This is your work, valued
Building open-source cyber defense tools. Creator of Rustinel, an EDR in Rust for Windows & Linux. Malware analysis, DFIR, threat hunting & CTI.
rustinel. Open-source cross-platform endpoint detection engine for Windows, macOS, and Linux using ETW, ESF, eBPF, Sigma, YARA, IOCs, and ECS NDJSON alerts.
★ 418kernagent. Headless AI agent for deterministic reverse engineering.
★ 99CTrag. A cyber threat intelligence chatbot that ingested 2200+ reports from vx-underground.
★ 33rustinel-rules. Official, curated detection content (Sigma, YARA, IOC packs) for the Rustinel endpoint detection engine.
★ 17VM-EDU. A VM factory for DFIR & malware analysis.
★ 7awesome_threat_intel_blogs. A curated list of Awesome Threat Intelligence Blogs from the DOGESEC community.
★ 1AiPT. Autonomous cyber offensive operator
★ 1SindriKit. A foundational C library for building operationally credible offensive capabilities
★ 59Hollow. A shellcode loader generator with support for multiple injection techniques, built for red team engagements.
★ 91lacuna-rs. Ported from [LACUNA Chain](https://github.com/MazX0p/LACUNA-Chain) by Mohamed Alzhrani (0xmaz). lacuna-rs is a reusable Rust crate that provides the same primitives as the original C TTP, structured so it can be dropped into any Rust project —
★ 16TABPE. A monthly Windows PE baseline dataset for Cyber security researchers
★ 23nimcrypt. Nim-based encryption tool for obfuscating shellcode and payloads for evading Windows Defender.
★ 15gdid-reversal.
★ 329massgrave.dev. Documentation For Microsoft Activation Scripts (MAS)
★ 1.5kCodexBar. Show usage stats for OpenAI Codex and Claude Code, without having to login.
★ 18kactionlint. :octocat: Static checker for GitHub Actions workflow files
★ 4kCardputer-CSI-Human-Detector. C++
★ 126cargo-deny. ❌ Cargo plugin for linting your dependencies 🦀
★ 2.4ktau. a minimalist agent that teaches you to create coding agents
★ 1.4kGRFICSv3. GRFICSv3 is a FREE and open source OT security lab with realistic networking and a 3D process simulation for training and learning ICS security
★ 188design.md. A format specification for describing a visual identity to coding agents. DESIGN.md gives agents a persistent, structured understanding of a design system.
★ 26kStackSentry. Windows memory scanner for call stack spoofing detection, unbacked shellcode, injected DLLs and in-memory C2 implants.
★ 37uwd. Call Stack Spoofing for Rust
★ 218LACUNA-Chain. Six-layer call-stack spoofing via .pdata lacunae — defeats ETW-Ti, kernel callbacks, CET shadow stack, and return-address validation in a single composite chain.
★ 152clamui. ClamAV Desktop application ( GUI )
★ 249reverse-skill. Reverse Engineering / Authorized Penetration Testing / Security Research Skill Router Pack AI-powered routing + On-demand toolchain bootstrapping + Self-evolving knowledge base Supports Claude Code, Kiro, Cursor, Cline, and other AI coding clients 逆向/渗透/安全技能路由包 - AI 自动路由 + 按需自举工具链 + 自动进化经验库 | 支持 Claude Code / Kiro / Cursor / Cline 等代码 AI 客户端
★ 8.1krestic. Fast, secure, efficient backup program
★ 35kdocumenso. The Open Source DocuSign Alternative.
★ 14kagent-browser. Browser automation CLI for AI agents
★ 38kturso. Turso is an in-process SQL database, compatible with SQLite.
★ 23kOGameX. Open-source OGame redesign clone, powered by the latest PHP Laravel framework
★ 294flue. The sandbox agent framework.
★ 7.2kPake. 🤱🏻 Turn any webpage into a desktop app with one command.
★ 60kpalmier-pro. macOS video editor built for AI
★ 10kauto-re-agent. Autonomous reverse-engineering agent: source-aware reverser/checker loop, objective verifier, 11-signal parity engine, Ghidra backend
★ 974pm-skills. PM Skills Marketplace: 100+ agentic skills, commands, and plugins — from discovery to strategy, execution, launch, and growth.
★ 24kcontainer. A tool for creating and running Linux containers using lightweight virtual machines on a Mac. It is written in Swift, and optimized for Apple silicon.
★ 48kRuView. π RuView turns commodity WiFi signals into real-time spatial intelligence, vital sign monitoring, and presence detection — all without a single pixel of video.
★ 80kESP32-Bit-Pirate. A Hardware Hacking Tool with Web-Based CLI That Speaks Every Protocol
★ 4.3klast30days-skill. AI agent skill that researches any topic across Reddit, X, YouTube, HN, Polymarket, and the web - then synthesizes a grounded summary
★ 52kagent-skills. Production-grade engineering skills for AI coding agents.
★ 77kRoseau. Habbo Hotel emulator for the 2001 "v1" client revision.
★ 24hermes-agent. The agent that grows with you
★ 213kdefending-code-reference-harness. Skills for threat modeling, scanning, triage, patching, plus an autonomous scanning harness you can /customize
★ 6.4krustinel-rules. Official, curated detection content (Sigma, YARA, IOC packs) for the Rustinel endpoint detection engine.
★ 19pi_agent_rust. High-performance AI coding agent CLI written in Rust with zero unsafe code
★ 1.3krustnet. Per-process network monitoring for your terminal with deep packet inspection. Cross-platform, sandboxed.
★ 4.7kHandy. A free, open source, and extensible speech-to-text application that works completely offline.
★ 26kthor-ai-benchmarks. LLM benchmark results for THOR forensic finding triage quality
★ 25awesome-security-hardening. A collection of awesome security hardening guides, tools and other resources
★ 6.5knextest. A next-generation test runner for Rust.
★ 3.1krsigma. A complete Sigma detection engineering toolkit: parser, linter, evaluator, correlation engine, conversion framework, streaming daemon, MCP and LSP servers :crab:
★ 84hermes-webui. Hermes WebUI: The best way to use Hermes Agent from the web or from your phone!
★ 16kbadusb. Flipper Zero badusb payload library
★ 1.9kawesome-flipperzero-withModules. A collection of awesome resources & modules for the Flipper Zero device. Best used with Rogue Master Flipper Zero Custom Firmware.
★ 2kFlipper-Zero-BadUSB. Repository for my flipper zero badUSB payloads. Now almost entirely plug and play.
★ 6.9kunleashed-firmware. Flipper Zero Unleashed Firmware
★ 22kawesome-flipperzero. 🐬 A collection of awesome resources for the Flipper Zero device.
★ 24kProtoPirate. Flipper Zero Protocol Pirate
★ 600flipperzero-rs. Rust on the Flipper Zero
★ 683cersei. The Rust SDK for building coding agents. Tool execution, LLM streaming, graph memory, sub-agent orchestration, MCP — as composable library functions.
★ 401OpenSpec. Spec-driven development (SDD) for AI coding assistants.
★ 60khyperion-disassembler. Native multi-arch disassembler & decompiler - PE/ELF/Mach-O, x86/x64/ARM64, Lua scripting, RTTI recovery
★ 199audit. An 8-stage vulnerability-discovery agent.
★ 710dust. A more intuitive version of du in rust
★ 12kghostty. 👻 Ghostty is a fast, feature-rich, and cross-platform terminal emulator that uses platform-native UI and GPU acceleration.
★ 58kheadless_re_tools_for_llms. Python
★ 10floci. Light, fluffy, and always free - The AWS Local Emulator alternative
★ 16kpi-extensions. Extensions for the pi coding agent
★ 5deepclaude. Use Claude Code's autonomous agent loop with DeepSeek V4 Pro, OpenRouter, or any Anthropic-compatible backend. Same UX, 17x cheaper.
★ 2.2kpyre. Ghidra decompiler in your browser
★ 118supacode. worktree coding agents command center.
★ 2.1kironcurtain. A secure* runtime for autonomous AI agents. Policy from plain-English constitutions. (*https://ironcurtain.dev)
★ 553marketingskills. Marketing skills for Claude Code and AI agents. CRO, copywriting, SEO, analytics, and growth engineering.
★ 38kgo-trafilatura. go-trafilatura is a Go port of the trafilatura Python library.
★ 146rs-trafilatura. Fast, accurate web content extraction in Rust. ML page-type classification, per-type extraction, confidence scoring. F1=0.966 on ScrapingHub (#1), F1=0.859 across 2,008 annotated pages (1,497 development + 511 held-out test
★ 41deepsec. Deepsec is a security harness for finding vulnerabilities in your codebase powered by coding agents
★ 5.2kPageIndex. 📑 PageIndex: Document Index for Vectorless, Reasoning-based RAG
★ 34kcmux. Open source Ghostty-based macOS terminal with vertical tabs and notifications for AI coding agents. Built for multitasking, organization, and programmability.
★ 24kqmd. mini cli search engine for your docs, knowledge bases, meeting notes, whatever. Tracking current sota approaches while being all local
★ 28kartemis. A cross platform forensic parser written in Rust!
★ 114pi-mcp-adapter. Token-efficient MCP adapter for Pi coding agent
★ 983pi-skills. Skills for pi coding agent (compatible with Claude Code and Codex CLI)
★ 2.2kobscura. The headless browser for AI agents and web scraping
★ 19krbinmcp. Rogue Binary Model Context Protocol (MCP): a Docker-packaged binary analysis lab for AI agents. It supports reverse engineering, malware triage, and artifact comparison with compact tool responses that start cheap and move into heavier evidence on demand.
★ 23little-coder. A harness optimized to smaller LLMs
★ 1.7kx64dbg-automate. ZMQ and Messagepack Powered Remote Automation Plugin for x64dbg
★ 160pi. AI agent toolkit: unified LLM API, agent loop, TUI, coding agent CLI
★ 70kCubeSandbox. Instant, Concurrent, Secure & Lightweight Sandbox for AI Agents.
★ 9.7kopen-vibe-island. The open-source alternative to vibe-island, designed for heavy code agent users, supporting cc/codex/opencode, terminal/ghostty/cmux/kaku/iterm. 开源的vibe-island替代品,为重度code agent用户设计,支持cc/codex/opencode, terminal/ghostty/cmux/kaku/iterm
★ 1.6kjTrans. Official code of jTrans: Jump-Aware Transformer for Binary Code Similarity Detection
★ 194raptor. Raptor turns Claude Code into a general-purpose AI offensive/defensive security agent. By using Claude.md and creating rules, sub-agents, and skills, and orchestrating security tool usage, we configure the agent for adversarial thinking, and perform research or attack/defense operations.
★ 3.3kandrej-karpathy-skills. A single CLAUDE.md file to improve Claude Code behavior, derived from Andrej Karpathy's observations on LLM coding pitfalls.
★ 191kopendataloader-pdf. PDF Parser for AI-ready data. Automate PDF accessibility. Open-source.
★ 27kcareer-ops. Open-source AI job search: scan job portals, score listings A-F, tailor your CV, track applications — runs locally in your AI coding CLI (Claude Code, Gemini, Codex, OpenCode…)
★ 60kcti-expert. CTI Expert — Cyber Threat Intelligence & OSINT analysis skill for Claude Code. 67+ commands, 35 techniques, no API keys required.
★ 247openscreen. Create stunning demos for free. Open-source, no subscriptions, no watermarks, and free for commercial use. An alternative to Screen Studio.
★ 39kwindbg-mcp. An MCP (Model Context Protocol) server that turns all pybag Windows debugger functions into native MCP tools. It lets MCP-compatible clients (Claude Desktop, Claude Code, Cowork, OpenAI Codex CLI, Cursor, and custom agents) control user-mode processes, kernel sessions, and crash dump analysis via structured JSON calls.
★ 84flare-learning-hub. Free educational content on reverse engineering and malware analysis from the FLARE team
★ 1.4kespup. Tool for installing and maintaining Espressif Rust ecosystem.
★ 433awesome-esp-rust. Curated list of resources for ESP32 development in the Rust programming language
★ 1.6kdatagouv-mcp. Official data.gouv.fr Model Context Protocol (MCP) server that allows AI chatbots to search, explore, and analyze datasets from the French national Open Data platform, directly through conversation.
★ 1.6kvibe-security-radar. Python
★ 99vigil. Vigil - an ever improving 100% OpenSource AI system for security
★ 208notify-cyber. A cybersecurity news aggregator that curates the latest cybersecurity news from various sources all on one platform and got +17K visitors during its operation
★ 7betterleaks. Scan the world (for secrets)
★ 1.4kAnthropic-Cybersecurity-Skills. 817 structured cybersecurity skills for AI agents · Mapped to 6 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND, NIST AI RMF & MITRE F3 (Fight Fraud) · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platforms · 29 security domains · Apache 2.0
★ 25kMarketing-for-Founders. Practical marketing resources to get the first 10 / 100 / 1000 users for your SaaS / App / Startup
★ 6.5kkong. The world's first agentic reverse engineer.
★ 1kgstack. Use Garry Tan's exact Claude Code setup: 23 opinionated tools that serve as CEO, Designer, Eng Manager, Release Manager, Doc Engineer, and QA
★ 121komlx. LLM inference server with continuous batching & SSD caching for Apple Silicon — managed from the macOS menu bar
★ 18kTauRPC. Typesafe IPC layer for Tauri applications
★ 328pino. 🌲 super fast, all natural json logger
★ 18kIronPE. IronPE is a Windows PE manual loader written in Rust for both x86 and x64 PE files.
★ 122autoresearch. AI agents running research on single-GPU nanochat training automatically
★ 91kdirplayer-rs. A web-compatible Shockwave Player emulator written in Rust
★ 384vulhunt. Vulnerability detection framework by Binarly's REsearch team
★ 850vibe-re. A collection of vibe reverse engineered binaries and malware (for educational purposes only)
★ 104intelligence. Malware, tooling, logs, IOCs and intelligence
★ 57llmfit. Hundreds of models & providers. One command to find what runs on your hardware.
★ 29kTTPRunner. Run TTPs, with AI!
★ 139pentagi. Fully autonomous AI Agents system capable of performing complex penetration testing tasks
★ 20kzeroclaw. Fast, small, and fully autonomous AI personal assistant infrastructure, any OS, any platform — deploy anywhere, swap anything 🦀
★ 32kdoggo. :dog: Command-line DNS Client for Humans. Written in Golang
★ 4.4kcaddy. Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS
★ 74kconfigextractor-py. Python Library for ConfigExtractor
★ 16openclaw. Your own personal AI assistant. Any OS. Any Platform. The lobster way. 🦞
★ 383kfiber. ⚡️ Express inspired web framework written in Go
★ 40kida-domain. IDA Domain API - Python interface for IDA Pro reverse engineering platform
★ 280ty. An extremely fast Python type checker and language server, written in Rust.
★ 19ksops. Simple and flexible tool for managing secrets
★ 22korval. orval is able to generate client with appropriate type-signatures (TypeScript) from any valid OpenAPI v3 or Swagger v2 specification, either in yaml or json formats. 🍺
★ 6.2kBinaryAudit. An open-source benchmark for evaluating AI agents' ability to find backdoors hidden in compiled binaries.
★ 93seaweedfs. SeaweedFS is a distributed storage system for object storage (S3), file systems, and Iceberg tables, designed to handle billions of files with O(1) disk access and effortless horizontal scaling.
★ 33krustfs. 🚀2.3x faster than MinIO for 4KB object payloads. RustFS is an open-source, S3-compatible high-performance object storage system supporting migration and coexistence with other S3-compatible platforms such as MinIO and Ceph.
★ 30kwud. Keep your containers up-to-date!
★ 3.7kdetection-engineering-skill. Meta-skill that orchestrates VirusTotal, yarGen, and YARA expertise into automated detection engineering pipelines
★ 9claude-code-teams-mcp. use claude code's agent teams orchestraction with any harness
★ 275shannon. Shannon is an autonomous, white-box AI pentester for web applications and APIs. It analyzes your source code, identifies attack vectors, and executes real exploits to prove vulnerabilities before they reach production.
★ 46kSecurity-Detections-MCP. MCP to help Defenders Detection Engineer Harder and Smarter
★ 459zgrab2. Fast Application Layer Scanner
★ 2.1kecs. Python
★ 1.1kghidra-mcp. Ghidra MCP Server — 200+ MCP tools for AI-powered reverse engineering. GUI plugin + headless server, lazy tool loading, convention enforcement, batch operations, Ghidra Server integration, and Docker deployment.
★ 2.8kgoblin. An impish, cross-platform binary parsing crate, written in Rust
★ 1.5krustinel. Open-source cross-platform endpoint detection engine for Windows, macOS, and Linux using ETW, ESF, eBPF, Sigma, YARA, IOCs, and ECS NDJSON alerts.
★ 419ThreatIntelligenceConsumer. Demonstrates consuming from a SecurityTrace ETW session by consuming from the Threat-Intelligence ETW provider without a driver or PPL privilege
★ 80msg-extractor. Extracts emails and attachments saved in Microsoft Outlook's .msg files
★ 847taskiq. Distributed task queue with full async support
★ 2.2kkarton-playground. Python
★ 22granian. A Rust HTTP server for Python applications
★ 5.5kRobyn. Robyn is a Super Fast Async Python Web Framework with a Rust runtime.
★ 7.3kopenresponses-python. Python SDK for OpenResponses Spec
★ 11openresponses. TypeScript
★ 1.1kDamn_Vulnerable_Kernel_Module. Damn Vulenerable Kernel Module for kernel fuzzing
★ 68Damn_Vulnerable_C_Program. An example C program which contains vulnerable code for common types of vulnerabilities. It can be used to show fuzzing concepts.
★ 723zensical. A modern static site generator by the Material for MkDocs team
★ 5.2khappy. Mobile and Web client for Codex and Claude Code, with realtime voice, encryption and fully featured
★ 23k2Pack. Rust Based PE & Shellcode Packer
★ 41AV-EDR-Killer. AV/EDR processes termination by exploiting a vulnerable driver (BYOVD)
★ 290Rustic64. 64-bit, position-independent implant template for Windows in Rust.
★ 187rustatio. Modern BitTorrent Ratio Faker
★ 270yarGen-dbs. Databases used in yarGen
★ 1yarGen-Go. A YARA rule generator
★ 77santa. A binary and file access authorization system for macOS.
★ 688santamon. Lightweight macOS detection agent built on Santa’s Endpoint Security telemetry.
★ 112BMAD-METHOD. Breakthrough Method for Agile Ai Driven Development
★ 50kclaude-plugins-official. Official, Anthropic-managed directory of high quality Claude Code Plugins.
★ 32kStirrup. The lightweight framework for building agents
★ 494MemProcFS-DockerTimeline. PowerShell
★ 1iced. Blazing fast and correct x86/x64 disassembler, assembler, decoder, encoder for Rust, .NET, Java, Python, Lua
★ 3.5kawesome-dfir-skills. A curated collection of DFIR skills and workflows for InfoSec practitioners.
★ 320die-in-browser. Static binary analysis with Detect It Easy — 100% in your browser, no uploads.
★ 62vibe-kanban. Get 10X more out of Claude Code, Codex or any coding agent
★ 27kthe-art-of-pivoting. The Art of Pivoting - Techniques for Intelligence Analysts to Discover New Relationships in a Complex World
★ 186The-CTI-Research-Guide. A repository to help CTI teams tackle the challenges around collection and research by providing guidance from experienced practitioners
★ 121phnt. Native API header files for the System Informer project.
★ 1.4karangodb. 🥑 ArangoDB is a native multi-model database with flexible data models for documents, graphs, and key-values. Build high performance applications using a convenient SQL-like query language or JavaScript extensions.
★ 14kangr. A powerful and user-friendly binary analysis platform!
★ 8.9klazygit. simple terminal UI for git commands
★ 80kIncident-Response-Powershell. PowerShell Digital Forensics & Incident Response Scripts.
★ 801IoCs. Sophos-originated indicators-of-compromise from published reports
★ 666msdocsviewer. msdocsviewer is a simple tool that parses Microsoft's win32 API and driver documentation to be used within IDA.
★ 161agentic-threat-hunting-framework. ATHF is a framework for agentic threat hunting - building systems that can remember, learn, and act with increasing autonomy.
★ 324hey-api. 👨🚀 Turn API specifications into production-ready SDKs, validators, mocks, and more. 20+ plugins. Millions of weekly npm downloads. Used by Vercel, OpenCode, PayPal, AWS, Autodesk, and many more.
★ 5.1kvhs. Your CLI home video recorder 📼
★ 20kRansomware-Tool-Matrix. A resource containing all the tools each ransomware gangs uses
★ 1.4kEventLog-Baseline-Guide. Windows Event Log Audit Configuration Baselines and Guidelines. Automated monitoring of audit policy settings across different security frameworks.
★ 11lm-council. LLMs sitting on a council together to decide, by consensus, who among them is the best.
★ 314spec-kit. 💫 Toolkit to help you get started with Spec-Driven Development
★ 120kLifeOS. An General Purpose AI Harness for magnifying human capabilities. [CODING, BUILDING, CREATING, BUSINESS, LIFE, WORK, ...]
★ 17kagentic-context-engine. 🧠 Make your agents learn from experience. Now available as a hosted solution at kayba.ai
★ 2.5kwinbindex. An index of Windows binaries, including download links for executables such as exe, dll and sys files
★ 849anyrun-sdk. Simplify integration with ANY.RUN REST API services
★ 14YAMAGoya. Yet Another Memory Analyzer for malware detection and Guarding Operations with YARA and SIGMA
★ 85trivy. Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
★ 37kSysWhispers3. SysWhispers on Steroids - AV/EDR evasion via direct system calls.
★ 1.6kopencti_mcp_server. Natural language interface to OpenCTI threat intelligence. Built with Claude Code for $22. Part of Cooper Cyber Coffee.
★ 29pyghidra-mcp. Python Command-Line Ghidra MCP
★ 379apk-info. APK full-featured parser
★ 132Flare-On-Challenges. This repository aims to compile all Flare-On challenge binaries and write-ups. Update: 2014 -2024.
★ 382jetson-inference. Hello AI World guide to deploying deep-learning inference networks and deep vision primitives with TensorRT and NVIDIA Jetson.
★ 8.9kjetson-containers. Machine Learning Containers for NVIDIA Jetson and JetPack-L4T
★ 4.8kjetson-image. 💾 Create minimalist, Ubuntu based images for the Nvidia jetson boards
★ 574autoit-extractor. AutoIt Extractor transferred to GitHub
★ 64textual. The lean application framework for Python. Build sophisticated user interfaces with a simple Python API. Run your apps in the terminal and a web browser.
★ 37ksigmazero. Evaluate Sigma rules in Pure Rust !
★ 3kernagent. Headless AI agent for deterministic reverse engineering.
★ 100