/dnsmonster): Passive DNS Capture and Monitoring Toolkit
[foretoken](https://github.com/domgolonka/foretoken): A blazing fast, highly customizable, modern-day defence tool using (in memory) SQL & REST/gRPC protocols.
[pmvr](https://github.com/bemasher/pmvr): Raspberry Pi Motion Video Recorder
[WannaCry](https://github.com/eitanh/WannaCry): WannaCry Scanner
[shomon](https://github.com/KaanSK/shomon): Shodan Monitoring integration for TheHive.
[screenshot-writeup](https://github.com/Ahmedwaleed22/screenshot-writeup): Cybertalents Screenshot Writeup
[ictf-framework](https://github.com/shellphish/ictf-framework): The iCTF Framework, presented by Shellphish!
[fallout-terminal-hacking](https://github.com/evaneliasyoung/fallout-terminal-hacking): This is a fun web-port of my favorite Fallout activity– terminal hacking.
[audit-userspace](https://github.com/linux-audit/audit-userspace): Linux audit userspace repository
[WMB-Scrapper](https://github.com/daudmalik06/WMB-Scrapper): A small Php package to fetch archive url snapshots from archive.org. Using it you can fetch complete list of snapshot urls of any year or complete list of all years possible.This package can be used to do recon of any target.
[monkey365](https://github.com/silverhack/monkey365): Monkey365 provides a tool for security consultants to easily conduct not only Microsoft 365, but also Azure subscriptions and Azure Active Directory security configuration reviews.
[adv-dnn-ens-malware](https://github.com/deqangss/adv-dnn-ens-malware): adversarial examples, adversarial malware examples, adversarial malware detection, adversarial deep ensemble, Android malware variants
[HASH_CRACKING](https://github.com/meduzzabytes/HASH_CRACKING): Its a simple tool for hash cracking password in MD5, SHA1, SHA224, SHA256, SHA384, SHA512
[CVE-2020-0069_poc](https://github.com/quarkslab/CVE-2020-0069_poc)
[uTox](https://github.com/uTox/uTox): µTox the lightest and fluffiest Tox client
[Twitter-Follow-Exploit](https://github.com/AdrianBZG/Twitter-Follow-Exploit): Automated Twitter mass account creation and follow using Selenium and Tor VPN
[DumpsterFire](https://github.com/TryCatchHCF/DumpsterFire): "Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
[GelatekReanimate](https://github.com/StrokeThePea/GelatekReanimate): Reanimation that's way better than Catware Reanimate.
[authelia](https://github.com/authelia/authelia): The Single Sign-On Multi-Factor portal for web apps
[arp-poison](https://github.com/srdja/arp-poison): ARP cache poisoning tool
[ICU](https://github.com/003random/ICU): An Extended, Modulair, Host Discovery Framework
[authentik](https://github.com/goauthentik/authentik): The authentication glue you need.
[exein-openwrt-public](https://github.com/Exeinspa/exein-openwrt-public): Openwrt 18.06.5 featured with the Exein's security framework
[Ip-Attack](https://github.com/Bhai4You/Ip-Attack): Auto IP or Domain Attack Tool ( #1 )
[learn-100](https://github.com/anishkashukla/learn-100): Cool resources and content for bug bounty hunting.
[CVE-2022-21907](https://github.com/mauricelambert/CVE-2022-21907): CVE-2022-21907: detection, protection, exploitation and demonstration. Exploitation: Powershell, Python, Ruby, NMAP and Metasploit. Detection and protection: Powershell. Demonstration: Youtube.
[evilscan](https://github.com/eviltik/evilscan): NodeJS Simple Network Scanner
[malware-analysis-reports](https://github.com/An00bRektn/malware-analysis-reports): Reports on malware that I write in my free time, if and when I have any.
[openzeppelin-contracts](https://github.com/OpenZeppelin/openzeppelin-contracts): OpenZeppelin Contracts is a library for secure smart contract development.
[Violent-Python-Companion-Files](https://github.com/royalbhati/Violent-Python-Companion-Files): Violent Python scripts used in book and few other required files
[myscan](https://github.com/amcai/myscan): myscan 被动扫描
[PassTron](https://github.com/deepraj1729/PassTron): PassTron is a Security Password Manager that stores user's password locally instead of a live database. It can auto generate secure passwords with stable UI experience
[Risk-Measurement-Framework](https://github.com/EvilWatermelon/Risk-Measurement-Framework): For my Masterthesis I implement a framework and evaluate it with a case study for risk measurement. The case study is a NN on traffic sign detection.
[in-toto](https://github.com/in-toto/in-toto): in-toto is a framework to protect supply chain integrity.
[Web-Phishing-Detection-](https://github.com/Govind155/Web-Phishing-Detection-): Detecting phishing websites using Machine learning with Python.
[Ooze](https://github.com/CoolerVoid/Ooze): Ooze is a tool to use at pentest with Social engineering. - beta
[TechnicalNote](https://github.com/jobhope/TechnicalNote): Repository to store what we have studied. :book: We want everyone to get a job through TechnicalNote.
[postshell](https://github.com/rek7/postshell): PostShell - Post Exploitation Bind/Backconnect Shell
[Malware-Zoo](https://github.com/BushidoUK/Malware-Zoo): Hashes of infamous malware
[insta-hack](https://github.com/IncredibleHacker/insta-hack): All in one Instagram hacking tool available (Insta information gathering, Insta brute force, Insta account auto repoter)
[moving_target_defense](https://github.com/erseco/moving_target_defense): Evolutionary Based Moving Target Cyber-Defense Master Thesis
[envisioncollision](https://github.com/ShadowEye/envisioncollision): Getting Envisioncollision to actually work.
[wordsploit](https://github.com/thisiskeanyvy/wordsploit): Programme de brute force amélioré
[ethereum-lists](https://github.com/MyEtherWallet/ethereum-lists): A repository for maintaining lists of things like malicious URLs, fake token addresses, and so forth. We love lists.
[anyForm](https://github.com/yak0d3/anyForm): Anyform is a lightweight form brute-forcing tool.
[Cat-Driver](https://github.com/vic4key/Cat-Driver): CatDriver - The Kernel Mode Driver that written in C++. It is an useful driver and has the highest privilege level on the Windows platform. It can be used for Game Hacking and others.
[Wallbreaker](https://github.com/hluwa/Wallbreaker): 🔨 Break Java Reverse Engineering form Memory World!
[sploitGET](https://github.com/0xricksanchez/sploitGET): A wrapper script for https://sploitus.com to scrape query results for tools and exploits
[ITools](https://github.com/Spaghetti-Noodle-Kitty/ITools): IT-Toolkit built in C#
[webext-signed-pages](https://github.com/tasn/webext-signed-pages): A browser extension to verify the authenticity (PGP signature) of web pages
[Windows-Post-Exploitation](https://github.com/emilyanncr/Windows-Post-Exploitation): Windows post-exploitation tools, resources, techniques and commands to use during post-exploitation phase of penetration test. Contributions are appreciated. Enjoy!
[m.sc.project](https://github.com/egrzeszczak/m.sc.project): Praca Magisterska (M. Sc.) - Implementacja Security Operations Center przy użyciu oprogramowania open source
[gencybercoin](https://github.com/vitalyford/gencybercoin): GenCyberCoin is a project sponsored by NSA/NSF GenCyber program. A demo is deployed here:
[MCPTool](https://github.com/wrrulos/MCPTool): Pentesting tool for Minecraft
[horusSE](https://github.com/Akshay-Rohatgi/horusSE): lightweight vulnerability remediation engine (Linux scoring engine)
[CVE-2022-31101](https://github.com/karthikuj/CVE-2022-31101): Exploit for PrestaShop bockwishlist module 2.1.0 SQLi (CVE-2022-31101)
[ebpf-slide](https://github.com/ehids/ebpf-slide): Collection of Linux eBPF slides/documents.
[OWASP-Top-10](https://github.com/ravi518/OWASP-Top-10): It contains the Resources for learning OWASP top 10 vulnerabilities.
[nailgun](https://github.com/ningzhenyu/nailgun): Nailgun attack on ARM devices.
[reverse-ssh](https://github.com/Fahrj/reverse-ssh): Statically-linked ssh server with reverse shell functionality for CTFs and such
[nmap-formatter](https://github.com/vdjagilev/nmap-formatter): A tool that allows you to convert NMAP results to html, csv, json, markdown, graphviz (dot). Simply put it's nmap converter.
[polysecrets](https://github.com/ableinc/polysecrets): A completely randomized order of secrets; built with security in mind.
[cybersecurity-forensics](https://github.com/paulveillard/cybersecurity-forensics): A collection of forensics tools, software, libraries, learning tutorials, frameworks, academic and practical resources in Cybersecurity
[ios-arm-research](https://github.com/xsscx/ios-arm-research): UPDATED: All the action is at https://github.com/xsscx/srd
[caddy-security](https://github.com/greenpau/caddy-security): 🔐 Authentication, Authorization, and Accounting (AAA) App and Plugin for Caddy v2. 💎 Implements Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0 (Github, Google, Facebook, Okta, etc.), SAML Authentication. MFA/2FA with App Authenticators and Yubico. 💎 Authorization with JWT/PASETO tokens. 🔐
[Mac_OSX-Hack](https://github.com/wuseman/Mac_OSX-Hack): Get full root access to Apple Devices running OSX by two commands in single-user-mode. (unless root partition has been encrypted)
[bcrypt.net](https://github.com/BcryptNet/bcrypt.net): BCrypt.Net - Bringing updates to the original bcrypt package
[CI-CD-Integrations](https://github.com/deepfence/CI-CD-Integrations): CI/CD plugins for image scanning, integrations with AWS ECR, Google Container Registry
[destiny-macros](https://github.com/preco21/destiny-macros): A collection of Destiny 2 macros built with AutoHotKey
[Generate-Checksum-Hash-SHAs-and-MD5-Python](https://github.com/srbrettle/Generate-Checksum-Hash-SHAs-and-MD5-Python): Generate SHA1, SHA-224, SHA-256, SHA-384, SHA-512, SHA-3-224, SHA-3-256, SHA-3-384, SHA-3-512 and MD5 checksums/hash values for a given file.
[gosint](https://github.com/1in9e/gosint): Gosint is a distributed asset information collection and vulnerability scanning platform
[owasp-masvs](https://github.com/OWASP/owasp-masvs): The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.
[SocialBox-Termux](https://github.com/samsesh/SocialBox-Termux): SocialBox is a Bruteforce Attack Framework [ Facebook , Gmail , Instagram ,Twitter ] , Coded By Belahsan Ouerghi Edit By samsesh for termux on android
[sillyproxy](https://github.com/ChandraNarreddy/sillyproxy): SillyProxy - Dynamic SNI based TLS proxy for terminating TLS (>=1.1) HTTP connections to multiple domains.
[Vuln_search](https://github.com/lprat/Vuln_search): Docker contains security tools for find vuln in programs (radare2, bap [modified], llvm fuzzer, llvm static [modified], ...)
[Goldman-Sachs-Crack-Leaked-Passsword-Database](https://github.com/surajmane24/Goldman-Sachs-Crack-Leaked-Passsword-Database): Improved password security policy
[awesome-ruby-security](https://github.com/pxlpnk/awesome-ruby-security): Awesome Ruby Security resources
[sopekocko](https://github.com/natho19/sopekocko): La marque So Pekocko, qui crée des sauces piquantes, connaît un franc succès. L’entreprise souhaite désormais développer une application d’évaluation de ses sauces piquantes, appelée “Piquante”.
[awesome-nginx-security](https://github.com/wallarm/awesome-nginx-security): 🔥 A curated list of awesome links related to application security related to the environments with NGINX or Kubernetes Ingres Controller (based on NGINX)
[Python-Windows-utils](https://github.com/agentzex/Python-Windows-utils): Machine info gathering and post exploitation tools
[firefox-profilemaker](https://github.com/allo-/firefox-profilemaker): Tool to create firefox profiles with good defaults.
[linux-hardened](https://github.com/GrapheneOS/linux-hardened): Minimal supplement to upstream Kernel Self Protection Project changes. Features already provided by SELinux + Yama and archs other than multiarch arm64 / x86_64 aren't in scope. Only tags have stable history. Shared IRC channel with KSPP: irc.freenode.net ##linux-hardened. Currently maintained at https://github.com/anthraxx/linux-hardened.
[Registro-Visitantes](https://github.com/AxlRoseRD/Registro-Visitantes): Una app de seguridad enfocada en tener un registro de las entradas y salidas de los diferentes edificios de las instalaciones que desee.
[ArchwareExtraction](https://github.com/Healpler/ArchwareExtraction): [CYBERSECURITY PROJECT] As an IT student and a cybersecurity thesis assistant in the French laboratory IRISA, I searched how to extract the vulnerability assets from CAPEC. I used R language to do XML extraction and processes of VA extraction. A BASH application has been written and allows to use this tool thanks a command prompt (Linux Distributions only at the moment). A Web application has been written to find some vulnerabilities before this cybersecurity project.
[ImHex](https://github.com/WerWolv/ImHex): 🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.
[gocewl](https://github.com/shellhunter/gocewl): gocewl is a commandline tool to generate custom wordlists by crawling webpages
[thug](https://github.com/buffer/thug): Python low-interaction honeyclient
[the-s-in-iot](https://github.com/Makerville/the-s-in-iot): "The S in IoT stands for security" - unknown
[DVIA-v2](https://github.com/prateek147/DVIA-v2): Damn Vulnerable iOS App (DVIA) is an iOS application that is damn vulnerable. Its main goal is to provide a platform to mobile security enthusiasts/professionals or students to test their iOS penetration testing skills in a legal environment. This project is developed and maintained by @prateekg147. The vulnerabilities and solutions covered in this app are tested up to iOS 11. The current version is writen in Swift and has the following vulnerabilities.
[Log4J-RCE-Proof-Of-Concept](https://github.com/HyCraftHD/Log4J-RCE-Proof-Of-Concept): Log4j-RCE (CVE-2021-44228) Proof of Concept with additional information
[hunting-rules](https://github.com/travisbgreen/hunting-rules): Suricata rules for network anomaly detection
[darlene](https://github.com/Timofey21/darlene): This is a tool for fuzzing XSS vulnerabilities. It's based on genetic algorithm.
[CVE-2017-11882](https://github.com/unamer/CVE-2017-11882): CVE-2017-11882 Exploit accepts over 17k bytes long command/code in maximum.
[teatime](https://github.com/dmuhs/teatime): An RPC attack framework for Blockchain nodes.
[tutanota](https://github.com/tutao/tutanota): Tutanota is an email service with a strong focus on security and privacy that lets you encrypt emails, contacts and calendar entries on all your devices.
[o365recon](https://github.com/nyxgeek/o365recon): retrieve information via O365 and AzureAD with a valid cred
[local-log4j-vuln-scanner](https://github.com/hillu/local-log4j-vuln-scanner): Simple local scanner for vulnerable log4j instances
[PopCat-Hack](https://github.com/rxzyx/PopCat-Hack): The best hack for popcat.click
[malinkundang](https://github.com/Proyek-Sangkuriang/malinkundang): Backend for project sangkuriang
[Filefy-Public-Download](https://github.com/Itzsten/Filefy-Public-Download): Finally, my new trojan called Filefy is now released publicly- for the first time ever! Feel free to test it on a virtual machine or record a video about it, but credit would be appreciated (as a relatively small creator). This is the version that's recoded in C, for an attempt to exclude the attempts of decompilation and removal of the warning. This is only for demostrational and educational purposes only, I, (itzsten) am not responsible for anything, whatsoever that you do with this malicious program. Don't use it for malicious purposes or you'll have a bad time at jail (not kidding).
[pwnfb50](https://github.com/securelayer7/pwnfb50): :unlock: transfer ownership of any FB50 smart lock to yourself (CVE-2019-13143)
[aws-iam-key-rotator](https://github.com/skildops/aws-iam-key-rotator): Generates new IAM access key pair every X days and notifies it to the user via configured channel along with deleting the existing key pair after a few days of new key generation
[Bug-Bounty-Scripts](https://github.com/victoni/Bug-Bounty-Scripts): The scripts I write to help me on my bug bounty hunting
[cleverhans](https://github.com/cleverhans-lab/cleverhans): An adversarial example library for constructing attacks, building defenses, and benchmarking both
[AlliN](https://github.com/P1-Team/AlliN): A flexible scanner
[Better-pwn](https://github.com/moom825/Better-pwn): Tools for hacking better discord(BD).
[cybersecurity-CTF](https://github.com/KhalilThabet/cybersecurity-CTF): This repository is used to store answers when resolving CTF (Catch The Flag) challanges, how i came to the solution and the line of thought used to reach it.
[nexfil](https://github.com/thewhiteh4t/nexfil): OSINT tool for finding profiles by username
[Terminhack](https://github.com/sandoche/Terminhack): 👨💻 Impress your friends by pretending to be a real hacker
[BLUESPAWN](https://github.com/ION28/BLUESPAWN): An Active Defense and EDR software to empower Blue Teams
[todomvc-playground-project](https://github.com/alexmonteirocastro/todomvc-playground-project): A playground for enhancing todo-MVC app
[MemJect](https://github.com/danielkrupinski/MemJect): Simple Dll injector loading from memory. Supports PE header and entry point erasure. Written in C99.
[hacking-effects](https://github.com/atiksoftware/hacking-effects): Hi there. You know hacking effects from hollywood movies. I have moke some effects by javascript, html and css.
[longue-vue](https://github.com/0vercl0k/longue-vue): Longue vue is an exploit chain that can compromise over the internet NETGEAR DGND3700v2 devices.
[Artificial-Intelligence-for-Security](https://github.com/minellogiacomo/Artificial-Intelligence-for-Security): Final project for the course of Artificial Intelligence for Security 2019
[PocLibrary](https://github.com/Coldwave96/PocLibrary): 定制界面版POC/EXP脚本仓库
[onionshare](https://github.com/onionshare/onionshare): Securely and anonymously share files, host websites, and chat with friends using the Tor network
[logclear](https://github.com/dipanshujha/logclear): This script is a shell script for clearing out all temp logs in any Linux system
[LuaJIT-Wrapper](https://github.com/milkteaaa/LuaJIT-Wrapper): ROBLOX Lua Wrapper made with Lua 5.1 Just-In-Time compiler
[fp-jsonwebtoken](https://github.com/natanbueno/fp-jsonwebtoken): fp-jsonwebtoken é um conjunto de bibliotecas para gerar, assinar e validar TOKENS JWT no fpc/lazarus.
[Mention_Glitch_Discord](https://github.com/GabinCleaver/Mention_Glitch_Discord): ✨ Un court code qui permet de faire une mention glitch en Python par moi, et en français.
[accesscontrol](https://github.com/onury/accesscontrol): Role and Attribute based Access Control for Node.js
[SSTI-XSS-Finder](https://github.com/darklotuskdb/SSTI-XSS-Finder): XSS Finder Via SSTI
[awesome-privilege-escalation](https://github.com/m0nad/awesome-privilege-escalation): A curated list of awesome privilege escalation
[Venomsploit](https://github.com/Err0r-ICA/Venomsploit): Meterpreter payload for all platforms
[MOSP](https://github.com/CASES-LU/MOSP): A collaborative platform for creating, editing and sharing JSON objects.
[pci](https://github.com/michoo/pci): Packet communication investigator
[DS4CS-Final](https://github.com/yujunkuo/DS4CS-Final): [網路安全的資料科學 108-2@NCCU] 惡意程式偵測 - 使用靜態分析與模型集成
[awesome-wifi-security](https://github.com/edelahozuah/awesome-wifi-security): A collection of awesome resources related to 802.11 security, tools and other things
[RecoverPy](https://github.com/PabloLec/RecoverPy): Interactively find and recover deleted or :point_right: overwritten :point_left: files from your terminal
[WindowsKeylogger](https://github.com/lucasbrsa/WindowsKeylogger): C++ ethical keylogger for Windows
[matomo](https://github.com/matomo-org/matomo): Liberating Web Analytics. Star us on Github? +1. Matomo is the leading open alternative to Google Analytics that gives you full control over your data. Matomo lets you easily collect data from websites & apps and visualise this data and extract insights. Privacy is built-in. We love Pull Requests!
[vulnerable-web-application](https://github.com/fuatkarakus/vulnerable-web-application): Türkçe açıklamalı savunmasız web sitesi
[pptop](https://github.com/alttch/pptop): Open, extensible Python injector/profiler/analyzer
[zip-shotgun](https://github.com/jpiechowka/zip-shotgun): Utility script to test zip file upload functionality (and possible extraction of zip files) for vulnerabilities (aka Zip Slip)
[apicheck](https://github.com/BBVA/apicheck): The DevSecOps toolset for REST APIs
[0x-review](https://github.com/ConsenSys/0x-review): Security review of 0x smart contracts
[solarsploit](https://github.com/testifysec/solarsploit): Red team tool that emulates the SolarWinds CI compromise attack vector.
[Burp-Wordlist-Generator](https://github.com/ldcvanderpoel/Burp-Wordlist-Generator): This Burp extension extracts various data (path, parameter keys, parameter values, subdomains, etc.) from the sitemap. This data is used to create custom wordlists for directory/dns/parameter brute-forcing.
[WindowsExploits](https://github.com/Hacker-One/WindowsExploits): Windows Exploit List
[ssl-kill-switch2](https://github.com/nabla-c0d3/ssl-kill-switch2): Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS and macOS applications.
[In-Spectre-Meltdown](https://github.com/Viralmaniar/In-Spectre-Meltdown): This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre) allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways of attacking data protection measures on CPUs enabling attackers to read data they shouldn't be able to. This tool is originally based on Microsoft: https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in
[Sandbox-Escape-POC-iOS-13.4.1-and-lower](https://github.com/iosdec/Sandbox-Escape-POC-iOS-13.4.1-and-lower): This is a POC of a sandbox escape by found by Siguza. Works up to iOS 13.4.1.
[CyberSecurity_Certification_for_Free](https://github.com/Ananya-0306/CyberSecurity_Certification_for_Free): Free Online Certifications in CyberSecurity
[JackKnife](https://github.com/skaldragon/JackKnife): JackKnife is a Network Defense Tool Repository for Powershell. It is made up multiple powershell scripts I've made or borrowed to make work easier
[Powershell-RAT](https://github.com/Viralmaniar/Powershell-RAT): Python based backdoor that uses Gmail to exfiltrate data through attachment. This RAT will help during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends it to an attacker as an e-mail attachment.
[CyberSec-resources](https://github.com/DavidJKTofan/CyberSec-resources): A repo of useful CyberSec tools/urls, OSINT, Linux security resources, and more.
[SDorker](https://github.com/TheSpeedX/SDorker): SuperDorker gives you a huge list of websites for 0day attacks from Google Dorks
[little-secret-js](https://github.com/fishwasher/little-secret-js): JavaScript UTF-8 text encoder/decoder secured by a secret key
[Pgen](https://github.com/ctsrc/Pgen): Command-line passphrase generator
[macOS-Kernel-Exploit](https://github.com/A2nkF/macOS-Kernel-Exploit): macOS Kernel Exploit for CVE-2019-8781.
[lockigest](https://github.com/elmsec/lockigest): 🔐 Lockigest – Why would you have to enter a password to unlock your screen countless times a day? Lockigest is a simple idea that solves this. It will lock your screen only if a predefined pattern is not followed within a certain time.
[infosec-jobs-com-salaries](https://github.com/foorilla/infosec-jobs-com-salaries): A dataset of global salaries in InfoSec/Cyber Security.
[security-cheatsheets](https://github.com/andrewjkerr/security-cheatsheets): 🔒 A collection of cheatsheets for various infosec tools and topics.
[Modlishka](https://github.com/drk1wi/Modlishka): Modlishka. Reverse Proxy.
[mssd-systems-security](https://github.com/lamida/mssd-systems-security): Lecture notes and relevant materials of SUTD MSSD 51.502 Systems Security Course
[Cross-site-Scripting](https://github.com/ShubhamJagtap2000/Cross-site-Scripting): 📝 Understand how cross-site scripting occurs, how to detect and exploit XSS vulnerabilities, giving you control of other visitor's browsers.
[consoleme](https://github.com/Netflix/consoleme): A Central Control Plane for AWS Permissions and Access
[Infosec-Resources](https://github.com/pathakabhi24/Infosec-Resources): In this repo you will find all the resources used in infosec it helps you to make your knowledge more perfect in this domain
[sploits](https://github.com/mellow-hype/sploits): PoC exploits for bugs I have found and disclosed.
[l0l](https://github.com/xorond/l0l): An exploit development kit with shellcodes and backdoors for various operating systems
[subuser](https://github.com/subuser-security/subuser): Run programs on linux with selectively restricted permissions.
[no-ssl](https://github.com/nashcontrol/no-ssl): CLI tool to probe servers for support of legacy TLS protocols and various certificate and cipher checks
[XSS-and-SQL-Vulnerability-Scanner](https://github.com/Muhammad-Nouman-Ahmed/XSS-and-SQL-Vulnerability-Scanner): Python vulnerability scanner to detect XSS and SQL injection in web applications.
[PyExchangePasswordSpray](https://github.com/iomoath/PyExchangePasswordSpray): Microsoft Exchange password spray tool with proxy support.
[cervantes](https://github.com/CervantesSec/cervantes): Cervantes is an opensource collaborative platform for pentesters or red teams who want to save time to manage their projects, clients, vulnerabilities and reports in one place.
[traefik-crowdsec-bouncer](https://github.com/fbonalair/traefik-crowdsec-bouncer): A http service to verify request and bounce them according to decisions made by CrowdSec.
[internalblue](https://github.com/seemoo-lab/internalblue): Bluetooth experimentation framework for Broadcom and Cypress chips.
[vsFTPd-2.3.4-exploit](https://github.com/whoamins/vsFTPd-2.3.4-exploit): vsFTPd 2.3.4 Backdoor Exploit CVE-2011-2523
[BAT_CORE](https://github.com/AveCaesarMorituriTeSalutant/BAT_CORE): BAT is a tool to help everyone to securing their web-servers.
[LCTF2017-WEB-LPLAYGROUND](https://github.com/grt1st/LCTF2017-WEB-LPLAYGROUND): LCTF2017 web题L_PLAYGROUND源码
[attack_to_cve](https://github.com/center-for-threat-informed-defense/attack_to_cve): A methodology for mapping MITRE ATT&CK techniques to vulnerability records to describe the impact of a vulnerability.
[ssh-auditor](https://github.com/ncsa/ssh-auditor): The best way to scan for weak ssh passwords on your network
[django-multifactor-authentication](https://github.com/andrenerd/django-multifactor-authentication): Django Multifactor Authentication
[encryptwp](https://github.com/crypteron/encryptwp): EncryptWP - Adds military-grade encryption and tamper protection to WordPress user data.
[SpoofThatMail](https://github.com/v4d1/SpoofThatMail): Bash script to check if a domain or list of domains can be spoofed based in DMARC records
[panopticon](https://github.com/das-labor/panopticon): A libre cross-platform disassembler.
[bouncer_problem](https://github.com/erwanlemerrer/bouncer_problem): Code for the experiment proposed in Section 4.2 of the paper "The Bouncer Problem: Challenges to Remote Explainability".
[wifi-deauther](https://github.com/ZKAW/wifi-deauther): A fully automatic wifi deauther coded in Python
[Arduino-FastLED-Music-Visualizer](https://github.com/justcallmekoko/Arduino-FastLED-Music-Visualizer): An Arduino based music visualizer using the FastLED library and a strip of individually addressable LEDs
[P4ssw0rd-an4lys3r](https://github.com/Himmii/P4ssw0rd-an4lys3r): Check to see if a password is safe or not. If not, Generate the safest password, Of course, it won't be remembered and hence, save it for future reference.
[fdsecurity](https://github.com/FabioDefilippo/fdsecurity): this tool analizes a file o many files inside directory with yara and capa to find suspected file
[logstash-plugins](https://github.com/lprat/logstash-plugins): My logstash plugins. Filter: sig (for security detect -> IOC, sig, New value, Reference, link, frequence, ...). Output: alert created by filter sig, feed FIR (CERT SG)
[porc](https://github.com/hrbrmstr/porc): :boar: Tools to Work with 'Snort' Rules, Logs and Data
[gitjacker](https://github.com/liamg/gitjacker): 🔪 :octocat: Leak git repositories from misconfigured websites
[keysniffer-poc](https://github.com/mellow-hype/keysniffer-poc): Simple PoC Linux keysniffer showing impact of a lack of GUI-isolation in X display server.
[nmapthon2](https://github.com/cblopez/nmapthon2): A modern Nmap automation library for Python
[flask-security](https://github.com/Flask-Middleware/flask-security): Quick and simple security for Flask applications
[SILENTTRINITY](https://github.com/byt3bl33d3r/SILENTTRINITY): An asynchronous, collaborative post-exploitation agent powered by Python and .NET's DLR
[WebDevRN.github.io](https://github.com/WebDevRN/WebDevRN.github.io): Somos uma organização regional do Rio grande do norte, com finalidade apresentar nossos desenvolvedores e reunir assim aumentando o conhecimento de cada um de nossos desevolvedores.
[docker-testssl](https://github.com/jumanjihouse/docker-testssl): http://testssl.sh/ in a tiny docker container
[ThreatHunting_with_Osquery](https://github.com/Kirtar22/ThreatHunting_with_Osquery): Threat Hunting & Incident Investigation with Osquery
[amlogic-usbdl](https://github.com/frederic/amlogic-usbdl): Unsigned code loader for Amlogic BootROM
[vsmartcard](https://github.com/frankmorgner/vsmartcard): umbrella project for emulation of smart card readers or smart cards
[SneakyEXE](https://github.com/hackernese/SneakyEXE): Embedding a "UAC-Bypassing" function into your custom payload
[PollDaddyHack](https://github.com/dado3212/PollDaddyHack): Exploit PollDaddy polls
[sigmatch](https://github.com/SpriteOvO/sigmatch): ✨ Modern C++ 20 signature match / search library
[0x00sec_code](https://github.com/0x00pf/0x00sec_code): Code for my 0x00sec.org posts
[StringEncryption](https://github.com/Javadr421/StringEncryption): String Encrypting by TripleDES in C# - Security.Cryptogarphi namespace
[Network-Traffic-Analysis](https://github.com/vinayakumarr/Network-Traffic-Analysis): SSH traffic analysis
[janus-toolkit](https://github.com/giacomoferretti/janus-toolkit): A collection of tools for the Janus exploit [CVE-2017-13156].
[bundler-audit](https://github.com/rubysec/bundler-audit): Patch-level verification for Bundler
[instagram-zero-click-exploit](https://github.com/cybersecurityresearcher/instagram-zero-click-exploit): Instagram Passwordless Login And Password Reset Bug in The Wild
[sec-docker](https://github.com/xiecat/sec-docker): 常用安全工具 docker镜像 自动更新仓库
[sedcli](https://github.com/sedcli/sedcli): sedcli and libsed library for NVMe Self-Encrypting Drives (SEDs) management
[talk-unity3d-game-hacking](https://github.com/uug-trento/talk-unity3d-game-hacking): Slides for the talk in the UUGTrento #8
[pulsexploit](https://github.com/aqhmal/pulsexploit): Automated script for Pulse Secure SSL VPN exploit (CVE-2019-11510) using hosts retrieved from Shodan API. You must have a Shodan account to use this script.
[WebAppNetFrameworkSecurity](https://github.com/carmelogithub/WebAppNetFrameworkSecurity): Configuración de seguridad con Autenticación y Autorización de usuarios
[pybfd3](https://github.com/b-2-r/pybfd3): A Python (3.x compatible) interface to the GNU Binary File Descriptor (BFD) and opcodes library.
[esp32-slcan](https://github.com/mintynet/esp32-slcan): ESP32 slcan compatible device
[Joomla_CVE-2015-8562](https://github.com/VoidSec/Joomla_CVE-2015-8562): A proof of concept for Joomla's CVE-2015-8562 vulnerability (Object Injection RCE)
[LE-C](https://github.com/l3lch33ts/LE-C): A simple yet powerful Lua-C script executor.
[credential-digger](https://github.com/SAP/credential-digger): A Github scanning tool that identifies hardcoded credentials while filtering the false positive data through machine learning models :lock:
[vishwaCTFWebsite21](https://github.com/CybercellVIIT/vishwaCTFWebsite21): Website for the vishwaCTF'21
[CANghost](https://github.com/souravbaghz/CANghost): Automated Script For Hacking Into CAN Bus - Car Hacking
[CHMH](https://github.com/CyberRiskOp/CHMH): Just as we create cybersecurity systems according to Design and Engineering Principles, the Handbook authors believed we should offer something similar to our audience of practitioners.
[BlogPessoal](https://github.com/RafaelBalbino/BlogPessoal): Onde será armazenado todo o código Java do meu blog pessoal (Exercícios inclusos)
[zynix-fusion](https://github.com/th3void/zynix-fusion)
[awesome-sec-talks](https://github.com/PaulSec/awesome-sec-talks): A collected list of awesome security talks
[FilezillaExploit](https://github.com/NeoTheCapt/FilezillaExploit): Filezilla local admin port exploit
[noonlight-hass](https://github.com/konnected-io/noonlight-hass): HomeAssistant integration for Noonlight
[Phishing-Websites-Classification-using-Deep-Learning](https://github.com/sohailahmedkhan/Phishing-Websites-Classification-using-Deep-Learning): A detailed comparison of performance scores achieved by Machine Learning and Deep Learning algorithms on 3 different Phishing datasets. 3 different feature selection and 2 different dimensionality reduction techniques are used for comparison.
[pacbot](https://github.com/tmobile/pacbot): PacBot (Policy as Code Bot)
[cuc-ns](https://github.com/c4pr1c3/cuc-ns): 网络安全课本
[DetExt](https://github.com/alejandro-g-m/DetExt): Detection of malicious data exfiltration over DNS using Machine Learning techniques
[cve-2017-0065](https://github.com/Dankirk/cve-2017-0065): Exploiting Edge's read:// urlhandler
[pylibcdb](https://github.com/Neetx/pylibcdb): libc_database python wrapper for exploit automation
[aws-sso-cli](https://github.com/synfinatic/aws-sso-cli): A powerful tool for using AWS SSO for the CLI and web console.
[cyberops](https://github.com/santosomar/cyberops): Cisco Press CCNA Cyber Ops Books and Video Courses supplemental information and additional study materials.
[registry-ransomware](https://github.com/Yochran/registry-ransomware): Today I decided to try out some registry editing in VBScript, so I made a quick little ransomware script.
[awesome-azure-architecture](https://github.com/lukemurraynz/awesome-azure-architecture): AWESOME-Azure-Architecture
[PE-Packer](https://github.com/czs108/PE-Packer): 🗜️ A packer for Windows x86 executable files written in C and Intel x86 Assembly. The new file after packing can obstruct reverse engineering.
[Python_URI](https://github.com/rbshadow/Python_URI): Programming Problems Solution of URI Online Judge using Python 3
[owasp-seraphimdroid](https://github.com/nikolamilosevic86/owasp-seraphimdroid): OWASP Seraphimdroid is an open source project with aim to create, as a community, an open platform for education and protection of Android users against privacy and security threats.
[j3rmbadger.com](https://github.com/jermdw/j3rmbadger.com): j3rmbadger blog
[CVE-2021-1675-SCANNER](https://github.com/Leonidus0x10/CVE-2021-1675-SCANNER): Vulnerability Scanner for CVE-2021-1675/PrintNightmare
[h-sploit-paylod](https://github.com/jravis-8520/h-sploit-paylod): H-SPLOIT-PAYLOAD GENERATE METASPLOIT PAYLOAD IN 1 CLICK
[deadfi](https://github.com/robsonbbs/deadfi): Ferramenta para calcular senha padrão de roteadores WiFi
[URL-obfuscator](https://github.com/Anish-M-code/URL-obfuscator): Python Program to obfuscate URLs to make Phishing attacks more difficult to detect. Uses Active open redirect list and other URL obfuscation techniques.
[formatstring-exploit](https://github.com/Inndy/formatstring-exploit): Dead simple format string exploit payload generator
[Red-Team-Tips](https://github.com/6vr/Red-Team-Tips): Red Team Stuffs
[Baykus](https://github.com/Yuuyake/Baykus): Baykus is an asynchronous IP analyzer, using 4 different resources
[forseti-security](https://github.com/forseti-security/forseti-security): Forseti Security
[zap-extensions](https://github.com/zaproxy/zap-extensions): OWASP ZAP Add-ons
[Make-Rainbow-Table](https://github.com/PolyatomicBrian/Make-Rainbow-Table): A simple rainbow table generator supporting MD5, SHA224, SHA256, SHA384, and SHA512, written in Python 2.7.
[AstroNet](https://github.com/lckt0/AstroNet): A basic .NET obfuscator uses dnlib, Modded KoiVM on decryption methods. Not stable for now, works on "crack me" executables.
[cybersecurity-security-harderning](https://github.com/paulveillard/cybersecurity-security-harderning): A collection of awesome security hardening software, libraries, learning tutorials & documents, e-books, best practices, checklists, benchmarks about hardening in Cybersecurity
[SpyderC2](https://github.com/Ayantaker/SpyderC2): A simple, dockerized python based Command and Control(C2) Framework named SpyderC2
[logSniper](https://github.com/egyjs/logSniper): A fast and powerful dashboard (admin,login page) finder
[Hodor](https://github.com/KI-labs/Hodor): Hodor is a an automation application that is used to open the door controlled by an intercom system from Slack using a custom slash command.
[penetration_testing](https://github.com/BuggerBag/penetration_testing): 🎩 [penetration testing Book], Kali Magic, Cryptography, Hash Crack, Botnet, Rootkit, Malware, Spyware, Python, Go, C|EH.
[autorop](https://github.com/mariuszskon/autorop): Automated solver of classic CTF pwn challenges, with flexibility in mind.
[sdk-js](https://github.com/TankerHQ/sdk-js): Tanker client-side encryption SDK for JavaScript
[nocom-frontend](https://github.com/nerdsinspace/nocom-frontend): The No Comment web application frontend.
[csrf-spring-webflux-mustache](https://github.com/daggerok/csrf-spring-webflux-mustache): This repository is contains example application using spring boot 2.0, webflux, spring security 5, reactive mongodb and mustache template engine: spring security 5, CSRF protection with mustache, spring webflux functional routes security, method security, authorization decision, etc
[ELITE-virus](https://github.com/MBAHABYK/ELITE-virus): It ıs a simple vırus written in c++
[CTFarchives](https://github.com/AravGarg/CTFarchives): CTFs I've played so far
[rmcpp](https://github.com/apfeltee/rmcpp): rmcpp deletes comments. specifically meant to bridge preprocessor and compiler, it can also (somewhat) handle Pascal-style comments
[spellbook](https://github.com/htrgouvea/spellbook): Framework for rapid development and reusable of security tools
[Radium](https://github.com/mehulj94/Radium): Python logger with multiple features.
[git-ripper](https://github.com/s3rgeym/git-ripper): Downloads git repo(s) from the web.
[Axon](https://github.com/rakion99/Axon): Unrestricted Lua Execution
[hackercamp](https://github.com/halit/hackercamp): Enine boyuna siber güvenlik
[keypatch](https://github.com/keystone-engine/keypatch): Multi-architecture assembler for IDA Pro. Powered by Keystone Engine.
[YAFRA](https://github.com/hm-seclab/YAFRA): YAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents.
[KiKatz](https://github.com/NITRO-P/KiKatz): Tools untuk pemula dalam kegiatan pentest
[atc-mitigation](https://github.com/atc-project/atc-mitigation): Actionable analytics designed to combat threats based on MITRE's ATT&CK.
[ironcar](https://github.com/vinzeebreak/ironcar): 🏎️ Mini self-driving car for {curious, passionnate} people.
[Shellware](https://github.com/NullArray/Shellware): Persistent bind shell via pythonic shellcode execution, and registry tampering.
[gitleaks-ci](https://github.com/zricethezav/gitleaks-ci): gitleaks, but for PRs
[cloudmapper](https://github.com/duo-labs/cloudmapper): CloudMapper helps you analyze your Amazon Web Services (AWS) environments.
[Abused-Legitimate-Services](https://github.com/BushidoUK/Abused-Legitimate-Services): Cloud, CDN, and marketing services leveraged by cybercriminals and APT groups
[xss-listener](https://github.com/cagataycali/xss-listener): 🕷️ XSS Listener is a penetration tool for easy to steal data with various XSS.
[NginxDay](https://github.com/AgainstTheWest/NginxDay): Nginx 18.1 04/09/22 zero-day repo
[CVE-2020-10749](https://github.com/knqyf263/CVE-2020-10749): CVE-2020-10749 PoC (Kubernetes MitM attacks via IPv6 rogue router advertisements)
[DegateDemoProjects](https://github.com/DegateCommunity/DegateDemoProjects): Degate demonstration projects.
[LogServiceCrash](https://github.com/limbenjamin/LogServiceCrash): POC code to crash Windows Event Logger Service
[K_Gasp4m](https://github.com/fabiorlobo/K_Gasp4m): "K - Generate a strong password for me" – A password generator
[greenbone-container-images](https://github.com/greenbone/greenbone-container-images): Additional Container Images from Greenbone
[rctf-scenario4](https://github.com/aliasrobotics/rctf-scenario4): Robotics CTF scenario 4
[sa-fail2ban](https://github.com/softasap/sa-fail2ban): Fail2ban scans log files (e.g. sshd log) and bans IPs that show the malicious signs -- too many password failures, seeking for exploits, etc. Generally Fail2Ban is then used to update firewall rules to reject the IP addresses for a specified amount of time, although any arbitrary other action (e.g. sending an email) could also be configured
[appgyver-auth-flows](https://github.com/SAP-samples/appgyver-auth-flows): SAP Cloud Identity and XSUAA authentication samples for SAP AppGyver. This repository shows how to apply OAuth 2.0 authorization and token flows to your SAP AppGyver apps.
[midfp-php](https://github.com/scipag/midfp-php): Mail Message-ID Fingerprinting
[no-sandbox](https://github.com/sickcodes/no-sandbox): No Sandbox - Applications That Run Chromium and Chrome Without The Sandbox. TL;DR exploits in these browser based applications are already sandboxed escaped: https://no-sandbox.io/
[e-peregrino](https://github.com/aggarcia3/e-peregrino): e-peregrino es una aplicación "de juguete" que pretende implementar los requisitos de seguridad necesarios para credencial de peregrino digital.
[secguide](https://github.com/Tencent/secguide): 面向开发人员梳理的代码安全指南
[TFM-Analisis-Keyloggers-Ingenieria-Inversa](https://github.com/gabimarti/TFM-Analisis-Keyloggers-Ingenieria-Inversa): Documentos sobre el TFM MCS 2019 de Gabriel Marti
[security-rss-list](https://github.com/git-list/security-rss-list): 📰 Security RSS List 📰
[CVE-2018-16712](https://github.com/DownWithUp/CVE-2018-16712): PoC Code for CVE-2018-16712 (exploit by MmMapIoSpace)
[CNN_Security](https://github.com/jemoran42/CNN_Security)
[magnetos](https://github.com/restran/magnetos): 🔥 Hacker Scripts for CTF Challenges.
[kali-fix](https://github.com/KentVolt/kali-fix): Collection of scripts for fixes and QoL changes for kali linux. Some files for ParrotOS are also included
[Superman](https://github.com/Deusnegro/Superman): The Superman tool is a proxy tool and has the ability to create a proxy list. This tool is made by Omid Ranjbar. Unauthorized use of the tool is the responsibility of the customer
[mirror-cultdeadcow.com](https://github.com/opsxcq/mirror-cultdeadcow.com): Cult of Dead Cow website's mirror !
[ACFan](https://github.com/xmcp/ACFan): 名副其实的自动AC机
[arpmess](https://github.com/avan-pra/arpmess): Perform arp spoofing attack in C
[Modlishka-Templates](https://github.com/trewisscotch/Modlishka-Templates): BirWell / CoinEx / eTorox / Venus / ProBit Global / Poloniex / Gemini / Gate.io / Binance / Bitfinex / Blockchain / Cex.io / Coinbase / Dashlane / Enpass / Enterprise WebAccountManager / Exmo / FTX Trading / Google / Huobi / Keeper / Korbit / Kraken / MultiPassword / O365 / Yahoo / Canadianbitcoins.com / Liquid.com / Litebit.com / Netcoins.com / Opensea / Shakepay.co / Citibank / Deutsche Bank / Chase / BOA / Wells Fargo / Bank of New York Mellon / Capital One / Suntrust
[system-bus-radio](https://github.com/fulldecent/system-bus-radio): Transmits AM radio on computers without radio transmitting hardware.
[cybersecurity-industrial-control-systems-security](https://github.com/paulveillard/cybersecurity-industrial-control-systems-security): A collection of awesome software, libraries, documents, books, resources and cool stuff about industrial control systems in cybersecurity.
[crossfeed](https://github.com/cisagov/crossfeed): External monitoring for organization assets
[pouch](https://github.com/alibaba/pouch): An Efficient Enterprise-class Container Engine
[attack-evals](https://github.com/mitre-attack/attack-evals): ATT&CK Evaluations website (DEPRECATED)
[maltrail](https://github.com/stamparm/maltrail): Malicious traffic detection system
[ucors](https://github.com/wfinn/ucors): tool that scans for CORS bypasses
[CTF-Tools](https://github.com/cmaixen/CTF-Tools): My Personal Library for CTF's
[opmsg](https://github.com/stealth/opmsg): opmsg message encryption
[IPWarden](https://github.com/EnnioX/IPWarden): IPWarden(守望者)是一个IP资产风险巡查工具。持续发现系统、Web两个维度的资产信息、安全风险和漏洞。所有扫描结果可通过API请求返回json数据和导出xlsx,方便二次开发与数据加工。适合甲方安全人员用于管理公网/内网IP资产风险暴露面。
[webgrep](https://github.com/dhondta/webgrep): Grep Web pages with extra features like JS deobfuscation and OCR
[infoooze](https://github.com/devXprite/infoooze): Infoooze is an Open-source intelligence (OSINT) tool in NodeJs. It provides various modules that allow efficient searches.
[checkdmarc](https://github.com/domainaware/checkdmarc): A parser for SPF and DMARC DNS records
[password_cracker](https://github.com/gsurma/password_cracker): Char-level RNN LSTM password cracker 🔑🔓.
[CVE-2022-26159-Ametys-Autocompletion-XML](https://github.com/p0dalirius/CVE-2022-26159-Ametys-Autocompletion-XML): A python exploit to automatically dump all the data stored by the auto-completion plugin of Ametys CMS to a local sqlite database file.
[Damn-Vulnerable-GraphQL-Application](https://github.com/dolevf/Damn-Vulnerable-GraphQL-Application): Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security.
[STIX-Interoperability-Runner](https://github.com/StephenOTT/STIX-Interoperability-Runner): STIX Interoperability Runner to write and validate STIX Interoperability Spec tests
[CTHackFramework](https://github.com/CelestialPaler/CTHackFramework): 游戏外挂通用框架,快速构建外挂程序。
[security-code-scan](https://github.com/security-code-scan/security-code-scan): Vulnerability Patterns Detector for C# and VB.NET
[security-guard](https://github.com/symfony/security-guard): The Guard component brings many layers of authentication together, making it much easier to create complex authentication systems where you have total control.
[NTRGhidra](https://github.com/pedro-javierf/NTRGhidra): A Nintendo DS binary loader for Ghidra
[Automated-Reconator](https://github.com/CyberDruid-Codes/Automated-Reconator)
[noisesocket](https://github.com/Metalnem/noisesocket): .NET Standard 1.3 implementation of the NoiseSocket Protocol (revision 2 of the spec)
[autowire](https://github.com/elghazal-a/autowire): Automatically configure Wireguard interfaces in distributed system. It supports Consul as backend.
[awesome-hacking-books](https://github.com/theodorecooper/awesome-hacking-books): A collection of tutorials(e-books, PDF) about cybersecurity and programming.
[ReverseSh3LL_As_R00tkit](https://github.com/CJHackerz/ReverseSh3LL_As_R00tkit): An example kernel module rootkit to get reverse shell
[PortForward](https://github.com/knownsec/PortForward): The port forwarding tool developed by Golang solves the problem that the internal and external networks cannot communicate in certain scenarios
[pwndoc](https://github.com/pwndoc/pwndoc): Pentest Report Generator
[process_ghost](https://github.com/her0mx/process_ghost): Process Ghosting Rust
[secure-pbcopy](https://github.com/alyssais/secure-pbcopy): pbcopy(1) replacement that marks data as confidential
[android-hckTool](https://github.com/Izoman/android-hckTool): Android application that consists from collection of all kinds of hacking tools.
[libinject](https://github.com/kkent030315/libinject): A dll injector static library for Win x64 processes with handle elevation supported
[Awesome-CyberSec-Resources](https://github.com/theepiccode/Awesome-CyberSec-Resources): An awesome collection of curated Cyber Security resources(Books, Tutorials, Blogs, Podcasts, ...)
[OffSecDevOps](https://github.com/omaidf/OffSecDevOps): Offensive Security + DevOps = Fun. Not Safe For AWS.
[passwnd](https://github.com/sindastra/passwnd): Check for breached passwords with k-anonymity
[opensquat](https://github.com/atenreiro/opensquat): Detection of phishing domains and domain squatting. Supports permutations such as homograph attack, typosquatting and bitsquatting.
[PS4](https://github.com/jhaik13/PS4): PS4 exploit host for 6.72. 7.02, 7.5x with 100% success rate.
[PBKDF2](https://github.com/m9aertner/PBKDF2): A free Java implementation of RFC 2898 / PKCS#5 PBKDF2
[PULock](https://github.com/0rientd/PULock): Program with UI to choose the USB which will be used like key to lock you PC
[arp-scan-rs](https://github.com/kongbytes/arp-scan-rs): A minimalistic ARP scan tool written in Rust for fast local network scans
[WannaTool](https://github.com/Err0r-ICA/WannaTool): Script collection
[cybersecurity-lab](https://github.com/sgtux/cybersecurity-lab): Laboratory to study security concepts
[Zip-BruteForcer](https://github.com/sudo-Ayush/Zip-BruteForcer): Simple python script that can crack ZIP FILE's password!
[lego](https://github.com/go-acme/lego): Let's Encrypt/ACME client and library written in Go
[Sec-Tools](https://github.com/jwt1399/Sec-Tools): 🍉一款基于Python-Django的多功能Web安全渗透测试工具,包含漏洞扫描,端口扫描,指纹识别,目录扫描,旁站扫描,域名扫描等功能。
[JoomlaScan](https://github.com/Pepelux/JoomlaScan): Joomla version and modules scanner
[geo-recon](https://github.com/radioactivetobi/geo-recon): An OSINT CLI tool desgined to fast track IP Reputation and Geo-locaton look up for Security Analysts.
[CSA](https://github.com/ArjitKapoor1/CSA): A web based training portal for employee training in cybersecurity methodologies with a game based questionnaire.
[shfzlib](https://github.com/shfz/shfzlib): Scenario-based fuzzing test execution tool's scenario library
[PwnX.py](https://github.com/ecriminal/PwnX.py): 🏴☠️ Pwn misconfigured sites running ShareX custom image uploader API through chained exploit
[Shellkins](https://github.com/HSNHK/Shellkins): Jenkins Remote Command Execution
[reverse-engineering-tutorials](https://github.com/maestron/reverse-engineering-tutorials): Reverse Engineering Tutorials
[fugacious](https://github.com/fugacious/fugacious): OSSSM (awesome). Open source short-term secure messaging
[upash](https://github.com/simonepri/upash): 🔒Unified API for password hashing algorithms
[FOHackerApp](https://github.com/boubou37/FOHackerApp): A prototype solver for the Fallout 3 / Fallout New Vegas hacking minigame
[php-8.1.0-dev-zerodium-rce](https://github.com/fahmifj/php-8.1.0-dev-zerodium-rce): An exploit for 'zerodium' backdoor in PHP 8.1.0-dev via User-Agent.
[NoPixel_Heist_Games](https://github.com/RobertWRadford/NoPixel_Heist_Games): Click the link below to route to the page.
[CiscoSpill](https://github.com/shaheemirza/CiscoSpill): Just a PoC tool to extract password using CVE-2019-1653.
[web2attack](https://github.com/santatic/web2attack): Web hacking framework with tools, exploits by python
[NodeJS-Red-Team-Cheat-Sheet](https://github.com/aadityapurani/NodeJS-Red-Team-Cheat-Sheet): NodeJS Red-Team Cheat Sheet
[FastGH3](https://github.com/donnaken15/FastGH3): Minimal Guitar Hero 3 mod with one click play
[Cobra](https://github.com/FeeiCN/Cobra): Source Code Security Audit (源代码安全审计)
[cybersecurity-resources](https://github.com/alex-bellon/cybersecurity-resources): Resources for learning about cybersecurity and CTFs
[LoL-Hacking](https://github.com/SadeghHayeri/LoL-Hacking): My Hacking Activities!
[woodpecker](https://github.com/qeeqbox/woodpecker): Custom security distro for remote penetration testing
[bigdjrp.github.io](https://github.com/bigdjrp/bigdjrp.github.io): Main repo used for an e-porfolio, displaying projects, cv-resume, and relevant information.
[ouba-paper](https://github.com/GACWR/ouba-paper): Working white paper for OpenUBA
[Brugglemark](https://github.com/davidprefer/Brugglemark): PowerShell script that abuses browser bookmark synchronization as a mechanism for sending and receiving data between systems.
[ropgadgetlib](https://github.com/Neetx/ropgadgetlib): Library for rop gadgets extraction for personal experiments
[HostEnumerator](https://github.com/fieldraccoon/HostEnumerator): A tool that automates the process of enumeration
[Societe-General](https://github.com/benedekrozemberczki/Societe-General): Solution for ENS - Societe Generale Challenge (1st place).
[SpringBreakVulnerableApp](https://github.com/m3ssap0/SpringBreakVulnerableApp): WARNING: This is a vulnerable application to test the exploit for the Spring Break vulnerability (CVE-2017-8046). Run it at your own risk!
[conclave](https://github.com/multiparty/conclave): Query compiler for secure multi-party computation.
[IoT-Security-Attack-Surface](https://github.com/CJHackerz/IoT-Security-Attack-Surface): Simple mind maps for IoT security attack surfaces and methodologies
[InfoSecLibrary](https://github.com/Optixal/InfoSecLibrary): School-related infocomm security notes
[kamene](https://github.com/phaethon/kamene): Network packet and pcap file crafting/sniffing/manipulation/visualization security tool. Originally forked from scapy in 2015 and providing python3 compatibility since then.
[RPCMon](https://github.com/cyberark/RPCMon): RPC Monitor tool based on Event Tracing for Windows
[AIC-2018](https://github.com/vinayakumarr/AIC-2018): Application of machine learning for cyber security
[GadgetProbe](https://github.com/BishopFox/GadgetProbe): Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.
[AirDoS](https://github.com/KishanBagaria/AirDoS): 💣 Remotely render any nearby iPhone or iPad unusable with an AirDrop exploit (now patched)
[attack-scripts](https://github.com/mitre-attack/attack-scripts): Scripts and a (future) library to improve users' interactions with the ATT&CK content
[RobsScanner](https://github.com/NeloF4/RobsScanner): ROBOTS.TXT SCANNER
[drheader-junit-test-containers](https://github.com/juan-medina/drheader-junit-test-containers): Using DrHeader in JUnit test with TestContainers
[secret-share](https://github.com/declan94/secret-share): A secret sharing tool based on Shamir's Secret Sharing algorithm implemented with pure Golang
[net-vulnerability](https://github.com/PetarRan/net-vulnerability): Check if your IPs, URLs or hosts are potentially malicious or infected.
[Dracnmap](https://github.com/screetsec/Dracnmap): Dracnmap is an open source program which is using to exploit the network and gathering information with nmap help. Nmap command comes with lots of options that can make the utility more robust and difficult to follow for new users. Hence Dracnmap is designed to perform fast scaning with the utilizing script engine of nmap and nmap can perform various automatic scanning techniques with the advanced commands.
[webauthn.io](https://github.com/duo-labs/webauthn.io): The source code for webauthn.io, a demonstration of WebAuthn.
[ImpulsiveDLLHijack](https://github.com/knight0x07/ImpulsiveDLLHijack): C# based tool which automates the process of discovering and exploiting DLL Hijacks in target binaries. The Hijacked paths discovered can later be weaponized during Red Team Operations to evade EDR's.
[ESP_For_PubgMobile](https://github.com/satyamurti/ESP_For_PubgMobile): 🛩Pubg Mobile Hack using Extra Sensory Perception(ESP)🐱💻
[dark-lord-obama](https://github.com/tanc7/dark-lord-obama): AV-evading Pythonic Reverse Shell with Dynamic Adaption Capabilities
[AndroidEncryptionExample](https://github.com/brianPlummer/AndroidEncryptionExample): Android RSA AES Example with unit tests
[gitlab-watchman](https://github.com/PaperMtn/gitlab-watchman): Monitoring GitLab for sensitive data shared publicly
[Petya2-Patch](https://github.com/Th3Shadowbroker/Petya2-Patch): A patch to protect your windows pc from Petya 2 LAN-Attacks.
[digital-copyright](https://github.com/haiphenAI/digital-copyright): Stamp your code with a trackable digital copyright
[PwdPwnd](https://github.com/aronsky/PwdPwnd): A tool for local password searches in Troy Hunt's HIBP password hash list
[hidenc](https://github.com/kapraran/hidenc): A cli tool to easily encrypt and decrypt files
[PENTESTING-BIBLE](https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE): Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.
[RubyID](https://github.com/snk-git/RubyID): This is generator of Passwords in 2048bit for UsbKey , it generate , save it in a cryptfile and show you the clear file while 30 seconds when you want
[wtfuzz](https://github.com/mattjegan/wtfuzz): A pip-installable tool used for checking the existence of different types of web resources
[EllipticCurveKeyPair](https://github.com/agens-no/EllipticCurveKeyPair): Sign, verify, encrypt and decrypt using the Secure Enclave
[ssh-alert](https://github.com/kfiros/ssh-alert): Detect SSH connection attempts in real time using ptrace
[discord-link-phishing](https://github.com/XKMR/discord-link-phishing): hack people's discord by sending them a link! I AM NOT RESPONSIBLE FOR ANY CONSEQUENCES. FOR SECURITY TESTING PURPOSES ONLY
[AMLIDS](https://github.com/jcapellman/AMLIDS): Android Machine Learning Intrusion Detection System written in C#
[Email-Recon](https://github.com/matiasmenares/Email-Recon): 👁 Recon email existence
[EmoCheck](https://github.com/JPCERTCC/EmoCheck): Emotet detection tool for Windows OS
[twistrs](https://github.com/JuxhinDB/twistrs): A domain name permutation and enumeration library powered by Rust.
[.NetCoreVBBindShell](https://github.com/melardev/.NetCoreVBBindShell)
[CVE-2019-15514](https://github.com/graysuit/CVE-2019-15514): telegram bug that discloses user's hidden phone number (still unpatched) (exploit included)
[WatchAD](https://github.com/Qianlitp/WatchAD): AD Security Intrusion Detection System
[Burp-Suite](https://github.com/SNGWN/Burp-Suite): || Activate Burp Suite Pro with Key-Generator and Key-Loader ||
[offensive-docker](https://github.com/aaaguirrep/offensive-docker): Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.
[OPENORCHID](https://github.com/rustrose/OPENORCHID): Collection of GoPhish templates available for legitimate usage.
[android-play-safetynet](https://github.com/googlesamples/android-play-safetynet): Samples for the Google SafetyNet Attestation API
[AssetsDiscovery](https://github.com/xinali/AssetsDiscovery): Assets Discovery System
[sedres](https://github.com/kaantekiner/sedres): DNSSEC Application in Terms of Cyber Security and Social Engineering: Sedres / Bachelor's Degree Thesis, Yeditepe University - 2021
[DPAPI](https://github.com/abdulkadir-gungor/DPAPI): Information stored in applications is decrypted using DPAPI. In this way, attacker passwords may be captured. For use in attack scenarios, two applications written in Python language have been developed that steal the information stored in internet browsers: 1-Browser Stealer, 2-Browser Stealer Report
[netz](https://github.com/SpectralOps/netz): Discover internet-wide misconfigurations while drinking coffee
[js-x-ray](https://github.com/NodeSecure/js-x-ray): JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.
[m49D4ch3lly](https://github.com/m49D4ch3lly/m49D4ch3lly): Global Citizen, Tunisian and Polish by birth and nationality, Singaporean resident, cybersecurity passionate, author, public speaker, entertainer, and serial entrepreneur.
[hardentheworld](https://github.com/jekil/hardentheworld): Harden the world is a community driven project to develop hardening guidelines and checklists for common software and devices.
[net-engine](https://github.com/jaywon/net-engine): Configurable and multilingual cybersecurity scenario based game play engine
[honeypot-iot](https://github.com/anouarbensaad/honeypot-iot): This tool to simulate http server attacks in Python which logs HackerIP and all the tracing he does into a Logfile then a database.
[plug_content_security_policy](https://github.com/xtian/plug_content_security_policy): Plug module for generating a Content Security Policy header
[pyraider](https://github.com/tilakthimmappa/pyraider): Using PyRaider You can scan installed dependencies known security vulnerabilities. It uses publicly known exploits, vulnerabilities database.
[libreddit](https://github.com/spikecodes/libreddit): Private front-end for Reddit
[SaltedCaramel](https://github.com/001SPARTaN/SaltedCaramel): Apfell implant written in C#.
[Secretkeeper](https://github.com/Dark-Gran/Secretkeeper): SpringBoot webapp (jsp) with MySQL DB and basic encryption. (learning/testing project)
[redteamwiki](https://github.com/redteamwiki/redteamwiki)
[aaw-security-proposal](https://github.com/StatCan/aaw-security-proposal): Proposal for the implementation of Protected B workloads in the Advanced Analytics Workspace
[dotenv_sekrets](https://github.com/mikamai/dotenv_sekrets): Seamlessly encrypt/decrypt/edit your rails Dotenv files with the help of the Sekrets gem
[phpLibUserConnected](https://github.com/CymDeveloppement/phpLibUserConnected): Librairie de gestion d'utilisateur pour PHP
[secrethub-circleci-orb](https://github.com/secrethub/secrethub-circleci-orb): Load secrets into CircleCI jobs
[Centox](https://github.com/Serphyus/Centox): Centox is an injection handler with a collection of payloads for remote access, executable deployment and more for Windows, Mac and Linux
[vulnx](https://github.com/anouarbensaad/vulnx): vulnx 🕷️ an intelligent Bot, Shell can achieve automatic injection, and help researchers detect security vulnerabilities CMS system. It can perform a quick CMS security detection, information collection (including sub-domain name, ip address, country information, organizational information and time zone, etc.) and vulnerability scanning.
[cfuzz](https://github.com/ariary/cfuzz): Command line fuzzer and bruteforcer 🌪 wfuzz for command
[Cybersecurity-TinyOS-Encryption](https://github.com/cgreen18/Cybersecurity-TinyOS-Encryption): Final project for Fundamentals of Cybersecurity
[exodus](https://github.com/cpl/exodus): Data exfiltration using DNS
[MyLittleGit](https://github.com/Cloudbeast/MyLittleGit): My little Git space...
[Black-Tool](https://github.com/mrprogrammer2938/Black-Tool): Install the tools and start Attacking , black-tool v5.0 ! ⬛
[SMG2-FPSCounterLayout](https://github.com/SuperHackio/SMG2-FPSCounterLayout): FPS Counter for mod creators to track their framerates with. Super Mario Galaxy 2 only.
[hackertarget](https://github.com/pyhackertarget/hackertarget): 🎯 HackerTarget ToolKit - Tools And Network Intelligence To Help Organizations With Attack Surface Discovery 🎯
[kalel](https://github.com/noobscode/kalel): Kal El Network Stress Test and Penetration Testing Toolkit
[WhoisSubdomain](https://github.com/YoungRichOG/WhoisSubdomain): 通过Whois信息发现更多与目标有关联的域名,扩大攻击面
[local-php-security-checker](https://github.com/fabpot/local-php-security-checker): PHP security vulnerabilities checker
[buildpack-zap-daemon](https://github.com/hahwul/buildpack-zap-daemon): zap(zed attack proxy) daemon mode buildpack of heroku
[Web2.0-Guvenligi-](https://github.com/farcompen/Web2.0-Guvenligi-): BGA Akademi Web 2.0 Güvenliği Eğitim Dökümanı
[awesome-web-security](https://github.com/qazbnm456/awesome-web-security): 🐶 A curated list of Web Security materials and resources.
[wirehack](https://github.com/error434/wirehack): Scripts for hacking through wireless network [WiFi]
[PiFiHacker](https://github.com/austinbenincasa/PiFiHacker): CLI for deploying a Evil Twin Wifi network
[crydra-16](https://github.com/secdec/crydra-16): Convenience wrapper around the Hydra brute force password cracking tool to help with automation
[Awesome-Cellular-Hacking](https://github.com/W00t3k/Awesome-Cellular-Hacking): Awesome-Cellular-Hacking
[Path-traversal-RCE-Apache-2.4.49-2.4.50-Exploit](https://github.com/CalfCrusher/Path-traversal-RCE-Apache-2.4.49-2.4.50-Exploit): CVE-2021-41773 | CVE-2021-42013 Exploit Tool (Apache/2.4.49-2.4.50)
[PowerShell-InMemory-Execution](https://github.com/tomstryhn/PowerShell-InMemory-Execution): PowerShell InMemory Execution explained, with samples.
[Phanto-M](https://github.com/indiancybertroops/Phanto-M): Phanto-M is Tool Designed To Enumeration of Subdomain Fastly This is Based On Open Source Api And We Used Multiple APi in Tool
[FastPwn](https://github.com/da1sy/FastPwn): CTF中Pwn的快速利用模板(包含awd pwn)
[Drupalgeddon3](https://github.com/rithchard/Drupalgeddon3): Drupal < 7.58 - Drupalgeddon 3 Authenticated Remote Code Execution (Metasploit)
[zmNinja](https://github.com/ZoneMinder/zmNinja): High performance, cross platform ionic app for Home/Commerical Security Surveillance using ZoneMinder
[deeptracy](https://github.com/BBVA/deeptracy): The Security Dependency Orchestrator Service
[gofingerprint](https://github.com/Static-Flow/gofingerprint): GoFingerprint is a Go tool for taking a list of target web servers and matching their HTTP responses against a user defined list of fingerprints.
[ParadoxSE](https://github.com/safinsingh/ParadoxSE): 🔒 An elegant security competition scoring engine
[ShonyDanza](https://github.com/fierceoj/ShonyDanza): A customizable, easy-to-navigate tool for researching, pen testing, and defending with the power of Shodan.
[Perfect-Malware-Samples](https://github.com/Perfectdotexe/Perfect-Malware-Samples): Fresh malware samples caught in the wild daily from random places. 🎣
[SocialScraper](https://github.com/Aravindha1234u/SocialScraper): Social Scraper is a python tool meant for Detection of Child Predators/Cyber Harassers on Social Media
[Disclosures](https://github.com/jdgregson/Disclosures): My publically disclosed vulnerability reports.
[Computer-Science-Engineering](https://github.com/comidan/Computer-Science-Engineering): Collection of all courses, and their materials, attended at Politecnico di Milano during both Bachelor level degree and Master level degree in Engineering, Computer Science Engineering
[boofuzz](https://github.com/jtpereyda/boofuzz): A fork and successor of the Sulley Fuzzing Framework
[rabid](https://github.com/Orange-Cyberdefense/rabid): :cookie: A CLI tool and library allowing to simply decode all kind of BigIP cookies.
[Debian-Privacy-Server-Guide](https://github.com/drduh/Debian-Privacy-Server-Guide): Guide to using a remote Debian server for security and privacy services
[customer-er](https://github.com/databricks-industry-solutions/customer-er)
[sumbo](https://github.com/Elsfa7-110/sumbo): My subdomain enumeration script. 7 ways
[StatelessCSRF](https://github.com/Ayesh/StatelessCSRF): Secret-key based state-less CSRF token generator and validator for PHP 7. State-less means you do not have to store the CSRF token in session or database.
[king-phisher](https://github.com/rsmusllp/king-phisher): Phishing Campaign Toolkit
[Goldman-Sachs-Engineering](https://github.com/VesaKelani/Goldman-Sachs-Engineering): Work from the Goldman Sachs Engineering Virtual Program hosted on forage.
[xleach](https://github.com/nompelis/xleach): A Unix/Linux utility for "leaching" the root window of an X server. (Nothing to see here.)
[graphql-cop](https://github.com/dolevf/graphql-cop): Security Auditor Utility for GraphQL APIs
[exploit-CVE-2016-8016-25](https://github.com/opsxcq/exploit-CVE-2016-8016-25): McAfee Virus Scan for Linux multiple remote flaws (CVE 2016-8016, CVE 2016-8017, CVE 2016-8018, CVE 2016-8019, CVE 2016-8020, CVE 2016-8021, CVE 2016-8022, CVE 2016-8023, CVE 2016-8024, CVE 2016-8025)
[radvpn](https://github.com/mehrdadrad/radvpn): Decentralized VPN
[dlyscl-web3-bootcamp](https://github.com/sofianhw/dlyscl-web3-bootcamp): Web3 Developer Bootcamp by DailySocial.id - Day 2
[DOS.PY](https://github.com/Xeroxxhah/DOS.PY): A Simple yet powerful Dos script
[continent](https://github.com/jmiller-soft/continent): Continent - secure VPN proxy (client and server) and file container with military-grade encryption.
[DARKARMY](https://github.com/D4RK-4RMY/DARKARMY): DARKARMY Hacking Tools Pack - A Penetration Testing Framework .
[IOT-MQTT-Exploit](https://github.com/Warflop/IOT-MQTT-Exploit): An tool for search IOT MQTT vulnerable with shodan
[haaukins-store](https://github.com/aau-network-security/haaukins-store): New haaukins component responsible to store data into the database
[KaliToolsManual](https://github.com/AGLcaicai/KaliToolsManual): Kali Linux 工具合集中文说明书
[Pool2022](https://github.com/PoCInnovation/Pool2022): Pools organized for Epitech's students in 2022.
[pysectools](https://github.com/unrelentingtech/pysectools): A small Python library that contains various security things
[sio_project_3](https://github.com/oEscal/sio_project_3): Security project 3
[tryhackme_adventofcyber2_day16](https://github.com/xenophil90/tryhackme_adventofcyber2_day16): Solution to the Day 16-Challenge of TryHackMe's Advent Of Cyber 2.
[CVE-2022-27925](https://github.com/Josexv1/CVE-2022-27925): Zimbra CVE-2022-27925 PoC
[LPsecurity](https://github.com/dim-blanchard/LPsecurity): Plugin de sécurisation de serveur Minecraft en version 1.8.8.
[huawei_hg255s_exploit](https://github.com/exploit-labs/huawei_hg255s_exploit): 🚀 Server Directory Traversal at Huawei HG255s ☄️ - CVE-2017-17309 🚀
[kcare-uchecker](https://github.com/cloudlinux/kcare-uchecker): A simple tool to detect outdated shared libraries
[Sphinx.bot](https://github.com/rf-peixoto/Sphinx.bot): Sphinx.bot is a platform for collecting data leaks. All information recorded here is publicly available on the web. Any malicious use of this information is strictly prohibited.
[hoppr-cop](https://github.com/lmco/hoppr-cop): Hoppr Cop is a cli and python library that generates high quality vulnerability information from a cyclone-dx Software Bill of Materials (SBOM) by aggregating data from multiple vulnerability databases. This project is a mirror from gitlab
[Documents](https://github.com/coderserdar/Documents): This repo includes some kind of documentation files about Information Technologies like Programming, Operating Systems, Cyber Security, Algorithm, Mobile Development etc.
[Ethical-Hacking-Security-Application](https://github.com/ankushlakhani3/Ethical-Hacking-Security-Application): It is a desktop application made in PYQT5 and various python libraries, basically it is a kind of GUI version of lazyhack. It also contains advance backdoor and can perform various attack.
[adguardhome-doh-dot](https://github.com/oijkn/adguardhome-doh-dot): Official AdGuarHome docker with both DoH (DNS over HTTPS) and DoT (DNS over TLS) clients. Don't browse the Internet insecurely by sending your DNS requests in clear text !
[shellcoder](https://github.com/gnebbia/shellcoder): Create shellcode from executable or assembly code
[RemaxDos](https://github.com/RemaxBoxTeam/RemaxDos): This is Script tools from all attack Denial of service by C programming
[CloudHunter](https://github.com/belane/CloudHunter): AWS, Azure and Google bucket scanner
[watchr](https://github.com/gnuns/watchr): Track IP address via url redirection
[audit-bot](https://github.com/ekdevdes/audit-bot): A bot to audit the performance, best practices, accessiblity, SEO, PWA and security of your site.
[fwanalyzer](https://github.com/cruise-automation/fwanalyzer): a tool to analyze filesystem images for security
[FACT_core](https://github.com/fkie-cad/FACT_core): Firmware Analysis and Comparison Tool
[ip-detector](https://github.com/vivek-pancholi/ip-detector): This small PHP scripts detects IP address whether from it's protected by web proxy or other methods. It reveals original IP address and finds access from which IP address and from which browser.
[WusaBypassUAC](https://github.com/Yet-Zio/WusaBypassUAC): UAC bypass abusing WinSxS in "wusa.exe". Referred from and similar to: https://github.com/L3cr0f/DccwBypassUAC , Kudos to L3cr0f and FuzzySecurity for their efforts
[CVE-2020-3452-Exploit](https://github.com/3ndG4me/CVE-2020-3452-Exploit): Just basic scanner abusing CVE-2020-3452 to enumerate the standard files accessible in the Web Directory of the CISCO ASA applicances.
[Nutoscan](https://github.com/whitehatsoumya/Nutoscan): An Automated Mass Network Vulnerability Scanner and Recon Tool
[EDT](https://github.com/motazreda/EDT): Exploit Development toolkit is a project that makes exploit developer's life much easier.
[can-i-take-over-xyz](https://github.com/EdOverflow/can-i-take-over-xyz): "Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
[Password-Manager](https://github.com/Tech-Matrix/Password-Manager): A password manager is a tool that takes in information from the user and stores it in encrypted form. It then allows the user to get back their data using the master key which the tool provides.
[HG8045Q](https://github.com/meh301/HG8045Q): Pwning the Nuro issued Huawei HG8045Q
[NIVOSITE](https://github.com/TheSadError/NIVOSITE): NIVOS Offical Website
[Email-scale-tester](https://github.com/pepipost/Email-scale-tester): This Project helps user to benchmark speed of sending mail. :email:
[dribble](https://github.com/rhaidiz/dribble): A small project for stealing Wi-Fi passwords via browser's cache poisoning
[awesome-security-GRC](https://github.com/Arudjreis/awesome-security-GRC): Curated list of resources for security Governance, Risk Management, Compliance and Audit professionals and enthusiasts (if they exist).
[Oralyzer](https://github.com/r0075h3ll/Oralyzer): Open Redirection Analyzer
[defensegrid](https://github.com/commandline-be/defensegrid): notes on how to build defense
[chronicel](https://github.com/kbohinski/chronicel): Our super sweet hacker management system, built for HackTCNJ 2017+ | Used by Hack@WPI 2018!
[awesome-security-articles](https://github.com/irgoncalves/awesome-security-articles): This repository contains links to awesome security articles.
[Pi.Alert](https://github.com/pucherot/Pi.Alert): WIFI / LAN intruder detector. Check the devices connected and alert you with unknown devices. It also warns of the disconnection of "always connected" devices
[heimdal-ctf](https://github.com/akhefale/heimdal-ctf): An extensible platform for collaborative CTF challenges of all sorts - although best suited for cybersecurity training.
[FlipperZero](https://github.com/JMousqueton/FlipperZero): Various tools for my flipperzero
[Tech-Notes](https://github.com/gigaSecure/Tech-Notes): This is my own notes containing all the information and knowledge I've gained during my studying sessions. The notes are all topics that relates to technology such as computers, software or programming.
[threema-msgapi-sdk-php](https://github.com/rugk/threema-msgapi-sdk-php): Gateway MsgApi SDK - PHP
[PortTran](https://github.com/k8gege/PortTran): PortTran (.NET端口转发工具,支持任意权限)
[bettercap](https://github.com/bettercap/bettercap): The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.
[Project-Tauro](https://github.com/k0r0pt/Project-Tauro): A Router WiFi key recovery/cracking tool with a twist.
[Reverse-Engineering-Tutorials](https://github.com/GeoSn0w/Reverse-Engineering-Tutorials): Some Reverse Engineering Tutorials for Beginners
[Kryptosystemy](https://github.com/trolit/Kryptosystemy): Repozytorium przechowuje wszelkie implementacje programów/algorytmów związanych z szyfrowaniem, deszyfracją, złośliwym oprogramowaniem(keylogger)
[Windows-APT-Warfare](https://github.com/aaaddress1/Windows-APT-Warfare): 著作《Windows APT Warfare:惡意程式前線戰術指南》各章節技術實作之原始碼內容
[Raven](https://github.com/CallistoHouseLtd/Raven): 2-vat test is working, the basic getTheAnswer test and the whenResolved reactor test. The 3-vat tests are still failing. An issue with timing against the core tables (imports/exports, questions/answers). Layers 6 through 9 of the 9-layer Vogel cloud-stack, running on top of ParrotTalk 3.7. {5: Parrot, 6: Raven, 7: Pigeon, 8: Vulture, 9: Eagle}
[EnvironmentConfigurationObfuscation](https://github.com/hoggmania/EnvironmentConfigurationObfuscation): A pluggable mechanism to (de)obfuscate configuration secrets in a lights out management environment.
[fleet](https://github.com/fleetdm/fleet): Fleet is the lightweight, programmable telemetry platform for servers and workstations. Get comprehensive, customizable data from all your devices and operating systems — without the downtime risk.
[reverse_shell](https://github.com/jcs090218/reverse_shell): Reverse shell implementation using Python.
[jupyter-collection](https://github.com/fr0gger/jupyter-collection): Collection of Jupyter Notebooks by @fr0gger_
[HTA-EXPLOIT](https://github.com/trewisscotch/HTA-EXPLOIT)
[xkeys](https://github.com/vsec7/xkeys): Extract Sensitive Keys, Secret, Token Or Interested thing from source
[docker-vulnerable-dvwa](https://github.com/opsxcq/docker-vulnerable-dvwa): Damn Vulnerable Web Application Docker container
[NodeSecurityShield](https://github.com/DomdogSec/NodeSecurityShield): A Developer and Security Engineer friendly package for Securing NodeJS Applications.
[cyber-security-linux-commands](https://github.com/j0eii/cyber-security-linux-commands): daily usage one liner for your cyber security (junk yard lol)
[Shreder](https://github.com/EntySec/Shreder): Shreder is a powerful multi-threaded SSH protocol password brute-force tool.
[thewhitecircle.github.io](https://github.com/thewhitecircle/thewhitecircle.github.io): Official website of TWC
[aws-iam-resources](https://github.com/ellerbrock/aws-iam-resources): :key: Collection of useful AWS IAM Resources & Policies
[google-hacking-monitor](https://github.com/wmarquardt/google-hacking-monitor): A CLI tool to monitoring a website results in google search
[PHP-Mini-File-Browser](https://github.com/lynt-smitka/PHP-Mini-File-Browser)
[Acer_Chromebook_C720](https://github.com/wuseman/Acer_Chromebook_C720): How to hack any Acer C7(4)20 Chromebook that has been locked remotely by the enrollment admin
[padoracle](https://github.com/imyelo/padoracle): Padding Oracle Attack with Node.js
[gOSINT](https://github.com/Nhoya/gOSINT): OSINT Swiss Army Knife
[attack-navigator](https://github.com/mitre-attack/attack-navigator): Web app that provides basic navigation and annotation of ATT&CK matrices
[LinSysInfo](https://github.com/ShadowVMX/LinSysInfo): Script en bash que tiene como objetivo verificar las distintas características y versiones del sistema para llevar a cabo la escalada de privilegios en los SO Linux.
[IoTSan](https://github.com/dangtunguyen/IoTSan): IotSan: Fortifying the Safety of IoT Systems (ACM CoNEXT'18)
[df-ml-anomaly-detection](https://github.com/GoogleCloudPlatform/df-ml-anomaly-detection): Streaming Anomaly Detection Solution by using Pub/Sub, Dataflow, BQML & Cloud DLP
[bash_scripting](https://github.com/bing0o/bash_scripting): bash scripting thing!
[terraform-aws-secure-sg](https://github.com/cmeinco/terraform-aws-secure-sg): Maintain a AWS Security Group Rule to allow access from dynamic external ip address.
[gdpr-tracker](https://github.com/privacyradius/gdpr-tracker): A crowdsourced directory tracking the compliance and security practices of cloud services and their subprocessors
[flask-xsrf](https://github.com/gregorynicholas/flask-xsrf): flask extension for defending against cross-site request forgery attacks (XSRF/CSRF)
[Smersh](https://github.com/CMEPW/Smersh): Smersh is a pentest oriented collaborative tool used to track the progress of your company's missions.
[Logic-Bomb-Python](https://github.com/Ck1998/Logic-Bomb-Python): This is my understanding of a logic bomb, built using python.
[securityModule](https://github.com/DanielVT45/securityModule): Este proyecto sirve para gestionar los accesos de la aplicación, mediante la generación de web tokens. Dichos tokens autenticaran y autorizaran a los usuarios.
[h4cklife.org](https://github.com/Clutchisback1/h4cklife.org): Blog about hacking things I've learned
[docker-hacklab](https://github.com/johackim/docker-hacklab): My personal hacklab, create your own.
[linkscyberthreatintelligence](https://github.com/lehmariaa/linkscyberthreatintelligence): Alguns links legais para quem gostaria de entender mais sobre os fundamentos de CTI. Pra quem gostaria de contribuir, só aceitarei PR relacionado a conteúdos teóricos, como blogs, podcasts, videos, livros sendo conteúdos grátis ou baratos.
[RedHat-Satellite-Dashboard](https://github.com/platipusica/RedHat-Satellite-Dashboard): Jam.py Application Dashboard for Red Hat Satellite 5.x
[cve-2019-14514](https://github.com/seqred-s-a/cve-2019-14514): Remote code execution in Microvirt MEmu
[awesome-korea-security-paper](https://github.com/codeengn/awesome-korea-security-paper): Introduces Republic of Korea's security documents recommended by CodeEngn.
[keyboard-interceptor-micropython](https://github.com/alpsayin/keyboard-interceptor-micropython): Proof-of-concept keyboard keystroke interceptor for PS/2 protocol proposed to be used with USB-to-ps/2 downgrade
[Python-Password-Generator](https://github.com/vismodo/Python-Password-Generator): If you already know a little tkinter but don't know what to do with it, Here is a tutorial!
[P0rtscann3r](https://github.com/SubhadipNag/P0rtscann3r): Python Scanning Script
[papers_please](https://github.com/papersPleaseProgrammer/papers_please): Exploit for HP's GGW Server found on common household printers.
[Reconky-Automated_Bash_Script](https://github.com/ShivamRai2003/Reconky-Automated_Bash_Script): Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.
[TermuxCyberArmy](https://github.com/Err0r-ICA/TermuxCyberArmy)
[container-security-checklist](https://github.com/krol3/container-security-checklist): Checklist for container security - devsecops practices
[CVE-2018-2380](https://github.com/erpscanteam/CVE-2018-2380): PoC of Remote Command Execution via Log injection on SAP NetWeaver AS JAVA CRM
[HaveIBeenPwnedKeePassPlugin](https://github.com/kapsiR/HaveIBeenPwnedKeePassPlugin): KeePass plugin which integrates the k-Anonymity pwned password search from HIBP
[jsql-injection](https://github.com/ron190/jsql-injection): jSQL Injection is a Java application for automatic SQL database injection.
[chef-windows-hardening](https://github.com/dev-sec/chef-windows-hardening): This chef cookbook provides windows hardening configurations for the DevSec Windows baseline profile.
[Phishbait](https://github.com/Err0r-ICA/Phishbait): 100% working Phishing Tool (38 websites)
[Dirty-Pipe-CVE-2022-0847](https://github.com/sa-infinity8888/Dirty-Pipe-CVE-2022-0847): CVE-2022-0847 (Dirty Pipe) is an arbitrary file overwrite vulnerability that allows escalation of privileges by modifying or overwriting arbitrary read-only files e.g. /etc/passwd, /etc/shadow.
[CryptoManana](https://github.com/TonyKaravasilev/CryptoManana): An Advanced PHP Cryptography Framework
[WeakWebServer](https://github.com/mauricelambert/WeakWebServer): A weak web server for ethical hacking (implemented in python).
[py-gitguardian](https://github.com/GitGuardian/py-gitguardian): Python API client library for the GitGuardian API
[KITT-Lite](https://github.com/Cisc0-gif/KITT-Lite): Python-Based Pentesting CLI Tool
[break-fast-serial](https://github.com/GoSecure/break-fast-serial): A proof of concept that demonstrates asynchronous scanning for Java deserialization bugs
[NimbusSRP-Android](https://github.com/Fi5t/NimbusSRP-Android): Classic NimbusSRP library is optimized for Android
[HatVenom](https://github.com/EntySec/HatVenom): HatVenom is a powerful payload generation tool that provides support for all common platforms and architectures.
[Traffic-Confuser](https://github.com/0xDarkSky/Traffic-Confuser): Python script to send random HTTP requests, to "hide" your traffic and confuse your ISP/VPN. Your web traffic will be cheaper to sell and useless for ads. Your traffic will look weird and hard to identify, what you browse and are interested in.
[line-fido2-server](https://github.com/line/line-fido2-server): FIDO2(WebAuthn) server officially certified by FIDO Alliance and Relying Party examples.
[Antimalware-Research](https://github.com/NtRaiseHardError/Antimalware-Research): Research on Anti-malware and other related security solutions
[All-Discord-Exploits](https://github.com/ImLorio/All-Discord-Exploits): This is a list of Discord console scripts, bugs and exploits.
[static_file_analysis](https://github.com/lprat/static_file_analysis): Analysis of file (doc, pdf, exe, ...) in deep (emmbedded file(s)) with clamscan and yara rules
[pentesting-cookbook](https://github.com/tasooshi/pentesting-cookbook): A set of recipes useful in pentesting and red teaming scenarios
[Atmail-exploit-toolchain](https://github.com/noraj/Atmail-exploit-toolchain): AtMail Email Server Appliance 6.4 - Exploit toolchain (XSS > CSRF > RCE)
[passwords.briansimoni.com](https://github.com/briansimoni/passwords.briansimoni.com): Golang web application for password management
[dagda](https://github.com/eliasgranderubio/dagda): a tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers and to monitor the docker daemon and running docker containers for detecting anomalous activities
[mosec-pip-plugin](https://github.com/momosecurity/mosec-pip-plugin): 用于检测python项目的第三方依赖组件是否存在安全漏洞。
[SniffCon-Ultimate-Recon-Dashboard-For-Bug-Bounty-And-Pentesting](https://github.com/h33tlit/SniffCon-Ultimate-Recon-Dashboard-For-Bug-Bounty-And-Pentesting): Sniffcon has a wide list of powerful online bug bounty tools which can be used to find security vulnerabilities.
[wister](https://github.com/cycurity/wister): A wordlist generator tool, that allows you to supply a set of words, giving you the possibility to craft multiple variations from the given words, creating a unique and ideal wordlist to use regarding a specific target.
[paradoxiaRAT](https://github.com/quantumcore/paradoxiaRAT): ParadoxiaRat : Native Windows Remote access Tool.
[exif_delete](https://github.com/john-science/exif_delete): Secure your photographs by stripping them of all the EXIF data.
[esapi-java-legacy](https://github.com/ESAPI/esapi-java-legacy): ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications.
[sf-detect-suspicious](https://github.com/serverfarmer/sf-detect-suspicious): Lightweight suspicious/unwanted activity detector, that alerts about cryptocurrency mining software, P2P file sharing software and ngrok tunnels.
[spring-security](https://github.com/spring-projects/spring-security): Spring Security
[network-penetration](https://github.com/alphaolomi/network-penetration): A comprehensive penetration testing toolkit based on python
[crazy-weekend](https://github.com/wayanjimmy/crazy-weekend): Mengobati rasa ingin tahu atau kadang hanya iseng. Selanjutnya akan pindah ke gitlab https://gitlab.com/jimboylabs
[CyberIntel-CTF-2018-HackME-Challenge](https://github.com/CyberIntel-Online/CyberIntel-CTF-2018-HackME-Challenge): This is The GitHub Official Repository of The Cyber-Intel Online CTF (Catch-The-Flag) 2018 Open-World Hacking and Reverse Engineering Challenge. Hope For The Best and Good Luck - Team Cyber-Intel (Sri Lanka).
[Client-IP-SafeList](https://github.com/dotnet-labs/Client-IP-SafeList): Client IP safelist for ASP.NET Core | .NET 5 | CIDR | Network | allowed list | IP restriction
[Admin-Panel-URL-Finder](https://github.com/akalankauk/Admin-Panel-URL-Finder): Easy & Advanced Websites Admin Panel URL Finder Python Script.
[encrypt-storage](https://github.com/michelonsouza/encrypt-storage): EncryptStorage provide a little more security in frontend
[FastgateRoot](https://github.com/classy-giraffe/FastgateRoot): How to get full access to a Fastgate router.
[obashfuscator](https://github.com/KevCui/obashfuscator): :performing_arts: A Bash script to obfuscate Bash script
[AdGuard-Home-Whitelist](https://github.com/hl2guide/AdGuard-Home-Whitelist): A strict curated whitelist for AdGuard Home.
[Damn_Vulnerable_C_Program](https://github.com/hardik05/Damn_Vulnerable_C_Program): An example C program which contains vulnerable code for common types of vulnerabilities. It can be used to show fuzzing concepts.
[ETH-Sweeper-Bot](https://github.com/japancode/ETH-Sweeper-Bot): This bot will sweeps all available ethers to your wallet :D
[macOS-Security-and-Privacy-Guide](https://github.com/drduh/macOS-Security-and-Privacy-Guide): Guide to securing and improving privacy on macOS
[BlackIP-Rep](https://github.com/sachinoliver/BlackIP-Rep): BlackIP-Rep is a tool designed to gather the reputation and information of Bulk IP's. Focused on increasing the workflow of Security Operations(SOC) team during investigation.
[security-guidance](https://github.com/ministryofjustice/security-guidance): Security guidance from the MOJ Digital & Technology Cybersecurity team
[shellcoding-companion](https://github.com/Ooggle/shellcoding-companion): A python script to automatically generate shellcode payload from assembly files.
[aws-quickstart-openvpn](https://github.com/tatobi/aws-quickstart-openvpn): AWS Quick Start: deploy OpenVPN connection to an existing VPC in 2 minutes, single click.
[cryptofuzz](https://github.com/guidovranken/cryptofuzz): Fuzzing cryptographic libraries. Magic bug printer go brrrr.
[awesome-gdpr](https://github.com/bakke92/awesome-gdpr): Protection of natural persons with regard to the processing of personal data and on the free movement of such data.
[Abracadabra](https://github.com/shaps80/Abracadabra): A truly plug 'n' play solution for securing your code.
[java-dns-cache-manipulator](https://github.com/alibaba/java-dns-cache-manipulator): 🌏 A tiny 0-dependency thread-safe Java™ lib for setting/viewing dns programmatically without touching host file, make unit/integration testing portable; and a tiny tool for setting/viewing dns of running JVM process.
[Wipey](https://github.com/SailReal/Wipey): Android app for wiping data or reboot after x failed logins
[sn0int](https://github.com/kpcyrd/sn0int): Semi-automatic OSINT framework and package manager
[peupasswd](https://github.com/devfemibadmus/peupasswd): peupasswd is an advanced password security software written in python use in generating unique password for each of each service i.e you can generate special password for each of your social media or services with just one master password;
[Free_Net_Free_Education](https://github.com/BrsDincer/Free_Net_Free_Education): Education should be free and accessible to all
[Pool2019](https://github.com/PoCInnovation/Pool2019): :briefcase: Pools organized for Epitech's students in 2019.
[Awful-Scripts](https://github.com/Abhishek-op/Awful-Scripts): 😎Some useful and hacking scripts, written in multiple languages like python, go bash, Perl, JScript, C++, PHP, and more.
[TheHitchhikersGuidetoDFIRExperiencesFromBeginnersandExperts](https://github.com/Digital-Forensics-Discord-Server/TheHitchhikersGuidetoDFIRExperiencesFromBeginnersandExperts): The official repo for a project involving a crowdsourced DFIR book. The main purpose of this book is to give anyone interested an opportunity to write a chapter of a book to get their name out there, get a publication on their resume with an actual ISBN number, and ideally lower the bar for people to contribute something back to the DFIR Community. Want to write a chapter? Let me know and let's make it happen!
[CVE-2020-35729](https://github.com/Al1ex/CVE-2020-35729): CVE-2020-35729
[appmon](https://github.com/dpnishant/appmon): Documentation:
[log4shelldetect](https://github.com/1lann/log4shelldetect): Rapidly scan filesystems for Java programs potentially vulnerable to Log4Shell (CVE-2021-44228) or "that Log4j JNDI exploit" by inspecting the class paths inside files
[ransombile](https://github.com/martinvigo/ransombile): Ransombile is a tool that can be used in different scenarios to compromise someone’s digital life when having physical access to a locked mobile device
[gakuen_handsome](https://github.com/lennylxx/gakuen_handsome): Codes and files used for the Chinese translation of Gakuen Handsome (学园handsome中文版)
[kube-score](https://github.com/zegl/kube-score): Kubernetes object analysis with recommendations for improved reliability and security
[lazyaircrack](https://github.com/3xploitGuy/lazyaircrack): Automated tool for WiFi hacking.
[bluemonday](https://github.com/microcosm-cc/bluemonday): bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS
[CodeforcesEduHacking](https://github.com/im0qianqian/CodeforcesEduHacking): 📊 Codeforces Edu & Div. 3 Open hacking
[opensshenum](https://github.com/gbonacini/opensshenum): CVE-2018-15473 - Opensshenum is an user enumerator exploiting an OpenSsh bug
[filter-controle-acesso-servlet](https://github.com/arianerfrancisco/filter-controle-acesso-servlet): Este projeto controla o acesso de páginas apenas para usuários autenticados via Filters.
[supercookie](https://github.com/jonasstrehle/supercookie): ⚠️ Browser fingerprinting via favicon!
[mwdb-core](https://github.com/CERT-Polska/mwdb-core): Malware repository component for samples & static configuration with REST API interface.
[sketchy](https://github.com/Netflix-Skunkworks/sketchy): A task based API for taking screenshots and scraping text from websites.
[reconmap](https://github.com/reconmap/reconmap): Vulnerability assessment and penetration testing automation and reporting platform for teams.
[videostego](https://github.com/JavDomGom/videostego): Steganography (LSB) on MPEG-4 Part 14 format video files.
[PRAT](https://github.com/bmumme/PRAT): Password Recovery Analysis Tool - A script for analyzing "recovered" Active Directory passwords as a part of general security hygiene or penetration testing.
[BinV](https://github.com/dev2ero/BinV): 👓 Yet another binary vulnerbilities checker. An automated vulnerability scanner for ELF based on symbolic execution.
[Python-Prowler-Container](https://github.com/jonrau1/Python-Prowler-Container): Minimalist containerized implementation of Prowler from https://github.com/toniblyx/prowler, made to run within ECS Fargate and have Secrets passed via AWS Secrets Manager
[HydraRecon](https://github.com/aufzayed/HydraRecon): All In One, Fast, Easy Recon Tool
[ae-bot](https://github.com/imhunterand/ae-bot): Mass exploiter shell upload scanner 👽
[FIle-Classifier](https://github.com/jcapellman/FIle-Classifier): ML.NET C# File Classifier
[rsGen](https://github.com/FlyfishSec/rsGen): rsGen is a Reverse Shell Payload Generator for hacking.
[dep-scan](https://github.com/AppThreat/dep-scan): Fully open-source security audit for project dependencies based on known vulnerabilities and advisories. Supports both local repos and container images. Integrates with various CI environments such as Azure Pipelines, CircleCI, Google CloudBuild. No server required!
[Blockchain-Performance_Intel_SGX](https://github.com/MaysaAJ/Blockchain-Performance_Intel_SGX): 1. La compréhension du fonctionnement de SGX et l’analyse de ses points de faiblesse qui affectent sa performance. 2. L’étude du conteneur SCONE qui utilise SGX et dégager ses limitations. 3. Les tests de mesure de performance sur des conteneurs Docker natifs et des conteneurs construis avec SCONE.
[AlpXr-Scanner](https://github.com/alp55/AlpXr-Scanner): Kali-Linux Zafiyet Tarama Programı
[BitByByte-File-Pumper](https://github.com/Perfectdotexe/BitByByte-File-Pumper): Revisiting a classic tool, the file pumper! 💦
[Remote-Keylogger](https://github.com/dubniczky/Remote-Keylogger): A compiled keylogger written in python with logging to a remote host
[valentine-hbl](https://github.com/173210/valentine-hbl): Half Byte Loader BETA
[Hack-Tools](https://github.com/LasCC/Hack-Tools): The all-in-one Red Team extension for Web Pentester 🛠
[Cracker-Tool](https://github.com/cracker911181/Cracker-Tool): All in One CRACKER911181's Tool. This Tool For Hacking and Pentesting. 🎭
[ObsidianSailboat](https://github.com/paralax/ObsidianSailboat): Nmap and NSE command line wrapper in the style of Metasploit
[javascript-obfuscator](https://github.com/javascript-obfuscator/javascript-obfuscator): A powerful obfuscator for JavaScript and Node.js
[K-Pots](https://github.com/kaotickj/K-Pots): KPots is a simple honeypots system to capture and log traffic to specified ports. Requires Netcat for monitoring and IPTables for banning. Requires dig for filtering out your own ip address. (Note: I will be adding alternatives in a later realease, but for now, just install dig.)
[owncraft](https://github.com/thelikes/owncraft): offensive notes & resources
[inumaki](https://github.com/cr-0w/inumaki): 🚩🐺 shell generator for CTFs!
[JabberJaw](https://github.com/Nwqda/JabberJaw): With JabberJaw, convert any OpenWrt compatible device in Hak5 Shark Jack and make your own portable network attack device. (Shark Jack DIY).
[effective-shell](https://github.com/dwmkerr/effective-shell): Text, samples and website for my 'Effective Shell' series.
[sharesecret](https://github.com/sourcefrenchy/sharesecret): A golang mini web service to share one time secrets
[awesome-aws-security](https://github.com/jassics/awesome-aws-security): Curated list of links, references, books videos, tutorials (Free or Paid), Exploit, CTFs, Hacking Practices etc. which are related to AWS Security
[marcellelee.github.io](https://github.com/marcellelee/marcellelee.github.io)
[discord-zeroclick-exploit](https://github.com/0x44F/discord-zeroclick-exploit): Discord client zero-click RCE
[securitytrails](https://github.com/hrbrmstr/securitytrails): 🕵🏼♂️Tools to Query the ‘SecurityTrails’ ‘API’
[RootMyTV.github.io](https://github.com/RootMyTV/RootMyTV.github.io): RootMyTV is a user-friendly exploit for rooting/jailbreaking LG webOS smart TVs.
[PwnDelorean](https://github.com/P3GLEG/PwnDelorean): Git Repo and Filesystem credential scanner
[DamnVulnerableWebServer](https://github.com/FrancescoDiSalesGithub/DamnVulnerableWebServer): A SpringBoot Application that is vulnerable to value fuzzing
[pyc2bytecode](https://github.com/knight0x07/pyc2bytecode): A Python Bytecode Disassembler helping reverse engineers in dissecting Python binaries by disassembling and analyzing the compiled python byte-code(.pyc) files across all python versions (including Python 3.10.*)
[shell-backdoor-list](https://github.com/backdoorhub/shell-backdoor-list): 🎯 PHP / ASP - Shell Backdoor List 🎯
[universalrop](https://github.com/kokjo/universalrop): Small tool for generating ropchains using unicorn and z3
[How-To-Secure-A-Linux-Server](https://github.com/imthenachoman/How-To-Secure-A-Linux-Server): An evolving how-to guide for securing a Linux server.
[hackingTheBootSector](https://github.com/k0r0pt/hackingTheBootSector): Delving into how the boot sector works. Ramblings and research of a young hacker from 2008.
[GSR_AutoCar](https://github.com/Guiandrade/GSR_AutoCar): Projeto de Gestão e Segurança de Redes 2ºSemestre 2016
[AwesomeMoroccanHackers](https://github.com/j4k0m/AwesomeMoroccanHackers): An Awesome List of Moroccan Cyber Security Researchers, Pentesters, Bug Hunters.
[389Rfall18](https://github.com/UMD-CS-STICs/389Rfall18): CMSC389R course at UMD
[vault-operator](https://github.com/coreos/vault-operator): Run and manage Vault on Kubernetes simply and securely
[game-of-thrones-hacking-ctf](https://github.com/OscarAkaElvis/game-of-thrones-hacking-ctf): Game of Thrones hacking CTF (Capture the flag)
[zoneh](https://github.com/tropicoo/zoneh): Zone-H Cybercrime Archive Telegram Monitoring Bot
[smtpcracker](https://github.com/Kik449/smtpcracker): A basic and powerfull python 3 script to brute force passwords in a smtp server.
[lazybee](https://github.com/noob-hackers/lazybee): Create Best Wordlist From Python Tool In Termux
[CameraHack](https://github.com/OnlineHacKing/CameraHack): Hack Front Camera from Target Phone Using Termux & Linux
[auth-portal](https://github.com/pacmancoder/auth-portal): Simple auth portal for protecting services, not supporting authentication (e.g. via ngnix's `auth_request`)
[web-brutator](https://github.com/koutto/web-brutator): Fast Modular Web Interfaces Bruteforcer
[vulnerable-rails-contrast](https://github.com/mowsec/vulnerable-rails-contrast): A sample vulnerable Ruby on Rails application instrumented with the Contrast Security Agent. Used for evaluating the Contrast Security agent and platform.
[IIT-BHU-Results](https://github.com/IAmBlackHacker/IIT-BHU-Results): Open IIT BHU results without Login ...
[CipherSweet](https://github.com/STBRR/CipherSweet): A Utility for Checking SSL Ciphers against CipherSuite's API
[my-cybersecurity-notes](https://github.com/anthares101/my-cybersecurity-notes): These are the notes i have been taking since i started learning about ethical hacking and cybersecurity
[iedcs-security](https://github.com/rafaelferreirapt/iedcs-security): O trabalho proposto para o projeto da unidade curricular de Segurança é um IEDCS: Identity Enabled Distribution Control System.
[awesome-php-security](https://github.com/guardrailsio/awesome-php-security): Awesome PHP Security Resources 🕶🐘🔐
[httpheader](https://github.com/FriendsOfREDAXO/httpheader): Redaxo 5 Addon zur Aktivierung verschiedener Webseiten-Header für die Einstellung von Sicherheitsmaßnahmen und Optimierungen.
[PhishBuster](https://github.com/nayanmapara/PhishBuster): Aim of the project is to reduce phishing victims. 😇
[oletools](https://github.com/decalage2/oletools): oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.
[acsvrwbewbewb](https://github.com/rolandinsh/acsvrwbewbewb): found as WordPress plugin
[laravel6-acl](https://github.com/ribafs/laravel6-acl): Package to ACL implements Laravel 6
[CVE-2019-2215](https://github.com/c3r34lk1ll3r/CVE-2019-2215): PoC for old Binder vulnerability (based on P0 exploit)
[SIET](https://github.com/frostbits-security/SIET): Smart Install Exploitation Tool
[capstone](https://github.com/capstone-engine/capstone): Capstone disassembly/disassembler framework: Core (Arm, Arm64, BPF, EVM, M68K, M680X, MOS65xx, Mips, PPC, RISCV, Sparc, SystemZ, TMS320C64x, Web Assembly, X86, X86_64, XCore) + bindings.
[aes-square-attack](https://github.com/thomasperrot/aes-square-attack): Homemade implementation of Square Attack against 4 rounds AES
[wp2static](https://github.com/WP2Static/wp2static): WordPress static site generator for security, performance and cost benefits
[PenetrationTesterRE](https://github.com/imhunterand/PenetrationTesterRE): Penetration Tester all CVE Exploitation tool
[CVE-2019-15107](https://github.com/whokilleddb/CVE-2019-15107): CVE-2019-15107 Webmin Exploit in C
[nucypher](https://github.com/nucypher/nucypher): A decentralized threshold cryptography network focused on proxy reencryption.
[gominhook](https://github.com/NaniteFactory/gominhook): MinHook binding for Go (Golang) with support for Windows API.
[ssl_pinning_remover](https://github.com/HexNio/ssl_pinning_remover): An Android SSL Pinning Remover tool for Security research and Bug Bounty
[cybersecurity-honeypots](https://github.com/paulveillard/cybersecurity-honeypots): An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about Honey Pots in Cybersecurity.
[authz0](https://github.com/hahwul/authz0): 🔑 Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URLs and Roles & Credentials.
[python_subnet_calculator](https://github.com/carmenmoralesb/python_subnet_calculator): Little example of calculating subnets with a python script i did by myself.
[debian-cis](https://github.com/ovh/debian-cis): PCI-DSS compliant Debian 9/10 hardening
[DEFCON29-BTV-ThreatReportRoulette](https://github.com/ch33r10/DEFCON29-BTV-ThreatReportRoulette): Learn how to get more out of publicly available threat reports to help improve the security posture of your organization! TLP: White Threat Reports used in the making of this Panel.
[Pentesting-lab](https://github.com/MoisesTapia/Pentesting-lab): Este Proyecto es para realizar pruebas de laboratorio en la mayoría de los entornos linux sin la necesidad de tener las herramientas instaladas de forma native el unico requerimiento es que se tenga docker y docker-compose instalado el el hosts
[aug2020-ctf](https://github.com/SamAndPel/aug2020-ctf): A CTF built by my team in 4 hours, August 2020
[z-cam](https://github.com/sankethj/z-cam): The First Python Compatible Camera Hacking Tool
[Image-Steganography-Cybersecurity](https://github.com/JayeshSuryavanshi/Image-Steganography-Cybersecurity): Steganography is the method of hiding secret data in any image/audio/video. In a nutshell, the main motive of steganography is to hide the intended information within any image/audio/video that doesn’t appear to be secret just by looking at. The idea behind image-based Steganography is very simple. Images are composed of digital data (pixels), which describes what’s inside the picture, usually the colors of all the pixels. Since we know every image is made up of pixels and every pixel contains 3-values (red, green, blue).
[hijackthis](https://github.com/dragokas/hijackthis): A free utility that finds malware, adware and other security threats
[radio-hackbox](https://github.com/SySS-Research/radio-hackbox): PoC tool to demonstrate vulnerabilities in wireless input devices
[crch](https://github.com/Fricciolosa-Red-Team/crch): Continuous Recon Continuous Hacking
[AllAboutBugBounty](https://github.com/daffainfo/AllAboutBugBounty): All about bug bounty (bypasses, payloads, and etc)
[FortifyVersionCheck](https://github.com/jlburck/FortifyVersionCheck): Checks HP Fortify for projects and project versions. If the project doesn't exist, then the task is capable of creating the project and an initial version. If the project version doesn't exist, then the task is capable of creating the version and also capable of copying issues/suppressions from previous versions.
[wifipumpkin3](https://github.com/P0cL4bs/wifipumpkin3): Powerful framework for rogue access point attack.
[Python-MikrotikLoginExploit](https://github.com/sinichi449/Python-MikrotikLoginExploit): PoC of CVE-2018-14847 Mikrotik Vulnerability using simple script
[Antenna](https://github.com/wuba/Antenna): Antenna是58同城安全团队打造的一款辅助安全从业人员验证网络中多种漏洞是否存在以及可利用性的工具。其基于带外应用安全测试(OAST)通过任务的形式,将不同漏洞场景检测能力通过插件的形式进行集合,通过与目标进行out-bind的数据通信方式进行辅助检测。
[Jeroboam](https://github.com/mrackwitz/Jeroboam): Check all your apps on macOS for vulnerable Sparkle updaters
[cybersec-hw-phishing](https://github.com/Ergos1/cybersec-hw-phishing): University project. The Cybersecurity's project for phishing. This is a website that clones the Jira login and google oauth2
[PeekABoo](https://github.com/Viralmaniar/PeekABoo): PeekABoo tool can be used during internal penetration testing when a user needs to enable Remote Desktop on the targeted machine. It uses PowerShell remoting to perform this task. Note: Remote desktop is disabled by default on all Windows operating systems.
[AixCrypt](https://github.com/Mahmoud7Osman/AixCrypt): A Key Calculation Based Program For Data Confidentiality Over A Steganography-Like Technique Using The ROT Algorithm
[yasuo](https://github.com/0xsauby/yasuo): A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network
[shellclear](https://github.com/rusty-ferris-club/shellclear): Secure shell history commands
[KillerQueenCTF-2021](https://github.com/0xRar/KillerQueenCTF-2021): Writeups for the challenges i solved from Killer Queen CTF 2021.
[Ethical-Hacking-Notes](https://github.com/s-xync/Ethical-Hacking-Notes): My notes on Ethical Hacking
[monitorr-exploit-toolkit](https://github.com/sec-it/monitorr-exploit-toolkit): Multiple exploits for Monitorr
[java-common-mistakes](https://github.com/JosephZhu1983/java-common-mistakes): 极客时间专栏《Java业务开发常见错误100例》源码
[checkweb](https://github.com/SVelizDonoso/checkweb): Identificador de Seguridad Web para Pentester
[docker-veracode-pipeline-scan](https://github.com/mablanco/docker-veracode-pipeline-scan): Docker image for Veracode's Pipeline Scan tool
[Awesome-Scripts](https://github.com/DedSecInside/Awesome-Scripts): A collection of awesome scripts from developers around the globe.
[watchdog](https://github.com/flipkart-incubator/watchdog): Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.
[hyperpwn](https://github.com/bet4it/hyperpwn): A hyper plugin to provide a flexible GDB GUI frontend with the help of GEF, pwndbg or peda
[docker-ssllabs-scan](https://github.com/jumanjihouse/docker-ssllabs-scan): Qualys sslabs-scan utility in a tiny docker image
[stratus-red-team](https://github.com/DataDog/stratus-red-team): :cloud: :zap: Granular, Actionable Adversary Emulation for the Cloud
[mevn-stack-vue-2](https://github.com/didinj/mevn-stack-vue-2): Securing MEVN Stack (Vue.js 2) Web Application using Passport
[WAFuzzer](https://github.com/TheQmaks/WAFuzzer): Very simple whatsapp fuzzer based on selenium writed on python 3
[National-Cyber-Scholarship-2021](https://github.com/AppliedCyberCTF/National-Cyber-Scholarship-2021): A collection of write-ups and solutions for the National Cyber Scholarship Contest CTF
[email-concealer-cli](https://github.com/spatie/email-concealer-cli): CLI tool for concealing e-mails in a file by replacing their domain
[emerald](https://github.com/reb311ion/emerald): Import DynamoRIO drcov code coverage data into Ghidra
[BlockchainSoftwareSecurityProject](https://github.com/BlockchainSecurityServices/BlockchainSoftwareSecurityProject): The Blockchain Software Security Project - A collaborative open source community discovering vulnerabilities, threats & risks to Blockchain software
[Webmin-CVE-2022-0824-revshell](https://github.com/faisalfs10x/Webmin-CVE-2022-0824-revshell): Webmin CVE-2022-0824 Post-Auth Reverse Shell
[RSA_Algorithm_Encryption_Decryption](https://github.com/Mostafa-Elshiekh/RSA_Algorithm_Encryption_Decryption): RSA algorithm for encryption and decryption using C++ with OOP paradigm.
[wowGrail](https://github.com/aaaddress1/wowGrail): PoC: Rebuild A New Path Back to the Heaven's Gate (HITB 2021)
[nwam](https://github.com/joaovitorbf/nwam): Find Netwave IP cameras with default admin passwords using Shodan
[i9300_emmc_toolbox](https://github.com/oranav/i9300_emmc_toolbox): Samsung Galaxy S3 GT-I9300 eMMC toolbox
[exynos-usbdl](https://github.com/frederic/exynos-usbdl): Unsigned code loader for Exynos BootROM
[ANYMethodLog](https://github.com/qhd/ANYMethodLog): Log any method call of object in Objective-C
[V-Rising-cheats](https://github.com/Nevald/V-Rising-cheats): V Rising Private Cheat - Including Unlimited Stealth + Unlimited Blood + Max Blood Quality + Unlimited Items + 10 MORE FEATURES
[CloudLeak](https://github.com/DanielAzulayy/CloudLeak)
[certainty](https://github.com/paragonie/certainty): Automated cacert.pem management for PHP projects
[Always-Learning](https://github.com/404notf0und/Always-Learning): 404 Not Found的知识库:计算机理论基础、计算机技术基础、底层研究、安全技术、安全研究、人工智能、企业安全建设、安全发展、职业规划、综合素质、国内外优秀技术人
[cifrar-descifrar-archivos-php](https://github.com/parzibyte/cifrar-descifrar-archivos-php): Cifrado de archivos completos con PHP y php-encryption
[pass-keybase](https://github.com/mbauhardt/pass-keybase): A pass extension to re-encrypt and decrypt pass entries via keybase
[Project1-Cyber-UCLA](https://github.com/Pr3da2r/Project1-Cyber-UCLA): Azure environment set up and Elk Server deployment for Project 1
[evil-winrm](https://github.com/Hackplayers/evil-winrm): The ultimate WinRM shell for hacking/pentesting
[RedTeamToolkit](https://github.com/OWASP/RedTeamToolkit): The WASM Based Security Toolkit for the Web First Paradigm
[Criptphy](https://github.com/Criptphy/Criptphy): Criptphy é uma ferramenta de criação e gerenciamento de senhas seguras. 🔒💪
[black_veil](https://github.com/rf-peixoto/black_veil): A simple pseudo-crypter for python code.
[Malware-Feed](https://github.com/MalwareSamples/Malware-Feed): Bringing you the best of the worst files on the Internet.
[Detection_of_Malicious_URLs](https://github.com/sid321axn/Detection_of_Malicious_URLs): In this project, we have detected the malicious URLs using lexical features and boosted machine learning algorithms
[docker-security-images](https://github.com/ellerbrock/docker-security-images): :closed_lock_with_key: Docker Container for Penetration Testing & Security
[password-checker](https://github.com/srimani-programmer/password-checker): A Python package to check vulnerability and strength of a password.
[PrivacyFocusedLinux](https://github.com/zethiusRedacted/PrivacyFocusedLinux): An Ubuntu-Minimal script which keeps privacy and security in mind. Fully open-sourced and well-explained. Look at 'README.md' for more information!
[make-porto-win-european-best-destination-2017](https://github.com/hfreire/make-porto-win-european-best-destination-2017): Let's make :city_sunrise: Porto :trophy: win the :euro: European Best Destination :tada: 2017
[NIST-to-Tech](https://github.com/mikeprivette/NIST-to-Tech): An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)
[curl-impersonate](https://github.com/lwthiker/curl-impersonate): curl-impersonate: A special build of curl that can impersonate Chrome & Firefox
[Valance](https://github.com/FLUORESCENTXX/Valance): A roblox level 6 executor! Designed by me
[dnstunneling](https://github.com/hackingyseguridad/dnstunneling): dns tunneling con dns2tcp
[Dying-Light-2-H-U-M-A-N-Hack](https://github.com/Nevald/Dying-Light-2-H-U-M-A-N-Hack): Dying Light 2 H*U*M*A*N CHEAT - INCLUDING: Unlimited Health, Stamina, Immunity, Weapon Durability, Defense Multiplier + 50 MORE FEATURES
[PandorasBox](https://github.com/Adversis/PandorasBox): Security tool to quickly audit Public Box files and folders.
[black-widow](https://github.com/offensive-hub/black-widow): GUI based offensive penetration testing tool (Open Source)
[JSshell](https://github.com/shelld3v/JSshell): JSshell - JavaScript reverse/remote shell
[Writeups-for-all](https://github.com/LaGelee/Writeups-for-all): A HUGE collection of FULL and FREE WRITEUPS about Challenges, CTFs, Walkthroughs from all around the Internet.
[OBD](https://github.com/obdrpi/OBD): Fetch Real Time data from the car
[Kumo](https://github.com/cbrnrd/Kumo): :mouse: A lightweight remote administration tool written in Java
[Spotify-Internal](https://github.com/R3nzTheCodeGOD/Spotify-Internal): Remove ads and add extra features for spotify desktop version.
[mitaka](https://github.com/ninoseki/mitaka): A browser extension for OSINT search
[blockchain-storage-react](https://github.com/codewithpom/blockchain-storage-react): A react app which can post your files to ipfs and they will be stored on it forever and without any security vulnerability and storage limits.
[strelka](https://github.com/target/strelka): Real-time, container-based file scanning at enterprise scale
[universe2021](https://github.com/githubevents/universe2021): All things GitHub Universe 2021!
[PoC-Bank](https://github.com/LinusDean/PoC-Bank): Focus on cybersecurity | collection of PoC and Exploits
[exphub](https://github.com/zhzyker/exphub): Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本,最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340
[wargames](https://github.com/0x27/wargames): wargame/challenge solutions
[smart-contract-best-practices](https://github.com/ConsenSys/smart-contract-best-practices): A guide to smart contract security best practices
[JNDI-Injection-Exploit-Plus](https://github.com/cckuailong/JNDI-Injection-Exploit-Plus): 50+ Gadgets(17 More than ysoserial). JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and provide background services by starting RMI server,LDAP server and HTTP server.
[Google-Cloud-Guide](https://github.com/mikeroyal/Google-Cloud-Guide): Google Cloud Platform (GCP) Guide
[PentestDictionary](https://github.com/D3Ext/PentestDictionary): A list of useful resources for pentesting, Bug Bounty, CTF and similars.
[Condi-Boatnet](https://github.com/hoaan1995/Condi-Boatnet): Condi Boatnet Ver 1 (old killer)
[dceBadBehavior49](https://github.com/PHP-Backoffice/dceBadBehavior49): BadBehavior as Plugin for CONTENIDO 4.9
[Exe-to-pdf](https://github.com/luci61/Exe-to-pdf): Exe to PDF exploit Builder with 0 detections. Runtime and Scantime
[xss-injection](https://github.com/chi-wei-lien/xss-injection): In this video I covered how to perform cross site scripting (XSS), which basically allows attackers to have full control over a vulnerable website 😈. Just like always, this video is for educational purposes. If you do any illegal stuff you will get arrested 🚓!
[singlefile](https://github.com/exploitmafia/singlefile): featured cs:go internal hack, one file and less than 1000 lines.
[vpndemon](https://github.com/primaryobjects/vpndemon): Monitor a VPN connection on Linux and kill a process upon disconnect
[Instagram-Hacker](https://github.com/importCTF/Instagram-Hacker): This is an advanced script for Instagram bruteforce attacks. WARNING THIS IS A REAL TOOL!
[OnionBrowser](https://github.com/OnionBrowser/OnionBrowser): An open-source, privacy-enhancing web browser for iOS, utilizing the Tor anonymity network
[PhpStudyDoor](https://github.com/k8gege/PhpStudyDoor): PhpStudy 2016 & 2018 BackDoor Exploit
[Awesome-Exploit](https://github.com/Threekiii/Awesome-Exploit): 一个漏洞利用工具仓库
[CryptoSystems](https://github.com/maxWN/CryptoSystems): A Python client and server that utilize Caesar Cipher encryption.
[Babou.AspNetCore.SecurityExtensions](https://github.com/ajtatum/Babou.AspNetCore.SecurityExtensions): Babou is concerned about security, so I created a .NET Standard 2.0 Security Extensions package for him. Babou is from the TV show Archer and is not affiliated with this package.
[gcp-iam-collector](https://github.com/marcin-kolda/gcp-iam-collector): Python script for collecting and visualising Google Cloud Platform IAM permissions
[ylva](https://github.com/nrosvall/ylva): Command line password manager for Unix-like operating systems
[DotNetNukeEXPLOIT](https://github.com/k8gege/DotNetNukeEXPLOIT): MSF moudle DotNetNuke GetShell & execute exploit
[Intrusion-and-anomaly-detection-with-machine-learning](https://github.com/slrbl/Intrusion-and-anomaly-detection-with-machine-learning): Machine learning algorithms applied on log analysis to detect intrusions and suspicious activities.
[herpaderping](https://github.com/jxy-s/herpaderping): Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.
[myScripts](https://github.com/1uffyD9/myScripts): Scripts I needed for my Work
[paseto](https://github.com/o1egl/paseto): Platform-Agnostic Security Tokens implementation in GO (Golang)
[bopscrk](https://github.com/r3nt0n/bopscrk): Tool to generate smart and powerful wordlists
[CVE-2022-36446-Webmin-Software-Package-Updates-RCE](https://github.com/p0dalirius/CVE-2022-36446-Webmin-Software-Package-Updates-RCE): A Python script to exploit CVE-2022-36446 Software Package Updates RCE (Authenticated) on Webmin < 1.997.
[insider-threat-ttp-kb](https://github.com/center-for-threat-informed-defense/insider-threat-ttp-kb): The principal objective of this project is to develop a knowledge base of the tactics, techniques, and procedures (TTPs) used by insiders in the IT environment. It will establish an Insider Threat TTP Knowledge Base, built upon data collected on insider threat incidents and lessons learned and experience from the ATT&CK knowledge base.
[Security-DoS-Preventer](https://github.com/suhaamber/Security-DoS-Preventer): Practice School 1 Project
[CyberQueens](https://github.com/CyberQueens/CyberQueens): CyberQueens lesson materials - learning resources and exercises for aspiring reverse engineers, exploit developers, and hackers 👩💻👨💻
[url-abuse](https://github.com/CIRCL/url-abuse): URL Abuse - A Versatile Software for URL review, analysis and black-list reporting
[Samsung_Galaxy.S8-FRP.Bypass](https://github.com/wuseman/Samsung_Galaxy.S8-FRP.Bypass): Bypass Factory Reset Protection on any Samsung Galaxy S8 SM-G950* model on Android 7.0 Nougat or later.
[ibmtss](https://github.com/kgoldman/ibmtss): This is a user space TSS for TPM 2.0. It implements the functionality equivalent to (but not API compatible with) the TCG TSS working group's ESAPI, SAPI, and TCTI API's (and perhaps more) but with a hopefully simpler interface.
[heartbleed-vuln](https://github.com/roflcer/heartbleed-vuln): executes heartbleed attack on vulnerable SSL 1.0.1 version
[flowmeter](https://github.com/alekzandr/flowmeter): A tool for deriving statistical features from PCAP data
[aliwaf-phpwaf](https://github.com/alicangnll/aliwaf-phpwaf): AliGuard PHP WAF
[awesome-evm-security](https://github.com/kareniel/awesome-evm-security): 🕶 A high-level overview of the EVM security ecosystem
[homebrew-penbrew](https://github.com/feffi/homebrew-penbrew): Aye, ye Open PENtesting Brew for ya sailsman Apple device.
[SMBploit](https://github.com/d4t4s3c/SMBploit): Offensive tool to scan & exploit vulnerabilities in Microsoft Windows over the Samba protocol (SMB) using the Metasploit Framework.
[raptor_waf](https://github.com/CoolerVoid/raptor_waf): Raptor - WAF - Web application firewall using DFA [ Current version ] - Beta
[zap-tutorial](https://github.com/rezen/zap-tutorial): WIP - A tutorial for OWASP ZAP
[ossec-hids](https://github.com/ossec/ossec-hids): OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
[ADLES](https://github.com/GhostofGoes/ADLES): Automated Deployment of Lab Environments System (ADLES)
[PowerZure](https://github.com/hausec/PowerZure): PowerShell framework to assess Azure security
[HackingFinal](https://github.com/d0tplist/HackingFinal): Hacking java final variable
[honeygrove-cim](https://github.com/UHH-ISS/honeygrove-cim): Cyber Incident Monitor (CIM) for the honeygrove honeypot
[Rainfall](https://github.com/bnoufel/Rainfall): Ce projet est une introduction à l’exploitation de binaire (type elf).
[published_articles_and_research_papers](https://github.com/johnbumgarner/published_articles_and_research_papers): This repository contains some of the articles that I have published on various topics ranging from international cyber conflict to redesigning disaster warning systems for tsunamis.
[snuffleupagus](https://github.com/jvoisin/snuffleupagus): Security module for php7 and php8 - Killing bugclasses and virtual-patching the rest!
[5ysk3y.github.io](https://github.com/5ysk3y/5ysk3y.github.io): Core files for my GitHib.io page - My own hacking blog resource that includes Hack the Box Machine Walkthroughs
[Discord-Image-Token-Password-Grabber-Exploit-Cve-2022](https://github.com/AZMagic/Discord-Image-Token-Password-Grabber-Exploit-Cve-2022): Get system info (Version, CPU, GPU, RAM, IPs, BSSID, Location, Screen metrics, Installed apps) Chromium based browsers (passwords, credit cards, cookies, history, autofill, bookmarks) Firefox based browsers (db files, cookies, history, bookmarks) Internet explorer/Edge (passwords) Saved wifi networks & scan networks around device (SSID, BSSID) s File grabber (Documents, Images, Source codes, Databases, USB) Detect banking & cryptocurrency services in browsers Steam, Uplay, Battle.Net, Minecraft session Install keylogger & clipper Desktop & Webcam screenshot
[nexus-webtop-soc](https://github.com/phoenixvlabs/nexus-webtop-soc): Underground Nexus - Linux Webtop Ubuntu XFCE - Dockerhub - https://hub.docker.com/r/phoenixvlabs/nexus-webtop-soc
[Gemail-BruteForce](https://github.com/AL-AlamySploit/Gemail-BruteForce): Gmail Brute Force Version 1.0
[Unalix-nim](https://github.com/AmanoTeam/Unalix-nim): Small, dependency-free, fast Nim package and CLI tool for removing tracking fields from URLs.
[mosec-gradle-plugin](https://github.com/momosecurity/mosec-gradle-plugin): 用于检测gradle项目的第三方依赖组件是否存在安全漏洞。
[enteletaor](https://github.com/cr0hn/enteletaor): Message Queue & Broker Injection tool
[bitcoin-wallet-protector](https://github.com/ParmuSingh/bitcoin-wallet-protector): This is a commandline tool to encrypt your bitcoin wallet (or any message) and then hide the encryption key in an image that requires password to decrypt. This can be used to keep your wallet in somewhere unsafe like Google Drive and you'll only have to remember your password.
[aws-security-test](https://github.com/mikhailadvani/aws-security-test)
[ddos2](https://github.com/Andrewerr/ddos2): Denial of service testing toolkit written in C
[jwt-fuzzer](https://github.com/andresriancho/jwt-fuzzer): JWT fuzzer
[SafePass](https://github.com/shivamsn97/SafePass): Before generating password for anything, make sure the password is unique by searching it in tons of passwords stored by hackers in various Password Dictionaries availablr online. Also you can easily add Password Dictionaries from internet yourself, it is as easy as copy and pasting the file. Be safe from Bruteforce Attacks, and choose a safe password by first verifying it.
[P4ssG3nerat0r](https://github.com/OHypen/P4ssG3nerat0r): Your password generator, Generate passwords for your E-mail, Games, Social Networks and etc ... And stay more secure🔑🔒
[ANDROLAB](https://github.com/labsbots/ANDROLAB): Mobile Application Vulnerability Tool
[go-msgauth](https://github.com/emersion/go-msgauth): A Go library and tools for DKIM, DMARC and Authentication-Results
[AdbNet](https://github.com/0x1CA3/AdbNet): A tool that allows you to search for vulnerable android devices across the world and exploit them.
[doenerium](https://github.com/doener2323/doenerium): Fully undetected grabber (grabs wallets, passwords, cookies, modifies discord client etc.)
[THM_Bolt_Write_Up](https://github.com/SlizBinksman/THM_Bolt_Write_Up): A write up on the Bolt room from TryHackMe.com & re-writing of r3m0t3nu11's PoC exploit script
[holeysocks](https://github.com/audibleblink/holeysocks): Cross-Platform Reverse Socks Proxy in Go
[vajra](https://github.com/r3curs1v3-pr0xy/vajra): Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.
[octovy](https://github.com/m-mizutani/octovy): Trivy based vulnerability management service
[CivikBooks](https://github.com/smartcitiescommunity/CivikBooks): 📖 Plantillas para proyectos, soluciones a retos, necesidades y problemas comunes en Comunidades Inteligentes, Ciudades Inteligentes en el contexto de los Objetivos de Desarrollo Sostenible 👪 🍲 🧑⚕️ 📚 👥 💧 🔆 📈 ⚙️ ↔️ 🏙️ ♾️ 🌎 🐟 🌳 🕊️ ⚛️
[honeytrap](https://github.com/honeytrap/honeytrap): Advanced Honeypot framework.
[V-Scanner](https://github.com/Ehsan-U/V-Scanner): V-Scanner: A tool for web application security testing
[Black-Hat-Python](https://github.com/AllGloryToTheHypnotoad/Black-Hat-Python): black hat python
[Source2Dictionary](https://github.com/JavierOlmedo/Source2Dictionary): A tool developed in python to convert the source code into a dictionary to perform fuzzing
[NoMoreRansom](https://github.com/jamestiotio/NoMoreRansom): All-in-One Ransomware Decryption Tools (Unofficial Mirror)
[k8s-diagrams](https://github.com/cloudogu/k8s-diagrams): A collection of kubernetes-related diagrams
[ReconNote](https://github.com/0xdekster/ReconNote): Web Application Security Automation Framework which recons the target for various assets to maximize the attack surface for security professionals & bug-hunters
[sqlifinder](https://github.com/americo/sqlifinder): SQL Injection Vulnerability Scanner made with Python
[jhack](https://github.com/julienhache/jhack): jhack: a C++ library to take control of your computer !
[vMass](https://github.com/c99tn/vMass): vMass Bot :hook: Vulnerability Scanner & Auto Exploiter Tool Written in Perl.
[ElgamalEncryption-using-ECC](https://github.com/Yash0day/ElgamalEncryption-using-ECC): Elgamal Encryption using Elliptic Curve Cryptography in Python 2.7
[spring-openid](https://github.com/biswa380/spring-openid): In this spring-boot project, I implemented spring security using oauth 2.0 and open-id-connect through google account sign in.
[SCCT-Trainer](https://github.com/0xvpr/SCCT-Trainer): A Splinter Cell Chaos Theory Multi-Hack built with 100% C.
[dumb-passwords](https://github.com/kn9ts/dumb-passwords): Don't let your user be a victim of their own action
[pentestools](https://github.com/ankit2001/pentestools)
[ncryptf-swift](https://github.com/ncryptf/ncryptf-swift): ncryptf for Swift 4+ - Secure API authentication and end to end encryption
[grapefruit](https://github.com/ChiChou/grapefruit): (WIP) Runtime Application Instruments for iOS. Previously Passionfruit
[LDAPHelper](https://github.com/bitai-cs/LDAPHelper): .NET 6.0 library which wraps Novell.Directory.Ldap.NETStandard functionality to make LDAP searches and also authenticate users against a Directory Service.
[hackfruit](https://github.com/hideckies/hackfruit): Hackfruit is an easy search tool that finds hacking tools, commands and cheat sheets. It helps cybersecurity learing and trainings, CTFs, bug bounty, ethical hacking.
[awesome-security-newsletters](https://github.com/TalEliyahu/awesome-security-newsletters): Periodic cyber security newsletters that capture the latest news, summaries of conference talks, research, best practices, tools, events, vulnerabilities, and analysis of trending threats and attacks
[Remote-Desktop-Caching-](https://github.com/Viralmaniar/Remote-Desktop-Caching-): This tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an attacker did on a compromised host. It is extremely useful for a forensics team to extract timestamps after an attack on a host to collect evidences and perform further analysis.
[FSecurity](https://github.com/stijnmoreels/FSecurity): Security testing library written in F# to make writing security tests more fun.
[dedsecurity-framework](https://github.com/dedsecurity/dedsecurity-framework): Ded Security Framework is a tool aimed at security professionals
[kryptos](https://github.com/spallas/kryptos): Collection of cryptography and security topics with examples.
[python-bruteForce](https://github.com/Antu7/python-bruteForce): Brute Force Attack Tools Using Python
[squealer](https://github.com/owenrumney/squealer): Telling tales on you for leaking secrets!
[exploit-CVE-2021-3560](https://github.com/UNICORDev/exploit-CVE-2021-3560): Exploit for CVE-2021-3560 (Polkit) - Local Privilege Escalation
[DocParse](https://github.com/gbikram/DocParse): Document/Email parser for IOCs
[webr](https://github.com/nikolozsec/webr): Analyze domains from Excel list, save status codes, IP addresses and screenshots.
[Phisher-man](https://github.com/FDX100/Phisher-man): Samples Phishing tools made for Linux it contains 30 different type of Phishing Pages made with flask
[OpenSSL-OSX](https://github.com/IBM-Swift/OpenSSL-OSX): Swift modulemaps for libSSL and libcrypto for OS X
[uashield](https://github.com/opengs/uashield): Voluntary Ukraine security platform to protect us from Russian forces in the Internet
[ESD](https://github.com/FeeiCN/ESD): Enumeration sub domains(枚举子域名)
[Practical_Malware_Analysis](https://github.com/Wind3x/Practical_Malware_Analysis): Materials for a course based on the Practical Malware Analysis text by Andrew Honig and Michael Sikorski
[hash-server](https://github.com/KayvanMazaheri/hash-server): :closed_lock_with_key: Secure Remote Hashing Server - IT Engineering Course @ IUT ( :o: Bonus Project )
[Pentesting-Bugbounty](https://github.com/RESETHACKER-COMMUNITY/Pentesting-Bugbounty): Briging infosec community, group and leaders together that solve community challenges, problems, create cultural and provide value to Infosec community.
[OpenSK](https://github.com/google/OpenSK): OpenSK is an open-source implementation for security keys written in Rust that supports both FIDO U2F and FIDO2 standards.
[tools-tbhm](https://github.com/danilabs/tools-tbhm): Tools of "The Bug Hunters Methodology V2 by @jhaddix"
[VBAObfuscator](https://github.com/oriolOrnaque/VBAObfuscator): VBA Macro obfuscator
[RoguePortal](https://github.com/vincenzogianfelice/RoguePortal): A Phishing WIFI Rogue Captive Portal! :smiling_imp:
[foal](https://github.com/FoalTS/foal): Full-featured Node.js framework, with no complexity. 🚀 Simple and easy to use, TypeScript-based and well-documented.
[outis](https://github.com/SySS-Research/outis): outis is a custom Remote Administration Tool (RAT) or something like that. It was build to support various transport methods (like DNS) and platforms (like Powershell).
[keycloak-security-example](https://github.com/wkrzywiec/keycloak-security-example): Sandbox project to play around with keyclaok and integrating it with Spring Boot and Angular apps (using OAuth 2.0 protocol)
[owasp-mastg](https://github.com/OWASP/owasp-mastg): The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).
[Packet-Sniffing-Tool](https://github.com/SHAHKRISHS/Packet-Sniffing-Tool): A sniffing attack involves the illegal extraction of unencrypted data by capturing network traffic through packet sniffers. In this tool, the user will be given 4 options such as raw, summary, target, and host. The user can select any option and they can start sniffing the network. The user has to just enter the name of the interface.
[Cipher-Tools](https://github.com/Squalm/Cipher-Tools): A Codebreaking/Cipherbreaking Toolkit. Currently early in development.
[Griefing-Methods](https://github.com/wodxgod/Griefing-Methods): A documentation about how to hack Minecraft servers
[Elevator](https://github.com/Kudaes/Elevator): UAC Bypass by abusing RPC and debug objects.
[sealdir](https://github.com/mavenor/sealdir): A C++ library & CLI tool 🛠 to seal the state of a directory 📦🔒 (think checksums, but for a directory)
[061_EntendendoImportanciaModelagemSegurancaConstrucaoAPIs](https://github.com/VagnerBellacosa/061_EntendendoImportanciaModelagemSegurancaConstrucaoAPIs): Entendendo a Importância da Modelagem e Segurança na Construção de APIs
[TheSniper](https://github.com/karthikraja001/TheSniper): TheSniper (︻デ═一) is a perfect and easy tool to grab the Saved Wi-Fi passwords in any Windows PC.
[CHAOS](https://github.com/tiagorlampert/CHAOS): :fire: CHAOS is a free and open-source Remote Administration Tool that allow generate binaries to control remote operating systems.
[ropemporium](https://github.com/soffensive/ropemporium): My solutions for the ROP Emporium challenges (https://ropemporium.com/). For each challenge, a solution based on plain Python (exp_plain.py) and based on Pwntools is provided.
[natas_solutions](https://github.com/not-duckie/natas_solutions): natas sol
[rip_raw](https://github.com/cado-security/rip_raw): Rip Raw is a small tool to analyse the memory of compromised Linux systems.
[Talk_on_Vehicle_Security](https://github.com/dineshresearch/Talk_on_Vehicle_Security): Possible Attacks, Exploits and Vulnerabilities of Autonomous vehicles. uploaded the presentation along with images
[Psi](https://github.com/Th30neAnd0nly/Psi): Hack Camera and Location through link.
[PLtools](https://github.com/Lucifer1993/PLtools): 整理一些内网常用渗透小工具
[Pentesting-Web](https://github.com/MoisesTapia/Pentesting-Web): Este proyecto va enfocado a la seguridad informática y al Hacking Etico, pudiendo desplegar herramientas como Metasplotable, Dradis DVWAP.
[RapidFUD](https://github.com/martdev123/RapidFUD): A simple runner to generate a spoofed cert for msfvenom payload to bypass all AV's signature
[Node-Serialize-WebServer-Backdoor](https://github.com/Deno-Sandbox/Node-Serialize-WebServer-Backdoor): Use me to create a corrupted cookie capable of creating a backdoor on the webserver node which uses the "serialize" function
[webshell-free](https://github.com/rexSurprise/webshell-free): webshell免杀案例
[quine](https://github.com/makenowjust/quine): Quine Museum
[counter-reconnaissance-program](https://github.com/the-aerospace-corporation/counter-reconnaissance-program): Proof-of-concept cyber deception utility emulating Samba and LibSSH
[MySQL_Fake_Server](https://github.com/fnmsd/MySQL_Fake_Server): MySQL Fake Server use to help MySQL Client File Reading and JDBC Client Java Deserialize
[XSS_SQL_Vulnerability_Scanner](https://github.com/HassanMahmood001/XSS_SQL_Vulnerability_Scanner): Python vulnerability scanner to detect XSS and SQL injection in web applications.
[simple-buffer-overflow-server](https://github.com/art049/simple-buffer-overflow-server): Challenge/Tutorial aiming to exploit the buffer overflow vulnerability w/ Metasploit plugin implementation
[GoAT](https://github.com/petercunha/GoAT): :goat: GoAT (Golang Advanced Trojan) is a trojan that uses Twitter as a C&C server
[WEF](https://github.com/D3Ext/WEF): Wi-Fi Exploitation Framework
[WiFi-Project](https://github.com/JulienFink/WiFi-Project): Pre-connection attacks, gaining access & post-connection attacks on WEP, WPA & WPA2. 🛰✔️
[SWC-registry](https://github.com/SmartContractSecurity/SWC-registry): Smart Contract Weakness Classification and Test Cases
[VolUtility](https://github.com/lprat/VolUtility): Web Interface for Volatility Memory Analysis framework from https://github.com/kevthehermit/VolUtility
[ronin-exploits](https://github.com/ronin-rb/ronin-exploits): A Ruby micro-framework for writing and running exploits
[macOS-Cybersecurity-Handbook](https://github.com/johnsoga/macOS-Cybersecurity-Handbook): Guide to Securing a Modern Apple Computer
[leap-security](https://github.com/aycanirican/leap-security): Cybersecurity with D-Wave Quantum Leap
[MixewayHub](https://github.com/Mixeway/MixewayHub): Mixeway is security orchestrator for vulnerability scanners which enable easy plug in integration with CICD pipelines. MixewayHub project contain one click docker-compose file which configure and run images from docker hub.
[The-Dark-and-Bright-Side-of-IoT-Dataset](https://github.com/AMHD/The-Dark-and-Bright-Side-of-IoT-Dataset): The Dark (and Bright) Side of IoT: Attacks and Countermeasures for Identifying Smart Home Devices and Services by A. M. Hussain et al.
[Secret-Data-Manager-SDM-](https://github.com/SherazIbrahim/Secret-Data-Manager-SDM-): Its for security purpose .You can secure your Secret data using this.Its code is for non-Commercial Use .Do not use its code for any Commercial purpose. "Secure you Secrets"!
[simple-user-simulation](https://github.com/michaelb/simple-user-simulation): powershell script to simulate activity by a user
[deadswitch-linux](https://github.com/dimensionc132/deadswitch-linux): A Dead Man Switch which runs on a your Linux system and is designed to be a security tool to safeguard your secrets. Dead Switch is written in Bash and Python.
[winmagic_sd](https://github.com/patois/winmagic_sd): Technical Write-Up on and PoC Exploit for CVE-2020-11519 and CVE-2020-11520
[header_scan](https://github.com/asce-21/header_scan): Learning Python automation from Hacking Simplified's video. This script is also result of the video from the Python automation series.
[Damn-Vulnerable-Bank](https://github.com/rewanthtammana/Damn-Vulnerable-Bank): Damn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to assess your android application security hacking skills.
[backfuzz](https://github.com/localh0t/backfuzz): protocol fuzzing toolkit
[sauron](https://github.com/amal-thundiyil/sauron): Open Source Software Security Inspector 🧐
[Network-Tools](https://github.com/fer-moreira/Network-Tools): Python Network Tooling for pentest
[graylog2-server](https://github.com/Graylog2/graylog2-server): Free and open source log management
[gitlab-RCE-11.4.7](https://github.com/Algafix/gitlab-RCE-11.4.7): GitLab 11.4.7 CE RCE exploit with different reverse shells. CVE-2018-19571 + CVE-2018-19585
[fatt](https://github.com/bin3xish477/fatt): fatt (Find All The Things) is a tool written in Go that'll find common strings in a file or HTTP response.
[extract_otp_secret_keys](https://github.com/scito/extract_otp_secret_keys): Extract two-factor authentication (2FA, TFA) secret keys from export QR codes of "Google Authenticator" app. The secret and otp values can be printed and exported to json or csv. The QR codes can be printed or saved as PNG images.
[Titanium](https://github.com/Lucksi/Titanium): A Social Engineering Tool
[SecureDialogues](https://github.com/sqglobe/SecureDialogues): Приложение обеспечивает дополнительный уровень шифрования сообщений, котрые передаются через сервисы подобные Gmail
[kibana-multitenant-proxy](https://github.com/gnuhpc/kibana-multitenant-proxy): A proxy behind nginx while before kibana (4.x, 5.x) to provide data isolation for different users
[enlightn](https://github.com/enlightn/enlightn): Your performance & security consultant, an artisan command away.
[jsprime](https://github.com/dpnishant/jsprime): a javascript static security analysis tool
[X-SpringBoot](https://github.com/yzcheng90/X-SpringBoot): X-SpringBoot是一个轻量级的Java快速开发平台,能快速开发项目并交付【接私活利器】
[Shield.VSIX](https://github.com/dotnetsafer/Shield.VSIX): Extension to protect and obfuscate your .NET applications without leaving visual studio.
[e2-setup-private-docker-registry](https://github.com/devteds/e2-setup-private-docker-registry): Setup private docker registry using docker machine - https://devteds.com/episodes/2-setup-private-docker-registry-secure-with-ssl-password
[gopass-cheat-sheet](https://github.com/Woile/gopass-cheat-sheet): Cheat Sheet for the awesome gopass
[libpico](https://github.com/mypico/libpico): Pico support library written in C
[dailyhack](https://github.com/mddanishyusuf/dailyhack): 🐱💻 Tiny Tiny Hacks we use in our daily life.
[VulWebaju](https://github.com/Aju100/VulWebaju): VulWebaju is a platform that automates setting up your pen-testing environment for learning purposes.
[xss-me](https://github.com/J2TEAM/xss-me): A simple web application to learn about Cross-Site Scripting (XSS)
[hacker101-ctf](https://github.com/testert1ng/hacker101-ctf): Hacker101 CTF Writeup
[exchange-penetration-testing](https://github.com/kh4sh3i/exchange-penetration-testing): The great Microsoft exchange hack: A penetration tester’s guide (exchange penetration testing)
[cexf](https://github.com/MISP/cexf): Common Exercise Format - CEXF
[Web-Shells](https://github.com/TheBinitGhimire/Web-Shells): Some of the best web shells that you might need!
[missile-vs-melee-take-three](https://github.com/shlomif/missile-vs-melee-take-three): "Queen Amidala vs. The Klingon Warriors" - an enhanced/modernised version of the David and Goliath story set in a fanfic crossoverred Star Trek and Star Wars universe. "Why can't we have both?" (CC-by)
[proceedings-2016](https://github.com/shmoocon/proceedings-2016): ShmooCon Proceedings 2016
[EclipseWare](https://github.com/EclipsesDev/EclipseWare): Lightweight & Keyless lua level 8 executor made by Eclipse!#6582
[windows-defender-remover](https://github.com/jbara2002/windows-defender-remover): A tool which is uses to remove Windows Defender in Windows 8.x, Windows 10 (every version) and Windows 11.
[Bers3rk](https://github.com/litchipi/Bers3rk): A simple bruteforcer for little wordlists derivation
[MikrotikExploit](https://github.com/miladdiaz/MikrotikExploit): Scan and Export RouterOS Password
[securityguide](https://github.com/mafiaguy/securityguide): A guide to be come a cyber-security researcher
[OSCPprep](https://github.com/Scr1ptK1ddie/OSCPprep): OSCP repo with cheat sheets and resources for studying.
[BurpAcademyLABs](https://github.com/p1ngul1n0/BurpAcademyLABs)
[learn250](https://github.com/AkashHamal0x01/learn250)
[RITA-J](https://github.com/Cyb3r-Monk/RITA-J): Implementation of RITA (Real Intelligence Threat Analytics) in Jupyter Notebook with improved scoring algorithm.
[Hacking-Study](https://github.com/itemgiver/Hacking-Study): I studied basic knowledge about hacking. Also, I learned how to find and exploit vulnerabilities in the system by solving hacking problems.
[CVE-2022-1388](https://github.com/Zeyad-Azima/CVE-2022-1388): F5 BIG-IP iControl REST vulnerability RCE exploit with Java including a testing LAB
[snowden-archive](https://github.com/iamcryptoki/snowden-archive): 💥 A collection of all documents leaked by former NSA contractor and whistleblower Edward Snowden.
[openssh-portable](https://github.com/openssh/openssh-portable): Portable OpenSSH
[NGWAF](https://github.com/FA-PengFei/NGWAF): First iteration of ML based Feedback WAF
[ProjectHackerium](https://github.com/Ludaxord/ProjectHackerium): Collection of classes/methods helpful in pentesting. Based on book Black Hat Python
[RE-helper](https://github.com/R3x/RE-helper): A tool that acts as an assistant for Reverse Engineering challenges in CTFs
[laravel-ctf-exercise](https://github.com/appelsiini/laravel-ctf-exercise): Intentionally vulnerable Laravel CTF Style pentesting exercise application used in Laracon Madrid 2019 presentation
[PowerShdll](https://github.com/p3nt4/PowerShdll): Run PowerShell with rundll32. Bypass software restrictions.
[Malware-Sample-Sources](https://github.com/Virus-Samples/Malware-Sample-Sources): Malware Sample Sources
[Nuclei-Template-Exploit-F5-BIG-IP-iControl-REST-Auth-Bypass-RCE-Command-Parameter](https://github.com/MrCl0wnLab/Nuclei-Template-Exploit-F5-BIG-IP-iControl-REST-Auth-Bypass-RCE-Command-Parameter): CVE-2022-1388 is an authentication bypass vulnerability in the REST component of BIG-IP’s iControl API that was assigned a CVSSv3 score of 9.8. The iControl REST API is used for the management and configuration of BIG-IP devices. CVE-2022-1388 could be exploited by an unauthenticated attacker with network access to the management port or self IP addresses of devices that use BIG-IP. Exploitation would allow the attacker to execute arbitrary system commands, create and delete files and disable services.
[passphrase-wordlist](https://github.com/initstring/passphrase-wordlist): Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords
[cluster-image-scanner](https://github.com/SDA-SE/cluster-image-scanner): Discover vulnerabilities and container image misconfiguration in production environments.
[mzap](https://github.com/hahwul/mzap): ⚡️ Multiple target ZAP Scanning
[ReconPi](https://github.com/x1mdev/ReconPi): ReconPi - A lightweight recon tool that performs extensive scanning with the latest tools.
[awvs_xray](https://github.com/Ovi3/awvs_xray): AWVS13和xray的自动化扫描脚本
[linuxprivchecker](https://github.com/sleventyeleven/linuxprivchecker): linuxprivchecker.py -- a Linux Privilege Escalation Check Script
[terraform-security-scan](https://github.com/triat/terraform-security-scan): Run a security scan on your terraform with the very nice https://github.com/aquasecurity/tfsec
[CamHeightChange-1.12.2](https://github.com/Pl0shka/CamHeightChange-1.12.2): CamHeightChange 1.12.2
[AttackSurfaceAnalyzer](https://github.com/microsoft/AttackSurfaceAnalyzer): Attack Surface Analyzer can help you analyze your operating system's security configuration for changes during software installation.
[php-2HW08](https://github.com/eryshkov/php-2HW08): Home work 8. PHP Stage 2
[cifrar-descifrar-php](https://github.com/parzibyte/cifrar-descifrar-php): Cifrar y descifrar datos con PHP usando la librería php-encryption; cifrar con clave general o con claves generadas por contraseñas de usuarios
[webcr4wl](https://github.com/47hxl-53r/webcr4wl): This tool is used for web penetration testing features like subnet scanning, directory enumeration, port scanning and more
[jsAesCrypt](https://github.com/Dead4W/jsAesCrypt): A Javascript library for AES256-CBC encrypt/decrypt files. Format of AesCrypt (version 2)
[AqHax-CSGO](https://github.com/krxdev-kaan/AqHax-CSGO): Simple CSGO Hack
[serafdev.github.io](https://github.com/serafdev/serafdev.github.io): Personal Blog where I write mostly about Computer Science related subjects.
[mininode](https://github.com/wspr-ncsu/mininode): Mininode is a CLI tool to reduce the attack surface of the Node.js applications by using static analysis.
[CVE-2019-7192_QNAP_Exploit](https://github.com/th3gundy/CVE-2019-7192_QNAP_Exploit): QNAP pre-auth root RCE Exploit (CVE-2019-7192 ~ CVE-2019-7195)
[exploit-CVE-2022-0482](https://github.com/Acceis/exploit-CVE-2022-0482): Easy!Appointments < 1.4.3 - Unauthenticated PII (events) disclosure
[Stealing-sounds](https://github.com/0x802/Stealing-sounds): The script turns on the microphone to record audio from the victim's device and sends it to the MEGA website in an audio document format.
[LogESP](https://github.com/dogoncouch/LogESP): Open Source SIEM (Security Information and Event Management system).
[gophish-notifier](https://github.com/t94j0/gophish-notifier): Notification webhook for GoPhish
[be-root](https://github.com/faculdade/be-root): Backdoor em PHP para uso educacional. Upload :heavy_check_mark: Acesse :heavy_check_mark: Seja o root :skull:
[ph-commons](https://github.com/phax/ph-commons): Java 1.8+ Library with tons of utility classes required in all projects
[Vigilante-Toolset](https://github.com/MBHudson/Vigilante-Toolset): !!!WORLD'S 🌍 #1🥇 TOR HACKING SUITE!!! Designed to scan and exploit vulnerabilities within Tor hidden services. Vigilante allows most tools to work as normal while resolving .onion
[Rage](https://github.com/billythegoat356/Rage): Rage allows you to execute any file in a Microsoft Office document.
[GONET-Scanner](https://github.com/luijait/GONET-Scanner): Golang network scanner with arp discovery and own parser
[cod-exploits](https://github.com/momo5502/cod-exploits): ☠️ Call of Duty - Vulnerabilities and proof-of-concepts
[pyre-check](https://github.com/facebook/pyre-check): Performant type-checking for python.
[EmbedOS](https://github.com/scriptingxss/EmbedOS): EmbedOS - Embedded security testing virtual machine
[TripleCross](https://github.com/h3xduck/TripleCross): A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.
[MobSF-Related-Materials](https://github.com/MobSF/MobSF-Related-Materials): MobSF related Presentations, Slides and Others.
[xamfra.github.io](https://github.com/XAMFRA/xamfra.github.io): XAR WebSite
[basic-hooking](https://github.com/jayo78/basic-hooking): Examples of basic windows API hooking techniques
[SynchNouys](https://github.com/sickog0d/SynchNouys): Tool made to search for admin tab on the site
[dirty_sock](https://github.com/initstring/dirty_sock): Linux privilege escalation exploit via snapd (CVE-2019-7304)
[hoaxshell](https://github.com/t3l3machus/hoaxshell): An unconventional Windows reverse shell, currently undetected by Microsoft Defender and various other AV solutions, solely based on http(s) traffic.
[cnfuzz](https://github.com/suecodelabs/cnfuzz): Breaking Cloud Native Web APIs in their natural habitat.
[sample-micronaut-applications](https://github.com/piomin/sample-micronaut-applications): sample application illustarting usage of micronaut framework
[foozzer](https://github.com/tickelton/foozzer): A quick and dirty, cross-platform fuzzing framework
[Dolphin.Memory.Access](https://github.com/Sewer56/Dolphin.Memory.Access): Tiny 9KB barebones library used to access the memory of Dolphin emulator on Windows.
[YAWNING-TITAN](https://github.com/dstl/YAWNING-TITAN): YAWNING TITAN is an abstract, graph based cyber-security simulation environment that supports the training of intelligent agents for autonomous cyber operations.
[UICKeyChainStore](https://github.com/kishikawakatsumi/UICKeyChainStore): UICKeyChainStore is a simple wrapper for Keychain on iOS, watchOS, tvOS and macOS. Makes using Keychain APIs as easy as NSUserDefaults.
[T-Remix](https://github.com/Arij-arman/T-Remix): An advanced TERMUX customisation tool. It will give your TERMUX a new look.I will not tell you anything just try THIS TOOL,T-REMIX.:)
[STRIDE-vs-ASVS](https://github.com/mllamazares/STRIDE-vs-ASVS): 🔦 STRIDE vs ASVS equivalence table
[HummerRisk](https://github.com/HummerRisk/HummerRisk): HummerRisk 是云原生安全检测平台,提供三个方面的能力:混合云安全合规,K8S容器云安全和软件安全
[iDoka.github.io](https://github.com/iDoka/iDoka.github.io): iDoka's web page on Github
[JPG-PNG-EXPLOIT](https://github.com/trewisscotch/JPG-PNG-EXPLOIT)
[Hostname-Polluter](https://github.com/ignis-sec/Hostname-Polluter): Minimalistic extension to quickly check hostname pollution
[evildork](https://github.com/Fricciolosa-Red-Team/evildork): Evildork targeting your fiancee👁️
[like-dbg](https://github.com/0xricksanchez/like-dbg): Fully dockerized Linux kernel debugging environment
[demo-spring-cloud-vault](https://github.com/gmarziou/demo-spring-cloud-vault): Shows how to use Spring Cloud Vault Config to retrieve database username/password from Vault
[tex-course-index-template](https://github.com/dhondta/tex-course-index-template): A template for writing a condensed course index leveraging LaTeX indexing
[bint](https://github.com/BotolMehedi/bint): INTERNATIONAL FACEBOOK ACCOUNT CRACKER
[ctf-tools](https://github.com/NinjaBunny9000/ctf-tools): bun's 1337 hacker toolset
[twostep](https://github.com/marcoonroad/twostep): HOTP and TOTP algorithms for 2-step verification (for OCaml). :clock10: :closed_lock_with_key: :1234: :camel:
[xeonCAPTCHA](https://github.com/neto737/xeonCAPTCHA): A simple CAPTCHA system written in PHP
[DWG](https://github.com/FooqX/DWG): Generates fake discord webhooks
[MS-Thesis](https://github.com/ozzgural/MS-Thesis): My Master of Science Thesis Project related researches, projects and documents.
[When-Deep-Learning-Meets-Differential-Privacy-Privacy-Security-and-More](https://github.com/saaries/When-Deep-Learning-Meets-Differential-Privacy-Privacy-Security-and-More): Li X, Chen Y, Wang C, Shen C. When Deep Learning Meets Differential Privacy: Privacy, Security, and More. IEEE Network. 2021 Nov;35(6):148-55.
[jenkins-plugin](https://github.com/Probely/jenkins-plugin): Integrate our security scans with your Jenkins CI/CD pipeline
[ZIPtoMalware](https://github.com/abdulkadir-gungor/ZIPtoMalware): It embeds the executable file or payload inside the zip/rar file. It can use two different methods. The first method embeds the executable or payload in the zip/rar file without any action. In this way, it can be triggered and run by documents in the compressed file or in the same folder. The second method encrypts the executable file or payload and it also uses the "garbage code insertion/dead-code insertion" method to prevent the payload from being caught by the antivirus at runtime. Both methods do not damage the rar/zip file. It is not detected by users. However, the first method can be detected by the antivirus depending on the code embedded.
[cylms](https://github.com/crond-jaist/cylms): CyLMS: Cybersecurity Training Support for LMS
[WinGroupBrute](https://github.com/OGDeguy/WinGroupBrute): A short vbscript that adds the supplied user to all domain and local groups if the current user has the correct privileges.
[Moodle-Hacking](https://github.com/fawazahmed0/Moodle-Hacking): Hack Moodle Exam. Sponsored by https://sendletter.org, the Cheapest way to Send Letters
[riteshpuvvada.github.io](https://github.com/RiteshPuvvada/riteshpuvvada.github.io): Vulnerability Walkthrough
[fastgate-python](https://github.com/Depau/fastgate-python): Python tools for Fastweb FastGATE exploits
[OpenCircle](https://github.com/guardianproject/OpenCircle): Open-source Circle of 6 with improved security and privacy features. PLEASE NOTE: For the new Circulo app please visit: https://gitlab.com/circuloapp/circulo-android
[laravel-welcome-notification](https://github.com/spatie/laravel-welcome-notification): Send a welcome notification to new users
[Stegencry](https://github.com/jclge/Stegencry): Stegencry is an image encryption library.
[gargoyle](https://github.com/JLospinoso/gargoyle): A memory scanning evasion technique
[GRFICSv2](https://github.com/Fortiphyd/GRFICSv2): Version 2 of the Graphical Realism Framework for Industrial Control Simulation (GRFICS)
[trackerjacker](https://github.com/calebmadrigal/trackerjacker): Like nmap for mapping wifi networks you're not connected to, plus device tracking
[hackingthe.cloud](https://github.com/Hacking-the-Cloud/hackingthe.cloud): An encyclopedia for offensive and defensive security knowledge in cloud native technologies.
[bug-bounty](https://github.com/JakobTheDev/bug-bounty): My personal bug bounty toolkit.
[Windows11_Hardening](https://github.com/beerisgood/Windows11_Hardening): My Windows 11 x64 security hardening guide
[WixsharpSysmon](https://github.com/1Dimitri/WixsharpSysmon): Wixsharp based installed MSI for Sysmon and rules from the SwiftOnSecurity project
[ArduinoQuacking](https://github.com/User1391/ArduinoQuacking): A script that turns an Arduino Micro into a rubber ducky.
[mendmix](https://github.com/dromara/mendmix): Mendmix定位是一站式分布式开发架构开源解决方案及云原生架构技术底座。Mendmix提供了数据库、缓存、消息中间件、分布式定时任务、安全框架、网关以及主流产商云服务快速集成能力。基于Mendmix可以不用关注技术细节快速搭建高并发高可用基于微服务的分布式架构。
[OpenGost](https://github.com/sergezhigunov/OpenGost): An open-source .NET library providing the modern Russian national standard cryptographic algorithms
[RetroFreak_Toolkit](https://github.com/GoobyCorp/RetroFreak_Toolkit): A toolkit designed to help root the RetroFreak emulator console.
[echidna](https://github.com/crytic/echidna): Ethereum smart contract fuzzer
[ArmorLib](https://github.com/milesmcc/ArmorLib): Easily scan files for threats to security and privacy. A Rust library and command line tool. WIP.
[ipsum](https://github.com/stamparm/ipsum): Daily feed of bad IPs (with blacklist hit scores)
[Fivem-Source](https://github.com/Fnoberz/Fivem-Source): 💉 : source for creating lua executor
[Horn3t](https://github.com/JannisKirschner/Horn3t): Powerful Visual Subdomain Enumeration at the Click of a Mouse
[misp-grafana](https://github.com/MISP/misp-grafana): A real-time Grafana dashboard using MISP ZeroMQ message queue and InfluxDB
[vncperlbot](https://github.com/ind3p3nd3nt/vncperlbot): Perl IRC Bot for scanning and exploiting VNC servers on several ports using Mojo::IRC module.
[Cabinet_of_Curiosities](https://github.com/ianliu-johnston/Cabinet_of_Curiosities): A Collection of Captured Malware.
[rack-secure-upload](https://github.com/dtaniwaki/rack-secure-upload): Upload files securely
[D0x-K1t-v2](https://github.com/Roo7K1d/D0x-K1t-v2): Active reconaissance, information gathering and OSINT built in a portable web application test.
[TH3KEN-EDITION](https://github.com/th3ken-dev/TH3KEN-EDITION)
[SafetyBackupSystem](https://github.com/nicholasmarasco95/SafetyBackupSystem): Safety Backup System is a project complete of Client, Server and Remote Access software, developed to improve security of users. It's extremely useful to prevent data loss in case of cyberattack or hardware malfunction. SBS can backup computer files and send them to a remote server or store them in an external device.
[Cyber-Security-Blog](https://github.com/LasCC/Cyber-Security-Blog): Personal blog about cyber security and challenges
[Elkeid](https://github.com/bytedance/Elkeid): Elkeid is a Cloud-Native Host-Based Intrusion Detection solution project to provide next-generation Threat Detection and Behavior Audition with modern architecture.
[C2Break](https://github.com/AgainstTheWest/C2Break): C2Break database management exploit 04/11/2022
[Shellcode-Injector](https://github.com/chrispetrou/Shellcode-Injector): 💉 A tool that allows shellcode injection into another process's memory space. It works for both Windows x64 and x86 systems.
[BugBountyScanner](https://github.com/chvancooten/BugBountyScanner): A Bash script and Docker image for Bug Bounty reconnaissance. Intended for headless use.
[cryptography-misc-tools](https://github.com/Latonis/cryptography-misc-tools): Miscellaneous Cryptography Scripts I have Written or Acquired . Please feel free to fork/pull/whatever to increase the content.
[Cybersecurity-gadgets](https://github.com/tsnsoft/Cybersecurity-gadgets): Кибербезопасность и мобильные устройства
[Domain-generation-algorithms](https://github.com/vinayakumarr/Domain-generation-algorithms): Domain Generation Algorithms (DGAs) using traitional machine learning and deep learning
[Toroxy](https://github.com/Postuf/Toroxy): Tor-based proxy for linux
[Skiddie](https://github.com/Aviral14/Skiddie): A collection of Web Capture the Flag challenges that I created for various CTFs at BPHC
[Vulnerability_Manager](https://github.com/GermanoFLeite/Vulnerability_Manager): 💻 É uma plataforma desenvolvida com a a finalidade de mostrar métricas e análises de fatores de riscos e vulnerabilidades em ativos para melhor produtividade
[YoutubeVideoHack](https://github.com/mishakorzik/YoutubeVideoHack): Install video in youtube for free
[linux-soft-exploit-suggester](https://github.com/belane/linux-soft-exploit-suggester): Search Exploitable Software on Linux
[gen1cpu](https://github.com/ZYSF/gen1cpu): Finally, a CPU that isn't mind-numbingly complex. Batteries sold separately.
[avain](https://github.com/ra1nb0rn/avain): A Modular Framework for the Automated Vulnerability Analysis in IP-based Networks
[rsa-breaker](https://github.com/fengtan/rsa-breaker): Command line tool to break weak RSA keys using Wiener's attack
[wordlist.rb](https://github.com/postmodern/wordlist.rb): A Ruby library and CLI for generating and working with wordlists.
[Oracle-BI-bugs](https://github.com/vah13/Oracle-BI-bugs)
[urlRecon](https://github.com/Srinivas11789/urlRecon): :pencil: urlRecon - Info Gathering or Recon tool for Urls -> Retrieves * Whois information of the domain * DNS Details of the domain * Server Fingerprint * IP geolocation of the server
[MinerInTheMiddle](https://github.com/DotNetRussell/MinerInTheMiddle): This application was created as a POC for how to scan your local network traffic for HTTP requests and then inject various javascript cryptocurrency miners into the response payloads
[d7ead.github.io](https://github.com/D7EAD/d7ead.github.io)
[gomalshare](https://github.com/MonaxGT/gomalshare): Go library MalShare API
[blackeye](https://github.com/EricksonAtHome/blackeye): BLACKEYE v2.0 | New Phishing tool with localtunnel
[diffence](https://github.com/techjacker/diffence): Checks a git diff for offensive content
[dnsgo](https://github.com/grt1st/dnsgo): A dns server, small and cute. Use it to test web security such as dnslog and dns rebinding. it's kind of like ceye.io
[TAIK](https://github.com/TERMUXID3/TAIK): Tool hack Dark FB tanpa lisensi
[datree](https://github.com/datreeio/datree): Prevent Kubernetes misconfigurations from reaching production (again 😤 )! From code to cloud, Datree provides an E2E policy enforcement solution to run automatic checks for rule violations. See our docs: https://hub.datree.io
[Aaia](https://github.com/rams3sh/Aaia): AWS Identity and Access Management Visualizer and Anomaly Finder
[DevelopersSecurityBestPractices](https://github.com/sqreen/DevelopersSecurityBestPractices)
[tuersteher](https://github.com/hazelfazel/tuersteher): Türsteher is a free powerful Windows kernel driver for comprehensive application control a.k.a. executable white- and blacklisting.
[Capture-The-Flag](https://github.com/LeKSuS-04/Capture-The-Flag): :triangular_flag_on_post: Scripts, files, logs and everything else I have left after participating in different CTFs
[depseeker](https://github.com/projectpandora/depseeker): depseeker is a fast and multi-purpose toolkit for finding npm dependencies in web applications, it is designed to maintain the result reliability with increased threads.
[PE-Miner](https://github.com/justalghamdi/PE-Miner): Code Cave Finder And Injector
[dvna](https://github.com/appsecco/dvna): Damn Vulnerable NodeJS Application
[virity](https://github.com/sharenowTech/virity): Automated Vulnerability Analysis and Disclosure of Docker Containers
[Flask-Unsign-Wordlist](https://github.com/Paradoxis/Flask-Unsign-Wordlist): The following package is the standalone wordlist-only component to flask-unsign.
[ics-scada](https://github.com/clizSec/ics-scada): ICS and SCADA tools and exploits
[awesome-pentest-cheat-sheets](https://github.com/coreb1t/awesome-pentest-cheat-sheets): Collection of the cheat sheets useful for pentesting
[icestick-glitcher](https://github.com/SySS-Research/icestick-glitcher): Simple voltage glitcher implementation for the Lattice iCEstick Evaluation Kit
[DuckyKiller](https://github.com/LandonPowell/DuckyKiller): Short Python script that attempts to neuter USB Rubber Duckies.
[windows-malware-exe-blocker](https://github.com/y0g3sh-99/windows-malware-exe-blocker): This tool blocks well known exe, bat, com launchers / executables of malwares (Trojans, ransomwares, worms etc)
[dlint](https://github.com/dlint-py/dlint): Dlint is a tool for encouraging best coding practices and helping ensure Python code is secure.
[zeek-otx](https://github.com/SackOfHacks/zeek-otx): Repository of scripts to add AlienVault's OTX intel feed to Zeek and Security Onion 2
[revshfuzz](https://github.com/PinkP4nther/revshfuzz): A tool for fuzzing for ports that allow outgoing connections
[heimdall-lite](https://github.com/mitre/heimdall-lite): Heimdall Lite 2.0 is a JavaScript based security results viewer and review tool supporting multiple security results formats, such as: InSpec, SonarQube, OWASP-Zap and Fortify which you can load locally, from S3 and other data sources.
[pyup-django](https://github.com/pyupio/pyup-django): Displays a red warning banner if you are running an insecure Django release.
[windows_hardening](https://github.com/0x6d69636b/windows_hardening): HardeningKitty and Windows Hardening settings and configurations
[boomerang](https://github.com/EmersonElectricCo/boomerang): A tool designed for consistent and safe capture of off network web resources.
[CVE-2019-1458](https://github.com/unamer/CVE-2019-1458): CVE-2019-1458 Windows LPE Exploit
[Python-Ransomware](https://github.com/ncorbuk/Python-Ransomware): Python Ransomware Tutorial - YouTube tutorial explaining code + showcasing the ransomware with victim/target roles
[faraday_plugins](https://github.com/infobyte/faraday_plugins): Security tools report parsers for FaradaySEC
[zombiegang](https://github.com/r3nt0n/zombiegang): Botnet framework with modular and extensible architecture, task scheduler, remote shell live sessions and a retro look-feeling interface which makes it funny to use. By now, it includes keylogger, DDoS and bruteforce attacks. The project is still under development phase, I appreciate any contribution :)
[_petusawo_](https://github.com/Akoraye/_petusawo_): A tool to remove clutter from vulnerability scans
[firezone](https://github.com/firezone/firezone): WireGuard®-based VPN server and firewall
[kingfisher](https://github.com/artem94m/kingfisher): Simple Python 3 static code analyzer.
[layer-zero-unlv.github.io](https://github.com/layer-zero-unlv/layer-zero-unlv.github.io): layer-zero's webpage
[OpenVAS-Docker](https://github.com/Secure-Compliance-Solutions-LLC/OpenVAS-Docker): A Docker Image For the Open Vulnerability Assessment Scanner (OpenVAS)
[FastDork](https://github.com/SKVNDR/FastDork): ⚡Chrome extension allows you to create lists of Google and Github dork to open multiple tabs with one click, import "scope/out of scope" from #HackerOne #Bugcrowd #Intigriti ...
[mumble-selinux](https://github.com/georou/mumble-selinux): Mumble/mumur daemon server SELinux policy module for CentOS 7 & RHEL 7 systems
[noscan](https://github.com/puerco/noscan): the simplest vulnerability scanner available
[pbrucla.github.io](https://github.com/pbrucla/pbrucla.github.io): The home website for Psi Beta Rho, UCLA's competitive Capture the Flag (CTF) cybersecurity team!
[Rust-External](https://github.com/Fnoberz/Rust-External): C++ Open Source for Cheating Externel
[LSynFlood](https://github.com/SOSAkornut/LSynFlood): This is a repo for synflood DDOS attacks
[Auditar-login-RDP-email](https://github.com/adrianlois/Auditar-login-RDP-email): PowerShell: Auditar inicios de sesión erróneos Id. y notificarlos vía email
[Vulnerability-SCAN-TOOL-SQL-XSS-LFI](https://github.com/alp55/Vulnerability-SCAN-TOOL-SQL-XSS-LFI): SQL XSS LFI Zafiyet Tespit Aracı
[aegis4j](https://github.com/gredler/aegis4j): A Java agent that disables platform features you don't use, before an attacker uses them against you.
[huskyCI](https://github.com/globocom/huskyCI): Performing security tests inside your CI
[2FAtoTray](https://github.com/artginzburg/2FAtoTray): Copy 2FA tokens in a click (macOS)
[8level-WRT-1200AC-firmware-tools](https://github.com/krzys-h/8level-WRT-1200AC-firmware-tools): Some tools for hacking 8level WRT-1200AC router firmware
[AutoRepeater](https://github.com/nccgroup/AutoRepeater): Automated HTTP Request Repeating With Burp Suite
[magic-qradar](https://github.com/tacosaure/magic-qradar): Powershell script to query IBM Qradar SIEM and to generate KPI
[pypentesting](https://github.com/chrispetrou/pypentesting): python tools to assist in penetration testing
[mutual-tls-ssl](https://github.com/Hakky54/mutual-tls-ssl): 🔐 Tutorial of setting up Security for your API with one way authentication with TLS/SSL and mutual authentication for a java based web server and a client with both Spring Boot. Different clients are provided such as Apache HttpClient, OkHttp, Spring RestTemplate, Spring WebFlux WebClient Jetty and Netty, the old and the new JDK HttpClient, the old and the new Jersey Client, Google HttpClient, Unirest, Retrofit, Feign, Methanol, vertx, Scala client Finagle, Featherbed, Dispatch Reboot, AsyncHttpClient, Sttp, Akka, Requests Scala, Http4s Blaze, Kotlin client Fuel, http4k, Kohttp and ktor. Also other server examples are available such as jersey with grizzly. Also gRPC, WebSocket and ElasticSearch examples are included
[lcp](https://github.com/guard-project/lcp): In each local agent, the control plane is responsible for programmability, i.e., changing the behaviour of the data plane at run-time.
[openc2-json-schema](https://github.com/bberliner/openc2-json-schema): An open-source JSON-Schema validator test suite and command-line tool for OpenC2
[nyxgeek-readinglist](https://github.com/nyxgeek/nyxgeek-readinglist): hacker folklore, history, and culture
[corsair_scan](https://github.com/Santandersecurityresearch/corsair_scan): Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS).
[incident-response-plan-template](https://github.com/counteractive/incident-response-plan-template): A concise, directive, specific, flexible, and free incident response plan template
[huskyCI-dashboard](https://github.com/globocom/huskyCI-dashboard): Frontend to display data from huskyCI analyses
[back-end-api-music-player](https://github.com/rodri-oliveira-dev/back-end-api-music-player): Sistema de Playlist de músicas com o objetivo de treinamento em Micro Serviços, Redis e DotNet Core
[antiprop_basic](https://github.com/Anti-Prop/antiprop_basic): If you don't know how to run the code, read the README.md file.
[OtpForwarder](https://github.com/mistarA/OtpForwarder): An application used to forward OTP, to a specific number. Only those SMS’s are considered which gets generated from the mentioned service provider. Needs SMS Permission.
[atlant-api](https://github.com/F-Secure/atlant-api): F-Secure Atlant API Examples
[BobEXP-Security](https://github.com/BobEXP/BobEXP-Security): Advance Windows Cyber Security Suite
[HatSploit](https://github.com/EntySec/HatSploit): Modular penetration testing platform that enables you to write, test, and execute exploit code.
[Bark](https://github.com/Sloobot/Bark): Bark Toolkit is a toolkit wich provides Denial-of-service attacks, SMS attacks and more.
[Vutils](https://github.com/vic4key/Vutils): Vutils or Vic Utilities is an utility library written in Modern C++ and for Modern C++. It helps your programming go easier, faster, and simpler.
[dircat](https://github.com/momos1337/dircat): simple code directory brute
[FormationVideo](https://github.com/jasonchampagne/FormationVideo): Contenus et ressources de la chaîne FormationVidéo (YouTube)
[S-DES-simulator](https://github.com/zi-gae/S-DES-simulator): its S-DES simulator for college students
[learnMorePython3TheHardWay](https://github.com/kei01138/learnMorePython3TheHardWay): 더 탄탄하게 배우는 파이썬 3 - 초짜 파이썬 프로그래머가 다음 단계로 가는 책
[lldap](https://github.com/nitnelave/lldap): Light LDAP implementation
[rstthreats](https://github.com/rstcloud/rstthreats): Aggregated Indicators of Compromise collected and cross-verified from multiple open and community-supported sources, enriched and ranked using our intelligence platform for you. Threat Intelligence, Threat feed, Open source feed.
[Gamehacking-PlayBook](https://github.com/rhshattered/Gamehacking-PlayBook): This is basically just a guide with some code snippets that are very commonly used amongst the game hacking community.
[misp-dashboard](https://github.com/MISP/misp-dashboard): A dashboard for a real-time overview of threat intelligence from MISP instances
[WireCrack](https://github.com/proxyanon/WireCrack): Pentest tool com foco em teste de intrusão em redes wireless para Windows
[renovate-docker](https://github.com/GregorLaber/renovate-docker): PoC Renovate updates Docker images (e.g. Dockerfile, Docker-Compose, K8s Manifest)
[Secure-File-Upload](https://github.com/rudypalacios/Secure-File-Upload): Cargar imágenes de forma segura y crear miniaturas – Secure image upload and thumbnail creation
[OneListForAll](https://github.com/six2dez/OneListForAll): Rockyou for web fuzzing
[cyber-security-reading](https://github.com/ruxiz2020/cyber-security-reading)
[IncidentsMindMaps](https://github.com/jipegit/IncidentsMindMaps): Cybersecurity Incidents Mind Maps
[bbot](https://github.com/blacklanternsecurity/bbot): OSINT automation for hackers.
[autoscan](https://github.com/Shad0wMazt3r/autoscan): It is a simple scanner for Penetration testing and it automates the reconnaissance project.
[password-compiler](https://github.com/alfanoandrea/password-compiler): password generator
[FilterDriver](https://github.com/EaseFilter/FilterDriver): A File System Filter Driver for file I/O monitors, file access control, transparent file encryption.
[Flipd-Hacker](https://github.com/avdaredevil/Flipd-Hacker): Automated Web-Bot that solves all Flipd Tests for you [Late/Current]. Gives you full control over what tests/assignments to solve. Intuitive GUI. Uses hybrid of web-content-scraping, Com objects, and web-requests.
[fleex](https://github.com/FleexSecurity/fleex): Fleex allows you to create multiple VPS on cloud providers and use them to distribute your workload.
[Password-Locker](https://github.com/vaithak/Password-Locker): A cli password storer and manager.
[wwwtf](https://github.com/AnikHasibul/wwwtf): Basic forensic script for hacking the world wide web. Nothing special but a tool to get the initial idea about your target.
[Network-Hacking-Toolkit](https://github.com/ParikhKadam/Network-Hacking-Toolkit): This toolkit is built with an aim of easily being used by beginners in hacking networks. It is written in Python3 and hence the begineers don't need to use special OS like Kali or Parrot. Learn Hacking the easy way..
[Inquisition](https://github.com/magneticstain/Inquisition): An advanced and versatile open-source network anomaly detection platform
[GimKit-Hacks](https://github.com/rxzyx/GimKit-Hacks): The best hack for Gimkit.com you can find!
[UGFraud](https://github.com/safe-graph/UGFraud): An Unsupervised Graph-based Toolbox for Fraud Detection
[PortScanner-Syn-Flood](https://github.com/22Bassel/PortScanner-Syn-Flood): in the first code (porstScanner) ,it builds tcp packet using c. the flag in the packet will be syn ( the first step of handshake in tcp) .then send it , if it gets ACK replay that means the port is open. After that it sends nothing . that makes an open connection. another file ( synflood ) to do syn flood attack .in simple words, it sends a lot of packets to open port until it's flood
[MifareClassicTool](https://github.com/ikarus23/MifareClassicTool): An Android NFC app for reading, writing, analyzing, etc. MIFARE Classic RFID tags.
[modernhacker](https://github.com/LOZORD/modernhacker): A hacker typer for the modern era
[cehv9](https://github.com/yeahhub/cehv9): CEHv9 - Practice Exam Questions with Answers
[Wordpress-Augmented-Reality-Plugin-RCE-Unauthenticated](https://github.com/unCodeBoss/Wordpress-Augmented-Reality-Plugin-RCE-Unauthenticated): Coded By CodeBoss - Our Channel - t.me/codeb0ss
[minemu](https://github.com/brainsmoke/minemu): Minemu is a minimal emulator for dynamic taint analysis ( this is a mirror of https://minemu.org/code/minemu.git )
[permify](https://github.com/Permify/permify): Permify is an open-source authorization service & policy engine based on Google Zanzibar.
[All-In-One-CyberSecurity-Resources](https://github.com/vatsalgupta67/All-In-One-CyberSecurity-Resources): List of CyberSecurity Resources and some different Sub-Sets of CyberSecurity
[hijackgan](https://github.com/a514514772/hijackgan): [CVPR 2021] Pytorch implementation of Hijack-GAN: Unintended-Use of Pretrained, Black-Box GANs
[dumptask](https://github.com/cyring/dumptask): A simple kernel module to dump the tasks
[theway](https://github.com/jbaines-r7/theway): A tool for extracting, modifying, and crafting ASDM binary packages (CVE-2022-20829)
[wp-audit](https://github.com/m3nu/wp-audit): Audit the versions of your Wordpress sites to find old, vulnerable versions.
[Hconsole-Public](https://github.com/Copy05/Hconsole-Public): Hconsole is a terminal
[mod0BurpUploadScanner](https://github.com/modzero/mod0BurpUploadScanner): HTTP file upload scanner for Burp Proxy
[AVCDL](https://github.com/nutonomy/AVCDL): This repository contains material related to the Autonomous Vehicle Cybersecurity Development Lifecycle (AVCDL)
[terraform-incapsula-sites](https://github.com/joeymoore/terraform-incapsula-sites): This module can be used to create protected web-site(s) in Imperva CWAF. Default settings can be overridden when inheriting the module in your project.
[Digital-Forensics-Guide](https://github.com/mikeroyal/Digital-Forensics-Guide): Digital Forensics Guide
[The-Edge](https://github.com/Rhi7/The-Edge): The Edge - Simple find Admin Login Website with Multithreading
[nats-account-server](https://github.com/nats-io/nats-account-server): A simple HTTP/NATS server to host JWTs for nats-server 2.0 account authentication.
[JourneyToLowCode-NoCodeApplicationSecurity](https://github.com/IBMDeveloperMEA/JourneyToLowCode-NoCodeApplicationSecurity): This series will focus on how to easily add authentication to web apps with zero code changes and no redeploy, how to secure a Spring boot Application and lastly how to Ensure that the correct people have the approved access to sensitive data of an application.
[WebRTC-Leak](https://github.com/VoidSec/WebRTC-Leak): Check if your VPN leaks your IP address via the WebRTC technology
[MyJWT](https://github.com/tyki6/MyJWT): A cli for cracking, testing vulnerabilities on Json Web Token(JWT)
[Bot-Bounty](https://github.com/Drayko/Bot-Bounty): Python Script for Telegram Bot is specially built for pentest & bug bounty. It's like a telegram shell.
[shellcode-analysis](https://github.com/dc401/shellcode-analysis): This repo hosts basic win32 compatible and visual studio C based shell code for an article on analysis
[FileChanger](https://github.com/NoahGWood/FileChanger): FileChanger is a script designed for Linux systems to demonstrate the unreliability of data-forensics by manipulating file timestamps on the EXT-4 filesystem
[Exploit_Finder](https://github.com/B4rC0d/Exploit_Finder): This is a Script for Exploit Search
[Secure-Password-Generator](https://github.com/pH7Software/Secure-Password-Generator): 🔐 A simple way to generate random passwords. Compatible with PHP 5.6+
[Cyber-Sploit](https://github.com/Cyber-Dioxide/Cyber-Sploit): A framework like a metasploit containg a variety of modules for pentesting or ethical hacking. This repo willl be updated and new modules will be added time to time.
[A2-BadIPs](https://github.com/polynamaude/A2-BadIPs): A2-BadIPs Apache 2 .htaccess file generator for blocking black-listed IPs.
[stanford-engineering-computer-science](https://github.com/shawna-tuli-uci-kellogg/stanford-engineering-computer-science): [Computer Science] S15 Stanford Engineering | I graduated with a Certificate in Engineering in Computer Science from Stanford University for top Math and CS high school students in Silicon Valley.
[candyCBT-Exploit-Scanner](https://github.com/0xtbug/candyCBT-Exploit-Scanner): A tool to scan websites that use candyCBT
[RTSPiOS](https://github.com/RyanBalfanz/RTSPiOS): A Raspberry Pi distribution that turns your Pi in to an RTSP server (e.g. security camera)
[AIRMASTER](https://github.com/t94j0/AIRMASTER): Use ExpiredDomains.net and BlueCoat to find useful domains for red team.
[RedPython](https://github.com/sucyfer/RedPython): All cybersecurity-oriented python3 libraries at one place
[gastori.github.io](https://github.com/gastori/gastori.github.io)
[MALWARE-DETECTION-FINAL-YEAR-PROJECT](https://github.com/Vatshayan/MALWARE-DETECTION-FINAL-YEAR-PROJECT): Final Year Malware Detection Project with PPT, Research Paper, code and Synopsis. Malware detection project by Machine Learning ALgorithms.
[logfishh](https://github.com/SVelizDonoso/logfishh): Logs Forensic Investigator SSH
[ntlm-directory-finder](https://github.com/aniketpr/ntlm-directory-finder)
[Custom-Kernel-Exploit](https://github.com/nishantparhi/Custom-Kernel-Exploit): Custom Linux Kernel exploited by custom exploit
[Open_Redirect_Payload_List](https://github.com/omurugur/Open_Redirect_Payload_List): Open Redirect Vulnerability Payload List
[Dll-Injector](https://github.com/Zhuagenborn/Dll-Injector): 💉 A Windows dynamic-link library injection tool written in C++20. It can inject a dynamic-link library into a running process by its window title or create a new process with an injection.
[CTF-Journey](https://github.com/Mini-Ware/CTF-Journey): Some useful tips for various types of CTF challenges
[slowlorust](https://github.com/MJVL/slowlorust): Lightweight slowloris (HTTP DoS) implementation in Rust.
[carhacking](https://github.com/daedalus/carhacking): car hacking tools
[XSHOCK](https://github.com/capture0x/XSHOCK): XSHOCK Shellshock Exploit
[grafana-selinux](https://github.com/georou/grafana-selinux): Grafana SELinux policy module for CentOS 7 & RHEL 7
[offensive-cybersec-toolkit](https://github.com/tid4l/offensive-cybersec-toolkit): A central place for offensive (and sometimes not) cybersecurity tools and resources.
[cve-bin-tool](https://github.com/intel/cve-bin-tool): The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 100 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with a list of components and versions.
[karton-classifier](https://github.com/CERT-Polska/karton-classifier): File type classifier for the Karton framework.
[postExploitTool](https://github.com/Daymorelah/postExploitTool): A simple information gathering script used during the post-exploitation phase during a pentest.
[Pentesting-Toolkit](https://github.com/p1r-a-t3/Pentesting-Toolkit): 🏴☠️ Tools for pen-testing, CTFs & wargames. 🏴☠️
[secretive](https://github.com/maxgoedjen/secretive): Store SSH keys in the Secure Enclave
[CVE-2019-0708-poc](https://github.com/hook-s3c/CVE-2019-0708-poc): proof of concept exploit for Microsoft Windows 7 and Server 2008 RDP vulnerability
[CVE-2018-4407-IOS](https://github.com/zteeed/CVE-2018-4407-IOS): POC: Heap buffer overflow in the networking code in the XNU operating system kernel
[py-linux-ports](https://github.com/sujitmandal/py-linux-ports): Check Linux System Port's Status
[Secret-File-Store](https://github.com/SkyThonk/Secret-File-Store): This is an automation script that can create 100 x 100 x 10 nested folders in your pc and randomly it stores your important file which makes it very hard to find that files and to get the location of your stored file you require a password.
[Bridge](https://github.com/SPuerBRead/Bridge): 无回显漏洞测试辅助平台,平台使用Java编写,提供DNSLOG,HTTPLOG等功能,辅助渗透测试过程中无回显漏洞及SSRF等漏洞的验证和利用。
[MetadataExtractor](https://github.com/alephramos/MetadataExtractor)
[BlogAlk-Backend-SpringBoot](https://github.com/Mauu98/BlogAlk-Backend-SpringBoot): Proyecto que simula ser un blog. Se trabajó en el Back-End con Spring Boot, Hibernate, Spring Security, MySQL, JWT y envío de E-Mail para confirmación del Token.
[FindMyPi_osx_mac](https://github.com/Jrsnow8921/FindMyPi_osx_mac): Mac os x app finds ip address of hostname & PINGS
[sandboxed-api](https://github.com/google/sandboxed-api): Generates sandboxes for C/C++ libraries automatically
[linsetmv1-2](https://github.com/chunkingz/linsetmv1-2): Linset is a WPA/WPA2 phishing tool (evil twin)
[dvRAT](https://github.com/justalghamdi/dvRAT): . مشروع يهدف لصنع برمجية خبيثة متكاملة
[veinmind-tools](https://github.com/chaitin/veinmind-tools): veinmind-tools 是由长亭科技自研,基于 veinmind-sdk 打造的容器安全工具集
[gohashID](https://github.com/patflanigan/gohashID): Command line tool to Identify a hash type
[Facebook-phishing](https://github.com/IAmBlackHacker/Facebook-phishing): Phishing Facebook Page in Django Code(Python Based)
[log4j-shell-poc](https://github.com/kozmer/log4j-shell-poc): A Proof-Of-Concept for the CVE-2021-44228 vulnerability.
[AndroidSDK](https://github.com/thyrlian/AndroidSDK): 🐳 Full-fledged Android SDK Docker Image
[MemoryManipulator](https://github.com/mullak99/MemoryManipulator): A C# Library used to manipulate memory of a process.
[evilJ](https://github.com/localh0t/evilJ): find common vulnerabilities in browser's extensions
[edgedns](https://github.com/jedisct1/edgedns): A high performance DNS cache designed for Content Delivery Networks
[Fortnite-External](https://github.com/Fnoberz/Fortnite-External): C++ For Creating Powerful Cheating Fortnite
[Hta-Exploit-Downloader-Malware-Builder](https://github.com/lmdelm/Hta-Exploit-Downloader-Malware-Builder): Features: -Include silent doc exploit -Several exploits, most are sendable via GMail -Compatible with every rat/keylogger/worm -Compatible with Windows XP - Windows 10 32/64 -FUD (DOC CHM) -Works with every MS Office from 2007 to 2016 (excluding Starter edition - there's no macro support) -Startup -base64 encode
[adminFinder](https://github.com/kangnglk/adminFinder): Simple tool used to find admin login page url of a website, written in bash language.
[network-security-probe](https://github.com/Gui774ume/network-security-probe): A process level network security monitoring and enforcement project for Kubernetes, using eBPF
[D3FACE](https://github.com/TheNightSec/D3FACE): 😈D3FACER is an auto-defacer used for defacing a lot of website in no time.
[openid-workshop](https://github.com/danielwagn3r/openid-workshop): Authentifizierung mit OpenID Connect & OAuth 2.0
[Pukeko](https://github.com/francesco1119/Pukeko): Pukeko goes in the wild, create tailored wordlists and enumerate credentials from a local folder
[splatoonhackingpack](https://github.com/louissmokesbackwoods/splatoonhackingpack): tools for splatoon modding(click link to become staff) (all credit to ashteam, tunip3,povlur,cyan,oatmealdome,yahya14,amibu01,gudenau,leanny,everyone else)
[Fenix-VM](https://github.com/crocup/Fenix-VM): Backend logic implementation for Vulnerability Management System
[hacktoberfest2021](https://github.com/namishkhanna/hacktoberfest2021): Make your first PR. A beginner friendly repository made specifically for open source beginners. Add any program under any language (it can be anything from a simple program to a complex data structure algorithm). Happy coding...
[Domaineer](https://github.com/c0del1ar/Domaineer): Domain Engineer or Domaineer is Semi-Auto Bot to gaining data from domains
[thanos](https://github.com/thesaderror/thanos): Thanos is cli based website vulnerability scanner. It includes recording to record all traffic on website to extract hidden links,databases etc.. Also Thanso includes other tools. See ToDo and README.md.
[python-keylogger](https://github.com/Kalebu/python-keylogger): A minimal keylogger that accurately tracks keyboard strokes made in Python
[Kubernetes1.6.1-CIS](https://github.com/ansible-lockdown/Kubernetes1.6.1-CIS): CIS Baseline Ansible Role for Kubernetes 1.6.1
[graphql-cost-analysis](https://github.com/pa-bru/graphql-cost-analysis): A Graphql query cost analyzer.
[toxssin](https://github.com/t3l3machus/toxssin): An XSS exploitation command-line interface and payload generator.
[ssti-flask-hacking-playground](https://github.com/filipkarc/ssti-flask-hacking-playground): App with Server Side Template Injection (SSTI) vulnerability - in Flask. For web penetration testing / ethical hacking. Possible RCE :)
[SecureStorage](https://github.com/dispatchMain/SecureStorage): A lightweight library that lets you store any swift type with AES 256 encryption.
[ctfpwn](https://github.com/bl4de/ctfpwn): Framework for making CTFs, bug bounty and pentesting Python scripting easier
[Parad1seBomb](https://github.com/K1ngSoul/Parad1seBomb): 💣 Sms Bomber for Russia and Ukraine
[cpp-jwt](https://github.com/arun11299/cpp-jwt): JSON Web Token library for C++
[G3nius-Tools-Sploit](https://github.com/witblack/G3nius-Tools-Sploit): G3nius-Tools Sploit is a powerfully user-friendly to Server, Client, Network, Signal exploitation tool. We've online support and updates.
[osx-for-frontend-developers](https://github.com/josemanuelguzman/osx-for-frontend-developers): A minimum (IMO) setup we'll need to get up and running our Mac and a checklist to set up our ✨ OS X for front-end development.
[apeslapslion](https://github.com/idiidk/apeslapslion): A poc WebKit exploit for older devices based on the Phoenhex team exploit.
[qradar_usom](https://github.com/semsaksoy/qradar_usom): USOM cyber intelligence integration with Qradar
[jira-mobile-ssrf-exploit](https://github.com/assetnote/jira-mobile-ssrf-exploit): Exploit code for Jira Mobile Rest Plugin SSRF (CVE-2022-26135)
[Hackference-India-2018](https://github.com/nomadicmehul/Hackference-India-2018): Hackference India 2018
[eraser](https://github.com/Azure/eraser): 🧹 Cleaning up images from Kubernetes nodes
[PhishingPost](https://github.com/mgeeky/PhishingPost): PHP Script intdended to be used during Phishing campaigns as a credentials collector linked to backdoored HTML <form> action parameter
[cyberlog](https://github.com/byronbytes/cyberlog): Main repository for cybersecurity tools and stuff, I will plan on making videos for these.
[gonids](https://github.com/google/gonids): gonids is a library to parse IDS rules, with a focus primarily on Suricata rule compatibility. There is a discussion forum available that you can join on Google Groups: https://groups.google.com/forum/#!topic/gonids/
[Cybersecurity-Notes](https://github.com/Twigonometry/Cybersecurity-Notes): My Markdown notes for all things cybersecurity
[infosec-py-scripts](https://github.com/Omnitheorist/infosec-py-scripts): A collection of Python scripts useful for information security and penetration testing.
[hulk](https://github.com/grafov/hulk): HULK DoS tool ported to Go with some additional features.
[android-pico](https://github.com/mypico/android-pico): Android version of the Pico app
[clair-client](https://github.com/indece-official/clair-client): Command line client for quay/clair v4.x.x
[window.opener](https://github.com/Arinerron/window.opener): A window.opener exploit PoC
[EMVerify](https://github.com/EMVrace/EMVerify): A Tamarin model and analysis of EMV
[htrace.sh](https://github.com/trimstray/htrace.sh): My simple Swiss Army knife for http/https troubleshooting and profiling.
[Linux2.6.39LocalExploit](https://github.com/cansofficall/Linux2.6.39LocalExploit): Linux 2.6.39 Sürümüne Göre Uygun Olan Bir Exploit
[ccc-linux-guest-hardening](https://github.com/intel/ccc-linux-guest-hardening): Linux Security Hardening for Confidential Compute
[topicflowr](https://github.com/sailuh/topicflowr): A package to bin corpus monthly and create time flow through binned topics probability distribution similarity. https://sailuh.github.io/topicflowr/
[Cybersecurity-incident-prediction-and-discovery-data](https://github.com/nansunsun/Cybersecurity-incident-prediction-and-discovery-data)
[tufhub](https://github.com/unkn0wnh4ckr/tufhub): i will post updates on my instagram @unkn0wn_bali tufhub - a hacking framework with all kinds of bruteforce, info gather, dos attack, etc tools in it that you use directly in the script the twitter bruteforce does not work sadly
[giottachou](https://github.com/giottachou/giottachou): I am Panagiota Chouliaraki a soon-to-be graduate of department of Informatics at Ionian University.
[ARS_SHELL_CRYPT](https://github.com/4m4Sec/ARS_SHELL_CRYPT): ARS_SHELL_CRYPT is a modified caesar's-cipher-based encrypt system written in C++.
[Passhunt](https://github.com/Viralmaniar/Passhunt): Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.
[Discord-Logger-](https://github.com/Empire565/Discord-Logger-): THIS IS FOR EDUCATINAL PURPOSES OLNY.I am not responsible for anything you decide to do with this.By downloading this you agree that you are responsible for anything you do with this.
[lambdatotp](https://github.com/Marcelo-Theodoro/lambdatotp): lambdatotp is an application to implement TOTP authentication using Amazon Lambda e DynamoDB.
[18-plus-Facebook-Phishing](https://github.com/swagkarna/18-plus-Facebook-Phishing): 18+Facebook-Phishing.Hack Facebook
[air-script](https://github.com/B3ND1X/air-script): Air Script is Wi-Fi pwning Swiss Army knife that also has optional email notifications for when handshakes have been captured.
[My-CTF-Solutions](https://github.com/aadityapurani/My-CTF-Solutions): Dump of codes for the challenges I attempted / solved in various Capture the Flag challenges. Not intended to be very tidy and clean.
[ReverseAPK](https://github.com/1N3/ReverseAPK): Quickly analyze and reverse engineer Android packages
[WikiSec](https://github.com/americo/WikiSec): Fontes de conteúdo sobre segurança da informação e hacking.
[Practice-CTF](https://github.com/DelStez/Practice-CTF): This repository contains CTF tasks on which I train in encryption, information security and programming.
[Narthex](https://github.com/MichaelDim02/Narthex): Modular personalized dictionary generator.
[phishing-domain-detection](https://github.com/incogGod/phishing-domain-detection): 💀 Phishing Domain Detection Using ML
[WWDC](https://github.com/Blackjacx/WWDC): You don't have the time to watch all the WWDC session videos yourself? No problem me and many contributors extracted the gist for you 🥳
[cam-virus](https://github.com/SiddhantOffl/cam-virus): Cam VIrus shoots from the target's phone front camera or PC webcam just sending a link.
[authenticated-data-structures](https://github.com/zTehRyaN/authenticated-data-structures): Bachelor's Thesis project on Authenticated (and Persistent) Data Structures Analysis and Design for Cloud Integrity.
[robust-adv-malware-detection](https://github.com/ALFA-group/robust-adv-malware-detection): Code repository for the paper "Adversarial Deep Learning for Robust Detection of Binary Encoded Malware"
[dnstricker](https://github.com/LandGrey/dnstricker): A simple dns resolver of dns-record and web-record log server for pentesting
[P6_OC](https://github.com/matteo-d/P6_OC): Projet 6 OpenClassroom - Construire une API sécurisée
[LinuxCheatSheet](https://github.com/ImStillDeadinside/LinuxCheatSheet): Linux Cheat Sheet
[secprac-client](https://github.com/tteeoo/secprac-client): 👨💻 A platform to create cyber security practice games for Linux, similar to the CyberPatriot competition—This is the vulnerability-checking client.
[Gorsair](https://github.com/Ullaakut/Gorsair): Gorsair hacks its way into remote docker containers that expose their APIs
[Bugs-feed](https://github.com/PwnedShell/Bugs-feed): Bug's feed is a local hosted portal where you can search for the latest news, videos, CVEs, vulnerabilities...
[lock-laravel](https://github.com/BeatSwitch/lock-laravel): This package is a Laravel 5 driver for Lock
[cookiestorage](https://github.com/OlegKunitsyn/cookiestorage): Auth Cookie Storage for Zend Framework 1.x
[SIGC2](https://github.com/dc401/SIGC2): A simple proof of concept client and server script to send codified messages in the form of signals to PC's on the domain in Windows over SMB. Some features include randomization timing and actions based on different signaling conditions.
[TheRoadOfSO](https://github.com/satan1a/TheRoadOfSO): 学习安全运营的记录 | The knowledge base of security operation
[Orwell-RAT-and-Botnet](https://github.com/LandonPowell/Orwell-RAT-and-Botnet): Orwell is a RAT and Botnet designed as a trio of programs by Landon Powell.
[SOUL-Airport-luggage-security](https://github.com/manandoshi1607/SOUL-Airport-luggage-security): Virtually binds a passenger’s identity to his/her luggage using biometrics (fingerprint) and artifact (QR code) to ensure that a passenger can only access luggage he/she owns.
[Cybersecurity_Miller_Rabin_PrimeNumber_Detection_Algorithm](https://github.com/Davidmenamm/Cybersecurity_Miller_Rabin_PrimeNumber_Detection_Algorithm): Calculates if a number is composite or PROBABLY prime using the Miller-Rabin algorithm. If the number calculated is more than 10 digits long it could present errors.
[Cam-Dumper](https://github.com/erfannoori/Cam-Dumper): Cam-dumper is a written tool in the language of Python program for hacking CCTV cameras that can access cameras in 20 countries
[AWS-VPN-Server-Setup](https://github.com/webdigi/AWS-VPN-Server-Setup): Setup your own private, secure, free* VPN on the Amazon AWS Cloud in 10 minutes. CloudFormation
[Prot1ntelligence](https://github.com/C3n7ral051nt4g3ncy/Prot1ntelligence): Protintelligence is a Python script for the OSINT & Cyber Community. Protintelligence will provide you with intelligence on Protonmail accounts and users, ProtonVPN IP adresses, ProtonMail users PGP Keys, Digital Footprints left by the ProtonMail user on the Clear and Dark Web
[Tandra](https://github.com/un1n0wn/Tandra): Tundra is a word-list generator that can be used to crack weak passwords, have fun!
[Infomation_Security_BMSTU](https://github.com/solnishko-pvs/Infomation_Security_BMSTU): Защита информации (2021), ИУ7-7, МГТУ
[be-eac-injector](https://github.com/Skengdoo/be-eac-injector): Safe and easy to use Windows dll injector EAC + BE
[Exploit-Collector](https://github.com/Mr-TechX/Exploit-Collector): Exploit Collector
[blockchain-threat-intelligence](https://github.com/slowmist/blockchain-threat-intelligence): Blockchain Threat Intelligence Sharing Platform(区块链威胁情报共享平台)
[NessusV7-Report-Export-PowerShell](https://github.com/Pwd9000-ML/NessusV7-Report-Export-PowerShell): Automated Powershell Script to export NessusPro V7 or Nessus IO Scanner Reports - Nessus API
[libpicobt](https://github.com/mypico/libpicobt): Bluetooth support library written in C
[mitmproxy](https://github.com/mitmproxy/mitmproxy): An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
[Extract_password](https://github.com/Satyavart/Extract_password): Fetch Chrome, Firefox, WiFi password and system info
[awesome-oss-devsec](https://github.com/boxyhq/awesome-oss-devsec): An awesome list of OSS developer-first security tools
[Free-RASP-Community](https://github.com/talsec/Free-RASP-Community): SDK providing app protection and threat monitoring for mobile devices, available for Flutter, Android and iOS.
[sheepwall](https://github.com/chiehmin/sheepwall): Sniff plaintext account/password/cookie on router
[rekono](https://github.com/pablosnt/rekono): Execute full pentesting processes combining multiple hacking tools automatically
[ctftool](https://github.com/taviso/ctftool): Interactive CTF Exploration Tool
[SimpleBruteforce](https://github.com/raghunandhanvr/SimpleBruteforce): This is a Simple Python Program to Brute-force set of 5 strings
[w3af](https://github.com/andresriancho/w3af): w3af: web application attack and audit framework, the open source web vulnerability scanner.
[Nuclei-and-Subfinder-API](https://github.com/h33tlit/Nuclei-and-Subfinder-API): Web API for nuclei and subfinder will help you automate your entire security testing workflow since you can host it anywhere and make it accessible.
[DPP-guides](https://github.com/mercycorps/DPP-guides): Unbranded content for Mercy Corps' Data Protection & Privacy Guides. For more info see https://www.mercycorps.org/research-resources/data-protection-privacy-guides
[inntinn](https://github.com/BlackburnHax/inntinn): Meta risk analysis and scoring system based on open-source fully automated intelligence gathering
[docs.tryhackme.com](https://github.com/tryhackmeltd/docs.tryhackme.com): TryHackMe documentation site source code
[digipyexec](https://github.com/seksea/digipyexec): Make a Digispark (or teensy) run a python script in the background on any "victim" windows computer you plug it into with python installed
[FYI](https://github.com/iamthefrogy/FYI): My last 10 year's material collection on offensive & defensive security, GRC, risk management, technical security guidelines and much more.
[pentesting-framework](https://github.com/abhackerofficial/pentesting-framework): Pentesting Framework is a bundle of penetration testing tools, Includes - security, pentesting, hacking and many more.
[ChameleonMiniLiveDebugger](https://github.com/maxieds/ChameleonMiniLiveDebugger): Live logger and GUI tool for the Chameleon Mini developed for Android OS in Java.
[detection-as-code](https://github.com/infosecB/detection-as-code): An example of how to deploy a Detection as Code pipeline using Sigma Rules, Sigmac, Gitlab CI, and Splunk.
[TOR-Everything](https://github.com/mytechnotalent/TOR-Everything): Simple FREE guide to set up TOR stealth and persistence with complete anonymity.
[encpipe](https://github.com/jedisct1/encpipe): The dum^H^H^Hsimplest encryption tool in the world.
[websploit-ubuntu](https://github.com/start-the-hammond/websploit-ubuntu)
[Dec-Safe-Linking](https://github.com/n132/Dec-Safe-Linking): A general way to Recover Safe linking protected value/pointer
[CVE-2019-9193](https://github.com/b4keSn4ke/CVE-2019-9193): CVE-2019–9193 - PostgreSQL 9.3-12.3 Authenticated Remote Code Execution
[shellshock-attack](https://github.com/roflcer/shellshock-attack): On September 24, 2014, a severe vulnerability in Bash was identified. Nicknamed Shellshock, this vulner- ability can exploit many systems and be launched either remotely or from a local machine. In this lab, you will work on this attack, so you can understand the Shellshock vulnerability. The learning objective of this lab is for you to get a first-hand experience on this interesting attack, understand how it works, and think about the lessons that we can get out of this attack.
[sql-injection-payload-list](https://github.com/payloadbox/sql-injection-payload-list): 🎯 SQL Injection Payload List
[growlnx.github.io](https://github.com/growlnx/growlnx.github.io): Blog que uso para falar merdas aleatoriamente
[lazytrivy](https://github.com/owenrumney/lazytrivy): Vulnerability scanning just got lazier
[Saturn](https://github.com/psychose-club/Saturn): A tool to analyze the log files from minecraft to scan potential security risks from the CVE-2021-44228 Log4J library exploit.
[PasswordGenerator](https://github.com/cryptosbyte/PasswordGenerator): 🔑 4 Settings Password Generator in C#
[SANS-Security-Policy-Templates](https://github.com/deepanshusood/SANS-Security-Policy-Templates): SANS has developed a set of information security policy templates. These are free to use and fully customizable to your company's IT security practices.
[privacyresources](https://github.com/henryistaken/privacyresources): A list of resources to help me keep track of important news/studies/projects/etc. in the privacy & security world.
[Secure-Headers](https://github.com/benyaminsalimi/Secure-Headers): secure header report and best practices config for Apache, Nginx, lighttpd, Cloudflare, netlify
[protect-yourself](https://github.com/brndnmtthws/protect-yourself): A guide on how to protect your digital assets
[i2pd](https://github.com/PurpleI2P/i2pd): 🛡 I2P: End-to-End encrypted and anonymous Internet
[TOP](https://github.com/hktalent/TOP): TOP All bugbounty pentesting CVE-2022- POC Exp RCE example payload Things
[eslinter](https://github.com/parsiya/eslinter): Manual JavaScript Linting is a Bug
[genuine-fake](https://github.com/xeroxzen/genuine-fake): Genuine Fake means an imitation of a (usually) valuable object that is so good that it is, to all intents and purposes, identical. Literally genuine fake means something that is real but not real at the same time. Take it like this, it's more of a perfect replica of the original.
[password_generator](https://github.com/d3lshad/password_generator): A simple application programmed with c sharp to generate passwords easly
[discord-token-gen](https://github.com/0x44F/discord-token-gen): 💬 Discord token generator, automatically generate auth tokens for Discord in your PC background.
[FE-Notes](https://github.com/Linjiayu6/FE-Notes): [2020] Front-End Notebook
[NLP4CyberSecurity](https://github.com/jackaduma/NLP4CyberSecurity): NLP model and tech for cyber security tasks
[privalise-network](https://github.com/fuckhumanity12/privalise-network): A Privacy-Focused Platform With An Anonymous Social Media, E2EE Notes And Messages. It's Focus Is On Data Security And Being A Community Driven Web App
[Soteria](https://github.com/leobenkel/Soteria): Plugin to block compilation when unapproved dependencies are used or code styling does not comply.
[Scylla](https://github.com/MandConsultingGroup/Scylla): The Simplistic Information Gathering Engine | Find Advanced Information on a Username, Website, Phone Number, etc.
[CVE-2021-1675-LPE](https://github.com/hlldz/CVE-2021-1675-LPE): Local Privilege Escalation Edition for CVE-2021-1675/CVE-2021-34527
[xfox](https://github.com/d3v4s/xfox): Bypass CSP nonce on Mozilla Firefox from Javascript
[jyny](https://github.com/Jyny/jyny)
[xuxiaowei-cloud](https://github.com/xuxiaowei-cloud/xuxiaowei-cloud): 基于 JDK 8/11、Spring Boot 2.7.x、OAuth 2.1、Vite 3、Vue 3、Element Plus 的微服务
[devops-resources](https://github.com/bregman-arie/devops-resources): DevOps resources - Linux, Jenkins, AWS, SRE, Prometheus, Docker, Python, Ansible, Git, Kubernetes, Terraform, OpenStack, SQL, NoSQL, Azure, GCP
[puredns](https://github.com/d3mondev/puredns): Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.
[Viridae](https://github.com/Err0r-ICA/Viridae): Virus - Trojans - Worms - Malwares
[Roblox-Cheat-Script](https://github.com/MJMODZZ/Roblox-Cheat-Script): ✅ a very simple roblox executor for lua scripts (roblox executor, roblox exploit, roblox cheat, roblox mods) using WeAreDevsAPI ✅
[training-sessions](https://github.com/layer-zero-unlv/training-sessions): Workshop and Capture the Flag Presentations
[nim_packages_security_audit](https://github.com/juancarlospaco/nim_packages_security_audit): Fully Automated Nim Packages Security Audit
[PacketSniffer](https://github.com/Oussama1403/PacketSniffer): Arp spoofing tool for linux
[eKazouFormations](https://github.com/randrin/eKazouFormations): Plateforme de réservation d'une formation informatique online dans une ville.
[awesome-iam](https://github.com/kdeldycke/awesome-iam): 👤 Identity and Access Management Knowledge for Cloud Platforms
[mythos](https://github.com/cleanunicorn/mythos): CLI client for the MythX API
[mass-mail](https://github.com/poisonhack/mass-mail): simple mass mailer attacking script,,written and tested by Akshay and ethical hacker and pentester.
[Arduino_Hash_Cracker](https://github.com/UEFI-code/Arduino_Hash_Cracker): High Efficacy Arduino Hash Cracker in C/C++
[SPYBOMB](https://github.com/BYTEHACKING-CREATIVE/SPYBOMB): SPY BOMB is a tool used to generate various payloads for android,windows,ios,mac and many more it is very user friendly tool.
[capture-the-ether-solutions-foundry](https://github.com/iczc/capture-the-ether-solutions-foundry): Capture the Ether Solutions with Foundry Script
[OSCAL-18](https://github.com/nomadicmehul/OSCAL-18): OSCAL (Open Source Conference Albania) is the first annual conference in Albania.
[Exploit-tech](https://github.com/Lazenca/Exploit-tech): Example files to experience basic exploit techniques.
[CloudBrute](https://github.com/0xsha/CloudBrute): Awesome cloud enumerator
[Teve-hack](https://github.com/l-Fingon-l/Teve-hack): let's hack the TeveF!
[Bypass-PHP-GD-Process-To-RCE](https://github.com/RickGray/Bypass-PHP-GD-Process-To-RCE): Reference: http://www.secgeek.net/bookfresh-vulnerability/
[69phisher](https://github.com/Akshay-Arjun/69phisher): 🔱 [ Phishing Made Easy ] 🔱. Simple and beginner friendly automated phishing page creator.
[clone-cert](https://github.com/SySS-Research/clone-cert): Simple shell script to "clone" X.509 certificates
[google.tld](https://github.com/Import-External-Sources/google.tld): This is the travisCI workhorse for google.tld on gitlab
[Presentations-and-Papers](https://github.com/Tuanp703/Presentations-and-Papers): Governance, Risk and Compliance (GRC), Information Security, Blockchain Security, Blockchain Forensics
[Wifi-Pineapple-Wardriving](https://github.com/ozzzozo/Wifi-Pineapple-Wardriving): Wardriving with iOS and Android for Wifi Pineapple
[Secure-Scanner-Application](https://github.com/jerrinss5/Secure-Scanner-Application): Secure Scanner Application to scan C, C++, Python, Perl and PHP using Rats and Flawfinder
[httpfy](https://github.com/devXprite/httpfy): A fast and powerful http toolkit that take a list of domains to find active domains and other information such as status-code, title, response-time , server, content-type and many other
[cypherpunks-ctf](https://github.com/cypherpunks-core/cypherpunks-ctf): Cypherpunks CTF 智能合約漏洞攻擊
[safely-set-inner-html](https://github.com/baptooo/safely-set-inner-html): Keep calm and don't use dangerouslySetInnerHTML anymore
[RVSS](https://github.com/aliasrobotics/RVSS): Robot Vulnerability Scoring System (RVSS) Python 3 reference implementation.
[invisible_captcha](https://github.com/markets/invisible_captcha): :honey_pot: Unobtrusive and flexible spam protection for Rails apps
[binaryexploitation](https://github.com/p0dalirius/binaryexploitation): A massive documentation about binary protections, exploitation techniques, and computer architecture concepts.
[eBPF-Guide](https://github.com/mikeroyal/eBPF-Guide): eBPF (extended Berkeley Packet Filter) Guide
[richard-slater.co.uk](https://github.com/RichardSlater/richard-slater.co.uk): Richard Slater's Personal Website and Blog
[CyberSpaceSearchEngine-Research](https://github.com/EXHades/CyberSpaceSearchEngine-Research): 网络空间测绘/搜索引擎相关的资料
[browsersec](https://github.com/Amrt1n3zm/browsersec): Browser Security Handbook Written and maintained by Michal Zalewski <lcamtuf@google.com>. Copyright 2008, 2009 Google Inc, rights reserved. Released under terms and conditions of the CC-3.0-BY license. Table of Contents → Part 1: Basic concepts behind web browsers → Part 2: Standard browser security features → Part 3: Experimental and legacy security mechanisms Introduction Hello, and welcome to the Browser Security Handbook! This document is meant to provide web application developers, browser engineers, and information security researchers with a one-stop reference to key security properties of contemporary web browsers. Insufficient understanding of these often poorly-documented characteristics is a major contributing factor to the prevalence of several classes of security vulnerabilities. Although all browsers implement roughly the same set of baseline features, there is relatively little standardization - or conformance to standards - when it comes to many of the less apparent implementation details. Furthermore, vendors routinely introduce proprietary tweaks or improvements that may interfere with existing features in non-obvious ways, and seldom provide a detailed discussion of potential problems. The current version of this document is based on the following versions of web browsers: | Browser | Version | Test date | Usage* | Notes | |:--------------------------------------------|:--------------------------------------------|:----------------------------------------------|:------------------------------------------------------|:------------------------------------------| | Microsoft Internet Explorer 6 | 6.0.2900.5512 | Feb 2, 2009 | 16% | | | Microsoft Internet Explorer 7 | 7.0.5730.11 | Dec 11, 2008 | 11% | | | Microsoft Internet Explorer 8 | 8.0.6001.18702 | Sep 7, 2010 | 28% | | | Mozilla Firefox 2 | 2.0.0.18 | Nov 28, 2008 | 1% | | | Mozilla Firefox 3 | 3.6.8 | Sep 7, 2010 | 22% | | | Apple Safari | 4.0 | Jun 10, 2009 | 5% | | | Opera | 9.62 | Nov 18, 2008 | 2% | | | Google Chrome | 7.0.503.0 | Sep 7, 2010 | 8% | | | Android embedded browser | SDK 1.5 R3 | Oct 3, 2009 | n/a | | * Approximate browser usage data based on public Net Applications estimates for August 2010. Disclaimers and typographical conventions Please note that although we tried to make this document as accurate as possible, some errors might have slipped through. Use this document only as an initial reference, and independently verify any characteristics you wish to depend upon. Test cases for properties featured in this document are freely available for download. The document attempts to capture the risks and security considerations present for general populace of users accessing the web with default browser settings in place. Although occasionally noted, the degree of flexibility offered through non-standard settings is by itself not a subject of this comparative study. Through the document, red color is used to bring attention to browser properties that seem particularly tricky or unexpected, and need to be carefully accounted for in server-side implementations. Whenever status quo appears to bear no significant security consequences and is well-understood, but a particular browser implementation takes additional steps to protect application developers, we use green color to denote this, likewise. Rest assured, neither of these color codes implies that a particular browser is less or more secure than its counterparts. Acknowledgments Browser Security Handbook would not be possible without the ideas and assistance from the following contributors: Filipe Almeida Brian Eaton Chris Evans Drew Hintz Nick Kralevich Marko Martin Tavis Ormandy Wladimir Palant David Ross Marius Schilder Parisa Tabriz Julien Tinnes Berend-Jan Wever Mike Wiacek The document builds on top of previous security research by Adam Barth, Collin Jackson, Amit Klein, Jesse Ruderman, and many other security experts who painstakingly dissected browser internals for the past few years.
[CTFLearn](https://github.com/farisjalal/CTFLearn): Compilation of my write-ups for CTFLearn challenges. Might help those looking for guidance. Feel free to suggest alternative approaches to a problem, I'm no expert 😀
[openapi-apps](https://github.com/Shuffle/openapi-apps): Swagger/ OpenAPI specifications for security products and services
[l9explore](https://github.com/LeakIX/l9explore): l9explore - Digs the dirt
[Pandaxyz-xd](https://github.com/Pandaxyz-xd/Pandaxyz-xd): Hello! Im Pandaxyz 👋
[OSVDB-69562](https://github.com/NullBrunk/OSVDB-69562): Python3 exploit for OSVDB-69562 (ProFTPD 1.3.3c Backdoor Command Execution)
[ENCOD3R](https://github.com/MBAHABYK/ENCOD3R): This is a best python-3 encryption tool
[webcgi-exploits](https://github.com/wofeiwo/webcgi-exploits): Multi-language web CGI interfaces exploits.
[retrowrite](https://github.com/HexHive/retrowrite): RetroWrite -- Retrofitting compiler passes through binary rewriting
[Dorkify](https://github.com/hhhrrrttt222111/Dorkify): Perform Google Dork search with Dorkify
[cdc-ui](https://github.com/CDC-UI/cdc-ui): Meeting notes, demo code, projects, website, and more for CDC@UI
[Security-Authorisation](https://github.com/Rid0y/Security-Authorisation): This is a C application to perform security authorisation based on access codes.
[cybersec_women_resources](https://github.com/shezdev/cybersec_women_resources): A collection of resources to help women get into the cyber security industry
[Gmail_hack](https://github.com/EJL3/Gmail_hack): This is a python script for hacking Gmail account using Brute-force with wordlist attack.
[nerfball](https://github.com/jay-johnson/nerfball): Want to see how something like Internet Chemotherapy works without bricking your own vms? This is a jail to reduce the python runtime from doing bad things on the host when running untrusted code. Nerf what you do not need :space_invader: + :bug: :soccer: :football: :whale:
[CVE-2022-25845](https://github.com/Expl0desploit/CVE-2022-25845): Fastjson exploit
[Charlatano](https://github.com/Jire/Charlatano): Proves JVM cheats are viable on native games, and demonstrates the longevity against anti-cheat signature detection systems
[diceware-generator](https://github.com/Invictum/diceware-generator): Web based implementation of Diceware passphrases generator.
[Pentesting-Basics](https://github.com/ShubhamJagtap2000/Pentesting-Basics): 🔍 Basic terms and notes on penetration testing that I learned(learning) on the HackTheBox(HTB) platform
[sony-ak-knowledge-center](https://github.com/sonyarianto/sony-ak-knowledge-center): Sony AK Knowledge Center
[tip-frontend](https://github.com/reiosantos/tip-frontend)
[HackTheBox_Tier0_StartingPoint_4FreeMachine_Pentest](https://github.com/junxian428/HackTheBox_Tier0_StartingPoint_4FreeMachine_Pentest): Hack The Box Starting Point CTF Tier 0 4 Free Machine Flags Screenshot (Meow, Fawn, Dancing & Redeemer)
[UltimateCMSWordlists](https://github.com/JavierOlmedo/UltimateCMSWordlists): 📚 An ultimate collection wordlists of the best-known CMS
[IDS4.Samples](https://github.com/frankodoom/IDS4.Samples): Updated Identity Server 4 Samples
[Network-Intrusion-Detection-Using-Machine-Learning](https://github.com/abhinav-bhardwaj/Network-Intrusion-Detection-Using-Machine-Learning): A Novel Statistical Analysis and Autoencoder Driven Intelligent Intrusion Detection Approach
[AndroidSecurity](https://github.com/chenenyu/AndroidSecurity): Android安全实践
[CVE-2022-36804-RCE](https://github.com/cryptolakk/CVE-2022-36804-RCE): Remote Code Execution exploit for CVE-2022-36804 (BitBucket Server and DataCenter).
[honeydb-python](https://github.com/honeydbio/honeydb-python): HoneyDB Python Module
[notifications-dispatcher-api](https://github.com/assuzzanne/notifications-dispatcher-api): This project is a Flask app that listens for webhook notifications from a security application.
[academics](https://github.com/shubh401/academics): Course-based project work & seminar presentations during graduate studies
[sqli-postgres-rce-privesc-hacking-playground](https://github.com/filipkarc/sqli-postgres-rce-privesc-hacking-playground): Application with SQL Injection vulnerability and possible privilege escalation. Free vulnerable app for ethical hacking / penetration testing training.
[SYNwall](https://github.com/SYNwall/SYNwall): A zero-configuration (IoT) firewall
[uwavm](https://github.com/tylerztl/uwavm): uwavm, decode wasm binary files that compiled by golang, c/c++, rust, java
[CSCE-465-Honor-Project](https://github.com/hongsolos/CSCE-465-Honor-Project): CSCE 465 - Computer and Network Security
[HackThisSite.org](https://github.com/W3BGUY/HackThisSite.org): Starting to document my attempts on HackThisSite.org
[MultiScanner](https://github.com/vs4vijay/MultiScanner): Security Tool which scans a target using OpenVAS, Zap, and Nexpose. And consolidates the scan result.
[PHPSecureLogin](https://github.com/merchizm/PHPSecureLogin): PHP 8.1 with PDO, Redis, JWT, hCaptcha, Google Authenticator
[SWELF](https://github.com/ceramicskate0/SWELF): Simple Windows Event Log Forwarder (SWELF). Its easy to use/simply works Log Forwarder and EVTX Parser. Almost in full release here at https://github.com/ceramicskate0/SWELF/releases/latest.
[API-fuzzer](https://github.com/Fuzzapi/API-fuzzer): API Fuzzer which allows to fuzz request attributes using common pentesting techniques and lists vulnerabilities
[Jinja2-ExploitMe](https://github.com/Make-School-Labs/Jinja2-ExploitMe): [BEW 2.3: Web Security] Clone this repo to begin the SSTI exploit activity.
[MnemonicToImage](https://github.com/jakezeal/MnemonicToImage): Secure your crypto private keys with an Image. A new, user friendly way to backup and store your Bitcoin.
[CTF-writeups-public](https://github.com/shiltemann/CTF-writeups-public): Writeups for infosec Capture the Flag events by team Galaxians
[opening-pathways](https://github.com/opening-pathways/opening-pathways): This repository supports the "Patient Pathways" site (https://patient.openingpathways.org/) and "Partner Toolkit" site (https://partner.openingpathways.org/) for the Opening Pathways project.
[screened-backdoor-macOS](https://github.com/armi3/screened-backdoor-macOS): 🐤 Rubber Ducky payload to set a semi persistent backdoor on a macOS.
[Defective-Malware](https://github.com/Aaron-Akhtar/Defective-Malware): Malware I developed.....
[wifijumper](https://github.com/kawaiipantsu/wifijumper): WiFi Jumper is a small open-wifi jumping leech, spilling it's guts whenever it gets a chance to do so.
[FavFreak](https://github.com/devanshbatham/FavFreak): Making Favicon.ico based Recon Great again !
[securitycheck](https://github.com/angeldollface/securitycheck): A library to check whether your passwords are secure and strong. :key:
[AORT](https://github.com/D3Ext/AORT): All in One Recon Tool for Bug Bounty
[Gestalt-Security-Framework](https://github.com/GestaltSecurity/Gestalt-Security-Framework): The Gestalt Security Framework (GSF) is an open source framework that provides navigation and mapping across multiple IT security controls frameworks (e.g. NIST 800-53, ISO 27000 series, PCI-DSS, COBIT, CIS, ACSC (IRAP), HIPAA, SOC2).
[envsec](https://github.com/jetpack-io/envsec): Securely store environment variables and secrets in the cloud of your choice.
[composer_security](https://github.com/a3020/composer_security): concrete5 package (8.1+) that installs a job to automatically check your composer.json file(s!) for vulnerabilities
[ext-remover](https://github.com/3kh0/ext-remover): Bookmarklet exploit that can force-disable extensions installed on Chrome. Also has a very fancy GUI to manage all extensions!
[fakesu](https://github.com/SourceCode2/fakesu): fakesu. Replace the "su" command, check the input and save the password entered in a file.
[Remcos-RAT-v3.8.0](https://github.com/Ox47100/Remcos-RAT-v3.8.0): Remcos RAT V3.8.0 Latest version
[m4ngl3m3](https://github.com/localh0t/m4ngl3m3): Common password pattern generator using strings list
[Cyber-Talents-Competetions](https://github.com/MoSaleh428/Cyber-Talents-Competetions): Any write ups of CTF competitions organized by Cyber Talents
[hayabusa](https://github.com/Yamato-Security/hayabusa): Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
[WarGameBandit-OTW](https://github.com/Whotex/WarGameBandit-OTW): Repositório para descrever a realização da war game bandid, providenciada pela over the wire para desafios e pratica de conceitos de segurança.
[java-sec-code](https://github.com/JoyChou93/java-sec-code): Java web common vulnerabilities and security code which is base on springboot and spring security
[AymanSecNotes](https://github.com/AhmedAyman1196/AymanSecNotes): This repository contains all my notes. Feel free to use them, share them or modify them.
[password.2dev.today](https://github.com/guanting112/password.2dev.today): Random Password/UUID Generator - Create strong password for your online account.
[criptobaiao](https://github.com/egypcio/criptobaiao): CriptoBaião, uma CriptoFesta em Fortaleza (Ceará, Brasil)
[cybersecurity-ctf](https://github.com/paulveillard/cybersecurity-ctf): A collection of CTF frameworks, libraries, resources, softwares and tutorials, books, resources and cool stuff in Cybersecurity
[hawkeye](https://github.com/Ice3man543/hawkeye): Hawkeye filesystem analysis tool
[digitalocean-developer-firewall](https://github.com/ErlendEllingsen/digitalocean-developer-firewall): Tool for developers to easily configure firewalls and gain access to their servers when using DigitalOcean cloud firewalls.
[dtd-finder](https://github.com/GoSecure/dtd-finder): List DTDs and generate XXE payloads using those local DTDs.
[SANS-KringleCon-Holiday-Hack-Challenge-2019](https://github.com/slrbl/SANS-KringleCon-Holiday-Hack-Challenge-2019): Scripts/C program used to solve SANS KringleCon Holiday Hack Challenge
[Colourly](https://github.com/KaushikShivam/Colourly): Colourly is a palette management app build using the MERN stack. It lets you: 1. Create new palettes with a very advanced color picker and naming mechanism 2. Manage your own palettes (Create, Update, View and Delete) 3. View palettes uploaded by other users 4. view various different shades of the palette colors 5. Convert palette colors to different formats
[rtc-secure-user-property-store](https://github.com/jazz-community/rtc-secure-user-property-store): Store user properties (e.g. Personal Access Tokens) in a secure way
[MacOS-Security-Baseline](https://github.com/jgamblin/MacOS-Security-Baseline): Baseline Security Configuration For MacOS
[atlas-website](https://github.com/mitre-atlas/atlas-website): Source and static code for the MITRE ATLAS website
[envizon](https://github.com/evait-security/envizon): network visualization & pentest reporting
[duoauth](https://github.com/enygma/duoauth): PHP Library for easy integration with Duo Security's Two-Factor REST API
[ada-keystore](https://github.com/stcarrez/ada-keystore): Ada Keystore - protect your sensitive data with secure storage
[tools-highsierraroot](https://github.com/axelvf/tools-highsierraroot): High Sierra root vulnerability validator
[swag-api](https://github.com/Netflix-Skunkworks/swag-api): REST API and UI for SWAG data
[ansible-role-hardening](https://github.com/konstruktoid/ansible-role-hardening): Ansible role to apply a security baseline. Systemd edition.
[sqli.page](https://github.com/Wh1t3Fox/sqli.page): SQLi Testing
[django-roles-access.github.io](https://github.com/django-roles-access/django-roles-access.github.io): Django app for securing access to views. It's built on top of *Django contrib Groups* interpreted as role.
[Secure-telegrambot](https://github.com/BlackIQ/Secure-telegrambot): This is a bot from Mehran Alam. I didn't create this. TNX Mehran.
[Penetration-Testing-Study-Notes](https://github.com/AnasAboureada/Penetration-Testing-Study-Notes): Penetration Testing notes, resources and scripts
[burp-send-to](https://github.com/bytebutcher/burp-send-to): Adds a customizable "Send to..."-context-menu to your BurpSuite.
[tor-rootkit](https://github.com/emcruise/tor-rootkit): A Python 3 standalone Windows 10 / Linux Rootkit using Tor.
[window-rat](https://github.com/machine1337/window-rat): The purpose of this tool is to test the window10 defender protection and also other antivirus protection.
[IncomingSmS-Hacking](https://github.com/bmh1cker/IncomingSmS-Hacking): Incoming sms Hacking Apk Created and Sand to Victim Mobile
[magnetron.artificial-intelligence-2.0.mincloud.proxia--INSTINCTIVE-MIND-5-2B](https://github.com/GCABC123/magnetron.artificial-intelligence-2.0.mincloud.proxia--INSTINCTIVE-MIND-5-2B): About MAGNETRON ™: This is a Google Colab/Jupyter Notebook for developing a VOICE PROXIA (B) when working with ARTIFICIAL INTELLIGENCE 2.0 ™ (ARTIFICIAL INTELLIGENCE 2.0™ is part of MAGNETRON ™ TECHNOLOGY).
[BadMod](https://github.com/M4DM0e/BadMod): CMS auto detect and exploit.
[uart_extractor](https://github.com/Carliquiss/uart_extractor): A tool to connect a Raspberry Pi to a router through UART obtaining a shell
[magnetron.artificial-intelligence-2.0.mincloud.proxia--INSTINCTIVE-MIND-6](https://github.com/GCABC123/magnetron.artificial-intelligence-2.0.mincloud.proxia--INSTINCTIVE-MIND-6): About MAGNETRON ™: This is a Google Colab/Jupyter Notebook for developing a FACE RECOGNITION PROXIA (B) when working with ARTIFICIAL INTELLIGENCE 2.0 ™ (ARTIFICIAL INTELLIGENCE 2.0™ is part of MAGNETRON ™ TECHNOLOGY)
[sunlogin-exp-cmd](https://github.com/theLSA/sunlogin-exp-cmd): 命令行版向日葵RCE漏洞利用工具 / cmd version of sunlogin exploit tool
[JGDMS](https://github.com/pfirmstone/JGDMS): Infrastructure for providing secured micro services, that are dynamically discoverable and searchable over ipv6 networks
[MEIC-FSI](https://github.com/paulinho-16/MEIC-FSI): Todo o conteúdo produzido para a unidade curricular FSI (Fundamentos de Segurança Informática), para o curso em Engenharia Informática e Computação na FEUP
[Green-Hydra](https://github.com/MaMo-ben/Green-Hydra)
[B.tech-Diffie-Hellman-Key-Exchange-Algorithm-cryptography-Project](https://github.com/Vatshayan/B.tech-Diffie-Hellman-Key-Exchange-Algorithm-cryptography-Project): B.tech Project on Diffie Hellman Key Exchange Algorithm. Very secure and complex. Use for communication system
[landing-page](https://github.com/secrdev/landing-page): SECR's website.
[secure_systems_secrets-example](https://github.com/immae1/secure_systems_secrets-example): This is a example for using git-grypt. Only for test purpose! Created for the lecture "secure systems" in computer science and media master at the stuttgart media university
[CVE-2021-25076](https://github.com/0xAbbarhSF/CVE-2021-25076): Wordpress Plugin WP User Frontend < 3.5.26 - SQL-Injection (Authenticated)
[mitm-python](https://github.com/daniel4x/mitm-python): A simple as possible man in the middle written in python using scapy
[FlowPic](https://github.com/talshapira/FlowPic): T. Shapira and Y. Shavitt, "FlowPic: A Generic Representation for Encrypted Traffic Classification and Applications Identification," in IEEE Transactions on Network and Service Management, doi: 10.1109/TNSM.2021.3071441.
[H.O.L](https://github.com/M0NST4R0101/H.O.L): Pentest T00LK1T Of Malwares And Backdoors For Linux
[exploits-parser](https://github.com/Kuduxaaa/exploits-parser): CVE Exploits Parser from cvedetails.com [ the ultimate security vulnerability datasource ]
[STS2G](https://github.com/xfiftyone/STS2G): Struts2漏洞扫描利用工具 - Golang版. Struts2 Scanner Written in Golang
[sourcesecrets](https://github.com/landaire/sourcesecrets): Search for secrets left in git history
[subjack](https://github.com/haccer/subjack): Subdomain Takeover tool written in Go
[J-COLLECT](https://github.com/CyberSecurityUP/J-COLLECT): J-COLLECT é um conjunto de Scripts para coleta de Informações WEB
[4malwaregenerator](https://github.com/efpyc/4malwaregenerator): Basit bir Bilgi Çalan malware oluşturucu
[TypingTracker](https://github.com/DionysusBenstein/TypingTracker): TypingTracker - simple keylogger that running in hidden or visible mode.
[hiphp](https://github.com/yasserbdj96/hiphp): hiphp - free & open source project for create a BackDoor to control php-based sites In the normal internet or sites in The Onion Router (tor network).
[malwares-ml](https://github.com/SitinCloud/malwares-ml): Machine Learning and Datasets for Malwares Static Analysis.
[sayBruh](https://github.com/ranon-rat/sayBruh): its a rebuild of saycheese with golang
[Goohak](https://github.com/1N3/Goohak): Automatically Launch Google Hacking Queries Against A Target Domain
[s4ch.github.io](https://github.com/S4CH/s4ch.github.io): Cybersecurity blog contains useful stuff regarding security
[lua_soft_cpp_detour_finders](https://github.com/ExtReMLapin/lua_soft_cpp_detour_finders): detects c/cpp function detoured using a cpp module by checking the address of the function
[meltdown-kernel-read-poc](https://github.com/marcinguy/meltdown-kernel-read-poc): Read Kernel virtual mapping via Meltdown
[AutomaticScanner](https://github.com/whosstranger/AutomaticScanner): Tool created in Bash for automating the scanning phase with nmap and wfuzz tools.
[Application-of-ML-DL-in-Cyersecurity](https://github.com/HemlataPrajapati1692/Application-of-ML-DL-in-Cyersecurity): Experienced Analyst with a demonstrated history of working in insurance and IT industry. Machine Learning Enthusiast. Stay Tuned.
[Honeywords_Generator](https://github.com/virtuositeit/Honeywords_Generator): Three honeyword generation algorithms that combines chaff, tough nut, look-alike passwords. Realized with Google's pygtrie library.
[AIOTools](https://github.com/NeloF4/AIOTools): All In One Tools Hacking
[ArtifactCollector](https://github.com/stateoforegon-eis-css/ArtifactCollector): A PowerShell Tool to Collect Artifacts for Cybersecurity Assessments
[ubuntu-cis-hardening](https://github.com/sayujnath/ubuntu-cis-hardening): Creates an AWS AMI running ubuntu and hardens the OS using CIS Level 1
[tp-link-router-cracker](https://github.com/codernayeem/tp-link-router-cracker): A simple dictionary attack to crack the username and password of Tp-Link Router Page
[tracer](https://github.com/chr3st5an/tracer): Tracer is an OSINT tool that can be used to detect on which websites a username is currently in use
[conference-2018-nodeukraine-security-in-nodejs](https://github.com/roman-sachenko/conference-2018-nodeukraine-security-in-nodejs): Security in NodeJS Demo
[Python-GitHub-Hack](https://github.com/StickmanNinja/Python-GitHub-Hack): Hack your GitHub account in just a few minutes using my custom python installer!
[Painaiapp](https://github.com/TheGeneralisimo/Painaiapp): “PainaiApp” - Criptosistema de comunicación descentralizada para órganos de información y seguridad para el Ayuntamiento de Tepeapulco.
[stirling-workshop-1](https://github.com/ViRb3/stirling-workshop-1): The materials for the Introduction to Cyber Security workshop
[domain-asset-control](https://github.com/cybnity/domain-asset-control): All the features and services realized by the Asset Control bounded context relative to the application domain, including specification library (e.g api), components implementation (e.g software implementation packages) and deployable systems (e.g operable component on infrastructure types).
[Goasm-RAT](https://github.com/Zhuagenborn/Goasm-RAT): 💻 A Windows console remote administration tool written in Go & Intel x86 Assembly. It supports remote shell and screenshot.
[EMAGNET](https://github.com/wuseman/EMAGNET): Automated hacking tool that will find leaked databases with 97.1% accurate to grab mail + password together from recent uploads from https://pastebin.com. Bruteforce support for spotify accounts, instagram accounts, ssh servers, microsoft rdp clients and gmail accounts
[The-Hacker-Game-Ruining-The-World](https://github.com/BernardoPiedade/The-Hacker-Game-Ruining-The-World): A game where you're an hacker. It has a campaign, two minigames and a secret code challenge.
[security-training](https://github.com/PagerDuty/security-training): Public version of PagerDuty's employee security training courses.
[Edscript](https://github.com/sanjayengineer121/Edscript): go to https://drive.google.com/file/d/1fo4mJ6Q-CSGnQObqpL7yuG8uB9Fcop5d/view and download it extract it then type in terminal cd go to install folder type chmod +x install.sh all required module install automatically it will take 10 minut to install all require modules then type cd .. to back from install folder then chmod +x ed for converting executable file type ./ed to start
[M4RC0](https://github.com/m4rc0khan/M4RC0): My study data.. ;)
[yapi-rce-webshell](https://github.com/Esonhugh/yapi-rce-webshell): Yapi mock script RCE another version. Webshell way. 另一种 Webshell 方式的 Yapi 命令执行的方法 相比于其他的利用方式 更加微操和可控 影响更小
[TG799VAC-XTREME-17.2-MINT](https://github.com/wuseman/TG799VAC-XTREME-17.2-MINT): My personal unique wiki for hacking the router firmware used by (Telia)TG799vac Xtream v17.2-MINT delivered from Technicolor
[CVE-2022-0847-DirtyPipe-Exploits](https://github.com/flux10n/CVE-2022-0847-DirtyPipe-Exploits): A collection of exploits and documentation that can be used to exploit the Linux Dirty Pipe vulnerability.
[vaxheim](https://github.com/s0t7x/vaxheim): simple poc of hotpatching third-party software. Created solely for teaching purposes. Assets may contain artwork licensed to Iron Gate / Coffee Stain Publishing. Created a BugReport to sesibilize devs of the target software to this kind of attacks. Still using deprecated signatures.
[itrace](https://github.com/hack0z/itrace): 🍰 Trace objc method call for ios and mac
[atriage](https://github.com/Ayrx/atriage): A dumb afl-fuzz triage tool.
[grendel](https://github.com/BlessedToastr/grendel): trollware that creates a ghost file on the users desktop that can't be deleted
[discord-hacking-kit](https://github.com/CalderJohnson/discord-hacking-kit): Simple script to send a usertoken to a webhook, then another script to login with it (educational purposes only, I do not condone using either of these scripts on people)
[HACKING_TOOLS](https://github.com/nomrsavage/HACKING_TOOLS)
[PoC-Monica-3.7.0-Client-Side-Template-Injection](https://github.com/filipkarc/PoC-Monica-3.7.0-Client-Side-Template-Injection): Proof of Concept: Client Side Template Injection in MONICA 3.7.0 - Personal CRM
[cuc-ns-ppt](https://github.com/c4pr1c3/cuc-ns-ppt): 中国传媒大学网络安全本科专业课程课件
[bdc-auth-client](https://github.com/brazil-data-cube/bdc-auth-client): A client package for authentication and authorization based on OAuth 2.0 and BDC-Auth
[kodefb](https://github.com/Mrxxzzzz/kodefb): kode kode fb kereeene
[cve-scanner-testing](https://github.com/gmatuz/cve-scanner-testing): Vulnerable Docker images created in different ways to check Docker image CVE scanners
[domain-vulnerability-mgt](https://github.com/cybnity/domain-vulnerability-mgt): All the features and services realized by the Vulnerability bounded context relative to the application domain, including specification library (e.g api), components implementation (e.g software implementation packages) and deployable systems (e.g operable component on infrastructure types).
[puppet-cis-module](https://github.com/VoyagerInnovations/puppet-cis-module): Puppet module for hardening CentOS 6/7
[blog-seguridad](https://github.com/OscarM3615/blog-seguridad): Proyecto de Seguridad de la Información I
[DevBrute](https://github.com/shivamksharma/DevBrute): DevBrute is a Password Brute Forcer, It can Brute Force almost Social Media Accounts or Any Web Application.
[deephack](https://github.com/BishopFox/deephack): PoC code from DEF CON 25 presentation
[exploit-factory](https://github.com/universefactory/exploit-factory): A framework I built to help accelerate the writing and prototyping of exploits.
[devconfIN](https://github.com/nomadicmehul/devconfIN): DevConf.in 2018 is the second annual Developers' Conference.
[Exp-JavaFX](https://github.com/fullstackcainiao/Exp-JavaFX): 这是一个构建图形化漏洞利用的项目
[Sitadel](https://github.com/shenril/Sitadel): Web Application Security Scanner
[Secure-File-Eraser](https://github.com/Seantheprogrammer93/Secure-File-Eraser): This C# application will securely delete files on Windows Operating Systems by overwriting the data and then deleting the file(s) by bypassing the Recycle Bin.
[test-ssh-action](https://github.com/operous/test-ssh-action): SSH server vulnerability and security scanner with Operous
[fileGPS](https://github.com/0blio/fileGPS): A tool that help you to guess how your shell was renamed after the server-side script of the file uploader saved it
[container-sliver](https://github.com/cyb3rn00dl3s/container-sliver): A quick and dirty sliver docker container
[jwtcat](https://github.com/aress31/jwtcat): A CPU-based JSON Web Token (JWT) cracker and - to some extent - scanner.
[exploit-CVE-2022-24780](https://github.com/Acceis/exploit-CVE-2022-24780): iTop < 2.7.6 - (Authenticated) Remote command execution
[DevSkim](https://github.com/microsoft/DevSkim): DevSkim is a set of IDE plugins and rules that provide security "linting" capabilities.
[netbruter](https://github.com/0x00-0x00/netbruter): Networking protocols brute-forcer tool using Python 3.6 asyncio
[csiv-xss-demo](https://github.com/tillson/csiv-xss-demo): Porter-Gaud Computer Science IV project for demonstrating the infamous 2005 MySpace XSS attack
[.allstar](https://github.com/kommitters/.allstar): kommit's OSPO policies for adherence to security best practices
[Azure-Sentinel](https://github.com/Azure/Azure-Sentinel): Cloud-native SIEM for intelligent security analytics for your entire enterprise.
[pwnfaces](https://github.com/oppsec/pwnfaces): Primefaces 5.X EL Injection Exploit (CVE-2017-1000486)
[3DSHacks](https://github.com/pillows2/3DSHacks)
[ablayer](https://github.com/j-angnoe/ablayer): Ablayer - Mix local sources and proxied sources
[vault-demo](https://github.com/sethvargo/vault-demo): Walkthroughs and scripts for my @HashiCorp Vault talks
[Omnis-Dead-Frontier-2-PrivateCheat](https://github.com/TheEnd1337/Omnis-Dead-Frontier-2-PrivateCheat): Dead Frontier 2 PrivateCheat with 50 FEATURES INCLUDING AIMBOT + ESP AND A LOT MORE
[pcapfilter](https://github.com/D3f0/pcapfilter): Command line tool for packet filtering and manipulation using scapy
[Wifi-Brute](https://github.com/Cyber-Dioxide/Wifi-Brute): A tool to crack a wifi password with a help of wordlist. This may take long to crack a wifi depending upon number of passwords your wordlist contains. Also it is slower as compared to social media accounts cracking. I've made enough efforts to make it as fast as possible
[BomberCat](https://github.com/ElectronicCats/BomberCat): BomberCat is the latest security tool that combines the most common card technologies: NFC technology (Near Field Communication) and magnetic stripe technology used in access control, identification, and banking cards. Specially created to audit banking terminals, and identify NFC readers and sniffing tools, with this tool you can audit
[lorsrf](https://github.com/knassar702/lorsrf): Fast CLI tool to find the parameters that can be used to find SSRF or Out-of-band resource load :artificial_satellite: :crab:
[awesome-he](https://github.com/jonaschn/awesome-he): ✨ Awesome - A curated list of amazing Homomorphic Encryption libraries, software and resources
[LokmedAdfin](https://github.com/NeloF4/LokmedAdfin): Lokomedia Admin Finder
[Clicker-heroes-cheats](https://github.com/ClaraCF/Clicker-heroes-cheats): Python script which facilitates the auditing process of Clicker Heroes 1
[Portus](https://github.com/SUSE/Portus): Authorization service and frontend for Docker registry (v2)
[Labtainers](https://github.com/mfthomps/Labtainers): Labtainers: A Docker-based cyber lab framework
[PR4SEC](https://github.com/Javier1019/PR4SEC): Repository for PR4SEC Team. It's going to be used to centralize most of the code used in lectures.
[ihulk.py](https://github.com/iamaamir/ihulk.py): IHULK (Improved Http Unbearable Load King) DoS Tool Ported to Python 3
[TLSServerScanner](https://github.com/bewue/TLSServerScanner): Scan TLS servers to get information about the supported TLS techniques.
[Cstorm-windows-startup-virus-in-c](https://github.com/Anish-M-code/Cstorm-windows-startup-virus-in-c): An opensource Prank Startup Malware for windows developed using C Programming Language.
[tell-me-your-secrets](https://github.com/valayDave/tell-me-your-secrets): Find secrets on any machine from over 120 Different Signatures.
[CTF-CSCG2020](https://github.com/leon-th/CTF-CSCG2020): Writeups and challenge/solve files from the CTF CyberSecurityChallengeGermany 2020
[k8gege520.github.io](https://github.com/k8gege520/k8gege520.github.io)
[Termux-Os](https://github.com/Bhai4You/Termux-Os): All in One Termux Os..!! (New)
[Pattern-scanner-for-OSX](https://github.com/gabsens/Pattern-scanner-for-OSX): Grabs important CSGO offsets on OSX using pattern-scanning
[AR150-WiFiPineapple](https://github.com/xchwarze/AR150-WiFiPineapple): Converting your AR150 to a Wifi Pineapple NANO
[Tivoli-Madness](https://github.com/VoidSec/Tivoli-Madness): Advisory for CVE-2020-28054 & stack based buffer overflow in IBM Tivoli Storage Manager
[malware-is-fun-UwU](https://github.com/Kn07-1/malware-is-fun-UwU): some stuff i find on my honeypots when im board don't use this for stupid shit plz if ya don it aint my fault
[PD_Cracker](https://github.com/LuYee6813/PD_Cracker): Parallels Desktop 驗證繞過腳本
[misp-chrome-plugin](https://github.com/jaegeral/misp-chrome-plugin): MISP Chrome plugin for adding and looking up indicators
[DeathSleep](https://github.com/janoglezcampos/DeathSleep): A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementing page protection changes during no execution.
[jazzer](https://github.com/CodeIntelligenceTesting/jazzer): Coverage-guided, in-process fuzzing for the JVM
[PoisonPi](https://github.com/DarrenRainey/PoisonPi): PoisonPi is a Linux based pentest and attack platform for the raspberry pi
[C-MorganG20](https://github.com/Steve90-ui/C-MorganG20)
[wan-design](https://github.com/iiithf/wan-design): Wide Area Network for File sharing, Energy & Gas metering, Fire alarm, Burglar security between 1 Village & 2 Apartments.
[Andromeda](https://github.com/FajarTheGGman/Andromeda): #Simple Pentensting Tools
[paranoid_crypto](https://github.com/google/paranoid_crypto): Paranoid's library contains implementations of checks for well known weaknesses on cryptographic artifacts.
[armroper](https://github.com/spiperac/armroper): ARM rop chain gadget searcher
[how-to-hack-github-actions](https://github.com/StackOverflowExcept1on/how-to-hack-github-actions): How to hack Github Actions if you're smart enough; I'm not gay but 500$ is 500$!
[RogueLDAP](https://github.com/twelvesec/RogueLDAP): A lightweight rogue LDAP server which is a modified version of the JNDIExploit-1
[panoptik](https://github.com/maxgfr/panoptik): Hackaton Sigfox
[MTPwn](https://github.com/smeso/MTPwn): PoC exploit for arbitrary file read/write in locked Samsung Android device via MTP (SVE-2017-10086)
[koios](https://github.com/ciphyr/koios): Wireless Pentesting Toolkit for Kali/Linux in Python
[mediawiki-scratch-login](https://github.com/InternationalScratchWiki/mediawiki-scratch-login): MediaWiki extension to allow logging in with one's Scratch account
[magnetron.artificial-intelligence-2.0.mincloud.proxia--INSTINCTIVE-MIND-7](https://github.com/GCABC123/magnetron.artificial-intelligence-2.0.mincloud.proxia--INSTINCTIVE-MIND-7): ✭ MAGNETRON ™ ✭: This is a Google Colab/Jupyter Notebook for developing a EMOTION RECOGNITION PROXIA (B) when working with ARTIFICIAL INTELLIGENCE 2.0 ™ (ARTIFICIAL INTELLIGENCE 2.0™ is part of MAGNETRON ™ TECHNOLOGY).
[qmsggg_HackingAndSecurity](https://github.com/qmsggg/qmsggg_HackingAndSecurity): HackAndSecurity
[docker-firecracker](https://github.com/s8sg/docker-firecracker): Generic container for launching a firecracker microVM inside a Docker container
[o365spray](https://github.com/0xZDH/o365spray): Username enumeration and password spraying tool aimed at Microsoft O365.
[databunker](https://github.com/securitybunker/databunker): Secure SDK/vault for personal records/PII built to comply with GDPR
[magnetron.artificial-intelligence-2.0.mincloud.proxia--INSTINCTIVE-MIND-4_TC](https://github.com/GCABC123/magnetron.artificial-intelligence-2.0.mincloud.proxia--INSTINCTIVE-MIND-4_TC): ✭ MAGNETRON ™ ✭: This is a Google Colab/Jupyter Notebook for developing a TRAFFIC COUNTING (TC) PROXIA when working with ARTIFICIAL INTELLIGENCE 2.0 ™ (ARTIFICIAL INTELLIGENCE 2.0™ is part of MAGNETRON ™ TECHNOLOGY).
[StringHashAPI](https://github.com/Dominik48N/StringHashAPI): A simple library to hash strings, e.g. to make passwords of users in the database unrecognizable for possible hacker attacks.
[faraday_burp](https://github.com/infobyte/faraday_burp): Burp Extension for collaboration in Faraday
[CharlesHack](https://github.com/HeIp-zz/CharlesHack): Hacking Charles Web Debugging Proxy, Working 4.1.4 Version
[raven-python-lambda](https://github.com/Netflix-Skunkworks/raven-python-lambda): Sentry/Raven SDK Integration For AWS Lambda (python) and Serverless
[polenum](https://github.com/Wh1t3Fox/polenum): Uses Core's Impacket Library to get the password policy from a windows machine
[WL1-Editor](https://github.com/tigrouind/WL1-Editor): A level editor for Super Mario Land 3 / WarioLand 1 (1993)
[PenTestingLab.es](https://github.com/txuswashere/PenTestingLab.es): https://pentestinglab.es/
[dependabot-x](https://github.com/alifathi-h1/dependabot-x): Dependabot-X is a tool written in Python3 that allows GitHub Organization/User to automate enabling Dependabot alerts feature for all repositories.
[apkurlgrep](https://github.com/ndelphit/apkurlgrep): Extract endpoints from APK files
[py-nash](https://github.com/codingchili/py-nash): Python crawler / vulnerability scanner
[express-limit-host](https://github.com/Soontao/express-limit-host): simple middleware to protect server from host/x-forwarded-host injection.
[hexo-blog-encrypt](https://github.com/D0n9X1n/hexo-blog-encrypt): Yet, just another hexo plugin for security.
[coding-lab](https://github.com/thevnomad/coding-lab): REST API with security tools
[Process-Service_Analyzer](https://github.com/haim1993/Process-Service_Analyzer): A hacking tool that allows a user to track changes in services/processes in there system. other cool features are included.
[aws-security-toolbox](https://github.com/z0ph/aws-security-toolbox): AWS Security Tools (AST) in a simple Docker container. :package:
[Crypt0r](https://github.com/GeoSn0w/Crypt0r): A simple yet powerful random strong password generator created for practice.
[ansible-role-wireguard](https://github.com/githubixx/ansible-role-wireguard): Ansible role for installing WireGuard VPN. Supports Ubuntu, Debian, Archlinx, Fedora and CentOS.
[RatPoison](https://github.com/RatPoison-dev/RatPoison): Latest Ver: 1.7; Default Menu Key is F1; Charlatano's Successor; dn
[evilMACHO](https://github.com/jmpews/evilMACHO): Malicious use of macho, such as dump-runtime-macho, function-hook.
[spyse-subdomain-finder](https://github.com/nmmapper/spyse-subdomain-finder): We all know about the famous spyse.com this python3 scripts scrounges subdomains without the api from spyse cybersecurity search engine
[WifiStealer](https://github.com/wasfyelbaz/WifiStealer): Wifi Stealer steals all the wifi networks profiled on the target's system.
[log4j-detector](https://github.com/mergebase/log4j-detector): Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J instances that are hidden several layers deep. Works on Linux, Windows, and Mac, and everywhere else Java runs, too!
[gmail-cookies-research](https://github.com/CoalDev/gmail-cookies-research): Research about gmail's cookies, how to read and write mails with only 4 cookies.
[WTTG2](https://github.com/un1n0wn/WTTG2): this is a multi hacking tool written in python, this is also inspired by the game "Welcome To The Game 2"
[ipatool](https://github.com/majd/ipatool): Command-line tool that allows searching and downloading app packages (known as ipa files) from the iOS App Store
[ignorecheck](https://github.com/smashah/ignorecheck): A simple CLI/utility to ensure certain patterns are present in a project's .gitignore - Be sure to 🌟 this repository for updates!
[LuciTools](https://github.com/IamLucif3r/LuciTools): These are Cybersecurity tools built with Python
[mquery](https://github.com/CERT-Polska/mquery): YARA malware query accelerator (web frontend)
[wiviz](https://github.com/apertureless/wiviz): Wifi client probe analyzer & visualizer
[zenna_rat](https://github.com/Jennahacker/zenna_rat): Android RAT with web panel and fully undetectable App support android 12
[SEUM-Dll](https://github.com/Zuccss/SEUM-Dll): SEUM hack using dll injection
[CVE-2020-10977](https://github.com/KooroshRZ/CVE-2020-10977): Exploit for "GitLab Instance" Arbitrary server file read vulnerability
[empirectf](https://github.com/EmpireCTF/empirectf): EmpireCTF – write-ups, capture the flag, cybersecurity
[lithackr.github.io](https://github.com/lithackr/lithackr.github.io): Welcome to my Repo
[authserver](https://github.com/jokk-itu/authserver): Authorization server with OAuth 2.0 and OpenId Connect 1.0
[django-maps-scripting](https://github.com/ConnorXploit/django-maps-scripting): Django, MapBox, Info gathering, Recon-ng, Metasploit, Empire...
[pentest-payloads-snippets](https://github.com/rfcgraciano/pentest-payloads-snippets): Pentest Payloads and Snippets
[Gel4y-Mini-Shell-Backdoor](https://github.com/22XploiterCrew-Team/Gel4y-Mini-Shell-Backdoor): A webshell that can bypass some system security
[CVSS-Intepreter](https://github.com/bin3xish477/CVSS-Intepreter): Interpret CVSS (version 2 & version 3) scores.
[CSGO-sv_cheats-1-EXPLOIT](https://github.com/KryxOk/CSGO-sv_cheats-1-EXPLOIT): AutoHotKey Script that allows you to bypass sv_cheats 1 in csgo vac secure servers
[MobileHackersWeapons](https://github.com/hahwul/MobileHackersWeapons): Mobile Hacker's Weapons / A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting
[PoW-Phalanx](https://github.com/RuiSiang/PoW-Phalanx): Controller for PoW Shield (a layer7 DDoS filter) providing multi-instance utilities.
[amazon-sns](https://github.com/deep-security/amazon-sns): Scripts to parse events from Trend Micro Deep Security via Amazon SNS.
[PenTestTools](https://github.com/mishaturnbull/PenTestTools): Useful tools/scripts/whatever for penetration testing
[stackrox](https://github.com/stackrox/stackrox): The StackRox Kubernetes Security Platform performs a risk analysis of the container environment, delivers visibility and runtime alerts, and provides recommendations to proactively improve security by hardening the environment.
[PowerShellArmoury](https://github.com/cfalta/PowerShellArmoury): A PowerShell armoury for security guys and girls
[sans-indexes](https://github.com/ancailliau/sans-indexes): Indexes for SANS Courses and GIAC Certifications
[C-File-Patcher](https://github.com/JakeLoganUK/C-File-Patcher): Simply Patch a File Using C++
[HostReconTool](https://github.com/bhitchens/HostReconTool): Tool that gathers data from local and remote Windows systems and compiles it in a SQLite database.
[CSRF-handler](https://github.com/banujan6/CSRF-handler): A simple CSRF Token protection library for PHP. I t will help you to generate the random unique token and validate it to prevent CSRF attack.
[SNFQ-SimpleNetFilterQueueLibrary](https://github.com/cr7pt0pl4gu3/SNFQ-SimpleNetFilterQueueLibrary): SNFQ is a Simple NetFilterQueue Library developed by Ravehorn. It is built on top of NetfilterQueue.
[Parrot-CTFs-Website](https://github.com/Parrot-CTFs/Parrot-CTFs-Website): Parrot CTFs - A CTF platform for all fields of IT - OWASP, CRTP & OSCP Based Training Labs
[android_kernel_lge_msm8992](https://github.com/doitaljosh/android_kernel_lge_msm8992): Kernel optimised for GNU/Linux userspaces
[HolisticInfoSec-For-WebDevelopers-Fascicle1](https://github.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1): :books: VPS :lock: Network :lock: Cloud :lock: Web Applications :books:
[power-pwn](https://github.com/mbrg/power-pwn): A demo showing how to repurpose Microsoft-trusted executables, service accounts and cloud services to power a malware operation
[mirror-blacksun.box.sk](https://github.com/opsxcq/mirror-blacksun.box.sk): Black Sun website mirror, for old times' sake !
[McAfee-ENS-Expert-Rules](https://github.com/JakePeralta7/McAfee-ENS-Expert-Rules): In this repository I'm going to write expert rules I've created and researched in order to build better detection/prevention
[pascalscada](https://github.com/fluisgirardi/pascalscada): PascalSCADA for Lazarus
[Hushint](https://github.com/webster5197/Hushint): Hushint is an OSINT Platform which contains such tools/techniques and which are free to use. This tool is developed just for educational purpose to teach people how someone can easily obtain information about you which is stored publicly on the Internet.
[presentation-xss](https://github.com/fabidick22/presentation-xss): Presentation with reveal.js about xss
[UnZipPasswordHacker](https://github.com/matcdac/UnZipPasswordHacker): Unzip a compressed password protected file, using the brute force approach, using all the ASCII keyboard characters
[sitedorks](https://github.com/Zarcolio/sitedorks): Search Google/Bing/Ecosia/DuckDuckGo/Yandex/Yahoo for a search term (dork) with a default set of websites, bug bounty programs or custom collection.
[awesome-threat-detection](https://github.com/0x4D31/awesome-threat-detection): A curated list of awesome threat detection and hunting resources
[Domain-Scraper](https://github.com/1337Farhan/Domain-Scraper): Find domains assigned with a specific IP address.
[MyExpense](https://github.com/Sharpforce/MyExpense): MyExpense is a vulnerable web application
[knoxss](https://github.com/bruterobbie/knoxss): People have the right to see this ugly spaghetti code, skids.
[owasp-esapi-c](https://github.com/CyberNinjas/owasp-esapi-c): Automatically exported from code.google.com/archive/p/owasp-esapi-c
[ReFleX](https://github.com/DedSecInside/ReFleX): ReFleX - Deep Image Recognition Bot
[hawkpost](https://github.com/whitesmith/hawkpost): Generate links that users can use to submit messages encrypted with your public key.
[uisgcon](https://github.com/datalog/uisgcon): UISGCON Materials. The birthplace of Ukrainian cybersecurity. Upcoming event: October 26, 2018 / Kiev, Ukraine
[metlo](https://github.com/metlo-labs/metlo): Metlo is an open-source API security platform.
[Palioxis](https://github.com/deadbits/Palioxis): Linux self-destruction utility
[naemazam.github.io](https://github.com/naemazam/naemazam.github.io): Naem Azam is a passionate self-taught Programmer And an open-source enthusiast and maintainer.
[CVE-2021-43129](https://github.com/Skotizo/CVE-2021-43129): Vulnerability in D2L Brightspace's Learning Management System(LMS)
[sppen](https://github.com/Black-Hell-Team/sppen): Malware and malicious applications database
[DiscordShell](https://github.com/lacysw/DiscordShell): Discord C2
[Laravel-Scrubber](https://github.com/YorCreative/Laravel-Scrubber): A Laravel package to scrub sensitive information that breaks operational security policies from being leaked on accident or not by developers.
[ModuleStomping](https://github.com/WithSecureLabs/ModuleStomping): https://blog.f-secure.com/hiding-malicious-code-with-module-stomping/
[domain-api-mgt](https://github.com/cybnity/domain-api-mgt): All the features and services realized by the API Management bounded context relative to the application domain, including specification library (e.g api), components implementation (e.g software implementation packages) and deployable systems (e.g operable component on infrastructure types).
[WBFS_Manager_3_64bit_en_WIN](https://github.com/mehransab101/WBFS_Manager_3_64bit_en_WIN): WBFS_Manager_3_64bit_en_WIN
[flatkrabsetw](https://github.com/zacbrown/flatkrabsetw): flatkrabsetw is a flat-C wrapper around the krabsetw C++ library. It's primarily meant for FFI usage in other languages.
[PacketStreamer](https://github.com/deepfence/PacketStreamer): :star: :star: Distributed tcpdump for cloud native environments :star: :star:
[Attack-simulation-infrastructure](https://github.com/LeKlex/Attack-simulation-infrastructure): A small and simple network infrastructure with automated attacks on a VM server documented by tshark
[envkey-app](https://github.com/envkey/envkey-app): Secure, human-friendly, cross-platform secrets and config.
[portunus](https://github.com/MAUTOM/portunus): Portunus is an OpenPGP verifying keyserver (with support for the HKP draft) written using .NET Core 3.1 focusing on easing integration of PGP and security.
[sangraam](https://github.com/amriteshbhaskar/sangraam): Baaassssssssssss
[ScanExp](https://github.com/CyberNDR/ScanExp): ScanExp automates the scanning of any machine's open ports via the ip address and performs a brute force attack on ports 20, 21 for the FTP protocol, port 22 for the SSH protocol and port 25 for the SMTP protocol, providing the choice between the use of two different wordlists for the username and password or two personalized wordlists chosen by the user.
[tls-inspector](https://github.com/tls-inspector/tls-inspector): Easily view and inspect X.509 certificates on your iOS device.
[HomoglyphAttacksDetector](https://github.com/jackaduma/HomoglyphAttacksDetector): Detecting Homoglyph Attacks with CNN model using Computer Vision method
[ufonet](https://github.com/start-the-hammond/ufonet)
[react-native-encrypted-storage](https://github.com/emeraldsanto/react-native-encrypted-storage): React Native wrapper around EncryptedSharedPreferences and Keychain to provide a secure alternative to Async Storage.
[awesome-graphql-security](https://github.com/Escape-Technologies/awesome-graphql-security): A curated list of awesome GraphQL Security frameworks, libraries, software and resources
[peniot](https://github.com/yakuza8/peniot): PENIOT: Penetration Testing Tool for IoT
[fusion-files](https://github.com/Poseidown/fusion-files): Penetration Testing File Binder
[FollinaScanner](https://github.com/ErrorNoInternet/FollinaScanner): A tool written in Go that scans files & directories for the Follina exploit (CVE-2022-30190)
[Secrets-app](https://github.com/farisnafiah/Secrets-app): A web app for posting secrets (Authentication & Security). Just thought I'd push this, just because.
[cs_repository](https://github.com/Protasis/cs_repository): Protasis cyber security repository
[PwnedPasswords_CFML](https://github.com/ddspringle/PwnedPasswords_CFML): I implement the Have I Been Pwned Passwords API in CFML (ColdFusion)
[review_the_national_post-graduate_entrance_examination](https://github.com/AngelKitty/review_the_national_post-graduate_entrance_examination): 🌟复习考研的那些事儿(清华912考研)~~
[Cyphr](https://github.com/justSid404/Cyphr): Cyphr is a Python based tool for Cryptography. Cyphr can Encrypt and Decrypt text in 5 different methods.
[Learning-Node.js-Security](https://github.com/AnimeshShaw/Learning-Node.js-Security): A Collection of articles, videos, blogs, talks and other materials on Node.js Security
[adversary_emulation_library](https://github.com/center-for-threat-informed-defense/adversary_emulation_library): An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.
[infosecBasics](https://github.com/dhaneshsivasamy07/infosecBasics): Basics required for anyone to enter into the world of InfoSec
[jImpfuzzy](https://github.com/fluenda/jImpfuzzy)
[hacking-tools-scripts](https://github.com/sanscript-tech/hacking-tools-scripts): Hacking Scripts that will blow your mind engineered by Hackers ♠️.
[bash-securizer](https://github.com/bjoern-hempel/bash-securizer): A tool to check the security of web applications.
[fatgod](https://github.com/d3m0n4l3x/fatgod): An CC DoS (Denial-of-Service) attack tool developed by demonalex in 2009.
[CoronaNotifier](https://github.com/ahmadchen/CoronaNotifier): Covid-19 Whatsapp Bot
[jmxshell](https://github.com/mirchr/jmxshell)
[ts3idtools](https://github.com/bratkartoffel/ts3idtools): Various tools to work with teamspeak 3 identities
[maptool-rce](https://github.com/sum-catnip/maptool-rce): maptool unauthenticated rce exploit <1.8.0 beta2b
[differential-privacy-based-access-control](https://github.com/VibhaBelavadi/differential-privacy-based-access-control): Differential Privacy Based Access Control
[fast-scan](https://github.com/machine1337/fast-scan): An Advanced tool to scan hundreds of IP's in Seconds for CVE's, Open Ports And Web Technologies.
[eJPT-notes](https://github.com/edoardottt/eJPT-notes): Notes I took while preparing for eJPT certification
[cloudflare-ufw](https://github.com/Paul-Reed/cloudflare-ufw): Script to update UFW with Cloudflare IPs
[Syft-Grype-GHA-Demo-Workflows](https://github.com/dlg1206/Syft-Grype-GHA-Demo-Workflows): A collection of example GitHub Action Workflow files using Syft and Grype
[security-http](https://github.com/symfony/security-http): Security provides an infrastructure for sophisticated authorization systems, which makes it possible to easily separate the actual authorization logic from so called user providers that hold the users credentials. It is inspired by the Java Spring framework.
[Bug-Bounty-Methodology](https://github.com/tuhin1729/Bug-Bounty-Methodology): These are my checklists which I use during my hunting.
[whisper-key](https://github.com/pixielabs/whisper-key): Send & receive secure messages in the browser.
[secure-introduction-android](https://github.com/selvamselvam/secure-introduction-android): The secure introduction introduces people using secured communication. It helps to share the public key, photo, phone number with a decentralized architecture.
[httpsyet](https://github.com/qvl/httpsyet): Crawler to find links you can update to HTTPS
[security-txt-parser](https://github.com/rhymeswithmogul/security-txt-parser): Fetch and parse a website's security.txt file.
[CVE-2021-41773_42013](https://github.com/vulf/CVE-2021-41773_42013): Lab setup for CVE-2021-41773 (Apache httpd 2.4.49) and CVE-2021-42013 (Apache httpd 2.4.50).
[Hacking-with-Python](https://github.com/golan1202/Hacking-with-Python): Writing scripts that run on kali-linux and hacking to clients and web-applications
[c-compiler-security](https://github.com/airbus-seclab/c-compiler-security): Security-related flags and options for C compilers
[wafex-model-creator](https://github.com/rhaidiz/wafex-model-creator): WAFEx Model Creator
[auto-doc](https://github.com/snaphat/auto-doc): Regex based patching toolkit for binary modification
[Security-Package](https://github.com/Abdelrahman-Yasser-1/Security-Package): This project contains implementation of some cryptography algorithms using C# language.
[cybercounterintel](https://github.com/dc401/cybercounterintel): Rogue cyber security professional detection mindmap
[secure-ls](https://github.com/softvar/secure-ls): :lock: Secure localStorage data with high level of encryption and data compression
[gitgoods](https://github.com/rx13/gitgoods): An immature utility script to identify domain-related potentially sensitive materials on GitHub via API v3
[Cpp-Guard](https://github.com/techtocore/Cpp-Guard): A platform independent C++ code obfuscator.
[vpc-vpn-pivot](https://github.com/andresriancho/vpc-vpn-pivot): Pivot into private VPC networks using a VPN connection
[Image-recon](https://github.com/Ramalingasamy012/Image-recon): Image recon is a tool used to find the social media accounts associated with the uploading image.
[smazestager](https://github.com/falkensmz/smazestager): A download & execute payload written in Python 3.10
[vgs_python_demo](https://github.com/gjyoung1974/vgs_python_demo): PCI Compliant E Commerce integration with VGS Secure Proxy and Vault technologies with Python and Flask
[HackRSA](https://github.com/StanGirard/HackRSA): Hack the heck out of rsa
[minilib](https://github.com/michael105/minilib): A c standard system library with a focus on size, headeronly, "singlefile", intended for static linking. 187 Bytes for "Hello World"(regular elf), compiled with the standard gcc toolchain.
[go-password-validator](https://github.com/wagslane/go-password-validator): Validate the Strength of a Password in Go
[app-etheno](https://github.com/block-exchange/app-etheno): Crytic Labs Etheno is security analysis and testing tools for smart contracts
[garlicshare](https://github.com/R4yGM/garlicshare): Private and self-hosted file sharing over the Tor network written in golang
[Android-Security-Teryaagh](https://github.com/Ralireza/Android-Security-Teryaagh): Android security guides, roadmap, docs, courses, write-ups, and teryaagh.
[Reflex-Gallery-Exploit](https://github.com/D3Ext/Reflex-Gallery-Exploit): Reflex Gallery 3.1.3 Arbitrary File Upload to RCE Exploit
[AnaisBauer_6_28072021](https://github.com/ana9402/AnaisBauer_6_28072021): OpenClassrooms - Formation "Développeur web" - Projet n°6 "So Pekocko"
[SniperSQLI](https://github.com/lgferraz/SniperSQLI): Script destinado a encontrar falhas SQLI em sites.
[Chrome-Autosave-Dump](https://github.com/thenetworkgrinch/Chrome-Autosave-Dump): Dumps the autosave of the given Login Data created by the chrome browser
[ToolAnalysisResultSheet](https://github.com/JPCERTCC/ToolAnalysisResultSheet): Tool Analysis Result Sheet
[smsmaster](https://github.com/like-null/smsmaster): SMS Master can preform sms booming and it is made for educational purpose only it works in all the country.
[overflow-exploits](https://github.com/udoprog/overflow-exploits): Examining overflow exploits in C programs, and the various protection mechanisms that tries to prevent them.
[login-email](https://github.com/megacoder/login-email): Help monitor the bad guys by sending an email generated during the /etc/profile.d/ time. Send a date/timestamp email to an external site, just as an audit trail.
[UCM-Fdi-ELP](https://github.com/s-a-m/UCM-Fdi-ELP): Course Ethics, Law & Profession of Computer Science, from CS at UCM (Ética, Legislación y Profesión de la Facultad de Informática UCM)
[TigerGraph.NET](https://github.com/allisterb/TigerGraph.NET): .NET libraries for building graph-powered multi-target apps in C# and F# using TigerGraph.
[SpyOffSec](https://github.com/proxyanon/SpyOffSec): SpyOffSec é um programa destinado ao controle e visualização remota de máquinas, com foco em segurança da informação.
[VulnGCC](https://github.com/0xShaolin/VulnGCC): Another quick script you can use to compile vulnerable executables for Binary Exploitation.
[FollinaTest](https://github.com/AnshVaid4/FollinaTest): Reference of code has been taken from https://github.com/JohnHammond/msdt-follina/blob/main/follina.py. I have given the explanation of the code and made the code a bit simplified.
[Pentesting-and-Hacking-Scripts](https://github.com/dscciem/Pentesting-and-Hacking-Scripts): 🚀 A curated collection of Pentesting and Hacking Scripts for Script Kiddie to Advanced Pentesters. 👨💻
[rustomware](https://github.com/Idov31/rustomware): Simple ransomware written in Rust. Part of the building a rustomware blog post.
[HBCTF](https://github.com/osteth/HBCTF): HackBama CTF game
[SVWA](https://github.com/laztname/SVWA): a vulnerable web for education of hacking
[CWMII](https://github.com/jcapellman/CWMII): Clean WMI Interface (CWMII) written in C# providing a strongly typed interface to access WMI Properties and Classes
[secure-ios-app-dev](https://github.com/felixgr/secure-ios-app-dev): Collection of the most common vulnerabilities found in iOS applications
[cam-finder](https://github.com/member87/cam-finder): Find ACTi NVR3.0 IP cameras with the default login details (admin / 123456)
[TOMCAT-9-STIG](https://github.com/ansible-lockdown/TOMCAT-9-STIG): STIG Baseline Ansible Role for Tomcat 9
[Xhunter](https://github.com/Jennahacker/Xhunter): Android Penetration Tool [ RAT for Android ] Update 1.7
[seginfoFAQ](https://github.com/mattaereal/seginfoFAQ): FAQ del mundo de la seguridad informática en español.
[bruteservice](https://github.com/vodafon/bruteservice): Find company external services
[HashcatRulesEngine](https://github.com/llamasoft/HashcatRulesEngine): A stand-alone implementation of Hashcat's rule engine
[CppBasicSecuritySystem](https://github.com/ShivaySabharwal/CppBasicSecuritySystem): C++ Program to login, view information, and new registration.
[PHPAuth](https://github.com/liamjack/PHPAuth): A new and improved PHPAuth
[mafiahacks](https://github.com/machine1337/mafiahacks): The purpose of this tool is to automate the payload Creation Process. U can Create Payloads For All Types of OS in Seconds.
[adblockfast](https://github.com/rocketshipapps/adblockfast): Adblock Fast is a new, faster ad blocker for Android, iOS, Chrome, and Opera.
[TnT-Fuzzer](https://github.com/Teebytes/TnT-Fuzzer): OpenAPI 2.0 (Swagger) fuzzer written in python. Basically TnT for your API.
[wafaray](https://github.com/alt3kx/wafaray): Enhance your malware detection with WAF + YARA (WAFARAY)
[v4dos](https://github.com/al4r0/v4dos): stress tool for your web
[Virus-Tools](https://github.com/ewan3357/Virus-Tools): Virus Making tools
[emojico](https://github.com/makersphereHQ/emojico): Use emojis instead of weak passwords. 🍫🍿🍩🔥😎
[JTS](https://github.com/verovan/JTS): Herramienta para realizar un deploy de un servidor LAMP sobre Debian 8, ejecución de tasks básicas de securización, configuración automática de servicios y más...
[ansible-managed-certificates](https://github.com/s-hamann/ansible-managed-certificates): Ansible role to set up a X.509 certificate deployment helper for external certificate management
[Anume-Smart-Enumeration](https://github.com/Adkali/Anume-Smart-Enumeration): Enumeration tool which can help you while doing CTF's ( THM, HTB ) - Anume
[flocker](https://github.com/dimakristally/flocker): A simple Python application to lock & unlock files to prevent them from being accessed by local users.
[bluesnarfer](https://github.com/kimbo/bluesnarfer): Bluetooth hack, forked from https://gitlab.com/kalilinux/packages/bluesnarfer/
[domain-trial-training-mgt](https://github.com/cybnity/domain-trial-training-mgt): All the features and services realized by the security exercises bounded context relative to the application domain, including specification library (e.g api), components implementation (e.g software implementation packages) and deployable systems (e.g operable component on infrastructure types).
[xSMTP](https://github.com/c99tn/xSMTP): xSMTP 🦟 Lightning fast, multithreaded smtp scanner targeting open-relay and unsecured servers in multiple network ranges.
[pymodsecurity](https://github.com/pymodsecurity/pymodsecurity): Python Bindings for ModSecurity v3
[jpico-bsd](https://github.com/mypico/jpico-bsd): Older BSD-licensed version of jpico
[dep-confusion](https://github.com/march0s1as/dep-confusion): two scripts that will help you recognize dependency confusion.
[MetaOSINT.github.io](https://github.com/MetaOSINT/MetaOSINT.github.io): A tool to quickly identify relevant, publicly-available open source intelligence ("OSINT") tools and resources, saving valuable time during investigations, research, and analysis.
[PINGLOCK-2](https://github.com/WEHACKERS/PINGLOCK-2): HAI IAM DAYSHEN IAM HACKER I WILL TEACH HACKING AND CODEING
[fun-batchfiles-and-vbs-exploits](https://github.com/user421921/fun-batchfiles-and-vbs-exploits)
[security-demos](https://github.com/Codaisseur/security-demos): Codaisseur Advanced Class on Securing Web Applications
[Logout-Cyber-Security-Workshop-dubai](https://github.com/nomadicmehul/Logout-Cyber-Security-Workshop-dubai)
[Pentest-Everything](https://github.com/The-Viper-One/Pentest-Everything): A collection of CTF write-ups, pentesting topics, guides and notes. Notes compiled from multiple sources and my own lab research. Topics also support OSCP, Active Directory, CRTE, eJPT and eCPPT.
[Shopping_Apps](https://github.com/satyamkr13/Shopping_Apps): This app connects with Flipkart and Amazon's API for fetching prices of products based on search keywords. I've also implemented security of API keys using Firebase database and authentication.
[basic-of-hacing](https://github.com/mrcyb3rman/basic-of-hacing)
[crypfailure.github.io](https://github.com/crypfailure/crypfailure.github.io): Crypfailure is a security writeups and blog website developed with an aim that "knowledge shoule be free". This deals with the CTFs writeups & blogs about emerging technologies in cybersecurity domain. All the content at this platform will always be freely available.
[E-Books-For-CS-Students](https://github.com/SaptarshiSarkar12/E-Books-For-CS-Students): This repository contains some E-books for Computer Science students in categorized manner. Hope it will help.
[api_paths](https://github.com/dewhurstsecurity/api_paths): A list of REST API URL paths for use in blackbox API end-point discovery
[javax-security-cdi-extension](https://github.com/exabrial/javax-security-cdi-extension): A CDI Portable Extension for Java EE 7 (and maybe 8) that allows you to use @RolesAllowed on CDI Beans and their Methods
[Knowledgebase](https://github.com/Shenmue-Mods/Knowledgebase): Creating, collecting & preserving knowledge of modding & hacking Shenmue games.
[f5-agility-labs-firewall](https://github.com/f5devcentral/f5-agility-labs-firewall): F5 Agility Labs for L4-7 Firewall Use Cases
[needle](https://github.com/WithSecureLabs/needle): The iOS Security Testing Framework
[Metasign](https://github.com/crashware/Metasign): A lightweight ECDH and ECDSA application for generating key pairs and protecting data in a more portable format.
[solo1](https://github.com/solokeys/solo1): Solo 1 firmware in C
[hackingTools](https://github.com/beloncode/hackingTools): A simple collection of tools implemented in 2 days used for information gathering; reverse engineering; attack
[RPI4-Covenant-C2-Installer](https://github.com/MrEmpy/RPI4-Covenant-C2-Installer): 「🖥️」Covenant C2 Installer for RPI 4
[PHP-Based-Email-Spoofer](https://github.com/HaxonicOfficial/PHP-Based-Email-Spoofer): A Email-Spoofer demo, via which a attacker may use this social-engineering skills to retrieve sensitive data from the victim just by manipulating Email-headers.
[csgo-lag-exploit](https://github.com/0xfaer/csgo-lag-exploit): Counter-Strike: Global Offensive lag exploit from a private cheat of mine, I have removed some key parts but if you are dedicated, you can fix it.
[mosquitto-security](https://github.com/BoubacarDiene/mosquitto-security): Experiment some security mechanisms to make communication between mosquitto clients and broker(s) more secure
[advanced-sql-injection-scanner](https://github.com/iricartb/advanced-sql-injection-scanner): Ivan Ricart Borges - Test for didactic purposes of web pages vulnerables to SQL injection using dbo database user with xp_cmdshell execution permissions. Using patterns from Internet search engines to extract potentially vulnerable web addresses and test them by changing the GET parameters using invalid Transact-SQL conversion function to cause through unhandled errors by IIS web server to show critical information. If certain features are given and using advanced injection techniques a malicious attacker could gain control of the entire system by executing shell commands in the SQL database engine.
[CTFTime-Android](https://github.com/PSNAppz/CTFTime-Android): Unofficial CTF Time Android App
[TrustM](https://github.com/mimok/TrustM): Breakout board for Optiga Trust M chip compatible with Raspberry Pi
[Intruder-Detection-With-E-mail-notifier](https://github.com/sajidali351/Intruder-Detection-With-E-mail-notifier): Build an application that alerts you through E-mail when someone enters a restricted area. Learn how to use models for intruder detection.
[Nokali-Kit](https://github.com/tib36/Nokali-Kit): 一款结构简单、模块化的漏洞利用框架,用于研究学习,目前正在开发起步阶段
[upribox](https://github.com/usableprivacy/upribox): Usable Privacy Box
[TOP-BEST-GITHUB-INFOSEC-PAGES](https://github.com/eaglesquads/TOP-BEST-GITHUB-INFOSEC-PAGES): The very, (VERY) - Best, extremely well informing & detailed Github Users & Githbu Pages |!NOTE!| THIS IS ONLY MY OPINION! It's also made only for myself, soo.. But feel free to contribute! |!NOTE!|
[domain-threat-intelligence](https://github.com/cybnity/domain-threat-intelligence): All the features and services realized by the Threat Intelligence bounded context relative to the application domain, including specification library (e.g api), components implementation (e.g software implementation packages) and deployable systems (e.g operable component on infrastructure types).
[airgap-raspberry-apk-signer](https://github.com/airgap-it/airgap-raspberry-apk-signer): Modified Raspberry Pi Image to sign your APK in the most secure way (airgapped).
[remote_hacker_probe](https://github.com/quantumcore/remote_hacker_probe): Threat Emulation and Red Teaming Framework, The Hacking Software for normal people.
[censys-recon-ng](https://github.com/censys/censys-recon-ng): recon-ng modules for Censys
[Cfx-ip-finder](https://github.com/Fnoberz/Cfx-ip-finder): FiveM
[Cybersecurity_Steganography_and_Ciphers](https://github.com/Davidmenamm/Cybersecurity_Steganography_and_Ciphers): Cryptography: The steganography of images, and the application of caesar's cipher to decode the encrypted message.
[fuptcha](https://github.com/pyperanger/fuptcha): fuptcha - CAPTCHA Fuzzer Image Recon
[StudyRoom](https://github.com/LucasPDiniz/StudyRoom): Repository created for study and POC's on vulnerabilities.
[TAaMR](https://github.com/merrafelice/TAaMR): Proposal of a novel adversarial attack approach, called Target Adversarial Attack against Multimedia Recommender Systems (TAaMR), to investigate the modification of MR behavior when the images of a category of low recommended products (e.g., socks) are perturbed to misclassify the deep neural classifier towards the class of more recommended products (e.g., running shoes) with human-level slight images alterations.
[leavecat.github.io](https://github.com/LeaveCat/leavecat.github.io): LeaveCat official blog
[DarkK](https://github.com/s-ai-kia/DarkK): Dar✘ - The DarkNet of the Deep Web
[Block_Smartscreen_and_Security_Center_on_Windows_Operating_Systems](https://github.com/abdulkadir-gungor/Block_Smartscreen_and_Security_Center_on_Windows_Operating_Systems): Blocking smartscreen, security center, forensic processes and 3rd party security applications on Windows Operating Systems
[printer-hacking](https://github.com/techgaun/printer-hacking): Going through http://hacking-printers.net/
[secure-pass](https://github.com/DrBarnabus/secure-pass): Secure password hashing module that makes use of Argon2ID. Also provides a facility for password reset token generation and verification.
[burp-password-spray](https://github.com/0xZDH/burp-password-spray): This extension allows a user to specify a lockout policy in order to automate a password spray attack via Intruder.
[Kalivenom](https://github.com/AndoniHQ/Kalivenom): Servidor web para almacenar algunos payloads para el proyecto final de ASIR
[nmap-static-binaries](https://github.com/opsec-infosec/nmap-static-binaries)
[correct.js-2](https://github.com/Akifcan/correct.js-2): Second version of correct.js
[USB-Password-stealing-driver](https://github.com/alaggab/USB-Password-stealing-driver): USB Password stealing drive
[ShadowSteal](https://github.com/HuskyHacks/ShadowSteal): Pure Nim implementation for exploiting CVE-2021-36934, the SeriousSAM local privilege escalation
[Lazyxss](https://github.com/LoaiEsam37/Lazyxss): LazyXSS is a tool that can help you scan for reflected XSS, LFI without any effort.
[heralding](https://github.com/johnnykv/heralding): Credentials catching honeypot
[midnight](https://github.com/safinsingh/midnight): 🔧 An extensible Linux security auditing tool
[cyber-security-roadmap](https://github.com/boitatech/cyber-security-roadmap): O repositório Cyber Security Roadmap é uma iniciativa para ajudar a comunidade de segurança da informação a se orientar sobre o que estudar.
[networksecurity2018](https://github.com/kandarpck/networksecurity2018): Simulated TCP and TLS implementations
[Aliens_eye](https://github.com/arxhr007/Aliens_eye): Social media hunter
[NIST-BGP-SRx](https://github.com/usnistgov/NIST-BGP-SRx): The NIST BGP Secure Routing Extension (BGP-SRx) is an open source reference implementation and research platform for investigating emerging BGP security extensions and supporting protocols such as RPKI Origin Validation and BGPsec Path Validation.
[peephole](https://github.com/SJuras/peephole): Cybersecurity/Pentesting tool made in Python
[grafanaExp](https://github.com/A-D-Team/grafanaExp): A exploit tool for Grafana Unauthorized arbitrary file reading vulnerability (CVE-2021-43798), it can burst plugins / extract secret_key / decrypt data_source info automatic.
[beagle](https://github.com/yampelo/beagle): Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
[Vocal-Flask](https://github.com/HACKE-RC/Vocal-Flask): Vocal Flask
[GodGenesis](https://github.com/SaumyajeetDas/GodGenesis): A Python3 based C2 server to make life of red teamer a bit easier. The payload is capable to bypass all the known antiviruses and endpoints.
[brutforce](https://github.com/AndreyMashukov/brutforce): Script for brutforce
[RHEL6.x-COW](https://github.com/kcgthb/RHEL6.x-COW): Clean your RHEL 6.x COW, it's dirty
[OracleCVE](https://github.com/vah13/OracleCVE): Vulnerabilities which found in Oracle products
[IPRep](https://github.com/jbies121/IPRep): IP Reputation tool for .NET Core 3.1
[Discord-Embed-Trick](https://github.com/anwir-prota/Discord-Embed-Trick): I got showed this trick by some random cunt on Discord that was in my group. I forgot his name. Shoutout to you though
[v-shark](https://github.com/iamrishirb/v-shark): Official Repository for V-Shark
[honest](https://github.com/david942j/honest): Are your installed packages _really_ the same as you saw on GitHub?
[Hbomb](https://github.com/un1n0wn/Hbomb): a dos tool to crash websites
[headmail](https://github.com/umair9747/headmail): A tool designed to analyse email headers
[Web-Probe](https://github.com/EONRaider/Web-Probe): Web Probe is a Python 3 asynchronous port scanner with the purpose of checking live web servers
[Xss-](https://github.com/Dhamuharker/Xss-): Awesome XSS Payloads
[starchart](https://github.com/shipwreckdev/starchart): Starchart is a Python-based tool that allows scanning and assessment of cloud native platforms.
[aletheia](https://github.com/petrilli/aletheia): Manage secrets in Google Cloud w/CloudKMS and Cloud Storage
[h3ll0_fr13nd](https://github.com/kantuni/h3ll0_fr13nd): Our privacy has been hacked.
[magnetron.artificial-intelligence-2.0.mincloud.proxia--IMAGINATION-D](https://github.com/GCABC123/magnetron.artificial-intelligence-2.0.mincloud.proxia--IMAGINATION-D): ✭ MAGNETRON ™ ✭: This is a Google Colab/Jupyter Notebook for developing an IMAGINATION (D) proxia when working with ARTIFICIAL INTELLIGENCE 2.0 ™ (ARTIFICIAL INTELLIGENCE 2.0™ is part of MAGNETRON ™ TECHNOLOGY).
[minipwner](https://github.com/nicholasadamou/minipwner): A script to configure a TP-Link MR3040 running OpenWRT into a simple, yet powerful penetration-testing "dropbox".
[arduino-optiga-trust-x](https://github.com/Infineon/arduino-optiga-trust-x): Infineon OPTIGA™ Trust X security solution library for Arduino
[python-xacml-sdk](https://github.com/authzforce/python-xacml-sdk): Python Client SDK for AuthzForce Server
[u2fcli](https://github.com/mdp/u2fcli): Command line tool for using U2F tokens
[idiot-crack](https://github.com/space-maker/idiot-crack): Un petit programme dont le but est de tester la robustesse d'un site contre les attaques de type bruteforce
[Final-Engagement](https://github.com/raospiratory/Final-Engagement): Attack, Defense and Analysis of a Vulnerable Network
[Reverse-Connection-Shell-Socket-Programing](https://github.com/ShubhGurukul/Reverse-Connection-Shell-Socket-Programing): This repository is for connecting with different clients from a single server as well as 1 client from 1 server.
[CVE-2019-17424](https://github.com/guywhataguy/CVE-2019-17424): RCE Exploit For CVE-2019-17424 (nipper-ng 0.11.10)
[PowerShell-Red-Team](https://github.com/tobor88/PowerShell-Red-Team): Collection of PowerShell functions a Red Teamer may use in an engagement
[indie_hacking_resources](https://github.com/jacoblangston/indie_hacking_resources): List of tools, articles, and other resources I find useful.
[reading-list](https://github.com/gmgchow/reading-list): My reading list for technology-related books. I rate the books that I have read and include a few notes to summarize what I learned. Eventually, I want to migrate this list into a proper website so that I can write more detailed book reviews.
[slack-watchman-enterprise-grid](https://github.com/PaperMtn/slack-watchman-enterprise-grid): Monitoring your Slack Enterprise Grid for sensitive information
[linting-a-dockerfile-net6-app-with-azure-pipelines](https://github.com/karlospn/linting-a-dockerfile-net6-app-with-azure-pipelines): This repository contains an example showing how to lint a .NET 6 app dockerfile using Hadolint, dockerfile_lint and Azure Pipelines
[eckbox](https://github.com/redeltaglio/eckbox): A github mirror of http://eckbox.sourceforge.net/
[keypad-firmware](https://github.com/TANC-security/keypad-firmware): ECP keypad implementation for Arduino/AVR
[io.mbse.mora.score.cvss3](https://github.com/dataliz9r/io.mbse.mora.score.cvss3): C++ Header-only implementation of the Common Vulnerability Scoring System (CVSS) Version 3.1
[NetworkAlarm](https://github.com/yojiwatanabe/NetworkAlarm): A tool to monitor local network traffic for possible security vulnerabilities. Warns user against possible nmap scans, Nikto scans, credentials sent in-the-clear, and shellshock attacks. Currently supports live monitoring and network capture (pcap) scanning.
[dos-tester-802.11](https://github.com/oz9un/dos-tester-802.11): It's a Python tool that tests some DoS attacks on 802.11 networks with flooding desired packets. Developed with Scapy.
[AymoonUtils](https://github.com/ayman2nov/AymoonUtils)
[Infosec-Questions](https://github.com/austinsonger/Infosec-Questions): Common (and Advanced) Information Security Questions. Questions you should know the answer to for your information security career.
[JTRE](https://github.com/ASHWIN990/JTRE): Tool for cracking password Hashes like MD5, SHA1, SHA256, encrypted PDF, encrypted compressed file,and many other password hashes 🤘🤘
[loaderDumpsArcade](https://github.com/vicboma1/loaderDumpsArcade): Loader Dumps Arcade run Taito Type X | NESICAxLive arcade machines games in your PC
[Programmers-Community](https://github.com/shoaibrayeen/Programmers-Community): This repository contains various solution of a problem in Ruby, C, C++, Python and Java.
[ViTee](https://github.com/TURROKS/ViTee): Virus Total Free - IOC parser and report generator
[shodan-scanner](https://github.com/madhavmehndiratta/shodan-scanner): A python based Shodan Scanning Script.
[zoomeye_leecher](https://github.com/CthUlhUzzz/zoomeye_leecher): Utility for ZoomEye search engine results loading
[pygod](https://github.com/pygod-team/pygod): A Python Library for Graph Outlier Detection (Anomaly Detection)
[secure-workflows](https://github.com/step-security/secure-workflows): Secure GitHub Actions CI/CD workflows via automated remediations
[routersploit](https://github.com/threat9/routersploit): Exploitation Framework for Embedded Devices
[Pentagram-exploit-tester](https://github.com/GeoSn0w/Pentagram-exploit-tester): A test app to check if your device is vulnerable to CVE-2021-30955
[git-Kon.Spycio.github.io](https://github.com/tiyeume25112004/git-Kon.Spycio.github.io): blog của Spycio
[Pentest-chainsaw](https://github.com/ihebski/Pentest-chainsaw): Scrapes Router Passwords From http://www.routerpasswords.com ,more then +300 product
[creepjs](https://github.com/abrahamjuliot/creepjs): Creepy device and browser fingerprinting
[SLIENT-DOC](https://github.com/trewisscotch/SLIENT-DOC)
[threat-hostlist](https://github.com/PeterDaveHello/threat-hostlist): Collection of host blocklist that focus on threats 🚨, like 🕷 malware, ransomware, phishing, spyware, and botnets 🤖
[TokenGrabber2j](https://github.com/m-Phoenix852/TokenGrabber2j): A simple to use API for writing java viruses to get discord account token of an user.
[pwndb_api](https://github.com/M3l0nPan/pwndb_api): Pwndb request API
[Denial_Service_Attack](https://github.com/BrsDincer/Denial_Service_Attack): Denial Attacks by Various Methods
[secrets-bridge](https://github.com/abourget/secrets-bridge): Secrets bridge - Secure build-time secrets injection for Docker
[turtlepower](https://github.com/kintsugi-sec/turtlepower): Turtlepower is a collection of scripts I use to make boring repetive tasks I do in pentesting such as file transfers and setting up shells happen quick and easy so I can focus my energy on pwning.
[DorkGoogle](https://github.com/Xnuvers007/DorkGoogle): This program For searching with optimal searching
[rctf-scenario3](https://github.com/aliasrobotics/rctf-scenario3): Robotics CTF scenario 3
[iGPU-Leak](https://github.com/HE-Wenjian/iGPU-Leak): [CVE-2019-14615] iGPU Leak: An Information Leakage Vulnerability on Intel Integrated GPU
[security-bookmarks](https://github.com/davidclarke-au/security-bookmarks): A collection of Security Bookmarks
[cswsh](https://github.com/DeepakPawar95/cswsh): A command-line tool for Cross-Site WebSocket Hijacking
[termux-alpine](https://github.com/illvart/termux-alpine): Bash script for installing Alpine Linux in Termux - 100 MB.
[Deepminer](https://github.com/Conso1eCowb0y/Deepminer): Deep web crawler and search engine
[Directories_Brute_Force](https://github.com/BrsDincer/Directories_Brute_Force): Multi-Process / Censorship Detection
[awesome-opa](https://github.com/anderseknert/awesome-opa): A curated list of OPA related tools, frameworks and articles
[salt-channel-swift](https://github.com/assaabloy-ppi/salt-channel-swift): Salt Channel version 2 implemented in Swift. Can be used for iOS, MacOS and Linux projects.
[skidloader](https://github.com/petercunha/skidloader): :package: Import the Collection #1 data breach into MongoDB
[lemon](https://github.com/spicesouls/lemon): Simple MSFVenom Payload Generator
[Spray365](https://github.com/MarkoH17/Spray365): Spray365 makes spraying Microsoft accounts (Office 365 / Azure AD) easy through its customizable two-step password spraying approach. The built-in execution plan features options that attempt to bypass Azure Smart Lockout and insecure conditional access policies.
[filebeat-selinux](https://github.com/georou/filebeat-selinux): Elasticsearch's Filebeat SELinux policy module for CentOS 7 & RHEL 7 systems
[Spy-Tool](https://github.com/srimani-programmer/Spy-Tool): A Python tool to perform image spy operation on a computer.
[sistema-cofre](https://github.com/Steffany-Martins/sistema-cofre): O sistema cofre é uma das resoluções de logística do Hacking.Help. Assim, ganhou o segundo lugar na competição, com a proposta de manter a temperatura/higiene dos alimentos de delivery.
[CVE-2020-15906](https://github.com/S1lkys/CVE-2020-15906): Writeup of CVE-2020-15906
[Password-Checker](https://github.com/Vikranttyagi95/Password-Checker): In this project, I have created a Python script that reads a bunch of passwords from the text file and checks whether the password has been compromised in a hack before.
[parrot-in-termux](https://github.com/risecid/parrot-in-termux): Installing Parrot Os With Termux
[rendezvous](https://github.com/mypico/rendezvous): Rendezvous server
[pcc](https://github.com/sektioneins/pcc): PHP Secure Configuration Checker
[de.ccc.media](https://github.com/tauri-webapps/de.ccc.media): Native (unofficial) WebApp for CCC's media streaming portal, built with Tauri
[FACEUP](https://github.com/PatrickBMaloney/FACEUP): 🏆 BrickHack 2019 Best AR/VR Hack: An android app for the Vuzix Blade smart glasses that recognizes faces and displays information about the person to the user.
[crabbed.github.io](https://github.com/crabbed/crabbed.github.io): Ever been rejected on bug bounty? Well send me your reports to give them a second chance. This includes, but is not limited to - XSS, SQL Injection, Code Execution, Deface, Login Bypass and much more.
[BCrypt-BruteForce](https://github.com/reinforchu/BCrypt-BruteForce): BCrypt Brute-Force attack / BCrypt crack
[param-ninja](https://github.com/urchinsec/param-ninja): An automated penetration testing tool , that automates web vulnerabilities testing upon a given URL with an endpoint parameter
[cryptz](https://github.com/iinc0gnit0/cryptz): :lock: [ Multi Encryption / Decryption ] :unlock:
[ropium](https://github.com/Boyan-MILANOV/ropium): ROPium is a tool that helps you building ROP exploits by finding and chaining gadgets together
[Ansible-RHEL8-CIS-Benchmarks](https://github.com/HarryHarcourt/Ansible-RHEL8-CIS-Benchmarks): Ansible role for RedHat Enterprise Linux release 8 following the CIS Benchmarks
[Pringles_can_code_generator](https://github.com/s9rA16Bf4/Pringles_can_code_generator): Code generator for the xbox series s event
[risk-assessment-system](https://github.com/niv-sorek/risk-assessment-system): Risk Assessment System based on Vulnerabilities and User Permissions
[binaryanalysis-ng](https://github.com/armijnhemel/binaryanalysis-ng): Binary Analysis Next Generation (BANG)
[KHeaps](https://github.com/sefcom/KHeaps): Playing for {K (H) eaps}: Understanding and Improving Linux Kernel Exploit Reliability
[trufflehog](https://github.com/trufflesecurity/trufflehog): Find credentials all over the place
[AWS-Cloud-Security---Protecting-Resources-and-Data-in-the-Cloud](https://github.com/YoussefBayouli/AWS-Cloud-Security---Protecting-Resources-and-Data-in-the-Cloud): In this project, I deployed and assessed a simple web application environment’s security posture. Then, I intentionally test the security of the environment by simulating an attack scenario and exploiting cloud configuration vulnerabilities. I also set up monitoring to identify suspicious behavior and vulnerable configurations and remediate the identified misconfigurations. Finally, I tied it all together by proposing a DevOps build pipeline that includes security best practices.
[telegram-social-engineering-tool](https://github.com/rewiaca/telegram-social-engineering-tool): Social Engineering Testing tool in Telegram environment for human factor and auth session leak
[Exoft.Security.OAuth](https://github.com/Exoft/Exoft.Security.OAuth): ASP.NET Core OAuth 2 simple implementation
[flipper-tools](https://github.com/nwhistler/flipper-tools): Cool Stuff I find or Create for Flipperzero
[Python-Projects](https://github.com/SV-ZeroOne/Python-Projects): Repository of Personal Python Hacking Projects and Scripts
[open-redirect-payload-list](https://github.com/payloadbox/open-redirect-payload-list): 🎯 Open Redirect Payload List
[Behaviour-Detection-with-Hash-Functions](https://github.com/kclick91/Behaviour-Detection-with-Hash-Functions): A method to detect where a sequence of events are different.
[Sub-Domain-Enumeration-Tool](https://github.com/mrnazu/Sub-Domain-Enumeration-Tool): Sub-domain enumeration is the process of finding sub-domains for one or more domains. It helps to broader the attack surface, find hidden applications, and forgotten subdomains. Note: Vulnerabilities tend to be present across multiple domains and applications of the same organization.
[Dr.-Tanaka-Says](https://github.com/m-ajiao/Dr.-Tanaka-Says): Dear Fansubbers: Don't be stupid! Let me teach you how to stay safe on the Internet.
[FileTypeChecker](https://github.com/AJMitev/FileTypeChecker): Cross platform file type validator for .NET
[security-csrf](https://github.com/symfony/security-csrf): The Security CSRF (cross-site request forgery) component provides a class CsrfTokenManager for generating and validating CSRF tokens.
[Blooket-Hacks](https://github.com/rxzyx/Blooket-Hacks): The absolute best Blooket hack there is.
[rustBoot](https://github.com/nihalpasham/rustBoot): rustBoot is a standalone bootloader written entirely in `Rust`, designed to run on anything from a microcontroller to a system on chip. It can be used to boot into bare-metal firmware or Linux.
[Joomla_Arbitrary_File_Upload](https://github.com/Dark-Clown-Security/Joomla_Arbitrary_File_Upload): Joomla Arbitrary File Upload / Unggah File Sewenang
[Vaim-Samay](https://github.com/VaimpierOfficial/Vaim-Samay): This is use for track location or logout all google account using only one click.
[EV1L-J3ST3R](https://github.com/gsmith257-cyber/EV1L-J3ST3R): An automated scanning, enumeration, and note taking tool for pentesters
[top25-parameter](https://github.com/lutfumertceylan/top25-parameter): For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙
[discover-subdomain](https://github.com/mustafadalga/discover-subdomain): Hedef domain adresinin subdomainlerini keşfeden python scripti | The python script that explores subdomains of the target domain
[gort](https://github.com/ElCap1tan/gort): ⚡ Fast and concurrent Go based port scanner cli / lib with port service, MAC address and vendor lookup support
[osed-binary-analysis-scripts](https://github.com/tin-z/osed-binary-analysis-scripts): Scripts for binary analysis purpose using PyKD and IDA's IDC language
[ScriptsONLY](https://github.com/manisha069/ScriptsONLY)
[enclaive-docker-cs-sgx](https://github.com/enclaive/enclaive-docker-cs-sgx): SGX-ready Enclaive Docker Image for C#
[AspNetCoreCertificateAuth](https://github.com/damienbod/AspNetCoreCertificateAuth): ASP.NET Core 3.1 Certificate Authentication Self Signed and Chained
[picoCTF2019_writeup](https://github.com/s4lm0n-m4k1/picoCTF2019_writeup): Solutions and writeups on how I approach and solved the problems for the picoCTF Cybersecurity Competition.
[sanic-webhook](https://github.com/harshanarayana/sanic-webhook): Kubernetes Mutating and Validating Webhooks written in Sanic
[WordLists](https://github.com/mishrasunny174/WordLists): Collection of various wordlists
[w3bscrap3r](https://github.com/Ramalingasamy012/w3bscrap3r): This tool is used to extract the directories hiding in the website and also used to find all the links found in the webpage.
[terraform-aws-secure-baseline](https://github.com/nozaq/terraform-aws-secure-baseline): Terraform module to set up your AWS account with the secure baseline configuration based on CIS Amazon Web Services Foundations and AWS Foundational Security Best Practices.
[nuts7.github.io](https://github.com/nuts7/nuts7.github.io): Blog about computer security, ctf’s walkthroughs and more
[domain-access-control](https://github.com/cybnity/domain-access-control): All the features and services realized by the Access Control bounded context relative to the application domain, including specification library (e.g api), components implementation (e.g software implementation packages) and deployable systems (e.g operable component on infrastructure types).
[gke-security-scenarios-demo](https://github.com/GoogleCloudPlatform/gke-security-scenarios-demo): This project demonstrates a series of best practices for improving the security of containerized applications deployed to Kubernetes Engine. You will deploy multiple instances of the same container image with a variety of security settings to illustrate the use of RBAC, security contexts, and AppArmor policies.
[saasform](https://github.com/saasform/saasform): Add signup & payments to your SaaS in minutes.
[fuzzing-numpy](https://github.com/jaybosamiya/fuzzing-numpy): :snake: Experiments in trying to find 0-days in numpy
[mole](https://github.com/ztgrace/mole): Mole is a framework for identifying and exploiting out-of-band application vulnerabilities.
[Google-IT-Support-Portfolio](https://github.com/ChukwuemekaAham/Google-IT-Support-Portfolio): This is a professional training designed by Google with 5 courses. This program also prepares one for the CompTIA A+ exams, the industry standard certification for IT—A dual credential will be earned when both are completed. This program is ACE® approved—up to 12 college credits; the equivalent of 4 associate degree-level courses, can be earned after completing the entire program.
[CheatSheetSeries](https://github.com/OWASP/CheatSheetSeries): The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
[shellback](https://github.com/chrispetrou/shellback): Reverse shell generator
[Simplified-Advanced-Encryption-Standard](https://github.com/0xRUDRA/Simplified-Advanced-Encryption-Standard): Implementation of S-AES through client-server communication.
[octopus](https://github.com/FuzzingLabs/octopus): Security Analysis tool for WebAssembly module (wasm) and Blockchain Smart Contracts (BTC/ETH/NEO/EOS)
[co_sim_platform](https://github.com/sustainable-computing/co_sim_platform): Maestro is a smart grid co-simulation platform built on top of Mosaik
[the-box](https://github.com/cycurity/the-box): A tool box with 174 useful and common Linux tools for penetration testing and security audits.
[Secrets-Extractor](https://github.com/Xenios91/Secrets-Extractor): A tool to check packets for secrets
[PyPIN](https://github.com/minsectek/PyPIN): A simple Python module for generating PINs
[mfpAdapterTester](https://github.com/IbrahimMSabek/mfpAdapterTester): This will be a web app that will act like Postman which aim to test secured IBM Mobilefirst 8 adapters with custom authentication specially that save and use data within active session as Postman basic authentication debugging detailed in MFP docs won't fit
[ostorlab](https://github.com/Ostorlab/ostorlab): Ostorlab is a security scanning orchestrator for the modern age.
[Cysec-Hacktoberfest](https://github.com/dsc-iem/Cysec-Hacktoberfest): Welcome to the cybersecurity repository for the hacktoberfest.
[vishwaCTF21-Writeups](https://github.com/CybercellVIIT/vishwaCTF21-Writeups): Github Repository for Writeups of vishwaCTF'21 Challenges
[privybb](https://github.com/privy-cafe/privybb): x86 Assembly forum board used for PrivyERA Join our irc @ i.privy.cafe/6697
[AbuseIP-db-scanner](https://github.com/louigigr/AbuseIP-db-scanner): Parses the IP addresses contained in a file and returns a threat report using the AbuseIPdb.com API
[antimalwareapp](https://github.com/projectmatris/antimalwareapp): Anti-malware for Android using machine learning
[The-DPDK-Examples](https://github.com/gamemann/The-DPDK-Examples): Program examples utilizing the DPDK. The DPDK is a kernel-bypass network library that allows for very fast network packet processing. This is great for (D)DoS mitigation and low-latency packet inspection, manipulation, and forwarding.
[rmiscout](https://github.com/BishopFox/rmiscout): RMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities
[lim-cli](https://github.com/davedittrich/lim-cli): LiminalInfo utility CLI
[onlinesim](https://github.com/isqad/onlinesim): Go client for onlinesim.ru
[SharePoint-Security](https://github.com/codingo/SharePoint-Security): A Github Repository Created to compliment a BSides Canberra 2018 talk on SharePoint Security.
[deception-as-detection](https://github.com/0x4D31/deception-as-detection): Deception based detection techniques mapped to the MITRE’s ATT&CK framework
[CSCI-404-Human-Engineering](https://github.com/RileyAbr/CSCI-404-Human-Engineering): University research study into user behaviors for common social engineering tactics. This project consisted of both a contemporary data collection survey as well as gameified simulation of common workplace dangers. Within the browser-based game, users play through an entire 8-hour work day in 3 minutes, dodging phishing and hacking attempts the entire time.
[admin-panal-finder](https://github.com/Ashish882/admin-panal-finder): Find a admin panel of any website
[olger](https://github.com/pedroelbanquero/olger): Olger, authomated cybersecurity analyst , check infrastructures and deploy solutions
[project-x](https://github.com/cooljar10/project-x): Ubunto Hacking installing
[JNIC_2022](https://github.com/isaaclo97/JNIC_2022): Writeup VII Jornadas Nacionales de Investigación (JNIC 2022). Equipo: Sergio Pérez Peló, Raúl Martín Santamaría e Isaac Lozano Osorio.
[gsprayer](https://github.com/yok4i/gsprayer): A DOM-based G-Suite Password Sprayer
[6g_security](https://github.com/ocatak/6g_security): 6G and Security repository for telecommunications and AI research. We will share our implementations and publications in 5G and beyond technology, 6G, Security, Machine learning on 6G, Massive MIMO, THz communication and communication networks.
[dll_hook-rs](https://github.com/GrahamBest/dll_hook-rs): Rust code to show how hooking in rust with a dll works.
[grails4-spring-security-login-example](https://github.com/didinj/grails4-spring-security-login-example): Grails 4 Tutorial: Spring Security Core Login Example
[darkai](https://github.com/anovni/darkai): +300 TOOLS in 1! IN ITALIANO
[AdvancedMemoryChallenges](https://github.com/ewimberley/AdvancedMemoryChallenges): Advanced buffer overflow and memory corruption security challenges
[ansible-role-security](https://github.com/geerlingguy/ansible-role-security): Ansible Role - Security
[sandworm-jest](https://github.com/sandworm-hq/sandworm-jest): Security Snapshot Testing Inside Your Jest Test Suite 🪱
[ultimate_bughunter_tools](https://github.com/dreamer1eh/ultimate_bughunter_tools): Ultimate Package Of 50 Bug Bounty Hunting Tools
[TSHA](https://github.com/Hritish42/TSHA): I've Proposed a method to verify fake documents using cryptography techniques, designed and modified original SHA-1 algorithm to make it collision free and harder to Brute Force.🐍
[aurora](https://github.com/W3ndige/aurora): Malware similarity platform with modularity in mind.
[CVE-2022-24342](https://github.com/yuriisanin/CVE-2022-24342): PoC for CVE-2022-24342: account takeover via CSRF in GitHub authentication
[fsecurekey2pass](https://github.com/magandrez/fsecurekey2pass): F-Secure KEY to pass importer
[EFIgy-GUI](https://github.com/duo-labs/EFIgy-GUI): A Mac app that uses the Duo Labs EFIgy API to inform you about the state of your EFI firmware.
[delta_reporting](https://github.com/neilhwatson/delta_reporting): Promise reporting portal using CFEngine Community
[xfinity-keyspace](https://github.com/axrey/xfinity-keyspace): xfinity/comcast wifi keyspace
[Drakaina-Botnet](https://github.com/h0lyl337/Drakaina-Botnet): an AIO Botnet / watchdog / c&c / server
[ctSESAM-server-go](https://github.com/raetselonkel/ctSESAM-server-go): c't SESAM storage server (written in Go)
[HAVK](https://github.com/RavSS/HAVK): An attempt at a minimalistic and secure operating system.
[PS-Get-PassPhrase](https://github.com/dotBATmanNO/PS-Get-PassPhrase): PowerShell module to build a passphrase by rolling 5 dice against a wordlist - e.g. the one you can find at https://www.eff.org/dice.
[Simple-Password-Generator](https://github.com/ParmoDev/Simple-Password-Generator): A simple password generator I made!
[zxyr](https://github.com/praecantat0r/zxyr): A remote access trojan made mainly in C++
[whispers](https://github.com/adeptex/whispers): Identify hardcoded secrets in static structured text (version 2)
[keysoft](https://github.com/jaayperez/keysoft): Crypto Js secure, dynamic password creator application that uses cryptographic algorithms with Node.js, Express 4, and Heroku cloud deployment.
[mooltipass](https://github.com/limpkin/mooltipass): Github repository dedicated to the mooltipass project
[Fake-virus-Prank](https://github.com/hemanth-07-11/Fake-virus-Prank): This is a Fake Virus Pranker, developed by HEMANTH N. Bluescreen.dat simulates the bluescreen of death in a system. EA cricket Installer.vbs simulates hacking a computer and endless EA cricket Installer keeps on looping while simulating the hacking process. CAUTION : Do not run the application without sound knowledge of how to close the application without harming the files in computer.
[SecurityExplained](https://github.com/harsh-bothra/SecurityExplained): SecurityExplained is a new series after the previous learning challenge series #Learn365. The aim of #SecurityExplained series is to create informational content in multiple formats and share with the community to enable knowledge creation and learning.
[hackarsenaltoolkit](https://github.com/xtormin/hackarsenaltoolkit): Hacking arsenal. This script download the latest tools, wordlists, releases and install common hacking tools
[module-scanner](https://github.com/cetcs92/module-scanner)
[Duolingo-Hacks](https://github.com/rxzyx/Duolingo-Hacks): The best Duolingo hack ever.
[bugbountyguide](https://github.com/EdOverflow/bugbountyguide): Bug Bounty Guide is a launchpad for bug bounty programs and bug bounty hunters.
[sandworm-js](https://github.com/sandworm-hq/sandworm-js): Easy auditing & sandboxing for your JavaScript dependencies 🪱
[image-layer-provenance](https://github.com/deislabs/image-layer-provenance): Container image provenance spec that allows tracing CVEs detected in registry images back to a CVE's source of origin.
[ejpt-cheat-sheet](https://github.com/z9fr/ejpt-cheat-sheet): Here's the cheat sheet I created for the EJPT exam.
[OWASP-s-AppSec-Israel-2018](https://github.com/nomadicmehul/OWASP-s-AppSec-Israel-2018): AppSec Israel 2018 will take place on 5-6 September, 2018 at Tel Aviv University, in central Tel Aviv.
[venpo](https://github.com/mfdeux/venpo): Extract Venmo transactions from a profile with one command
[leakyrepo](https://github.com/digininja/leakyrepo): A repo which contains lots of things which it shouldn't
[delosNmap](https://github.com/delosemre/delosNmap): delosNmap | Nmap Script
[JavaThings](https://github.com/phith0n/JavaThings): Share Things Related to Java - Java安全漫谈笔记相关内容
[CaeserCipher](https://github.com/AlyMBarakat/CaeserCipher)
[josexv1.github.io](https://github.com/Josexv1/josexv1.github.io): Home sweet home, for whatever I want to post.
[evtx2json](https://github.com/vavarachen/evtx2json): A tool to convert Windows evtx files (Windows Event Log Files) into JSON format and log to Splunk (optional) using HTTP Event Collector.
[graphql-armor](https://github.com/Escape-Technologies/graphql-armor): 🛡️ The missing GraphQL security security layer for Apollo GraphQL and Yoga / Envelop servers 🛡️
[rating_v1](https://github.com/rating-eu/rating_v1): RATING - Risk Assessment Tool for Integrated Governance.
[Captcha-Bypassing](https://github.com/D3Ext/Captcha-Bypassing): A captcha bypassing lab in PHP
[Web-Fuzzing-Box](https://github.com/gh0stkey/Web-Fuzzing-Box): Web Fuzzing Box - Web 模糊测试字典与一些Payloads,主要包含:弱口令暴力破解、目录以及文件枚举、Web漏洞...字典运用于实战案例:https://gh0st.cn/archives/2019-11-11/1
[sf-rsync-manager](https://github.com/serverfarmer/sf-rsync-manager): sf-rsync-manager extension provides scripts for office backup servers management, combined with sf-rsync-server extension.
[cloud_node](https://github.com/blockadeio/cloud_node): Python-based cloud node for local use
[ci-integrations](https://github.com/tinfoil/ci-integrations): Example scripts to run Tinfoil Security via your CI
[domain-compliance-mgt](https://github.com/cybnity/domain-compliance-mgt): All the features and services realized by the Compliance and Certification bounded context relative to the application domain, including specification library (e.g api), components implementation (e.g software implementation packages) and deployable systems (e.g operable component on infrastructure types).
[isthislegit](https://github.com/duo-labs/isthislegit): Dashboard to collect, analyze, and respond to reported phishing emails.
[ms-cache-kafka-quickstart](https://github.com/arafkarsh/ms-cache-kafka-quickstart): Microservice Service Template With Redis Cache and Kafka Framework. Microservice Template gives you a SpringBoot App template with Open API 3 Ex, Actuator, Sleuth, Prometheus, and POM file with Fat and Thin jar file creation and Dockerfile for containerization.
[Security-System](https://github.com/JareBear12418/Security-System): Security system for raspberry pi's. Equipped with motion detection, body/facial. Send Emails notifications, and much more!
[TOOLS-HACKINGv1](https://github.com/D0PP3L64N63R/TOOLS-HACKINGv1)
[Nessus_Pro_Cracked](https://github.com/TcherB31/Nessus_Pro_Cracked): Nessus is one of the many vulnerability scanners used during vulnerability assessments
[mini-ctf-tool](https://github.com/jedevc/mini-ctf-tool): Quick and easy tool to manage the challenges for a CTF :monkey:
[shcheck](https://github.com/santoru/shcheck): A basic tool to check security headers of a website
[terraform-aws-ec2-instance](https://github.com/cloudposse/terraform-aws-ec2-instance): Terraform module for provisioning a general purpose EC2 host
[really-good-cybersec](https://github.com/j4k0m/really-good-cybersec): A really good cybersec reading materials.
[aws-security-box](https://github.com/lucas-apd/aws-security-box): Faça upload de arquivos para um bucket s3 da aws e compartilhe utilizando URL pre assinada com prazo para expirar.
[cpp_win_keylogger](https://github.com/mushahidq/cpp_win_keylogger): A simple keylogger for windows created in C++
[Network-Intrusion-Detection-Using-Deep-Learning](https://github.com/Shaik-Sohail-72/Network-Intrusion-Detection-Using-Deep-Learning): Cyber Security: Development of Network Intrusion Detection System (NIDS), with Machine Learning and Deep Learning (RNN) models, MERN web I/O System.
[HTkit](https://github.com/Keyj33k/HTkit): Information Gathering Simplified.
[ChiLaXESP](https://github.com/ChiLaXCoding/ChiLaXESP): An open source ESP hacking suite for Counter-Strike: Global Offensive.
[Karlann](https://github.com/hkx3upper/Karlann): It's a kernel-based keylogger for Windows x86/x64.
[Cyber-Crimes-and-Its-Awareness-Hacktoberfest-2022](https://github.com/its-red-eagle/Cyber-Crimes-and-Its-Awareness-Hacktoberfest-2022): This repo contains all info related to cyber crimes and its awareness, please do your quality contribution... **only quality contribution accepted**
[Awesome-CobaltStrike](https://github.com/zer0yu/Awesome-CobaltStrike): cobaltstrike的相关资源汇总 / List of Awesome CobaltStrike Resources
[openfga](https://github.com/openfga/openfga): A high performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar
[owasp-zap-jwt-addon](https://github.com/SasanLabs/owasp-zap-jwt-addon): OWASP ZAP addon for finding vulnerabilities in JWT Implementations
[BTLE](https://github.com/JiaoXianjun/BTLE): Bluetooth Low Energy (BLE) packet sniffer and transmitter for both standard and non standard (raw bit) based on Software Defined Radio (SDR).
[QuickSecurityCode](https://github.com/pcjbird/QuickSecurityCode): A security or sms verify code input control. 一个安全码/短信验证码输入控件,支持4位或6位数字的安全码/短信验证码。
[sixarm_ruby_secure_random](https://github.com/SixArm/sixarm_ruby_secure_random): SixArm.com » Ruby » secure random number generator interface for Ruby 1.8.6 backported from 1.8.7
[Hacking-Hands-on](https://github.com/Youngermaster/Hacking-Hands-on): The idea of this repository is to store and document hacks that I made or I watched on internet and worked.
[grepTheCurl](https://github.com/ja1sh/grepTheCurl): One liner regex match to search inside JS files, using curl and grep!
[sf-gpg](https://github.com/serverfarmer/sf-gpg): sf-gpg extension provides backup encryption ability for Server Farmer backup scripts.
[SimpleScan](https://github.com/Galaxy-cst/SimpleScan): Simple Python3-based web application vulnerability scanner
[PoT](https://github.com/omergunal/PoT): Phishing on Twitter
[citrix-adc-azure-templates](https://github.com/citrix/citrix-adc-azure-templates): Templates and scripts for Citrix ADC (formerly NetScaler) Azure deployments
[dnsflare](https://github.com/ropwareJB/dnsflare): A simple DNS service that relays queries to a webhook for notifications to assist detection of OOB or pseudo-blind vulnerabilities during penetration testing activities.
[macrandrd](https://github.com/gpicchiarelli/macrandrd): OpenBSD port for macrandr
[dir_bruter.py](https://github.com/kushvaibhav/dir_bruter.py)
[yardstick](https://github.com/anchore/yardstick): Compare vulnerability scanners results (to make them better!)
[dirscanner](https://github.com/NeloF4/dirscanner): ZAC_DOR TOOLS DIR SCANNER
[Accessibility-Tools-utilmon-Defender](https://github.com/zelon88/Accessibility-Tools-utilmon-Defender): A Windows 7-10 startup script for detecting and preventing "Ease Of Access" attacks.
[mamba_dlp](https://github.com/Ahmed-AG/mamba_dlp): mamba_dlp scans your cloud for sensitive data
[MEIC-SSI](https://github.com/paulinho-16/MEIC-SSI): Todo o conteúdo produzido para a unidade curricular SSI (Segurança em Sistemas Informáticos), para o curso em Engenharia Informática e Computação na FEUP
[Tsun](https://github.com/injectionmethod/Tsun): Web Crawler For Usernames, Idea Based Off Of Sherlock But Made In C#
[file_monitor](https://github.com/kushvaibhav/file_monitor)
[data-plane-helm-chart](https://github.com/strmprivacy/data-plane-helm-chart): Care about your data leaving your VPC/environment in SaaS mode? With our self-hosted option you can run our privacy focused Data Plane in your own Kubernetes Cluster. Just (1) sign-up, (2) request a self-hosted installation, (3) use our values.yaml on your own k8s clusters and (4) run your (customer) data inside your own cloud like 🪄
[Form-fields-activator](https://github.com/jubil/Form-fields-activator): A google chrome extension to enable all disabled form fields (DOM modification)
[Malicious_URL_Analyzer](https://github.com/whitefight18/Malicious_URL_Analyzer): A tool that detects maliciousness of suspicious links, written in python with <3.
[action-pylint](https://github.com/konstruktoid/action-pylint): A GitHub action that checks Python code using black, safety and flake8.
[WordBlitz-bot](https://github.com/sssss465/WordBlitz-bot): a fun bot i made for wordblitz
[evil-mhyprot-cli](https://github.com/kkent030315/evil-mhyprot-cli): A PoC for Mhyprot2.sys vulnerable driver that allowing read/write memory in kernel/user via unprivileged user process.
[waybulk](https://github.com/sham00n/waybulk): Search a list of domains on the wayback machine
[magnetron.artificial-intelligence-2.0.mincloud.proxia--IMAGINATION-G2](https://github.com/GCABC123/magnetron.artificial-intelligence-2.0.mincloud.proxia--IMAGINATION-G2): ✭ MAGNETRON ™ ✭: This is a Google Colab/Jupyter Notebook for developing an IMAGINATION (G2) PROXIA when working with ARTIFICIAL INTELLIGENCE 2.0 ™ (ARTIFICIAL INTELLIGENCE 2.0™ is part of MAGNETRON ™ TECHNOLOGY).
[metamaska](https://github.com/dogancanbakir/metamaska): μετάμάσκα - malevolent payload classifier
[DFShell](https://github.com/D3Ext/DFShell): The Best Forwarded Shell
[SecEng](https://github.com/jaketarnow/SecEng): Repo for Security class - Hacks and defenses against common threats and vulnerabilities
[allero](https://github.com/allero-io/allero): By scanning CI/CD misconfigurations, Allero helps reduce production issues, harden your security posture and shift-left CI/CD from DevOps to developers.
[HWID-Spoofer](https://github.com/Fnoberz/HWID-Spoofer): 📁〢Change Hardware IDS , Smbios , S/N , Serial Number | Working for me.
[sane-security.online](https://github.com/sanesecurityonline/sane-security.online)
[BruteSniffing_Fisher](https://github.com/programmingAthlete/BruteSniffing_Fisher): hacking tool
[magnetron.artificial-intelligence-2.0.mincloud.proxia--BRAIN-MAIN](https://github.com/GCABC123/magnetron.artificial-intelligence-2.0.mincloud.proxia--BRAIN-MAIN): ✭ MAGNETRON ™ ✭: This is a Google Colab/Jupyter Notebook for developing a BRAIN PROXIA (B) when working with ARTIFICIAL INTELLIGENCE 2.0 ™ (ARTIFICIAL INTELLIGENCE 2.0™ is part of MAGNETRON ™ TECHNOLOGY).
[oauth2-oidc-debugger](https://github.com/rcbj/oauth2-oidc-debugger): An OAuth2 and OpenID Connect Debugger
[fileless-elf-exec](https://github.com/nnsee/fileless-elf-exec): Execute ELF files without dropping them on disk
[Expect-CT-Builder](https://github.com/pepeverde/Expect-CT-Builder): Expect-CT Certificate Transparency header for PHP
[Laravel_Exploit](https://github.com/404rgr/Laravel_Exploit): Laravel PHPUNIT Rce Auto Exploit & Retrieving information in .env (such as SMTP, AWS, TWILIO, SSH, NEXMO, PERFECTMONEY, and other.)
[Defence-on-Cyber-Crimes](https://github.com/KrishnaRanjani/Defence-on-Cyber-Crimes): Defence on Cyber Crimes Against Women and Laws
[user-guide](https://github.com/scantist/user-guide): The Scantist SCA is source-code analysis tool for C/C++ that identifies vulnerabilities and compliance issues pertaining to the use of open-source components in your projects and applications.
[SNK-RAT](https://github.com/thepowerraj/SNK-RAT): fully advance and powerful android rat 2022
[Host_Discoverer](https://github.com/KOneThousand/Host_Discoverer): Simple C++ script that is able to found up hosts in local network. Very fast and accurate.
[MSAuto](https://github.com/SSARCandy/MSAuto)
[CVE-2022-41040-POC](https://github.com/kljunowsky/CVE-2022-41040-POC): CVE-2022-41040 - Server Side Request Forgery (SSRF) in Microsoft Exchange Server
[ASU-Cybersecurity-Bootcamp-Project-1](https://github.com/jsg425/ASU-Cybersecurity-Bootcamp-Project-1): First project of ASU Cybersecurity Bootcamp
[hacktoria-ctf-on-the-wire](https://github.com/miamya/hacktoria-ctf-on-the-wire): Hacktoria CTF On the Wire
[predator-drone](https://github.com/tigre-bleu/predator-drone): Mirror of main repository at https://git.tigre-bleu.net/antoine.vacher/predator-drone
[iSUDisk](https://github.com/wecooperate/iSUDisk): 冰云安全U盘
[securesystems_example](https://github.com/immae1/securesystems_example): This is a example for using git-grypt. Only for test purpose! Created for the lecture "secure systems" in computer science and media master at the stuttgart media university
[sonare2](https://github.com/Ace17/sonare2): An interactive disassembler for reverse engineering
[Twitter-API-Pull-Bank-Details](https://github.com/dbeckerton94/Twitter-API-Pull-Bank-Details): This was a security project developed using the Twitter Api, the idea behind this project was to see how much personal information and what type of personal information people put on Twitter, and educate users on security
[thelifeofjay.github.io](https://github.com/thelifeofjay/thelifeofjay.github.io): My personal blog
[quick_axfr](https://github.com/hatlord/quick_axfr): Provide a list of domains and it will find the name servers, and then test Zone Transfers against each
[domain-quality-mgt](https://github.com/cybnity/domain-quality-mgt): All the features and services realized by the Quality bounded context relative to the application domain, including specification library (e.g api), components implementation (e.g software implementation packages) and deployable systems (e.g operable component on infrastructure types).
[CyberBook](https://github.com/Cyb3rW1z4rd/CyberBook)
[cs577](https://github.com/bradford-smith94/cs577): CS 577 Cybersecurity Lab
[slae32-egghunters](https://github.com/DarkCoderSc/slae32-egghunters): SLAE32 Assignment 3 : Egg Hunters
[bind-shell-python](https://github.com/j0lt-github/bind-shell-python): This is a basic bind shell script , containting both server and client classes, i will upgrade it with time adding new features and make it look more lethal
[defatt](https://github.com/aau-network-security/defatt): Defense & Attack
[cybersec-service-metrics](https://github.com/t3l3machus/cybersec-service-metrics): A spreadsheet designed to automatically generate Key Performance Indicators (charts) for Cyber Security Services based on documented data, powered by formulas (no MACROS). Ideal for Team leaders / Managers of small-medium sized organizations.
[awesome-serverless-security](https://github.com/puresec/awesome-serverless-security): A curated list of awesome serverless security resources such as (e)books, articles, whitepapers, blogs and research papers.
[webowl](https://github.com/pelaohxc/webowl): A tool for taking screenshots automatically from a URL list file.
[aws-sec-tools](https://github.com/dachiefjustice/aws-sec-tools): Docker container bundling tools for manual AWS security reviews
[magnetron.artificial-intelligence-2.0.mincloud.proxia--ASTRAL_VISION-C-2](https://github.com/GCABC123/magnetron.artificial-intelligence-2.0.mincloud.proxia--ASTRAL_VISION-C-2): ✭ MAGNETRON ™ ✭: This is a Google Colab/Jupyter Notebook for developing an ASTRAL VISION PROXIA (C-2) for POSE ESTIMATION when working with ARTIFICIAL INTELLIGENCE 2.0 ™ (ARTIFICIAL INTELLIGENCE 2.0™ is part of MAGNETRON ™ TECHNOLOGY).
[Dionaea-Honeypot-Script](https://github.com/crocup/Dionaea-Honeypot-Script): Honeypot(Dionaea) in Docker. Emulation Windows 7 Professional ver. 7600
[Spammer-Grab](https://github.com/p4kl0nc4t/Spammer-Grab): A brand new, awakened version of the old Spammer-Grab.
[adversarial-text](https://github.com/gongzhitaao/adversarial-text): Generate adversarial text via gradient methods
[campusbadge](https://github.com/nexmo-community/campusbadge): Code (and wiki) for the Vonage Campus Developer Track badge, based on pixl.js
[stronger-gpw](https://github.com/LightningStalker/stronger-gpw): An "improved" version of `gpw` that generates stronger passwords.
[domain-posture-prevention-mgt](https://github.com/cybnity/domain-posture-prevention-mgt): All the features and services realized by the Posture & Prevention bounded context relative to the application domain, including specification library (e.g api), components implementation (e.g software implementation packages) and deployable systems (e.g operable component on infrastructure types).
[JWT-Brute](https://github.com/novakeith/JWT-Brute): A python 3 JWT brute force tool
[movies-for-hackers](https://github.com/k4m4/movies-for-hackers): 🎬 A curated list of movies every hacker & cyberpunk must watch.
[LibScout](https://github.com/reddr/LibScout): LibScout: Third-party library detector for Java/Android apps
[CVE-2019-17662](https://github.com/whokilleddb/CVE-2019-17662): Exploit for CVE-2019-17662 (ThinVNC 1.0b1)
[PC-Security-Upgrade-Using-Python-V.2.0](https://github.com/pyvisualizer/PC-Security-Upgrade-Using-Python-V.2.0): This project is meant to help you in case someone else is using your PC or someone stole your it will ask for a password to user and if he fails to answer this script will directly send you email to your email address will time of login, IP address, Current Location of your pc and also the image of the person who is using your pc at that moment.
[FreeSecurityFramework](https://github.com/isaacdarcilla/FreeSecurityFramework): Simple Network Analysis Framework written in Python 2.7 with dependencies
[kali-linux-cheatsheet](https://github.com/NoorQureshi/kali-linux-cheatsheet): Kali Linux Cheat Sheet for Penetration Testers
[CVE-2022-40684-POC](https://github.com/kljunowsky/CVE-2022-40684-POC): Exploit for CVE-2022-40684 affecting Fortinet FortiOS, FortiProxy, and FortiSwitchManager
[LANscan](https://github.com/chrispetrou/LANscan): Find out who is on your LAN. Was made with low-privilege users in mind...
[osrframework](https://github.com/i3visio/osrframework): OSRFramework, the Open Sources Research Framework is a AGPLv3+ project by i3visio focused on providing API and tools to perform more accurate online researches.
[vmConsole](https://github.com/sylirre/vmConsole): Run Linux virtual machine on Android OS. Powered by QEMU. No KVM or root required.
[ChromiumExtension](https://github.com/NetSepio/ChromiumExtension): Browser Extension to detect cyber threats and label websites/domains as Spam, Malware, Spyware, Advertisements, etc.
[dirbpy](https://github.com/marcolivierbouch/dirbpy): This is the new version of dirb in python
[M1tn1ck](https://github.com/M1tn1ck/M1tn1ck): All my products are here, my private and custom scripts and other types of contact information and services.
[fslogger](https://github.com/rxm/fslogger): A Node server that writes POST requests to a file translating DeepXi's JSON into ArcSight CEF
[pewview](https://github.com/AlexGustafsson/pewview): A self-hosted cyber attack and network flow visualization on a 3D globe with support for anonymization and NetFlow. Written in Go and TypeScript
[Pip-Pip-Cheerio](https://github.com/JamesMatchett/Pip-Pip-Cheerio): Neat little pip workaround for install rights limited systems, just replace pyodbc with whatever packages you want as long as it's after pip install --upgrade pip
[phpass](https://github.com/openwall/phpass): Legacy password hashing framework for PHP applications needing to support or having previously supported PHP below 5.5
[STIX-Validator](https://github.com/StephenOTT/STIX-Validator): STIX Validator http server for checking the JSON conformance to the STIX spec
[slae32-polymophism](https://github.com/DarkCoderSc/slae32-polymophism): SLAE32 Assignment N°6 - Create up to three polymorphic version of shellcodes.
[Pentesting-Methodology-](https://github.com/Mdot0/Pentesting-Methodology-): When it comes to exploiting web application security, this is a methodology. Enumeration and Networking guidelines are also listed to help while on a Pentest/CTF.
[adblockfast-android](https://github.com/rocketshipapps/adblockfast-android): [Moved] Adblock Fast for Android is an Android port of the Adblock Fast app.
[Toools](https://github.com/amrelsadane123/Toools): tools hacking and seystem
[emailobfuscator](https://github.com/FriendsOfREDAXO/emailobfuscator): Verschlüsselung von E-Mailadressen zum Schutz vor Spam
[Cyberattack-Detection](https://github.com/antoinedelplace/Cyberattack-Detection): Cyber Attack Detection thanks to Machine Learning Algorithms
[Website-Dir-Scanner](https://github.com/Karaya-12/Website-Dir-Scanner): Website Directory Scanner - A simple but powerful directory scanner.
[sobelow](https://github.com/nccgroup/sobelow): Security-focused static analysis for the Phoenix Framework
[ipscanner](https://github.com/aliyilmaz/ipscanner): Is used to query the http status codes of the ip addreses between the specified ip addreses.
[teaching-toolkit](https://github.com/iwazirijr/teaching-toolkit): collection of materials and resources I use to teach computer security classes
[Scientific_publications](https://github.com/dkushche/Scientific_publications): Dima's Kushchevskyi Scientific Publications
[memoryjs](https://github.com/Rob--/memoryjs): Read and write process memory in Node.js (Windows API functions exposed via Node bindings)
[barvus](https://github.com/studio-b12/barvus): BARe repository VUlnerability Scanner
[Fivem-CFX-Spoofer](https://github.com/Fnoberz/Fivem-CFX-Spoofer): 🔗 Easy Spoof Cfx.re 365 Day / Work on the latest patch
[Cyber-Law](https://github.com/mewni/Cyber-Law): This is a collection of research articles, newspaper articles, books etc. to get a clear understanding of Cyberlaw 👩⚖️👩💻👨⚖️👨💻🦸♀️🦸♂️
[safe-rules](https://github.com/Qihoo360/safe-rules): 详细的C/C++编程规范指南,由360质量工程部编著,适用于桌面、服务端及嵌入式软件系统。
[ProcFinder](https://github.com/wakef33/ProcFinder): Python 3 script that searches for signs of malware on Linux systems.
[OversecuredVulnerableiOSApp](https://github.com/oversecured/OversecuredVulnerableiOSApp): Oversecured Vulnerable iOS App
[ClickjackPoc](https://github.com/Raiders0786/ClickjackPoc): Automated tool to find & created Exploit Poc for Clickjacking Vulnerability
[PwnCheck](https://github.com/selftaught/PwnCheck): Query Have I Been Pwned (HIBP) from CLI
[trellis-disable-xml-rpc](https://github.com/ItinerisLtd/trellis-disable-xml-rpc): Disable WordPress XML RPC on Trellis sites
[Corona.exe](https://github.com/hackernese/Corona.exe): Just a little piece of malware that i made for fun called "Corona.exe" ( no malicious purposes intended )
[repair_wp_hack](https://github.com/pforret/repair_wp_hack): Script to clean up my hosting files after my Wordpress was hacked
[frwd](https://github.com/avahidi/frwd): "frwd" is a tiny TCP/IP port-forwarder written in Go.
[GrimeyPhisher](https://github.com/juniordevsec2021/GrimeyPhisher): Phishing Toolkit
[DotNetCore](https://github.com/rafaelfgx/DotNetCore): .NET 6 Nuget Packages.
[Nethunter-Nexus_6P-LOS10](https://github.com/TheMMcOfficial/Nethunter-Nexus_6P-LOS10): Instructions to get Nethunter on a Nexus 6P Using Android 10 (LineageOS).
[Valorant.External](https://github.com/Fnoberz/Valorant.External): 🔫 External Valorant Aimbot + Esp + SkinChanger | Release Update !
[Emerald](https://github.com/at0mik/Emerald): Emerald is an advanced network scanner, which automates many useful functions.
[a3_botnet](https://github.com/luizmlo/a3_botnet): Projeto de Botnet com Python, Websockets, Async e Javascript
[GH05T-INSTA](https://github.com/GH05T-HUNTER5/GH05T-INSTA): Instagram Account Hacking Total Package for Termux users {20 types of password list , auto reporting} 100% working and safe to use `GH05T INSTA`
[Mastering-CSharp](https://github.com/gungunfebrianza/Mastering-CSharp): GGF Open Source Society University. From Zero to Hero Mastering C#.
[Blaster](https://github.com/yuxontop/Blaster): ⚔ A tool to scan a website to get vulnerabilities/exploits (education only)
[pamela](https://github.com/Nexus-Software/pamela): C Security Project for Epitech study - PAM module
[SimpleHash](https://github.com/Omoeba/SimpleHash): Simple password hashing utility
[awesome-buggy-erc20-tokens](https://github.com/sec-bit/awesome-buggy-erc20-tokens): A Collection of Vulnerabilities in ERC20 Smart Contracts With Tokens Affected
[BatSploit](https://github.com/proxyanon/BatSploit): Exploitation Tool For Windows Using Batch and Powershell
[WebDhaar](https://github.com/humblelad/WebDhaar): Online WebDhaar helps to give details of any IP around the world (Just Like Aadhaar ! ) . A online IP helper tool. Just type any IP Address.(Ex. 8.8.8.8)
[cerberus](https://github.com/francesco-ficarola/cerberus): Cerberus is another simple stressing tool simulating DDoS attacks.
[privatezilla](https://github.com/builtbybel/privatezilla): 👀👮🐢🔥Performs a privacy & security check of Windows 10
[integers](https://github.com/google/integers): Safer integers in C++.
[funthom](https://github.com/s3verus/funthom): A program for penetration testing to scan network by python ;)
[bscit-network-security-notes](https://github.com/Keshavdulal/bscit-network-security-notes): BSCIT Network Security Notes
[sshpot](https://github.com/krishpranav/sshpot): A simple ssh honey pot, fake ssh server that lets anyone to connect and monitor their activty
[PwnedPasswordChecker](https://github.com/BenjaminNelan/PwnedPasswordChecker): Prevent WordPress users from using a pwned password by checking against Have I Been Pwned's database.
[node-github-chart-hack](https://github.com/rimiti/node-github-chart-hack): 🦄Customize your GitHub profile chart
[redboard-docker](https://github.com/codexlynx/redboard-docker): Dockerized version of RedBoard for rapid deployment and ready to use.
[xepor](https://github.com/xepor/xepor): Xepor, a web routing framework for reverse engineers and security researchers, brings the best of mitmproxy & Flask
[The-DPDK-Common](https://github.com/gamemann/The-DPDK-Common): A repository that includes common helper functions for writing applications in the DPDK. I will be using this for my future projects in the DPDK.
[ctfs](https://github.com/posgnu/ctfs): ☑️ Write-up for CTF problems and problem files
[myProjectsadick](https://github.com/sadiqwanje/myProjectsadick)
[gophercon-2022](https://github.com/hybridgroup/gophercon-2022): Hardware hack session at Gophercon 2022
[Pyramid](https://github.com/naksyn/Pyramid): a tool to help operate in EDRs' blind spots
[FroggerBeyondExploit](https://github.com/agarmash/FroggerBeyondExploit): An exploit for installing a softmod to the Xbox
[security-advisor-findings](https://github.com/data-henrik/security-advisor-findings): Set up custom findings in IBM Cloud Security Advisor, e2e scenario and code
[ee8-sandbox](https://github.com/hantsy/ee8-sandbox): Java EE 8/Jakarta EE 8 sandbox
[attack-vectors-suite](https://github.com/SANTHOSH17-DOT/attack-vectors-suite): A collection of cybersecurity attack vectors
[Masking-URL](https://github.com/OnlineHacKing/Masking-URL): How to Hide Phishing Link - Ngrok, Cloudflare Link Hide and Custom URL Real Domain URL
[domain-risk-mgt](https://github.com/cybnity/domain-risk-mgt): All the features and services realized by the Risk Management bounded context relative to the application domain, including specification library (e.g api), components implementation (e.g software implementation packages) and deployable systems (e.g operable component on infrastructure types).
[TTRockstars-Hacks](https://github.com/rxzyx/TTRockstars-Hacks): The best hack for times tables rock-stars ever.
[Kenyatta-Ransomware](https://github.com/alvin-tosh/Kenyatta-Ransomware): This will encrypt 🤐 your files in background using AES-256-CTR, using RSA-4096😵💫to secure the exchange with the server, optionally using the Tor SOCKS5 Proxy. The base functionality is what you see in the famous ransomware Cryptolocker😎
[VMProtect_3.6.0.1416_Crack](https://github.com/rrhyast/VMProtect_3.6.0.1416_Crack): VMProtect Ultimate 3.6.0.1416 Cracked
[iOScanX](https://github.com/alessiomaffeis/iOScanX): iOScanX (iOS Application Scanner for OS X) is a Cocoa application for semi-automated iOS app analysis and evaluation
[aws-tower](https://github.com/leboncoin/aws-tower): AWS Tower give the ability to discover and monitor AWS account to find vulnerabilities or misconfigurations. Give also a brief overview for non-AWS expert. Not related at all of the AWS Trusted Advisor.
[glaros_c](https://github.com/ellyzabe8/glaros_c): Simple port scanner for Linu_x0ids (UDP ports and SYN connection will soon be implemented!)
[Loki.Rat](https://github.com/TheGeekHT/Loki.Rat): Loki.Rat is a fork of the Ares RAT, it integrates new modules, like recording , lockscreen , and locate options. Loki.Rat is a Python Remote Access Tool.
[CppQtReverseShell](https://github.com/melardev/CppQtReverseShell): Qt Cpp Reverse shell
[hacker-portfolio](https://github.com/IlyaAgarishev/hacker-portfolio): This is my portfolio site made in the hacking style. Start typing something to feel yourself a hacker. And don't forget to put a star on the project !
[mbp-tails](https://github.com/T2minator/mbp-tails): How to get Tails working on T2 Apple device (e.g. 2019 MacBook Pro) without needing external keyboard/mouse.
[matano](https://github.com/matanolabs/matano): The open-source security lake platform for AWS
[ammonia](https://github.com/rust-ammonia/ammonia): Repair and secure untrusted HTML
[HackTheWorld](https://github.com/stormshadow07/HackTheWorld): An Python Script For Generating Payloads that Bypasses All Antivirus so far .
[sia-payload](https://github.com/shayanzare/sia-payload): MultiPlatform (mac,linux,windows) Payload For Hack System!
[Apex-Spoofer](https://github.com/Fnoberz/Apex-Spoofer): 🃏 Batch File for spoofing and delete track files Easy-Anti Cheat
[packetkit](https://github.com/krishpranav/packetkit): An Advanced Network Packet Sniffer Built In Rust
[owasp-top-10](https://github.com/minimice/owasp-top-10): Securing Top 10 OWASP vulnerabilities in C#
[IDA_Wrapper](https://github.com/cxm95/IDA_Wrapper): An IDA_Wrapper for linux, shipped with an Function Identifier. It works well with Driller on static linked binaries.
[mint-wrapper](https://github.com/hfreire/mint-wrapper): A :revolving_hearts: Mint :package: wrapper library
[APT-Learning-Notes](https://github.com/Ifonly-go2019/APT-Learning-Notes): 《透视APT》读书笔记
[University-Facial-Multifactor-Authentication-System](https://github.com/Shlok-crypto/University-Facial-Multifactor-Authentication-System): I have created a GUI Based Contactless University Access Control, Facial Authentication System. By utilizing OpenCV, Haar Cascade, and Python.
[Brutal-FX](https://github.com/redtrib3/Brutal-FX): A brute-force Tool for brute forcing social media accounts such as Facebook , Gmail, Hotmail, Twitter ... And more coming soon.
[python_ddos_attack_test](https://github.com/carloocchiena/python_ddos_attack_test): DDoS attack thru a multithread Python script
[BitSquatter](https://github.com/CamiloGarciaLaRotta/BitSquatter): Cybersquatting CLI tool
[hacksec-cli](https://github.com/hacksec-in/hacksec-cli): hacksec-cli for hacksec.in
[atl-cjdns-pi](https://github.com/AtlMesh/atl-cjdns-pi): Open Source decentralized Atl mesh network
[zsession](https://github.com/zcred/zsession): A lightweight implementation of zcreds designed specifically for the session token use case
[abulia](https://github.com/uqrs/abulia): netcat-shell helper
[cr4gg](https://github.com/Benzammour/cr4gg): :egg: bruteforce WiFi-password with a 4-way handshake
[Python-utility-scripts](https://github.com/0xbyt3/Python-utility-scripts): Here we put python scripts that are useful and we update them from time to time. I would be happy if you could join me in this work and send me your scripts
[ScatterFly](https://github.com/nikshepsvn/ScatterFly): An attempt to improve user privacy by intelligent data obfuscation.
[knockpy3](https://github.com/nitish800/knockpy3)
[IgnoreSudoPass](https://github.com/CristopherVidalMachado/IgnoreSudoPass): Script totalmente ignorante que permite executar comandos sudo sem escrever a senha. Use por sua conta e risco.
[cpiopwn](https://github.com/fangqyi/cpiopwn): ACE poc exploit for glibc cpio 2.13 through mmap chunk metadata curruption (CVE-2021-38185)
[jwt-auth-proxy](https://github.com/virtualzone/jwt-auth-proxy): A lightweight JWT authentication proxy written in Go designed for use in Docker/Kubernetes environments.
[PasswordOffline](https://github.com/Micxster/PasswordOffline): PasswordOffline is the most secure password generator. It's completely offline, without any access to the internet whatsoever.
[bufferOverflowAttack](https://github.com/alex-rantos/bufferOverflowAttack): A buffer overflow attack
[oss-fuzz](https://github.com/google/oss-fuzz): OSS-Fuzz - continuous fuzzing for open source software.
[wireshark-cheatsheet](https://github.com/security-cheatsheet/wireshark-cheatsheet): Wireshark Cheat Sheet
[crygen](https://github.com/wcoder/crygen): :key: :lock: Simple tool for encryption data with RSA
[HashGenerator](https://github.com/CybeSecurityOficial/HashGenerator): Gerador de hash MD5 e MD4 feito em Python
[Awesome-Cybersecurity-Handbooks](https://github.com/0xsyr0/Awesome-Cybersecurity-Handbooks): A huge chunk of my personal notes since i started playing CTFs and working as a Red Teamer.
[passwordcrackingkaliandhashcat](https://github.com/antoniossur/passwordcrackingkaliandhashcat): Password Cracking With Kali Linux and Hashcat.
[DogeRat](https://github.com/shivaya-dav/DogeRat): A multifunctional Telegram based Android RAT without port forwarding.
[GPO-Audit](https://github.com/JakePeralta7/GPO-Audit): In this repository I'm going to document the process of a GPO Audit I'm conducting
[Windows-TLS-1.0-1.1-Deprecated-Disable](https://github.com/cbchalmers/Windows-TLS-1.0-1.1-Deprecated-Disable): Disable TLS 1.0 and 1.1 for Client and Server connections on Windows
[UnknownVPN](https://github.com/0xShaolin/UnknownVPN): Documentation from me and my team's audit on UnknownVPN
[plug_secex](https://github.com/techgaun/plug_secex): Plug that adds various HTTP Headers to make Phoenix/Elixir app more secure
[exploiting-smart-contract-vulnerabilities](https://github.com/NZT48/exploiting-smart-contract-vulnerabilities): Repository for "Exploiting smart contract vulnerabilities" bachelor thesis at School of Electrical Engineering, University of Belgrade. Paper (in Serbian) with 5 examples of vulnerable smart contracts and exploitation of them.
[miniServerNodejs](https://github.com/momenbasel/miniServerNodejs): a mini-server using node js for creating static web sites.
[domain-audit-mgt](https://github.com/cybnity/domain-audit-mgt): All the features and services realized by the security Audit bounded context relative to the application domain, including specification library (e.g api), components implementation (e.g software implementation packages) and deployable systems (e.g operable component on infrastructure types).
[pyrdp](https://github.com/GoSecure/pyrdp): RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact
[SHA3ImplementedInsideofaRARfile](https://github.com/zv/SHA3ImplementedInsideofaRARfile): The Keccak hash algorithm implemented inside of a RAR archive using the RAR filter assembly language
[Fail2WP](https://github.com/joho1968/Fail2WP): WordPress plugin providing security functionality, plays nicely with Fail2ban and Cloudflare. Verified with WordPress 5.8.
[webinars](https://github.com/avishayil/webinars): A collection of Avishay Bar's webinars, slide decks, recordings and overviews
[visual-forensic-analysis](https://github.com/nshadov/visual-forensic-analysis): Set of helpers to visualize relations between events over time with Gephi
[dockerfile-security](https://github.com/cr0hn/dockerfile-security): Static security checker for Dockerfiles
[Cyborg-Daily-Projects](https://github.com/The-Cyborg-Hunters/Cyborg-Daily-Projects): Let's start hacking
[W3WProtect](https://github.com/bmcder02/W3WProtect): W3WProtect is a PoC Driver that protects IIS from exploitation.
[CVE-2022-42889-PoC](https://github.com/SeanWrightSec/CVE-2022-42889-PoC): Proof of Concept for the Apache commons-text vulnerability CVE-2022-42889.
[dc4d-june-2017-notes](https://github.com/rodericktech/dc4d-june-2017-notes): Notes I took during DayCamp4Developers, June 2017.
[HomeLess-HomeLAB](https://github.com/Homeless-Xu/HomeLess-HomeLAB): Notes AIO
[MySQL-HOWTOs](https://github.com/wwwted/MySQL-HOWTOs): Easy to follow howto's for tools around MySQL
[Secure-Desktop](https://github.com/AlphaDelta/Secure-Desktop): Anti-keylogger/anti-rat application for Windows
[padding_oracle_attack](https://github.com/yhuangbl/padding_oracle_attack): programming assignment for COMP 3632
[iKy](https://github.com/kennbroorg/iKy): OSINT Project
[FWLR](https://github.com/MTJailed/FWLR): iOS Framework and Library Reversing Tool
[DocIntel](https://github.com/docintelapp/DocIntel): Open Source Platform for storing, organizing, and searching documents related to cyber threats
[SmartContracts](https://github.com/cedricwalter/SmartContracts): Collection of links, tools for securing Smart Contracts
[infected_virus](https://github.com/Ananya-0306/infected_virus): Python virus that will make your pc paralyzed once it opened :D
[cisco-h](https://github.com/anouarbensaad/cisco-h): This tool is virtual cisco_router to simulate telnet hacker connexion in Python which logs HackerIP and Command Lines
[ProFTPD-1.3.3c-Backdoor_Command_Execution_Automated_Script](https://github.com/shafdo/ProFTPD-1.3.3c-Backdoor_Command_Execution_Automated_Script): A script to interact with the ProFTPD-1.3.3c inbuilt backdoor
[contain-git](https://github.com/SleepingPanda/contain-git): contain-git is an extension for the Mozilla Firefox web browser to help prevent a number of Git and Git-like hosting services from tracking your activity across the web.
[git-hooks](https://github.com/kintoandar/git-hooks): github_email_verify: Avoid committing to github with your corporate email
[Keystroke-dynamics](https://github.com/bikramb98/Keystroke-dynamics)
[Jersey2-Security-JWT](https://github.com/psenger/Jersey2-Security-JWT): Jersey 2 with JWT Token Security
[topmostp](https://github.com/cybersecsi/topmostp): A simple CLI tool to retrieve the N top most used ports
[AspNetCoreHybridFlowWithApi](https://github.com/damienbod/AspNetCoreHybridFlowWithApi): Differrent ASP.NET Core applications using OpenID Connect Hybrid flow Code Flow, Code Flow with PKCE, JWT APIs, MFA examples
[cybermomentum-web](https://github.com/marcoramilli/cybermomentum-web): CyberSecurity Momentum. Sentiment analysis over CyberSecurity Information Community
[safetynethelper](https://github.com/scottyab/safetynethelper): SafetyNet Helper wraps the Google Play Services SafetyNet.API and verifies Safety Net API response with the Android Device Verification API.
[gitleaks-action](https://github.com/gitleaks/gitleaks-action): Protect your secrets using Gitleaks-Action
[run-aspnet-identityserver4](https://github.com/aspnetrun/run-aspnet-identityserver4): Secure microservices with using standalone Identity Server 4 and backing with Ocelot API Gateway. Protect our ASP.NET Web MVC and API applications with using OAuth 2 and OpenID Connect in IdentityServer4. Securing your web application and API with tokens, working with claims, authentication and authorization middlewares and applying policies.
[xss-payloads](https://github.com/techgaun/xss-payloads): Collection of XSS Payloads from various sources
[conpot](https://github.com/mushorg/conpot): ICS/SCADA honeypot
[SparksammyExperiments](https://github.com/NodeMixaholic/SparksammyExperiments): Experimental Tech.
[Circlean](https://github.com/CIRCL/Circlean): USB key cleaner
[RSA-Cryptography](https://github.com/Axelvel/RSA-Cryptography): Secure message transfer between 2 peers using RSA encryption
[PassGen-python](https://github.com/GrobranGG/PassGen-python): My first project that I'm posting on GitHub. This is a strong password generator. I hope you enjoy it!
[YASE-Encoder](https://github.com/DarkCoderSc/YASE-Encoder): Yet Another Sub Encoder (YASE)
[TurkceKaynaklar](https://github.com/coderserdar/TurkceKaynaklar): Yazılım geliştirme ve genel olarak BT konularında (Siber Güvenlik, Veri Tabanı, Network, İşletim Sistemleri, Veri Yapıları ve Algoritmalar vb.) çeşitli kategorilerde türkçe kaynakların bulunduğu bir repo adresi
[WebHashcat](https://github.com/hegusung/WebHashcat): Hashcat web interface
[fibratus](https://github.com/rabbitstack/fibratus): A modern tool for Windows kernel exploration and tracing with a focus on security
[Internet-History-Technology-and-Security-Coursera-Solution](https://github.com/Saket-Kr/Internet-History-Technology-and-Security-Coursera-Solution): This repository contains the solutions that I submitted for the course 'Internet History, Technology, and Security' on Coursera by the University of Michigan.
[spicedb-operator](https://github.com/authzed/spicedb-operator): Kubernetes controller for managing instances of SpiceDB
[C-Cheat-Template](https://github.com/0xvpr/C-Cheat-Template): Template for video-game hacking using C and Assembly.
[is-password-compromised](https://github.com/yanivmo/is-password-compromised): Check securely whether a password is listed on haveibeenpwned.com
[FakeWifi](https://github.com/HUGOW04/FakeWifi): Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious software on the victim's infrastructure like ransomware.
[teamvault](https://github.com/seibert-media/teamvault): Keep your company's passwords behind the firewall
[h1rd](https://github.com/dokkillo/h1rd): Blog sobre Pentesting web y bughunting www.h1rd.com
[the-thor_vulnerability](https://github.com/satoki/the-thor_vulnerability): 👻 [PoC] WordPress Theme THE THOR 2.2.1 - Cross Site Scripting (0day)
[NatalMaisSegura](https://github.com/ErnaneJ/NatalMaisSegura): como modo de solucionar e auxiliar a segurança natalense, o projeto Natal + Segura consiste em implementar duas plataformas, uma mais simples e voltada para dispositivos móveis e outra mais trabalhada, sendo um site responsivo.
[888-RAT](https://github.com/Jennahacker/888-RAT): 888 RAT 1.2.4 Latest Version Lifetime – 2022
[goshell](https://github.com/firefart/goshell): Simple golang reverse shell
[sql-injection-hacker-challenge](https://github.com/seraph776/sql-injection-hacker-challenge): A Python script to conduct a SQL Injection attack on a mock database designed for this challenge.
[SecopsTools](https://github.com/afrosecops/SecopsTools): Toolkit with Powershell scripts for day to day security operation tasks
[Secure-Bharat](https://github.com/piyusharma95/Secure-Bharat): Secure Bharat ~ project exhibited in Smart India Hackathon 2k17
[HardHat](https://github.com/TerribleDev/HardHat): Help secure .net core apps with various HTTP headers (such as CSP's)
[hardenedpaste](https://github.com/rocketshipapps/hardenedpaste): [Retired] Hardened Paste is a browser extension that prevents the “pastejacking” exploit.
[pirebok](https://github.com/dogancanbakir/pirebok): pîrebok (from Kurdish "witch") - a guided adversarial fuzzer
[sks-exploit](https://github.com/yanalunaterra/sks-exploit): Tools to break gpg --recv, add fake identities, and DoS SKS keyservers
[Advanced-Motion-Detection-System](https://github.com/sakearzoo/Advanced-Motion-Detection-System): It's a motion detection system using Raspberry pi.
[Phishman](https://github.com/ExsoKamabay/Phishman): python phishing complete GUI based
[CVE-2022-40471](https://github.com/RashidKhanPathan/CVE-2022-40471): RCE Exploit and Research
[rubber-ducky](https://github.com/ratalla816/rubber-ducky): Ethical hacking device that grabs WIFI passwords and sends them as plain text to a webhook page to be retrieved later.
[Secure-Me](https://github.com/ChanJianHao/Secure-Me): SecureMe is a chatbot which helps you to adopt a better cyber hygiene! It can do many things, such as checking if your personal information is leaked online
[hls-crypto](https://github.com/petrsocha/hls-crypto): FPGA Cryptography for High-Level Synthesis
[Intrusion_Detection](https://github.com/chsharma27/Intrusion_Detection): A research work to create an effective IDS
[pretender](https://github.com/RedTeamPentesting/pretender): Your MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS, LLMNR and NetBIOS-NS spoofing.
[minijail](https://github.com/google/minijail): sandboxing and containment tool used in ChromeOS and Android
[blooket-hack-](https://github.com/Harry-P-Ness/blooket-hack-): Multiple hacks that breaks the game
[inspectorgadget](https://github.com/0x706972686f/inspectorgadget): Inspector Gadget is a central API to retrieve information from multiple APIs. It's specifically tailored for SOCs with Indicators of Compromise (IOCs) from multiple endpoints such as VirusTotal and GreyNoise.
[hacktaedork](https://github.com/NeloF4/hacktaedork): HACK TAE BING DORKER
[cmstplua-uac-bypass](https://github.com/tijme/cmstplua-uac-bypass): Cobalt Strike Beacon Object File for bypassing UAC via the CMSTPLUA COM interface.
[ChromePass](https://github.com/cristianzsh/ChromePass): :mag: A simple script to show your Chrome passwords
[osctrl](https://github.com/jmpsec/osctrl): Fast and efficient osquery management
[kali-tools](https://github.com/mrxroot1337/kali-tools)
[guebzine](https://github.com/jalbam/guebzine): [GüebZine] Webzine which I started in 1998 using HTML and a little bit of JavaScript.
[AI-for-Security-Testing](https://github.com/404notf0und/AI-for-Security-Testing): My AI security testing projects
[Digital-Forensics-with-Kali-Linux](https://github.com/PacktPublishing/Digital-Forensics-with-Kali-Linux): Digital Forensics with Kali Linux, published by Packt
[Fivem-SDK](https://github.com/Fnoberz/Fivem-SDK): 💪Open Source Spoofer Change Hardware IDS / S.N
[kdfn](https://github.com/cryptohazard/kdfn): miscellaneous on hacking/securiy
[mozilla-password-decrypt](https://github.com/hartwork/mozilla-password-decrypt): :unlock: Decrypt passwords stored by Firefox, Thunderbird, Iceweasel, Icedove using libnss3.so
[lock_screen](https://github.com/scriptmunkeeofficial/lock_screen): a simple AppleScript app that lets you lock your mac from Finder or the command line
[HackTheClass](https://github.com/1umpus/HackTheClass): CMSC389R course at UMD
[Fivem-Spoofer](https://github.com/Fnoberz/Fivem-Spoofer): 💼 Batch file Remove trace file + server log and registy / clean
[HCReferee](https://github.com/Hacker-Combat-Organization/HCReferee): Referee Tools for running HC-based competitions
[SynSharp](https://github.com/ancailliau/SynSharp): A C# client for Vertex Synapse
[NetScan](https://github.com/ander94lakx/NetScan): :mag_right: :iphone: [FYP][GrAL][TFG] An Android app thas scan domains and networks
[Malware_Discovery_ML](https://github.com/kamkali/Malware_Discovery_ML): Design Laboratory: Cybersecurity, Reliability and Risk – malware discovery with machine learning
[achater](https://github.com/AliaksandrHvozdzeu/achater): achater, web-application
[rangen](https://github.com/BatchFilesMaster/rangen): The Python RCG for reasons even I don't know
[CVE-2021-45067](https://github.com/hacksysteam/CVE-2021-45067): Adobe Reader DC Information Leak Exploit
[break_the_ice](https://github.com/Sector443/break_the_ice): Break the ice was a hardware ctf hosted offline by Securelayer7 during Nullcon 2019 Goa.
[password_cracking_jgc](https://github.com/gcjordi/password_cracking_jgc): Password Cracker Apli
[Cyber-security-docs](https://github.com/PritamSarbajna/Cyber-security-docs): I'm Documenting my cyber security learning in this repo.
[DEEPGLASS](https://github.com/Jack-McDowell/DEEPGLASS): DEEPGLASS is a sysinternals-style tool designed to identify and collect potentially malicious files across a system
[rctf-scenario1](https://github.com/aliasrobotics/rctf-scenario1): Robotics CTF scenario 1
[heklab.nl](https://github.com/rroethof/heklab.nl): HekLab is a Capture The Flag platform written in Laravel 8 and Proxmox.
[digital-certified-mail](https://github.com/IkwhanChang/digital-certified-mail): Digital Certified E-mail by using Pretty Good Privacy
[vChallenge-2.0](https://github.com/MachiavelSST/vChallenge-2.0): vChallenge 2.0 - Open Source PHP Bot Checker.
[SettingContent-MS-File-Execution](https://github.com/bvoris/SettingContent-MS-File-Execution): SettingContent-MS File Execution vulnerability in Windows 10
[Ciberseguridad_web](https://github.com/i2tResearch/Ciberseguridad_web): Research projects in cybersercurity and data science that have been proposed by the software engineering students (now professionals) from ICESI university.
[yubikey-kde-screensaver](https://github.com/nshadov/yubikey-kde-screensaver): Lock KDE desktop screensaver when Yubikey is removed from USB.
[kmlextractor](https://github.com/gocaio/kmlextractor): KML Metadata Extractor for Goca
[maskurl](https://github.com/haithamaouati/maskurl): MaskURL 🎭 is an simple, small tool written in Bash Scripting for hide phishing URL under a normal looking URL with (HTTP/HTTPS) protocol and link path words.
[kc7](https://github.com/kkneomis/kc7): A cybersecurity game in Azure Data Explorer
[sdto](https://github.com/scanfactory/sdto): Subdomain takeover finder CLI tool and Python library
[Log-4j-scanner](https://github.com/Ananya-0306/Log-4j-scanner): A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228
[DomainScanner](https://github.com/JubyL3y/DomainScanner): A simple script to automate the search for subdomains and their scanning
[Hacking-Write-ups](https://github.com/kangvcar/Hacking-Write-ups): A collection of awesome write-ups from topics ranging from CVE, vulnHub, CTFs, Hack the box walkthroughs, real-life encounters and everything which can help other enthusiasts learn.
[turbinia](https://github.com/google/turbinia): Automation and Scaling of Digital Forensics Tools
[nodejs-security-guide](https://github.com/shaikh-shahid/nodejs-security-guide): A Comprehensive Guide to Build Secure Node.js Applications.
[aiengine-examples](https://github.com/camp0/aiengine-examples): Some examples for AIEngine in python
[LulzoMent](https://github.com/seahorse1seahorse/LulzoMent): DDoSing tool I made
[fuzztest-rs](https://github.com/PaulGrandperrin/fuzztest-rs): Easily test your software using powerful evolutionary, feedback-driven fuzzing technology.
[traffic-simulator](https://github.com/tillson/traffic-simulator): Simulates simple network traffic for Cybersecurity Lab (FTP, Telnet, HTTP, HTTPS)
[PwnBox2](https://github.com/PlatyPew/PwnBox2): 🐳 VMs are bloat. Dockerise your CTF environment.
[deepfence_runtime_api](https://github.com/deepfence/deepfence_runtime_api): Deepfence Runtime API & code samples
[searchpass](https://github.com/michenriksen/searchpass): A simple tool for offline searching of default credentials for network devices, web applications and more.
[CyberPecker](https://github.com/hitesh22rana/CyberPecker): Latest Cyber Security/Hacking News Updates
[Scythe-AntiCheat](https://github.com/Roszalletto/Scythe-AntiCheat): Scythe AntiCheat The best minecraft bedrock anticheat designed for realms worlds and servers
[edb-debugger](https://github.com/eteran/edb-debugger): edb is a cross-platform AArch32/x86/x86-64 debugger.
[e-commerce-backend](https://github.com/cenkerkumlucali/e-commerce-backend): Shopping site backend which used Asp.Net Web API, JWT, Cache, Log, SqlServer, Entity Framework Core and N-Layer Architecture implementation.
[scriptsPentest](https://github.com/LailaFerreira/scriptsPentest): Scripts para estudo de penetration tests.
[uSimpleWebServer](https://github.com/unmanarc/uSimpleWebServer): Unmanarc's Simple Web Server Swiss knife
[CookedGrabber](https://github.com/mouadessalim/CookedGrabber): Discord, Twitter, Instagram, Netflix cookies, token grabber and also password grabber. Grabbing from all web browsers !
[tip-api](https://github.com/reiosantos/tip-api)
[Hikivision-backdoor-scanner-and-snapshot-saver](https://github.com/millersartin/Hikivision-backdoor-scanner-and-snapshot-saver): Tool to mass scan hikvision cameras and save vulnrable devices, use snapshot.py to save live snapshots
[ramp-primes](https://github.com/AtropineTears/ramp-primes): A Rust Crate For Generating Large Prime and Composite Integers From A CSPRNG
[Propane](https://github.com/InjectionSoftwareandSecurityLLC/Propane): An Open Source KoTH Platform
[kAFL](https://github.com/IntelLabs/kAFL): A fuzzer for full VM kernel/driver targets
[SubR3con](https://github.com/rohitcoder/SubR3con): SubR3con is a script written in python. It uses Sublist3r to enumerate all subdomains of a specific target and then it checks for status code for possible subdomain takeover vulnerability. This works great with Subover.go
[massivekube](https://github.com/massivekube/massivekube): High security, resilient, batteries included kubernetes deployment.
[homework-cloud](https://github.com/nopesir/homework-cloud): "Analysis of security mechanisms in Istio": homework paper from the Cloud Computing course at Politecnico di Torino (a.y. 2019/20).
[SecBliZZ](https://github.com/Twist3D666/SecBliZZ): Tools for Dictionary Attacks or other Security Flaws
[ShowRater](https://github.com/lamiinek/ShowRater): Simple Node JS command line application that will get and save the episodes' ratings of any specified TV Show.
[infra3](https://github.com/example-policy-org/infra3): This infra is compliant with version 2.0.1 of the company policy but its only using 1.0.0 and can be updated with a pull-request.
[rust_syscalls](https://github.com/janoglezcampos/rust_syscalls): Single stub direct and indirect syscalling with runtime SSN resolving for windows.
[SteaLinG](https://github.com/De3vil/SteaLinG): The SteaLinG is an open-source penetration testing framework designed for social engineering
[CentOS-4.4-32bit_vmware](https://github.com/Lednerb/CentOS-4.4-32bit_vmware): CentOS 4.4 32-bit vmware image
[TheSecret-ary](https://github.com/AD9000/TheSecret-ary): I recommend you take privacy seriously... Unless you want me to sort the data ;)
[security-study-plan](https://github.com/jassics/security-study-plan): Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...
[werbot](https://github.com/werbot/werbot): 🚚 Single sign-on solution for easy and secure sharing of servers, databases or app access
[hackerchallange](https://github.com/harshcrop/hackerchallange): Hacker Challenge App checkout https://hackerchallange.herokuapp.com/
[A-short-solution-to-Protostar-level-Format-4](https://github.com/Krishanu230/A-short-solution-to-Protostar-level-Format-4)
[nginx-wordpress-docker-sec](https://github.com/cr0hn/nginx-wordpress-docker-sec): Anti-hacking tools deployment config of Nginx for Wordpress
[Sistema-Acesso-Frontend](https://github.com/JoaoG23/Sistema-Acesso-Frontend): Depois da desmembração do monolito aplicação Acesso, o Frontend ganhou uma parte somente dele. Acesso um sistema de controle de fluxo de acesso de pessoas.
[SecurityStuff](https://github.com/0xLuks/SecurityStuff): The goal is to share several cheatsheets related to web and internal pentest, red team, blue team, binary exploitation or reverse engineering, OSINT... that I could learn.
[Linuxhacks.org](https://github.com/Linuxhacks-org/Linuxhacks.org): The Linuxhacks.org Wiki, documentations about Linux or related (articles, how-tos, patches, tweaks, blogs, news and hacks)
[ParadiseC2](https://github.com/D3fe4ted/ParadiseC2): A python botnet forked from PYbot which was discontinued.
[wikiranger](https://github.com/michenriksen/wikiranger): Gather information on Wiki contributions from IP ranges
[cyber-security-tools](https://github.com/anil-yelken/cyber-security-tools): My cyber security tools
[Havana](https://github.com/CVH95/Havana): Security in Computer Systems course project - SDU Robot Systems
[lighttower-web-scraper](https://github.com/schmalle/lighttower-web-scraper): Webscraping tooling for lighttower
[RTLO-attack](https://github.com/ctrlaltdev/RTLO-attack): ☠️ Python script and example file to test the Right-To-Left Override attack
[zigdiggity](https://github.com/BishopFox/zigdiggity): A ZigBee hacking toolkit by Bishop Fox
[insecres](https://github.com/kkomelin/insecres): A console tool that finds insecure resources on HTTPS sites
[pwnedpasswords4j](https://github.com/nbaars/pwnedpasswords4j): A Java client for checking a password against pwnedpasswords.com using the `Searching by range` API For more details see: https://haveibeenpwned.com/API/v2#SearchingPwnedPasswordsByRange
[profuzzbench](https://github.com/profuzzbench/profuzzbench): ProFuzzBench - A Benchmark for Stateful Protocol Fuzzing
[DDOS-RootSec](https://github.com/R00tS3c/DDOS-RootSec): DDOS Archive by RootSec (Scanners, BotNets (Mirai and QBot Premium & Normal and more), Exploits, Methods, Sniffers)
[github-hacks](https://github.com/csshivansh/github-hacks)
[web-security-fundamentals](https://github.com/mike-works/web-security-fundamentals): Mike North's Web Security Course
[Wifi-Spoof](https://github.com/Devin-Wallace/Wifi-Spoof): This is a Python3 script made to run on Kali. Should simplify Wifi-Spoofing.
[AKS_Security](https://github.com/shanepeckham/AKS_Security)
[PPDS](https://github.com/PinkP4nther/PPDS): A tool to overwrite devices with trash data on Linux
[attacker-personas](https://github.com/brannondorsey/attacker-personas): 🏴☠️ Use attacker personas to improve your threat modeling and cybersecurity practices
[Windows-Hacks](https://github.com/LazoCoder/Windows-Hacks): Creative and unusual things that can be done with the Windows API.
[Hacktoberfest2022](https://github.com/iam-roshanj/Hacktoberfest2022): Hacktoberfest2022🥳 Contribute given programs in any language you like😎 Don't forget to give ⭐
[gke-network-policy-demo](https://github.com/GoogleCloudPlatform/gke-network-policy-demo): This guide demonstrates how to improve the security of your Kubernetes Engine by applying fine-grained restrictions to network communication. You will provision a simple HTTP server and two client pods in a Kubernetes Engine cluster, then use a Network Policy restrict connections from client pods.
[zaz](https://github.com/pjbgf/zaz): A command line tool to automatically generate seccomp profiles.
[start-in-IT-or-in-cybersecurity](https://github.com/TheMMcOfficial/start-in-IT-or-in-cybersecurity): If you want to start in IT or you want to in cybersecurity. I regroup all the ressources that I know here.
[nodered-securitycam](https://github.com/filipnet/nodered-securitycam): Retrieval of e-mail, extraction of image attachments, resizing and creation of slideshow for MQTT
[cryptofile](https://github.com/Ashwin697/cryptofile): Cryptofile is develop for encrypting and decrypting important files with password to protect their data and then download the file and if there a need to read the encrypted file in future then they can decrypt the downloaded file there is blog where user can read latest security threat
[Nullify](https://github.com/notplu/Nullify): One of the BEST up to date iReady hacks. Similar to iReady Overload.
[inspec-aws-baseline](https://github.com/centriascolocation/inspec-aws-baseline): InSpec AWS Baseline Profile
[hackypi](https://github.com/nimarty/hackypi): A plattform to solve security challenges and train your cybersecurity skills
[mintotp](https://github.com/susam/mintotp): Minimal TOTP generator in 20 lines of Python
[Piiquante](https://github.com/Helenepagniez/Piiquante): Projet 6 : Open Class Rooms
[AutonomousThreatSweeper](https://github.com/Securonix/AutonomousThreatSweeper): Threat Hunting queries for various attacks
[Chat_Flask](https://github.com/RickyXuPengfei/Chat_Flask): The app can realize the real time communication and information security in transmission and data storage.
[hacking_con_python](https://github.com/xuanhun/hacking_con_python): hacking con python 翻译
[domxssbaker](https://github.com/yehgdotnet/domxssbaker): Bake DOM XSS URL from lists of URL to avoid keep reading complex javascript codes
[WDBASQL](https://github.com/wilmix8/WDBASQL): WDBASQL means Wilmix NOSQL.(W*SQL) is a Securable database invented by wilmix jemin j in GDollar, C# ,and JAVA .No need to write SQL Queries but to pass parameters in WDBASQL database for PLSQL f(x)s. We can also write WDBASql queries like SQL/Oracle Queries.
[safepasswordfx](https://github.com/novenopatch/safepasswordfx): Projet d'un petit gestionnaire de mot de passe conçu avec javafx
[po-gag](https://github.com/deark4sh/po-gag): Po-gag é uma ferramenta para criação de senhas tão aleatórias quanto seguras.
[spring-security-oauth](https://github.com/syakuis/spring-security-oauth): Authorization Server and Resource server with Spring Security. (JWT for OAuth 2.0)
[CodeGraphConv](https://github.com/geek3c/CodeGraphConv)
[CVE-2022-41852](https://github.com/Warxim/CVE-2022-41852): CVE-2022-41852 Proof of Concept (unofficial)
[RT-CyberShield](https://github.com/op7ic/RT-CyberShield): Protecting Red Team infrastructure with cyber shield blocking AWS/AZURE/IBM/Digital Ocean/TOR/AV IP/ETC. ranges
[Passbook](https://github.com/bhargavyagnik/Passbook): It is a password manager and generator that would store in a new approach and would also generate very strong passwords.
[confuser](https://github.com/doyensec/confuser): Dependency Confusion Security Testing Tool
[LBOZO](https://github.com/Frikallo/LBOZO): A hybrid Windows Ransomware
[Packet-Flooder](https://github.com/gamemann/Packet-Flooder): A packet flooding/generating program I made that supports TCP, UDP, and ICMP packets. Includes functionality to change characteristics per packet and is also multithreaded.
[PythonBruteForceFTP](https://github.com/thediegup/PythonBruteForceFTP): A brute force code to pentest ftp servers
[kube-defcon](https://github.com/onzack/kube-defcon): A tool to visualize network policy information from the Kubernetes Master API
[remote-method-guesser](https://github.com/qtc-de/remote-method-guesser): Java RMI Vulnerability Scanner
[Fail2Ban.WebExploits](https://github.com/mitchellkrogza/Fail2Ban.WebExploits): This custom Fail2Ban filter and jail will deal with all scans for common Wordpress, Joomla and other Web Exploits being scanned for by automated bots and those seeking to find exploitable web sites.
[rloris](https://github.com/NoraCodes/rloris): A Rust implementation of slow HTTP DoS techniques
[DorkSearcher](https://github.com/Discordmodsbers/DorkSearcher): This is a dork searcher that has a command line and interactive tui (Provides 1000+ dorks)
[openemr_RCE_5.0.2](https://github.com/BvThTrd/openemr_RCE_5.0.2): Remote Code Execution - OpenEMR CMS v5.0.2.1
[PorTest](https://github.com/Havivw/PorTest): Check what the open ports to your attacker server
[Chromossify](https://github.com/AdroitAdorKhan/Chromossify): Experience the best yet Chrome.
[G8-CodeQL](https://github.com/ISnackable/G8-CodeQL): DISM Final Year Project, Security Software Tool Development, CodeQL Scanner
[securityhardening](https://github.com/Brute-f0rce/securityhardening)
[Hacking-Society-Website](https://github.com/infosecchlobo/Hacking-Society-Website): Hacking Society Website
[tvd](https://github.com/bethdevopsbunny/tvd): tenable vulnerability diff - a pipeline utility leveraging tenable api to check you haven't introduced new vulnerabilities into your deployment.
[deserter](https://github.com/cr0mll/deserter): A targeted DNS cache poisoner
[tebbaax.github.io](https://github.com/TebbaaX/tebbaax.github.io): My Unicellular 🦠 Blog...Be nice!
[swarm-animism](https://github.com/adzialocha/swarm-animism): CTM HackLab 2018
[SecurityOne](https://github.com/EFTEC/SecurityOne): It's a barebone security class written on PHP
[binja_sibyl](https://github.com/thebabush/binja_sibyl): A (Miasm2 + binaryninja) based function divination.
[chromeos-playstore](https://github.com/3kh0/chromeos-playstore): Step by step guide on how to get the playstore on your Chromebook!
[IITKanpur_hackathon](https://github.com/1-5Pool/IITKanpur_hackathon): IIT Kanpur in collaboration with HCL organized a Cybersecurity hackathon in which the participants had to create a working solution of cyber security problems.
[dorks_hunter](https://github.com/six2dez/dorks_hunter): Simple Google Dorks search tool
[tinted-glass-webcam-notifier](https://github.com/lp1dev/tinted-glass-webcam-notifier): Tinted glass notifies you whenever a software uses the webcam(s) on your computer
[TwoFactorAuthentication](https://github.com/MarkoPapic/TwoFactorAuthentication): A C# library for 2-factor authentication.
[Delta-Botnet](https://github.com/iRennegade/Delta-Botnet): DDoS Botnet creator, just need a replit account, that isn't the normal "DDoS Tool" that only runs on the machine, that botnet creates Repls on replit.com and make a custom botnet.
[LADD](https://github.com/BarakAharoni/LADD): Linux Anti-Debugging Detection tool
[osslscanwin](https://github.com/Qualys/osslscanwin): OpenSSL Vulnerability Scanner for Windows
[fikrado.py](https://github.com/fikrado/fikrado.py): Facebook hacking Tools script super fast and user friendly
[CVE-2022-42889-text4shell](https://github.com/kljunowsky/CVE-2022-42889-text4shell): Apache commons text - CVE-2022-42889 Text4Shell proof of concept exploit.
[iNoFake](https://github.com/deark4sh/iNoFake): O iNoFake é uma ferramenta para geração de dados/perfis aleatórios.
[docker-utils](https://github.com/GabrielWal/docker-utils): A variety of docker tricks, good practices and utilities
[Quarantine-Violation-Police-Alert](https://github.com/gdiprisco/Quarantine-Violation-Police-Alert): University project: extension of DP3T protocol for SARS-CoV-2 pandemic.
[Aimbot-V2](https://github.com/Exunys/Aimbot-V2): ROBLOX Script - Universal Aimbot Script Remake
[Team-HackademINT-Writeups-CTF-Website](https://github.com/HackademINT/Team-HackademINT-Writeups-CTF-Website): Cybersecurity Competitions Writeups + HackademINT Website, Cybersecurity Club of Télécom SudParis
[Python-Nmap](https://github.com/viniciosbarretos/Python-Nmap): Scans all the open ports of a domain or IP address with friendly interface
[NodeJS-BasicXSSClientServer](https://github.com/kyaEH/NodeJS-BasicXSSClientServer)
[AKILT](https://github.com/Xart3mis/AKILT): A Windows Botnet written in Golang
[array-io-keychain](https://github.com/arrayio/array-io-keychain): A highly secure standalone application for signing transactions and generating key pairs.
[Vulnerable-Flask-App](https://github.com/anil-yelken/Vulnerable-Flask-App): Erlik 2 - Vulnerable-Flask-App
[deadlock-issue-tracker](https://github.com/resourcepool/deadlock-issue-tracker): An issue tracker / Q&A / roadmap for the deadlock coding game learning platform
[CipherHater-Club](https://github.com/R0-Crew/CipherHater-Club): "We always hack programs which you cannot competently protect..." © CipherHater
[MycroftAI-RCE](https://github.com/Nhoya/MycroftAI-RCE): "Zero Click" Remote Code Execution in Mycroft AI vocal assistant
[NOGO](https://github.com/Dr-N0/NOGO): NOGO is a packaging script that creates fully undetectable payloads specializing in disabling anti-virus. Created for pentesting (crippling computers) not destroying them.
[USB-Buddy](https://github.com/kevinnz/USB-Buddy): A MacOS tool that monitors USB devices. In the case it detects someone plugging in or unplugging devices it can be configured to send you an SMS or alert you via Slack of the potential security breach. I have based this tool off https://github.com/probablynotablog/usb-canary thanks @errbufferoverfl
[SeguridadNETFramework](https://github.com/JuanMiguelSaugarCanete/SeguridadNETFramework): Auth users en .NET con framework 4.8 configurado en web.config
[electron-vite-template](https://github.com/trantoan960/electron-vite-template): 👻 A fast Simple Vite 2, Vue 3 and Electron 13.x template.
[Cybersecurity_Stein_Algorithm_GCD](https://github.com/Davidmenamm/Cybersecurity_Stein_Algorithm_GCD): Implemententing the Stein's algorithm, for calculating the greatest common divisor in number theory, with applications in cyber-security
[bd-exploit-info](https://github.com/eax-hash/bd-exploit-info): A public version of my other GitHub with just the writeup.
[magoo](https://github.com/pachico/magoo): Mask credit card numbers, emails and more.
[Privacy_Panel](https://github.com/tanzita/Privacy_Panel): Finding all the security permissions that your Android apps uses in your device. It also provides fake location so that your apps can not get your accurate location
[ecert](https://github.com/songyuew/ecert): Sign, verify, encrypt and decrypt messages with Hong Kong Post e-Cert (香港郵政電子證書) and other PKCS#12 certificates.
[Cyber-Patriot](https://github.com/pjoscely/Cyber-Patriot): Cyber Patriot Score Reports
[iot-safety-test](https://github.com/jpnykw/iot-safety-test): run port scan to all devices in same lan network when clicked
[FxIDNHomographAttackBlocker](https://github.com/reinforchu/FxIDNHomographAttackBlocker): Extension for Firefox that block IDN homograph attack.
[Genshin-LunareeT-CheeTos-Privat3-L3AK3D](https://github.com/YANGXI922/Genshin-LunareeT-CheeTos-Privat3-L3AK3D): Genshin LunareeT CheeTos
[sinkchart](https://github.com/sandworm-hq/sinkchart): Beautiful Visualizations For Your App's Dependencies 🧭
[GOSINT](https://github.com/ciscocsirt/GOSINT): The GOSINT framework is a project used for collecting, processing, and exporting high quality indicators of compromise (IOCs).
[bad-usb](https://github.com/R3DHULK/bad-usb): bad usb also known as rubber ducky is a usb device to hack your target when you are in device's physical access
[HackingNASAwithHTML](https://github.com/swatv3nub/HackingNASAwithHTML): OOK NASA HECKED ME
[betref](https://github.com/r4msolo/betref): [Information Gathering]
[ophellia](https://github.com/elliottophellia/ophellia): a simple webshell build in PHP 7.4 for penetration testing and educational purposes only. ( it's not other webshell's recode )
[Retrofiy](https://github.com/BeyondThe5D/Retrofiy): A Roblox script that aims to accurately simulate the 2016 Roblox client.
[one-trick-pony](https://github.com/OutsourcedGuru/one-trick-pony): A limited DNS server which only serves up the minimum set of required servers for Agar.io game play but not for its associated ads, for example.
[Worlds-Fastest-Blog](https://github.com/abhiramready/Worlds-Fastest-Blog): Techniques I use on my Blog to Optimize for Speed, Security, and Resourcefulness.
[fake-admin-honeypot-V1.2](https://github.com/pH7Software/fake-admin-honeypot-V1.2): 🍯 pH7CMS Modula to setup a honeypot fake Admin CP to secure your social/dating site. Basically it's a honeypot for the attackers/hackers and track their behaviour!
[OormiPass](https://github.com/oormicreations/OormiPass): Free open source cross platform password manager
[infosec-events](https://github.com/xsa/infosec-events): List of past and future infosec related events.
[lolinck-api](https://github.com/TeamLoick/lolinck-api): [ Non-Functional Version ] Lolinck is an open source API that use machine learning to detect if a website is safe or not. It can detect NSFW, phishing, malware, ip logging and more.
[X-Marshal](https://github.com/XTeam-Wing/X-Marshal): Golang-分布式资产探测&漏洞扫描&信息收集
[awesome-physec](https://github.com/rustrose/awesome-physec): Repository containing useful links for all things Physical Security. Please contribute!
[Windows-DLL-Injector](https://github.com/Zhuagenborn/Windows-DLL-Injector): 💉 A Windows dynamic-link library injection tool written in C++20. It can inject a dynamic-link library into a running process by its window title or create a new process with an injection.
[Arbitrary-File-Upload-ZoomSounds](https://github.com/0xAgun/Arbitrary-File-Upload-ZoomSounds): ZoomSounds < 6.05 allowing unauthenticated users to upload an arbitrary file anywhere on the web server.
[Modified-Playfair-Cipher-with-steganography](https://github.com/Mayureshdindorkar/Modified-Playfair-Cipher-with-steganography): Implementing playfair cipher 🐱💻 algorithm having matrix size 4 x 19.
[Daily-NIST-CVEs](https://github.com/d4rkshell/Daily-NIST-CVEs): PowerShell script to lookup daily NIST CVE updates and email to user(s)
[StegApp](https://github.com/dsccvrgu/StegApp): This Project is all about Steganography combined with AES encryption. You can use the scirpt for encoding/decoding secret messages inside images with a use of a secret key.
[Physical2FA](https://github.com/Atharv-Attri/Physical2FA): Encryption using 2 Factor Authentication through an external drive with Python
[codebreaker-2018-jenkins-seed](https://github.com/vladistan/codebreaker-2018-jenkins-seed): Jenkins jobs to brute force OTP keys for NSA codebreaker challenge 2018
[starboard-exporter](https://github.com/giantswarm/starboard-exporter): A standalone exporter for vulnerability reports and other CRs created by Trivy Operator (formerly Starboard).
[dastardly-github-action](https://github.com/PortSwigger/dastardly-github-action): Runs a scan using Dastardly by Burp Suite against a target site and creates a JUnit XML report for the scan on completion.
[typing_hacks](https://github.com/abhi40308/typing_hacks): Hacks of major typing test websites in python
[action-api-scan](https://github.com/zaproxy/action-api-scan): A GitHub Action for running the OWASP ZAP API scan
[Vulnerability_PoC](https://github.com/joshblack07/Vulnerability_PoC): Challenge: Find out about the website's security vulnerabilities and send their 3 high-risk vulnerabilities along with PoC (Proof of Concept).
[IBM-Project-25620-1659968640](https://github.com/IBM-EPBL/IBM-Project-25620-1659968640): Web Phishing Detection
[Caesarsghost](https://github.com/ScorchingShade/Caesarsghost): A Simple Caesar's Cipher with GUI
[arctil-vulnerabile-web-application](https://github.com/arctil/arctil-vulnerabile-web-application): arctil vulnerable web application is a sample website built with the purpose of being insecure.
[OSHardening](https://github.com/NitescuLucian/OSHardening): OS Hardening scripts for multiple linux based operating systems. Keep in mind this is the minimum!
[deye-logger-at-cmd](https://github.com/s10l/deye-logger-at-cmd): Easily extract login credentials and WLAN keys from Deye and compatible (e.g. Bosswerk, Turbo-E) microinverters without authentication :)
[QuackTest](https://github.com/terrabitz/QuackTest): Quickly test Ducky Scripts
[Harpocrates.ClassificationBanner](https://github.com/tolliverk/Harpocrates.ClassificationBanner): A work-in-progress classification banner in C# Windows Forms that has the ability to obtain user parameters such as Windows login, computer name, and LDAP role (if applicable). Harpocrates will provide the ability to modify the banner via an administrative password and publish it across multiple computers within an existing network. The intention of this application is to provide an efficient security display for local government and other interested organizations.
[requestfile_exploit_fix](https://github.com/tochnonement/requestfile_exploit_fix): A patch for new Garry's Mod engine's exploit
[JavaApp_MostCommonPassword](https://github.com/EliasMurat/JavaApp_MostCommonPassword): Java | Aplicação para validar se a senha é "comum / fraca".
[ccna](https://github.com/Lcmc23/ccna): Este repositório possui como objetivo armazenar as documentações e os gabaritos referentes aos cursos realizados na plataforma da Cisco (NetAcademy)
[vscode-solidity-auditor](https://github.com/ConsenSys/vscode-solidity-auditor): Solidity language support and visual security auditor for Visual Studio Code
[sectester-js-demo](https://github.com/NeuraLegion/sectester-js-demo): This is a demo project for the SecTester JS SDK framework, with some installation and usage examples
[ceng489-security](https://github.com/tansly/ceng489-security): CENG489 (Introduction to Security in Computing) assignments, Fall 2018
[swsec-intro-cakephp](https://github.com/injcristianrojas/swsec-intro-cakephp): Simple CakePHP 2.0 application for software security classes
[EyeBinder](https://github.com/TeamDarkAnon/EyeBinder): A Free Silent (Hidden) Open-Source Native Binder - Includes Windows Defender Bypass - EyeBinder
[Advanced-threat-response-for-Evotin-2000](https://github.com/Akalabaya/Advanced-threat-response-for-Evotin-2000): This is a project to analyze files to generate procmon logs,windump pcap,and extact codechunks and analyze
[AlfredSimpson](https://github.com/AlfredSimpson/AlfredSimpson): Who I am, what I do, and how to reach me
[MagicPost](https://github.com/hyundotio/MagicPost): MagicPost is an open-source, free pastebin-like service for encrypted messages. MagicPost only stores PGP encrypted messages and allow users to search them by their SHA1 sum (given by MagicPost when possted) and/or fingerprint of PGP keys.
[osintui](https://github.com/wssheldon/osintui): OSINT from your favorite services in a friendly terminal user interface
[DUMB](https://github.com/AlphaDelta/DUMB): A fast and advanced ransomware PoC
[CTF-BWK](https://github.com/flavienbwk/CTF-BWK): A dockerized Capture The Flag challenge for computer science students. Get to know the basics !
[match-cli](https://github.com/Optable/match-cli): The match CLI is an open-source utility that enables an organisation to execute a secure ID match with its partner's data collaboration node (Optable DCN).
[Sakarya-Universty](https://github.com/ToygunKavas/Sakarya-Universty): Sakarya Üniversitesi'nde okuduğum süre boyunca karşıma çıkan tüm belge , ders notları , dökümanları paylaşıcağım (All the assignments, lecture notes and exams). Ayrıca asıl ilgi alanım olan siber güvenlik için yazdığım Exploit - script - toolsları da farklı konular içinde paylaşıcağım
[angstromCTF-2021](https://github.com/AppliedCyberCTF/angstromCTF-2021): A collection of write-ups and solutions for angstromCTF 2021.
[BlackWinterSecurity](https://github.com/BADC0D3/BlackWinterSecurity)
[Bad-Boy](https://github.com/AitzazImtiaz/Bad-Boy): A framework inspired from https://youtu.be/RWIL-6xhmXU
[Cloud-One-Application-Security-SNS-to-Security-Hub](https://github.com/trend-anz/Cloud-One-Application-Security-SNS-to-Security-Hub): This AWS SAM (Serverless Application Model) deployment configures the required resources to send Trend Micro's Cloud One Application Security events to AWS Security Hub.
[r00tb3.github.io](https://github.com/r00tb3/r00tb3.github.io): Amit Vitekar's blog!!!
[node-security](https://github.com/AndreasVolkmann/node-security): Node security seed
[fucking-the-book-of-secret-knowledge](https://github.com/Correia-jpv/fucking-the-book-of-secret-knowledge): A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more. With repository stars⭐ and forks🍴
[EddyTechnologyWebsite](https://github.com/NoiceGaming/EddyTechnologyWebsite): This is a website with tutorials on technology
[honey-hornet](https://github.com/ajackal/honey-hornet): port scanner & login credential tester
[Jasmin-Ransomware](https://github.com/codesiddhant/Jasmin-Ransomware): Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks. Jasmin helps security researchers to overcome the risk of external attacks.
[thecyberjourney](https://github.com/JonatanPerezLopez/thecyberjourney): this is the repository of my blog
[Access-Bot](https://github.com/jake8655/Access-Bot): Access-Bot is a Discord bot that let's you secure your Discord server by making every new user take a test before given access to your server
[bmstu_security](https://github.com/Winterpuma/bmstu_security): bmstu, IU7-7, Защита Информации (2020)
[Write-up-CTF-KKS-TNI](https://github.com/rozaqi/Write-up-CTF-KKS-TNI): Write up CTF KKS TNI
[airgeddon-plugins](https://github.com/KeyofBlueS/airgeddon-plugins): Enhanced functions and new features for airgeddon!
[IMAP-Proxy](https://github.com/CIRCL/IMAP-Proxy): Modular IMAP proxy (including PyCIRCLeanMail and MISP forward modules)
[steganalysis](https://github.com/fraimparato/steganalysis): Research project for the course "Cybersecurity and National Defence" of Politecnico di Torino.
[hacking101](https://github.com/v-kolesnikov/hacking101): Marginalia and synopsis of the book.
[suricatajs](https://github.com/nkalexiou/suricatajs): Monitor your javascript files and detect unauthorized changes.
[dns-bruteforce](https://github.com/alenbhclynpblc/dns-bruteforce): Real Bruteforcer, Not Wordlist Checker // DNS :)
[htb](https://github.com/yaboygmoney/htb)
[AimBot-AimHero](https://github.com/onurhanerk/AimBot-AimHero): Tensorflow
[pyrace](https://github.com/llamasoft/pyrace): An HTTP[S] race condition testing package built using the Requests library
[PHPAuditGuideBook](https://github.com/burpheart/PHPAuditGuideBook): 《PHP代码审计入门指南》 这本指南包含了我在学习PHP代码审计过程中整理出的一些技巧和对漏洞的一些理解
[HackerMind](https://github.com/Ascotbe/HackerMind): 渗透步骤,web安全,CTF,业务安全,人工智能,区块链安全,数据安全,安全开发,无线安全,社会工程学,二进制安全,移动安全,红蓝对抗,运维安全,风控安全,linux安全
[freepbx-shell-admin-module](https://github.com/DarkCoderSc/freepbx-shell-admin-module): FreePBX PHP Web Shell Admin Module
[xbackdoor](https://github.com/echo-devim/xbackdoor): A tool for the persistent XSS exploitation with a focus for mobile web browsers
[tikuna](https://github.com/edenia/tikuna): A P2P network security monitoring system for the Ethereum blockchain. :closed_lock_with_key:
[HackGame3-solutions](https://github.com/KAUTH/HackGame3-solutions): My proposed solutions for the "HackGame3, by ChauRocks" hacking challenge. https://hackgame.chaurocks.com
[bitcoin-hacking-tools](https://github.com/SMH17/bitcoin-hacking-tools): The source code of main tools used in Bitcoin "non-malware-based" attacks.
[targeted-password-guesses](https://github.com/ACM-Research/targeted-password-guesses): We refined a GPT-3 model on Wattpad user account data to generate targeted password guesses automatically.
[Debloat](https://github.com/Guru-25/Debloat): Debloat Scripts for Realme UI 3.0
[Keep-Eye-On-User](https://github.com/SherazIbrahim/Keep-Eye-On-User): This software is to keep eye on every user who uses your computer . Actually it captures screenshot of your computer and saves those in a specific folder and it also saves what the users writes using Keyboard.This is for non-Commercial use so you can not it use commercially but you can use it for your non-commercial purpose.
[security-workshops](https://github.com/loicttn/security-workshops): MOVED HERE => https://github.com/PoCFrance/security-workshops .All security workshops organized to introduce students to security with CTF-like exercices.
[overthewire](https://github.com/mikelty/overthewire): solves various challenges on overthewire.org.
[token-jwt-spring-boot](https://github.com/estevam5s/token-jwt-spring-boot): ☕Token JWT com Spring Boot, Spring Security, Auth0 e JPA | JAVA e POSTGRESQL
[PdfViewer](https://github.com/GrapheneOS/PdfViewer): Simple Android PDF viewer based on pdf.js and content providers. The app doesn't require any permissions. The PDF stream is fed into the sandboxed WebView without giving it access to content or files. CSP is used to enforce that the JavaScript and styling properties within the WebView are entirely static.
[ethical-hacking-notes](https://github.com/SrivathsanNayak/ethical-hacking-notes)
[Quantum-Encryption](https://github.com/TheComputerDon/Quantum-Encryption): This is an easy python script to encrypt a file and decrypt a file with a key.
[simple_python_obfuscator](https://github.com/CthUlhUzzz/simple_python_obfuscator): Very simple python obfuscator based on bytecode compiling
[OSINT-Cheat-sheet](https://github.com/Jieyab89/OSINT-Cheat-sheet): OSINT cheat sheet, list OSINT tools, dataset, article, book and OSINT tips
[duplicate-webpage](https://github.com/janet-dev/duplicate-webpage): Duplication of TEUKHO homepage
[cleanup-aws-access-keys](https://github.com/tuladhar/cleanup-aws-access-keys): A cloud security tool to search and clean up unused AWS access keys, written in Go.
[serverless-goof-azure](https://github.com/lirantal/serverless-goof-azure): Oreilly's Serverless security example application - serverless-goof todo app
[CHES-2016-Capture-the-Flag-writeup](https://github.com/M0nteCarl0/CHES-2016-Capture-the-Flag-writeup): Solution of CHES 2016 Capture the Flag on ChipWhisperer(4 an 5), SCAred and Jlsca Side Channel Attack frameworks
[Python-Nmap-](https://github.com/WosberbonDesu/Python-Nmap-): :computer: Basic Nmap with python
[FeatureExtractor](https://github.com/octacode/FeatureExtractor): A static analysis tool for feature extraction from solid apk files
[ICS-Hacking](https://github.com/miguelob/ICS-Hacking): This repository is focused on cybersecurity in the industrial world. Many industrial communication protocols and equipment is investigated and pentested
[troubleshooting-k8s-apps](https://github.com/mhausenblas/troubleshooting-k8s-apps): Troubleshooting Kubernetes Applications
[NetNut](https://github.com/NetNut-Proxy-Network/NetNut): Premium Static & Rotating IPs | HTTP(s) Residential Proxy Network | Information & Code samples.
[Evocatio](https://github.com/HexHive/Evocatio)
[gke-vault-demo](https://github.com/GoogleCloudPlatform/gke-vault-demo): This demo builds two GKE Clusters and guides you through using secrets in Vault, using Kubernetes authentication from within a pod to login to Vault, and fetching short-lived Google Service Account credentials on-demand from Vault within a pod.
[DeepMAD](https://github.com/maliksh7/DeepMAD): Malicious Activity Detection System. Final Year Project. Deep Learning-based solution, which analyses Network Activity sequences to classify whether the certain node is Malicious or Benign. Devising a tool/software which will detect malicious Network Activity Detection using Deep Learning Model. Tools: Python, Neural Network (BERT), Google Colaboratory, PyTorch, Kaggle, Tensorflow, and Flowmeter,
[shadownet_toolV1](https://github.com/Shadow-CybSec/shadownet_toolV1): Just a quick framework for all your recon needs.
[HACKING-ETICO](https://github.com/Ro-TechUY/HACKING-ETICO): ¡Bienvenidos a mi portafolio digital! En este repositorio podrás encontrar algunos de mis trabajos, recopilacion de informacion y scrips relacionados con seguridad informática, pentesting y vulnerabilidad en sistemas informáticos.
[koa-protect](https://github.com/may215/koa-protect): Security module for koa applications
[domain-to-webapp](https://github.com/cyberblackhole/domain-to-webapp): Web application Enumerator
[bash-for-ethical-hackers](https://github.com/R3DHULK/bash-for-ethical-hackers): Bash For Ethical Hacking
[android_device_samsung_s5neolte_lineageOS](https://github.com/Fincer/android_device_samsung_s5neolte_lineageOS): LineageOS 18.1 patches & tweaks for Samsung S5 Neo (s5neolte)
[SSRF-Scanner](https://github.com/Dancas93/SSRF-Scanner)
[Web-Crawler-Tables](https://github.com/Gabriel-Lima232/Web-Crawler-Tables)
[magnetron.artificial-intelligence-2.0.mincloud.proxia--IMAGINATION-A1](https://github.com/GCABC123/magnetron.artificial-intelligence-2.0.mincloud.proxia--IMAGINATION-A1): ✭ MAGNETRON ™ ✭: This is a Google Colab/Jupyter Notebook for developing an IMAGINATION (A1) PROXIA when working with ARTIFICIAL INTELLIGENCE 2.0 ™ (ARTIFICIAL INTELLIGENCE 2.0™ is part of MAGNETRON ™ TECHNOLOGY).
[ReMod-Core](https://github.com/KevinW1998/ReMod-Core)
[sio-ts](https://github.com/JonathanWilbur/sio-ts): Security Information Objects, per ITU Recommendation X.841.
[glua-steal](https://github.com/lewisclark/glua-steal): Retrieves client-sided Lua files from Garry's Mod game servers
[FastAudit](https://github.com/chrispetrou/FastAudit): :shipit: A wordpress security auditor! Audit your wordpress application for security issues with even 1 request.
[Hackerman_Tools](https://github.com/Etignis/Hackerman_Tools): Feel like the real Hacker
[ScrapPY](https://github.com/RoseSecurity/ScrapPY): ScrapPY is a Python utility for scraping manuals, documents, and other sensitive PDFs to generate wordlists that can be utilized by offensive security tools to perform brute force, forced browsing, and dictionary attacks against targets. The tool dives deep to discover keywords and phrases leading to potential passwords or hidden directories.
[XLIBROBLOX](https://github.com/XtoolsGithub/XLIBROBLOX): XLIBROBLOX
[piccolo_api](https://github.com/piccolo-orm/piccolo_api): ASGI middleware for authentication, rate limiting, and building REST endpoints.
[CppWxWidgetsReverseShell](https://github.com/melardev/CppWxWidgetsReverseShell): Reverse shell written in Cpp using wxWidgets framework
[symex](https://github.com/nmosier/symex): A symbolic execution engine for x86-32 that allows starting execution from a concrete execution's core dump.
[Cyber_Security](https://github.com/FabioDainese/Cyber_Security): Write-ups of various cyber security challenges and CTFs
[omigood](https://github.com/marcosimioni/omigood): OMIGOD! OM I GOOD? A free scanner to detect VMs vulnerable to one of the "OMIGOD" vulnerabilities discovered by Wiz's threat research team, specifically CVE-2021-38647.
[docker-cif](https://github.com/ventz/docker-cif): CIFv3 Ubuntu 16.04 Docker Container (Bearded Avenger)
[CVEsLab](https://github.com/SecuriTrust/CVEsLab): 💀 A collection of proof-of-concept exploit scripts on docker lab environments has been discovered by Securi Trust Team. Vulnerabilities has been written by SecuriTrust team for various CVEs.
[DorkMe](https://github.com/blueudp/DorkMe): [WORKING IN V2, WITH PROXIES, CUSTOM USER AGENT... TO MUCH BETTER!]DorkMe is a tool designed with the purpose of making easier the searching of vulnerabilities with Google Dorks, such as SQL Injection vulnerabilities.
[clairvoyance](https://github.com/nikitastupin/clairvoyance): Obtain GraphQL API Schema even if the introspection is not enabled
[awesome-security-training](https://github.com/Smithech/awesome-security-training): A curated list of awesome security and hacking training platforms and resources.
[RDSE](https://github.com/SIMBREX/RDSE): RDSE - Open Source Encryption Technology
[Exfiltrate](https://github.com/jndean/Exfiltrate): Retro hacking multiplayer browser game 🎲
[armudgal.github.io](https://github.com/armudgal/armudgal.github.io): Used the popular minimal jekyll template Moon. Updated version
[cybersecurity-tools](https://github.com/paulveillard/cybersecurity-tools): A collection of cybsecurity tools, software, libraries, learning tutorials, frameworks, academic and practical resources in security.
[nullblr-bachaav-aismd](https://github.com/appsecco/nullblr-bachaav-aismd): null Bangalore Public Bachaav 10 December 2016 Automated Infrastructure Security Monitoring & Defence
[capsicum-proxy](https://github.com/AmbrSb/capsicum-proxy): Automatic/transparent sandboxing of C/C++ code and dynamic shared objects via capsicum
[MASS-LFI-TO-RCE](https://github.com/unCodeBoss/MASS-LFI-TO-RCE): t.me/codeb0ss
[Russian-propaganda-browser-flood-tool](https://github.com/rmellis/Russian-propaganda-browser-flood-tool): This repo contains a set of standalone ".htm" pages which will allow you to help Ukraine by flooding Russian and Belarusian propaganda sites. -in website link below, replace day255 with the current day since the invasion started. Oh.. And you know.. For educational purposes only ;)
[forsh](https://github.com/kevinreddot/forsh): Shell intended for forwarding-only ssh connection via jumphost
[Computer-Security](https://github.com/TendTo/Computer-Security): Esperimenti e progetti realizzati durante il corso di Computer Security 2021/2021
[WindowsFirewallAutomation](https://github.com/honeyful/WindowsFirewallAutomation): C# Windows Firewall Automation Toolkit
[LogBluetoothAPI](https://github.com/KYHSGeekCode/LogBluetoothAPI): Logs android bluetooth api calls of apps using xposed framework, to learn how to avoid java.lang.IOException: connect() failed; socket might closed or timeout; read ret: -1
[RHEL8-STIG](https://github.com/ansible-lockdown/RHEL8-STIG): STIG Baseline Ansible Role for RHEL 8
[ProSecrec](https://github.com/HydroCarbons/ProSecrec): Pro Secrec App - Secure Vault for your important information.
[Villain](https://github.com/t3l3machus/Villain): Villain is a Windows & Linux backdoor generator and multi-session handler that allows users to connect with sibling servers (other machines running Villain) and share their backdoor sessions, handy for working as a team.
[santuario-cpp](https://github.com/apache/santuario-cpp): Mirror of Apache Santuario C++
[cyberprobe](https://github.com/cybermaggedon/cyberprobe): Capturing, analysing and responding to cyber attacks
[Sistema-Acesso-API](https://github.com/JoaoG23/Sistema-Acesso-API): API de um Sistema de Segurança e Controle de acesso de pessoas, cujo o intuito, controlar e gerenciar com fluxo de usuários sistema.👌🏽👩🏽💼
[Drone-Hacking-Tool](https://github.com/HKSSY/Drone-Hacking-Tool): Drone Hacking Tool is a GUI tool that works with a USB Wifi adapter and HackRF One for hacking drones.
[cybersecurity-scripts](https://github.com/paulveillard/cybersecurity-scripts): A collection of public offensive and defensive security software, libraries, learning tutorials, documents, books, resources and cool stuff in security
[XDP-Firewall](https://github.com/gamemann/XDP-Firewall): A firewall that utilizes the Linux kernel's XDP hook. The XDP hook allows for very fast network processing on Linux systems. This is great for dropping malicious traffic from a (D)DoS attack. IPv6 is supported with this firewall! I hope this helps existing network engineers/programmers interested in utilizing XDP or anybody interested in getting into those fields! (D)DoS mitigation/prevention is such an important part of Cyber Security and understanding the concept of networking and packet flow on a low-medium level would certainly help those who are pursuing a career in the field :)
[DS4CS-Homework](https://github.com/yujunkuo/DS4CS-Homework): [網路安全的資料科學 108-2@NCCU] 課程作業
[laravel-nist-password-rules](https://github.com/langleyfoxall/laravel-nist-password-rules): 🔒 Laravel validation rules that follow the password related recommendations found in NIST Special Publication 800-63B section 5.
[Haram-Tool-Hacker-Penetration-Master-](https://github.com/AnandaRauf/Haram-Tool-Hacker-Penetration-Master-): Haram Tool is Software Web Penetration Testing Tool.
[chrisrpetrie.github.io](https://github.com/chrisrpetrie/chrisrpetrie.github.io): Repo for https://chrisrpetrie.github.io. Powered by Jekyll.
[CyberTrace](https://github.com/shawnduong/CyberTrace): A new way to track and geographically map cyberattacks, in junction with a modular and extensible attack classification framework.
[NucleiTP](https://github.com/ExpLangcn/NucleiTP): 自动整合全网Nuclei的漏洞POC,实时同步更新最新POC!
[Recon4u](https://github.com/shivams0099/Recon4u): Reconnaissance Tool
[Magento-Pre-Patched-Files](https://github.com/magecomp/Magento-Pre-Patched-Files): Read About All PrePatched Files Blog Installation Instructions
[Power-DoS](https://github.com/Black-Hell-Team/Power-DoS): Power-DoS, a multi-threaded Denial of Service tool made in Python 3
[DesenvolvimentoSeguro](https://github.com/wh0isdxk/DesenvolvimentoSeguro): Principios e Boas Práticas sobre Desenvolvimento Seguro
[dependency-check-py](https://github.com/jhermann/dependency-check-py): :closed_lock_with_key: Shim to easily install OWASP dependency-check-cli into Python projects
[GameModdingEngine](https://github.com/xvghy-x/GameModdingEngine): Gamers Modding Engine! Cheat UI for over 20 online games
[foliage](https://github.com/rodchenk/foliage): Datenschutz und Softwareanpassung für foliage.com
[Awesome-WAF](https://github.com/0xInfection/Awesome-WAF): 🔥 Web-application firewalls (WAFs) from security standpoint.
[University-Revision](https://github.com/Xtrendence/University-Revision): University revision notes for Computing.
[rfparty-monitor](https://github.com/datapartyjs/rfparty-monitor): its like a tricorder, for your wireless world.
[SecHeaders](https://github.com/ajmusgrove/SecHeaders): This is a fully configurable, rules-based plugin to build up the Content Security Policy, generate NONCE, and set all needed security HTTP headers for JSP/Servlet engines.
[Malcolm](https://github.com/cisagov/Malcolm): Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.
[malware-souk](https://github.com/saferwall/malware-souk): Collaborative malware exchange repository.
[web-recon](https://github.com/pr0xh4ck/web-recon): All About Web Recon & OSINT
[Text-Shredder](https://github.com/stephenhaunts/Text-Shredder): A simple tool that applies very strong encryption over text for use with chat or email applications. Use this if you want to add another level of privacy and security that you can control.
[leakhunter](https://github.com/soheicyber/leakhunter): LeakHunter uses webbugs embedded in docx files to help you identify insiders who leak documents outside your organization.
[sksick](https://github.com/yanalunaterra-wip/sksick): Tools to break gpg --recv, add fake identities, and DoS SKS keyservers
[ramanlameika](https://github.com/ramanlameika/ramanlameika): Config files for my GitHub profile.
[lf-podcast](https://github.com/linuxfoundation/lf-podcast): From the Linux Foundation office in New York City, welcome to "The Untold Stories of Open Source". Each week we explore the people who are supporting Open Source projects, how they became involved with it, and the problems they faced along the way.
[Hacking-Awesome](https://github.com/spy86/Hacking-Awesome): Hacking-Awesome
[MiniScanner](https://github.com/JOHNHEHE/MiniScanner): 集合多个功能的网络安全迷你系统
[github-regexp](https://github.com/gwen001/github-regexp): Basically a regexp over a GitHub search.
[mylittlepwny](https://github.com/cogito-cea/mylittlepwny): Tools for side-channel analysis
[Example-injector](https://github.com/Fnoberz/Example-injector): 💉 Fivem Exec | Open Source C++ External Release
[Java-Backend](https://github.com/VanTamNguyen/Java-Backend): Things I learn to become a Java backend engineer
[gnirts](https://github.com/anseki/gnirts): Obfuscate string literals in JavaScript code.
[NetworkTrafficAnalyzer](https://github.com/geetika016/NetworkTrafficAnalyzer): Flask Application to Analyze and Visualize Network Traffic Data using Machine Learning
[TlsCertificateLoader](https://github.com/MarkCiliaVincenti/TlsCertificateLoader): Allows loading of TLS certificates for .NET 6.0 Kestrel web applications, allowing for refreshing of certificates as well as compatibility with HTTP/3.
[android-codelab-2019](https://github.com/gdgpisa/android-codelab-2019): Material and Sample Projects for GDG Pisa's event: Android Development for Dummies
[gogogoportscan](https://github.com/malikh22/gogogoportscan): A simple port scanner created in Go for my programming languages course as my final project. Currently, it can run a full TCP scan of all ports in under 5 seconds.
[KotlinBindShell](https://github.com/melardev/KotlinBindShell)
[detectify-cves](https://github.com/gwen001/detectify-cves): Find CVEs that don't have a Detectify modules.
[nepalihackers.github.io](https://github.com/nepalihackers/nepalihackers.github.io): Webpage for nepali hackers and tinkerers
[Swek3](https://github.com/Ethnical/Swek3): Web3 Security Toolbox
[AwesomeResources](https://github.com/CodheadClub/AwesomeResources): An awesome list of computer science related resources.
[Pi-2FA](https://github.com/neilnhardy/Pi-2FA): Bash scripts enabling 2-factor authentication for a range of services on Pi OS. Baseline support for lightdm, login, sshd, su & sudo, however other /etc/pam.d services can be added. Per-user control over which services are 2FA enabled or administrative enforcement.
[bao-hypervisor](https://github.com/bao-project/bao-hypervisor): Bao, a Lightweight Static Partitioning Hypervisor
[TireFire](https://github.com/cloudsriseup/TireFire): A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations.
[log-credentials](https://github.com/jomisica/log-credentials): PAM Log Credentials
[IMAGE-RAT](https://github.com/pro-rat/IMAGE-RAT): Android hacking with Image
[SecureLoginLab](https://github.com/mihaicerchez/SecureLoginLab): This is an implementation of a login form with a stored password in it's code as a SHA-512 hash that is also SALTed.
[domain-awareness-mgt](https://github.com/cybnity/domain-awareness-mgt): All the features and services realized by the Awareness & Culture bounded context relative to the application domain, including specification library (e.g api), components implementation (e.g software implementation packages) and deployable systems (e.g operable component on infrastructure types).
[Shamir-for-Cloud-Environments](https://github.com/joezbub/Shamir-for-Cloud-Environments): Secret sharing implementation allows users to split and combine their files according to a default (2, 3) scheme.
[magnetron.artificial-intelligence-2.0.mincloud.proxia--IMAGINATION-B](https://github.com/GCABC123/magnetron.artificial-intelligence-2.0.mincloud.proxia--IMAGINATION-B): ✭ MAGNETRON ™ ✭: This is a Google Colab/Jupyter Notebook for developing an IMAGINATION proxia when working with ARTIFICIAL INTELLIGENCE 2.0 ™ (ARTIFICIAL INTELLIGENCE 2.0™ is part of MAGNETRON ™ TECHNOLOGY).
[topaz](https://github.com/aserto-dev/topaz): Cloud-native authorization for modern applications and APIs
[COMP61411_Cryptography](https://github.com/VeteranNinja/COMP61411_Cryptography): Cryptography work I have done at the University of Manchester
[DNS_Enumerator](https://github.com/crypticq/DNS_Enumerator)
[windows-exploit-search](https://github.com/glowbase/windows-exploit-search): Search through Microsoft Security Bulletins (MSSB's) to find relevant vulnerabilities and exploits to use against Windows target machines.How to Install
- Download the CSS file below
- Move it to your vault's
.obsidian/snippets/folder - Open Obsidian → Settings → Appearance → CSS Snippets → Enable it
Stats
Stars
77
Forks
18
Last updated 41mo ago