This is your work, valued
Grepping the internet, one line at a time
Awesome-Bugbounty-Writeups. A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference
★ 6kParamSpider. Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing
★ 3.1kFavFreak. Making Favicon.ico based Recon Great again !
★ 1.3kOpenRedireX. A fuzzer for detecting open redirect vulnerabilities
★ 792Vulnerabilities-Unmasked. This repo tries to explain complex security vulnerabilities in simple terms that even a five-year-old can understand!
★ 371headerpwn. A fuzzer for finding anomalies and analyzing how servers respond to different HTTP headers
★ 356rayder. A lightweight tool for orchestrating and organizing your bug hunting recon / pentesting command-line workflows
★ 304Everything-About-DNS. DNS Explained : This repo aims to explain the basics of DNS at different levels of complexity for readers with various technical backgrounds.
★ 303Gorecon. Gorecon is a All in one Reconnaissance Tool , a.k.a swiss knife for Reconnaissance , A tool that every pentester/bughunter might wanna consider into their arsenal
★ 285ArchiveFuzz. Hunt down the secrets from the WebArchives for Fun and Profit
★ 163CertEagle. Weaponizing Live CT logs for automated monitoring of assets
★ 135DNSleuth. DNSleuth sniffs DNS packets, i.e, allowing you to spy on the DNS queries your machine is making
★ 103Solidity-Gas-Optimization-Tips. Solidity Gas Optimization Tips
★ 89revit. A command-line utility for performing reverse DNS lookups
★ 71awesome-bughunting-oneliners. A list of Awesome Bughunting oneliners , collected from the various sources
★ 70heaptruffle. Mine URLs from Browser's Heap Snapshot for fun and profit
★ 65rayder-workflows. Repo for hosting rayder workflows
★ 63ip2cloud. Check IP addresses against known cloud provider IP address ranges
★ 48realm. A utility for recursively traversing SSL/TLS certificates for collecting DNS names
★ 47revwhoix. A simple utility to perform reverse WHOIS lookups using whoisxml API
★ 47dnsaudit. A command-line utility for auditing DNS configuration using Zonemaster API
★ 32Quaithe. Quaithe empowers you to execute multiple commands in parallel for blazing-fast performance.
★ 28autoreport. autoreport generates bug report templates for security researchers
★ 21ip2asn. A utility to quickly map IP addresses to their respective ASN
★ 20getresolvers. A simple utility to fetch freshly updated DNS resolvers
★ 19getsan. A utility to fetch and display dns names from the SSL/TLS cert data
★ 15Watson. Watson is a utility for note management and search from your terminal
★ 11gloss. ✨ making markdown rendering great again
★ 7devanshbatham.
★ 2planka. PLANKA is the kanban-style project mastering tool for everyone.
★ 1ssx. A lightweight SSH manager that lets you ssh by name and transfer files without typing IPs. Combines ssh, ssh-keygen, scp
★ 1open-claude-in-chrome. Claude in Chrome, reverse-engineered and open-source. No domain blocklist. Any Chromium browser. Same 18 MCP tools, same performance.
★ 151microcloud. Automated private cloud based on LXD, Ceph and OVN
★ 511honggfuzz. Security oriented software fuzzer. Supports evolutionary, feedback-driven fuzzing based on code coverage (SW and HW based)
★ 3.4kiptv. Collection of publicly available IPTV channels from all over the world
★ 132kautoresearch. Autonomous experiment loop extension for Claude, Codex
★ 32browser. Lightpanda: the headless browser designed for AI and automation
★ 32kIPTV. M3U Playlist for free TV channels
★ 19ksignals. Manage state with style in every framework
★ 4.5knovaVM. fastest and secure Hypervisor
★ 10LLMs-from-scratch. Implement a ChatGPT-like LLM in PyTorch from scratch, step by step
★ 99kECC. The agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Cursor and beyond.
★ 228kblack. The uncompromising Python code formatter
★ 42kbbscope. Scope aggregation tool for HackerOne, Bugcrowd, Intigriti, YesWeHack, and Immunefi!
★ 1.4kopenfang. Open-source Agent Operating System
★ 18koh-my-openagent. omo/lazycodex: The coding agent for tokenmaxxers;the one and only agent harness for complex codebases. For your Codex, for your OpenCode
★ 65kmission-control. Self-hosted AI agent orchestration platform: dispatch tasks, run multi-agent workflows, monitor spend, and govern operations from one mission control dashboard.
★ 5.7kbetter-hub. Re-imagining code collaboration for humans and agents
★ 1.2kbetter-auth. The most comprehensive authentication framework
★ 29kdomain-list-community. Community managed domain list. Generate geosite.dat for V2Ray.
★ 9.1kcoolify. An open-source, self-hostable PaaS alternative to Vercel, Heroku & Netlify that lets you easily deploy static sites, databases, full-stack applications and 280+ one-click services on your own servers.
★ 58kdokploy. Open Source Alternative to Vercel, Netlify and Heroku.
★ 36knixopus. Run production apps without thinking about infrastructure. On your server or ours. Fully agentic.
★ 1.5kepicenter. Open-source, local-first apps.
★ 4.7kgopacket. Provides packet processing capabilities for Go
★ 6.8kBrowser-Security-Research. Resources for Browser Security Research
★ 60zod. TypeScript-first schema validation with static type inference
★ 43kkntrl. kntrl is an eBPF based runtime agent that monitors and prevents anomalous behaviour defined by you on your pipeline. kntrl achieves this by monitoring kernel calls, and denying access as soon as your defined behaviour is detected. For more: https://kntrl.dev
★ 131hextra. 🔯 Modern, batteries-included Hugo theme for creating beautiful doc, blog and static websites
★ 2.3kAndroid-Security-Exploits-YouTube-Curriculum. 🔓A Curated List Of Modern Android Exploitation Conference Talks
★ 782lipgloss. Style definitions for nice terminal layouts 👄
★ 12kgum. A tool for glamorous shell scripts 🎀
★ 24kCap. Open source Loom alternative. Beautiful, shareable screen recordings.
★ 20kfastmcp. 🚀 The fast, Pythonic way to build MCP servers and clients.
★ 26kadk-python. An open-source, code-first Python toolkit for building, evaluating, and deploying sophisticated AI agents with flexibility and control.
★ 21kcline. Autonomous coding agent as an SDK, IDE extension, or CLI assistant.
★ 65kyOS. A simple personal website stack
★ 16HITCON-Training-writeup. Learn binary exploitation from angelboy's hitcon-training
★ 38MyBooks-1. my books
★ 57jekyll-theme-chirpy. A minimal, responsive, and feature-rich Jekyll theme for technical writing.
★ 10kcomrak. CommonMark + GFM compatible Markdown parser and renderer
★ 1.6khugo-theme-til. A Hugo theme focused on simplicity and readability, and content discovery.
★ 156broken-dns. Go
★ 21Pentest-Cheatsheets. Python
★ 1.2ksiyuan. A privacy-first, self-hosted, fully open source personal knowledge management software, written in typescript and golang.
★ 45kbbot. The recursive internet scanner for hackers. 🧡
★ 10kjekyll-klise. :beach_umbrella: Klisé is a minimalist Jekyll theme for running a personal site or blog, light & dark mode support. (https://klise.vercel.app)
★ 1.1kacademic_website. SCSS
★ 6sidey. Sidey is a simple and minimalistic jekyll blogging theme.
★ 597cheat-sheets. A list of cheat sheets for application security
★ 519github-actions-goat. GitHub Actions Goat: Deliberately Vulnerable GitHub Actions CI/CD Environment
★ 509gato-x. GitHub Attack Toolkit - Extreme Edition - A static analysis and exploit toolkit for GitHub Actions.
★ 560scorecard. OpenSSF Scorecard - Security health metrics for Open Source
★ 5.6kImHex. 🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.
★ 54kethernaut-foundry. Solutions and Walkthrough for Openzeppelin's Ethernaut CTF written in Solidity with the help of Foundry
★ 52GitHacker. 🕷️ A `.git` folder exploiting tool that is able to restore the entire Git repository, including stash, common branches and common tags.
★ 1.7kscrabble. Simple tool to recover .git folder from remote server
★ 462Information_Security_Books. 信息安全方面的书籍
★ 2.7kFlask-Unsign. Command line tool to fetch, decode, brute-force and craft session cookies of a Flask application by guessing secret keys.
★ 654manim. Animation engine for explanatory math videos
★ 88kSuperPrompt. SuperPrompt is an attempt to engineer prompts that might help us understand AI agents.
★ 6.4kfull-stack-fastapi-template. Full stack, modern web application template. Using FastAPI, React, SQLModel, PostgreSQL, Docker, GitHub Actions, automatic HTTPS and more.
★ 44kfasten. Analyse package dependency networks at the call graph level
★ 99quartz. 🌱 a fast, batteries-included static-site generator that transforms Markdown content into fully functional websites
★ 13knovel. Notion-style WYSIWYG editor with AI-powered autocompletion.
★ 16kdrizzle-orm. ORM
★ 35kfromthetensor. From the Tensor to Stable Diffusion, a rough outline for a 10 week course.
★ 1.1kIosevka. Versatile typeface for code, from code.
★ 22kblessed. Blessed is an easy, practical library for making python terminal apps
★ 1.5kreth. Modular, contributor-friendly and blazing-fast implementation of the Ethereum protocol, in Rust
★ 5.7kwerdlists. :keyboard: Wordlists, Dictionaries and Other Data Sets for Writing Software Security Test Cases
★ 364open-webui. User-friendly AI Interface (Supports Ollama, OpenAI API, ...)
★ 145ksandbox. Code editing environment with an AI copilot and real-time collaboration
★ 1.4ksupermemory. Memory and context engine + app that is extremely fast, scalable, and can be run fully locally. The Memory API for the AI era.
★ 28kalgopy. Python
★ 10ollama. Get up and running with Kimi-K2.6, GLM-5.1, MiniMax, DeepSeek, gpt-oss, Qwen, Gemma and other models.
★ 176kReplayMarketData. Replay Market Data
★ 28textual. The lean application framework for Python. Build sophisticated user interfaces with a simple Python API. Run your apps in the terminal and a web browser.
★ 37kpytermgui. Python TUI framework with mouse support, modular widget system, customizable and rapid terminal markup language and more!
★ 2.7kopenpilot. openpilot is an operating system for robotics. Currently, it upgrades the driver assistance system on 300+ supported cars.
★ 63kuv. An extremely fast Python package and project manager, written in Rust.
★ 87krye. a Hassle-Free Python Experience
★ 14kinav. INAV: Navigation-enabled flight control software
★ 4.1kinference. Turn any computer or edge device into a command center for your computer vision projects.
★ 2.4kdRehmFlight. Teensy/Arduino flight controller and stabilization for small-scale VTOL vehicles
★ 1.4kUTM. Virtual machines for iOS and macOS
★ 35kapk.sh. Makes reverse engineering Android apps easier, automating repetitive tasks like pulling, decoding, rebuilding and patching an APK.
★ 3.8kcanvas-lms. The open LMS by Instructure, Inc.
★ 6.7kodoo. Odoo. Open Source Apps To Grow Your Business.
★ 53kMMSF. Massive Mobile Security Framework
★ 305tracker-radar. Data set of top third party web domains with rich metadata about them
★ 1.7ktypesense. Open Source alternative to Algolia + Pinecone and an Easier-to-Use alternative to ElasticSearch ⚡ 🔍 ✨ Fast, typo tolerant, in-memory fuzzy Search Engine for building delightful search experiences
★ 26kopeninterpreter. A lightweight coding agent for open models like Deepseek, Kimi, and Qwen
★ 64kTiny-XSS-Payloads. A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me
★ 2.4khyperscan. High-performance regular expression matching library
★ 5.4kquivr. Opiniated RAG for integrating GenAI in your apps 🧠 Focus on your product rather than the RAG. Easy integration in existing products with customisation! Any LLM: GPT4, Groq, Llama. Any Vectorstore: PGVector, Faiss. Any Files. Anyway you want.
★ 39kLibAFL. Advanced Fuzzing Library - Slot your Fuzzer together in Rust! Scales across cores and machines. For Windows, Android, MacOS, Linux, no_std, ...
★ 2.6kfinancial-machine-learning. A curated list of practical financial machine learning tools and applications.
★ 8.7kAllForOne. AllForOne allows bug bounty hunters and security researchers to collect all Nuclei YAML templates from various public repositories,
★ 737allxfr. AXFR all the things!
★ 30fuzzing. Tutorials, examples, discussions, research proposals, and other resources related to fuzzing
★ 3.8kshell-ai. LangChain powered shell command generator and runner CLI
★ 1.2kentro.py. Search files for high entropy strings.
★ 25FingerprintHub. 侦查守卫(ObserverWard)的指纹库
★ 1.4kpublic-cloud-provider-ip-ranges. Unified datasets for public cloud provider IP ranges. Providers include AWS, Azure, CloudFlare, DigitalOcean, Fastly, Google Cloud and Oracle Cloud.
★ 108zone-nameservers. Walk the DNS tree to find which nameservers a particular zone (or "domain") uses. Mimics "dig +trace", but in Go.
★ 29viewvc. ViewVC is a browser interface for CVS and Subversion version control repositories.
★ 353armory. A one-stop shop for blockchain security researchers looking for educational material and alpha to level-up and get an edge on competition. This is not your standard roadmap, top 10 vulnerabilities, or find-the-bug content. This is for the real researchooors.
★ 405solidity-notes.
★ 593ccxt. A cryptocurrency trading API with more than 100 exchanges in JavaScript / TypeScript / Python / C# / PHP / Go / Java
★ 43ktheauditorbook. The Auditor Book
★ 233exploitnotes. A security research site.
★ 807developer. the first library to let you embed a developer agent in your own app!
★ 12kawesome-quant. A curated list of insanely awesome libraries, packages and resources for Quants (Quantitative Finance)
★ 28kawesome-algorithmic-trading. A curated list of awesome algorithmic trading frameworks, libraries, software and resources
★ 988quantstats. Portfolio analytics for quants, written in Python
★ 7.4kcan-i-take-over-dns. "Can I take over DNS?" — a list of DNS providers and how to claim vulnerable domains.
★ 1.1kQuantLib. The QuantLib C++ library
★ 7.3klearn-evm-attacks. 🚀 Try the Learn EVM Explorer we just launched!!!
★ 1.8kAwesome-Android-Reverse-Engineering. A curated list of awesome Android Reverse Engineering training, resources, and tools.
★ 2.5krootAVD. Script to root AVDs running with QEMU Emulator from Android Studio
★ 1.8kSolidity-Security-Compendium. A mission to breakout every single solidity vuln I come across and categorize it
★ 227Web3Bugs. Demystifying Exploitable Bugs in Smart Contracts
★ 1.8kbearer. Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
★ 2.7ktornado-cats. A book for learning zero-knowledge applications and decentralized mixing by creating a simple mixer protocol based on Tornado Cash
★ 288pacu. The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
★ 5.3kact. Run your GitHub Actions locally 🚀
★ 71kYouPlot. A command line tool that draw plots on the terminal.
★ 4.8kcookiemonster. 🍪 CookieMonster helps you detect and abuse vulnerable implementations of stateless sessions.
★ 978On-Chain-Investigations-Tools-List. Here we discuss how one can investigate crypto hacks and security incidents, and collect all the possible tools and manuals! PRs are welcome! If any tool is missing - please open PR!
★ 1.9kpuredns. Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.
★ 2.2ktest_github_action.
★ 2raccoon. Salesforce object access auditor
★ 118malicious-pdf. 💀 Generate malicious PDF test files for testing phone-home callbacks, SSRF, XSS, NTLM credential theft, and data exfiltration in PDF viewers, converters, and web applications. Can be used with Burp Collaborator or Interact.sh
★ 4.1kgame-hacking. Tutorials, tools, and more as related to reverse engineering video games.
★ 5.5kDependency-Confusion. All About Dependency Confusion Attack, (Detecting, Finding, Mitigating)
★ 304GAP-Burp-Extension. Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist
★ 1.5kinventory. Asset inventory of over 800 public bug bounty programs.
★ 1.6kferoxbuster. A fast, simple, recursive content discovery tool written in Rust.
★ 7.9kDependency-Confusion-RCE-POC. Shell
★ 10nginxpwner. Nginxpwner is a simple tool to look for common Nginx misconfigurations and vulnerabilities.
★ 1.6kSonarSearch. A rapid API for the Project Sonar dataset
★ 656pdtm. ProjectDiscovery's Open Source Tool Manager
★ 1.1kgplaydl. Command Line Google Play APK downloader. Download APK files to your PC directly from Google Play Store.
★ 580apk-downloader. A package that helps users to directly download an APK from Google Play by providing the package id of the app.
★ 50zdns. Fast DNS Lookup Library and CLI Tool
★ 1.1kchaosDump. A powerful and clean bash script to dump and extract information from Project Discovery's Chaos Project https://chaos.projectdiscovery.io.
★ 25SmartContracts-audit-checklist. A checklist of things to look for when auditing Solidity smart contracts.
★ 797elpscrk. An Intelligent wordlist generator based on user profiling, permutations, and statistics. (Named after the same tool in Mr.Robot series S01E01)
★ 944ipranges. 🔨 List all IP ranges from: Google (Cloud & GoogleBot), Bing (Bingbot), Amazon (AWS), Microsoft, Oracle (Cloud), GitHub, Facebook (Meta), OpenAI (GPTBot) and other with daily updates.
★ 1.1kcloud_ip_ranges. Identify IP addresses owned by public cloud providers
★ 125match-replace-burp. Useful "Match and Replace" burpsuite rules
★ 373cent. Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place
★ 1kxray. 一款长亭自研的完善的安全评估工具,支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档
★ 12kCVE-2022-36537. POC of CVE-2022-36537
★ 36deepdarkCTI. Collection of Cyber Threat Intelligence sources from the deep and dark web
★ 7kosv-scanner. Vulnerability scanner written in Go which uses the data provided by https://osv.dev
★ 11kmitmproxy2swagger. Automagically reverse-engineer REST APIs via capturing traffic
★ 9.5ksmart-contract-auditing-heuristics. Heuristics for smart contract auditors
★ 614awesome-MEV-resources. Get up to speed on Maximum Extractable Value
★ 1.2krecollapse. REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications
★ 1.4kdispatch-docker. Shell
★ 214dispatch. All of the ad-hoc things you're doing to manage incidents today, done for you, and much more!
★ 6.5ktlsx. Fast and configurable TLS grabber focused on TLS based data collection.
★ 1.1kTLDR-2. TLDR 2 (TLD Records 2) is a continually updated DNS archive of zone transfer attempts against all existing TLD nameservers as well as the root servers.
★ 78stable-diffusion-studio. An animation focused workflow frontend for Stable Diffusion
★ 475socialhunter. crawls the website and finds broken social media links that can be hijacked
★ 774dnstrace. DNS resolution tracing tool
★ 286awesome-buggy-erc20-tokens. A Collection of Vulnerabilities in ERC20 Smart Contracts With Tokens Affected
★ 629plagiarism-basic. Offline quick-and-dirty text plagiarism checker written in Rust
★ 22massdns. A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)
★ 3.6kresolvers. List of periodically validated public DNS resolvers
★ 236czds. golang API and tools to interact with czds.icann.org
★ 82dnsReaper. dnsReaper - subdomain takeover tool for attackers, bug bounty hunters and the blue team!
★ 2.2kcloudstream. Android app for streaming and downloading media.
★ 10kcheckthechain. ctc is a tool for collecting and analyzing historical data of Ethereum and other EVM chains
★ 840fuzz.txt. Potentially dangerous files
★ 3.3kquant-trading. Python quantitative trading strategies including VIX Calculator, Pattern Recognition, Commodity Trading Advisor, Monte Carlo, Options Straddle, Shooting Star, London Breakout, Heikin-Ashi, Pair Trading, RSI, Bollinger Bands, Parabolic SAR, Dual Thrust, Awesome, MACD
★ 10kAwesome-MEV. A list of MEV resources with a focus on past research papers/talks.
★ 629EIPs. The Ethereum Improvement Proposal repository
★ 14kchaos-hunt. Bash Script to Hunt all the targets/Subdomains from Chaos by Project Discovery Team
★ 36secureum-mind_map. Central Repository for the Epoch 0 coursework and quizzes. Contains all the content, cross-referenced and linked.
★ 1.9kstable-diffusion.
★ 428pysheeet. Python Cheat Sheet
★ 8.1ksolidity-shell. An interactive Solidity Shell
★ 541sol2uml. Solidity contract visualisation tool
★ 1.3klil-web3. Simple, intentionally-limited versions of web3 protocols & apps.
★ 1.2kgitfiti. abusing github commit history for the lulz
★ 8.4kAuditorsRoadmap.
★ 757pro-bono-spot-checks. Chaotic good security research
★ 19simple-security-toolkit. A collection of practical security-focused guides and checklists for smart contract development
★ 1.2kBITB-framwork. Hack
★ 295solidity-patterns. A compilation of patterns and best practices for the smart contract programming language Solidity
★ 3.3kc4-common-issues. A collection of common security issues and possible gas optimizations in solidity smart contracts
★ 153prb-math. Solidity library for advanced fixed-point math
★ 1kethereum-developer-tools-list. A guide to available tools and platforms for developing on Ethereum.
★ 5.4kawesome-solidity-gas-optimization. Best resources for Solidity gas optimizations ⛽
★ 1.2kscrcpy. Display and control your Android device
★ 145kflare-vm. A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.
★ 8.8kcve. Gather and update all available and newest CVEs with their PoC.
★ 7.9kforge-template. Forkable template to get you started with Foundry's Forge
★ 411