This is your work, valued
Python, C++, C#, Powershell, and a dabble of Rust. Hope you have a great day! <3
DataSurgeon. Quickly Extracts IP's, Email Addresses, Hashes, Files, Credit Cards, Social Security Numbers and a lot More From Text
★ 903powershell-backdoor-generator. Reverse backdoor written in PowerShell and obfuscated with Python. It generates payloads for popular hacking devices like Flipper Zero and Hak5 USB Rubber Ducky, and changes its signature after every build to help avoid AV.
★ 414autodeauth. Automated Linux service that collects information on local Wi-Fi networks and performs deauthentication attacks.
★ 69netstat-trojan. reverse-TCP backdoor disguised within the netstat utility. It's designed to automatically exclude itself from the netstat output. (educational purposes only)
★ 15write-ups. Various Write Ups from OverTheWire, TryHackMe, HackTheBox, CrackMes.one and more!
★ 12ccrack. Multithreaded password cracker for SHA1, SHA256, SHA384, SHA512, and MD5 hash functions, coded in C#. This tool allows you to test the strength of your passwords and improve your overall security.
★ 8CVE-2019-7214. Python3 Rewrite of SmarterMail < Build 6985 Remote Code Execution found by 1F98D (CVE-2019-7214) POC
★ 4pymem-csgo. A CS:GO Cheat Coded in Python with Glow and Radar Hacks
★ 4Anti-Cheat. A C++ Anti-Cheat library
★ 4ohbrother. Brother Printer attack tool (Designed for the HL-L2360D series)
★ 4neovim. The Neovim config and Gnome extensions I use for Ubuntu
★ 3Drew-Alleman.
★ 2ds-test. This repository is used to generate test files for DataSurgeon
★ 2Blue-Team-Notes. You didn't think I'd go and leave the blue team out, right?
★ 2PowerShell-Red-Team. Collection of PowerShell functions a Red Teamer may use in an engagement
★ 1csgo-hops. A CS:GO bunny-hop cheat written in C++, obfuscated with python, and compiled with msbuild.
★ 1ds-ipv4cidr-plugin. a DataSurgeon extension for extracting ip addresses with CIDRS from text.
★ 1bps. Boost Asio Port Scanner
★ 1PRISM. Phishing Reporting and Incident Security Mitigation (WIP)
★ 1CVE-2020-11651. A script that exploits SaltStack CVE-2020-11651 and CVE-2020-11652 to add new users to a vulnerable Salt master by injecting entries into /etc/passwd and /etc/shadow. POC
★ 1SmartScaleBluetoothSniffer. OKOK Smart Bluetooth Scale – BLE Weight Sniffer
★ 1Obfusk8. Obfusk8: lightweight Obfuscation library based on C++17 / Header Only for windows binaries
★ 774deflock. Crowdsourced tool for locating and reporting ALPRs
★ 669factoring. the search for a polynomial time factoring algorithm
★ 50TimeStomp_bof. This is a very simple BOF written for Cobalt Strike and other post exploitation frameworks that I reimplemented from one of my C++ tools. Timestomps a target file to have the time attributes match those of a source file on the same Windows system.
★ 7sharetrace. 🎭 Reveal the identity behind a share link
★ 73Ekko. Sleep Obfuscation
★ 839delta. A syntax-highlighting pager for git, diff, grep, rg --json, and blame output
★ 31kN7CommandManager. Flexible Command Manager for Killing Floor. Provides rich API to change various game settings and trigger different events.
★ 2injectEtwBypass. CobaltStrike BOF - Inject ETW Bypass into Remote Process via Syscalls (HellsGate|HalosGate)
★ 300bhgrep. like ripgrep but for browser history
★ 28MalwareAnalysis4WindowsXP. The repository collects some useful software and tools that still work in Windows XP system.
★ 5MalwareEvasionTechniques. Research project showcasing various malware evasion techniques used to bypass AVs and EDRs, continuously updated with new methods.
★ 39Jigsaw. Hide shellcode by shuffling bytes into a random array and reconstruct at runtime
★ 203mimikatz. YARA
★ 2.6kredteam. PHP
★ 52Toolies. Ad hoc collection of Red Teaming & Active Directory tooling.
★ 232TheTimeMachine. Weaponizing WaybackUrls for Recon, BugBounties , OSINT, Sensitive Endpoints and what not
★ 547osint_stuff_tool_collection. A collection of several hundred online tools for OSINT
★ 8.4kGitTools. A repository with 3 tools for pwn'ing websites with .git repositories available
★ 4.2kbuster. An advanced tool for email reconnaissance
★ 1.4kSploitScan. SploitScan is a sophisticated cybersecurity utility designed to provide detailed information on vulnerabilities and associated exploits.
★ 1.4kmetagoofil. Search Google and download specific file types
★ 573h8mail. Email OSINT & Password breach hunting tool, locally or using premium services. Supports chasing down related email
★ 5.1kWhatBreach. OSINT tool to find breached emails, databases, pastes, and relevant information
★ 1.6kfav-up. IP lookup by favicon using Shodan
★ 1.2kbrowser-extension. Version 8 and above. Browser extension source code for Firefox, Chrome, and other Chromium-based browsers
★ 500AutoRecon. AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.
★ 6kbrutespray. Fast, multi-protocol credential brute-forcer. Parses Nmap, Nessus, and Nexpose output to automatically test default and custom credentials across 30+ protocols.
★ 2.5kEmailHarvester. Email addresses harvester
★ 958awesome-hacker-search-engines. A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
★ 11kSSH-Snake. SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.
★ 2.3kurlfinder. A high-speed tool for passively gathering URLs, optimized for efficient and comprehensive web asset discovery without active scanning.
★ 890terminal-guillotine. Remove the headerbar from the gnome terminal
★ 52Zero. Experience email the way you want with Mail0 – the first open source email app that puts your privacy and safety first. Join the discord: https://mail0.link/discord
★ 11kmsgraph-sdk-python. Python
★ 616incident-response-plan-template. A concise, directive, specific, flexible, and free incident response plan template
★ 793defensive-scripts. Defence Against the Dark Arts
★ 34smtp2go-python. Python library for interacting with the smtp2go API
★ 6GSheet-MultiSelect. Script to add Google Sheets MultiSelect fields
★ 14disposable-email-domain-list. A list of disposable email domains, cleaned and validated by scanning MX records.
★ 106git-blame-someone-else. Blame someone else for your bad code.
★ 12kvulnx. Modern CLI for exploring vulnerability data with powerful search, filtering, and analysis capabilities.
★ 2.6kUACME. Defeating Windows User Account Control
★ 7.7kPrivescCheck. Privilege Escalation Enumeration Script for Windows
★ 3.9kmaestro. Lightweight, Linux-compatible kernel, written in Rust to leverage the safety of the typesystem. Aiming to remove as much legacy as possible while supporting most usecases
★ 3.3kCVE-2023-38646-PoC. Metabase Pre-auth RCE
★ 12traitor. :arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock
★ 7.2kwindows-kernel-exploits. windows-kernel-exploits Windows平台提权漏洞集合
★ 8.7kforensictools. Collection of forensic tools
★ 701chisel. A fast TCP/UDP tunnel over HTTP
★ 16kshopify_python_api. ShopifyAPI library allows Python developers to programmatically access the admin section of stores
★ 1.4kScoutSuite. Multi-Cloud Security Auditing Tool
★ 7.7kLaZagne. Credentials recovery project
★ 11kbackdoors. C
★ 128binjection. Injects additional machine instructions into various binary formats.
★ 291proxyhub. An advanced [Finder | Checker | Server] tool for proxy servers, supporting both HTTP(S) and SOCKS protocols. 🎭
★ 213Leaked-GPTs. Leaked GPTs Prompts Bypass the 25 message limit or to try out GPTs without a Plus subscription.
★ 2.5knginxpwner. Nginxpwner is a simple tool to look for common Nginx misconfigurations and vulnerabilities.
★ 1.6knac_bypass. Script collection to bypass Network Access Control (NAC, 802.1x)
★ 376DSEFix. Windows x64 Driver Signature Enforcement Overrider
★ 809SharpGPOAbuse. SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO.
★ 1.3kpwndrop. Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV.
★ 2.3kevilginx2. Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
★ 15kntlm_theft. A tool for generating multiple types of NTLMv2 hash theft files by Jacob Wilkin (Greenwolf)
★ 1.4kbully. Bully WPS Attack Tool
★ 94wfuzz. Web application fuzzer
★ 6.5kdebian-from-scratch. An instruction manual for teaching Linux From Scratch users how to make a fully-fledged Debian system based on LFS.
★ 276wp-backdoor. Many times I have asked myself how to maintain access to a compromised WordPress site for the sake of surveillance/data gathering/etc... Apart from reverse shells, of course, because I see some issues with the reverse shells stuff. That's why I posted this WordPress Backdoor.
★ 31pacu. The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
★ 5.3kDFSCoerce. Python
★ 842eaphammer. Targeted evil twin attacks against WPA2-Enterprise networks. Indirect wireless pivots using hostile portal attacks.
★ 2.5kMobile-Security-Framework-MobSF. Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
★ 21kPinkerton. 🕵️ Python project to crawl for JavaScript files and search for secrets like API keys, authorization tokens, hardcoded credentials, etc.
★ 440nodesub. Nodesub is a command-line tool for finding subdomains in bug bounty programs
★ 149yersinia. A framework for layer 2 attacks
★ 852Seatbelt. Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.
★ 4.6kmassdns. A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)
★ 3.6kpuredns. Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.
★ 2.2kBurn-My-Windows. 🔥 Disintegrate your windows with style.
★ 3krustycube. RustyCube - Assault Cube Multihack for Linux written in Rust (EARLY DEV)
★ 5demiguise. HTA encryption tool for RedTeams
★ 1.4kleptos. Build fast web applications with Rust.
★ 21kSILENTTRINITY. An asynchronous, collaborative post-exploitation agent powered by Python and .NET's DLR
★ 2.3khacker-theme. HTML, CSS, JS based Web Page template
★ 37bopscrk. Generate smart and powerful wordlists
★ 1.1kchromium-web-store. Allows adding extensions from chrome web store on ungoogled-chromium. Also adds semi-automatic extension updating.
★ 3.2kmec. for mass exploiting
★ 613sponge-ai. Creates AI generated Spongebob episodes
★ 60awesome. awesome window manager
★ 6.9kUnlimitedGPT. An unofficial Python wrapper for OpenAI's ChatGPT API
★ 423Mr.-Ranedeer-AI-Tutor. A GPT-4 AI Tutor Prompt for customizable personalized learning experiences.
★ 30ktweepy. Twitter for Python!
★ 11kFlipper-IRDB. A collective of different IRs for the Flipper
★ 4.2kBitcoin-Stealer. Generate random bitcoin wallets, private keys (seeds) and then check if they match a wallet that contains some kind of balance, and then take it. Node.js
★ 543RustHound. Active Directory data ingestor for BloodHound Legacy written in Rust. 🦀
★ 1.2kedex-ui. A cross-platform, customizable science fiction terminal emulator with advanced monitoring & touchscreen support.
★ 45kPython. All Algorithms implemented in Python
★ 223kRust. All Algorithms implemented in Rust
★ 26kapitter-service. An unofficial service to receive data from Twitter (like Twitter-API)
★ 9private-gpt. Complete API layer for private AI applications on local models: RAG, skills, tools, MCP, text-to-sql, and more. Works with any OpenAI-compatible inference server.
★ 57kchatgpt-clone. ChatGPT interface with better UI
★ 3.5kchatgpt-pro. ChatGPT-Pro is an advanced application that combines the power of ChatGPT and DALL.E.
★ 485snscrape. A social networking service scraper in Python
★ 5.4kuBlock. uBlock Origin - An efficient blocker for Chromium and Firefox. Fast and lean.
★ 66kkernel-hardening-checker. A tool for checking the security hardening options of the Linux kernel
★ 2.1kwalkdir. Rust library for walking directories recursively.
★ 1.5kGOESP. Cross-platform streamproof ESP hack for Counter-Strike: Global Offensive, written in modern C++. Rendering and GUI powered by Dear ImGui + FreeType.
★ 440dbeaver. Free universal database tool and SQL client
★ 51kevtx. A Fast (and safe) parser for the Windows XML Event Log (EVTX) format
★ 939byp4xx. 40X/HTTP bypasser in Go. Features: Verb tampering, headers, #bugbountytips, User-Agents, extensions, default credentials...
★ 1.9kCloudFail. Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network
★ 2.7kCloudFlair. 🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.
★ 3kassetfinder. Find domains and subdomains related to a given domain
★ 3.6kSmap. a drop-in replacement for Nmap powered by shodan.io
★ 3.3ksubfinder. Fast passive subdomain enumeration tool.
★ 14kgobuster. Directory/File, DNS and VHost busting tool written in Go
★ 14ktheHarvester. E-mails, subdomains and names Harvester - OSINT
★ 17kdnsx. dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers.
★ 2.8kwaymore. Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan, VirusTotal, GhostArchive & Intelligence X!
★ 2.7kPrintSpoofer. Abusing impersonation privileges through the "Printer Bug"
★ 2.3kBloodHound.py. A Python based ingestor for BloodHound
★ 2.4kPowerShdll. Run PowerShell with rundll32. Bypass software restrictions.
★ 1.8kPhant0m. Windows Event Log Killer
★ 1.8klsassy. Extract credentials from lsass remotely
★ 2.2kRubeus. Trying to tame the three-headed dog.
★ 5.1kResponder. Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
★ 4.9kEmpire. Empire is a PowerShell and Python post-exploitation agent.
★ 7.9knishang. Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
★ 10kSSRFmap. Automatic SSRF fuzzer and exploitation tool
★ 3.6kemba. EMBA - The firmware security analyzer
★ 3.5kwinreg-rs. Rust bindings to MS Windows Registry API
★ 193CSGO-skin-ID-dumper. Dump CSGO skin IDs directly from game files.
★ 91xSkins. External Knife & Skin Changer for CSGO
★ 75durasftp. Durable SFTP with Python
★ 5xLiteMem. Lightweight, C-based memory library for external CSGO process hacking
★ 9keyboard. Hook and simulate global keyboard events on Windows and Linux.
★ 4kcargo-wix. A cargo subcommand to build Windows installers for rust projects using the WiX Toolset
★ 378XSS_Bypass. XSS Bypass
★ 30GitHacker. 🕷️ A `.git` folder exploiting tool that is able to restore the entire Git repository, including stash, common branches and common tags.
★ 1.7knikto. Nikto web server scanner
★ 11ksu-bruteforce. Shell
★ 118git-dumper. A tool to dump a git repository from a website
★ 2.6kgit-scanner. A tool for bug hunting or pentesting for targeting websites that have open .git repositories available in public
★ 383wordlists. Infosec Wordlists and more.
★ 936QRExfil. This tool is a command line utility that allows you to convert any binary file into a QRcode movie. The data can then be reassembled visually allowing exfiltration of data in air gapped systems
★ 279crossterm. Cross platform terminal library rust
★ 4.1kSecLists. SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
★ 72kwho-owns-what. Who owns what in nyc?
★ 210neovim. Vim-fork focused on extensibility and usability
★ 101kkickstart.nvim. A launch point for your personal nvim configuration
★ 31kthc-hydra. hydra
★ 12kphp-reverse-shell. PHP
★ 2.8kCheatSheetSeries. The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
★ 33kmastg. The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWASP Mobile Security Weakness Enumeration (MASWE) weaknesses, which are in alignment with the OWASP MASVS.
★ 13kOpenGpt. Create your own ChatGPT App in seconds.
★ 3.9kGameTracking-CS2. 📥 Game Tracker: Counter-Strike 2
★ 913tesseract. Tesseract Open Source OCR Engine (main repository)
★ 4.5kpytesseract. A Python wrapper for Google Tesseract
★ 6.4kColossalAI. Making large AI models cheaper, faster and more accessible
★ 41ksnipe-it. A free open source IT asset/license management system
★ 14ktokio. A runtime for writing reliable asynchronous applications with Rust. Provides I/O, networking, scheduling, timers, ...
★ 33kcs2-anticheat. Anticheat code found in Counter-Strike 2 binaries.
★ 179local-ip-address. Retrieve system's local IP address and Network Interfaces/Adapters on FreeBSD, Linux, macOS and Windows
★ 144save_skype. 💬 Data forensics and recovery utility for Skype chats and history
★ 12the-art-of-command-line. Master the command line, in one page
★ 162kgitrecon. OSINT tool to get information from a Github and Gitlab profile and find user's email addresses leaked on commits.
★ 322sysinfo. Cross-platform library to fetch system information
★ 2.7kdebugoff. Linux anti-debugging and anti-analysis rust library
★ 336WebGoat. WebGoat is a deliberately insecure application
★ 9.2kSpotifyAdBlock. Protect your privacy by blocking all annoying Spotify ads & analytics in Linux, OSX and Windows with hosts file.
★ 1.5kntfsrecover. NTFS data-recovery program written in Python
★ 132hacker-laws. 🧠 Laws, Theories, Principles and Patterns for developers and technologists.
★ 27kWinPwnage. UAC bypass, Elevate, Persistence methods
★ 2.8kHackBrowserData. Extract and decrypt browser data, supporting multiple data types, runnable on various operating systems (macOS, Windows, Linux).
★ 14kblazedumper. C++
★ 58cargo-deb. Make Debian packages directly from Rust/Cargo projects
★ 572KAAL_BHAIRAV. -x-x-x-x- DO NOT RUN ON PRODUCTION MACHINE -x-x-x-x- An ELF virus capable of generating segment padded trojans.
★ 47iot-malware. Malware source code samples leaked online uploaded to GitHub for those who want to analyze the code
★ 320Linux-Malware-Samples. Linux Malware Sample Archive including various types of malicious ELF binaries and viruses. Be careful!
★ 191okta-sdk-python. Python SDK for Okta Management APIs
★ 268obfstr. Compiletime string literal obfuscation.
★ 607PHP-vulnerability-audit-cheatsheet. This will assist you in the finding of potentially vulnerable PHP code. Each type of grep command is categorized in the type of vulnerabilities you generally find with that function.
★ 361classinformer-ida7. ClassInformer backported for IDA Pro 7.0
★ 354RustScan. 🤖 The Modern Port Scanner 🤖
★ 20kvac3_inhibitor. VAC3 (Valve Anti-Cheat) disabler/inhibitor/bypass
★ 336based. Internal csgo cheat base.
★ 113stk-code. The code base of SuperTuxKart
★ 5.3kchocolate-doom. Chocolate Doom is a Doom source port that is minimalist and historically accurate.
★ 2.4kawesome-malware-analysis. Defund the Police.
★ 14kDEADCELL-CSGO. Full source to the CS:GO cheat
★ 457gptcli. ChatGPT in command line with OpenAI API (gpt-3.5-turbo/gpt-4/gpt-4-32k)
★ 279source-sdk-2013. The 2013 edition of the Source SDK
★ 9.9kObfuscate. Guaranteed compile-time string literal obfuscation header-only library for C++14
★ 1.3kDOOM. DOOM Open Source Release
★ 19khashes. Collection of cryptographic hash functions written in pure Rust
★ 2.2kslowloris. Low bandwidth DoS tool. Slowloris rewrite in Python.
★ 2.8kgamesense_legacy. C
★ 22IpGeo. Python
★ 131ChatGPT. Reverse engineered ChatGPT API
★ 28kagentic. Your API ⇒ Paid MCP. Instantly.
★ 18k