This is your work, valued
keyFinder. Passive API key and secret discovery browser extension for Chrome and Firefox. 80+ detection patterns, zero config.
★ 693AutoWIFI. Wireless penetration testing framework. Automates WPA/WPA2/WEP/WPS attacks - recon to exploitation in one command. aircrack-ng + hashcat + PMKID.
★ 53gorobots. gorobots - robots.txt recon & path discovery in Go. Structured parsing, 29-category sensitivity classification, concurrent path probing, bulk domain scanning.
★ 18subScreen. a JS tool that let you take screenshot of many hosts.
★ 16liffier. Path traversal / LFI fuzzer in Go - 66 encoding bypass techniques, response analysis, goroutine concurrency, wordlist support, proxy (Burp/Caido).
★ 16FastRecvSMS. SMS verification CLI. Buy temp numbers and receive OTP codes in one command. Multi-provider (5sim, SMS-Activate). Real-time. 170+ countries.
★ 15shodscript. Automate exploit/PoC execution against Shodan search results - concurrent dispatch, filtering, structured output, and export.
★ 12cryptowatcher. watching price of crypto changes in your terminal using NodeJS
★ 8bitstable. Bitcoin trading bot bulit using NodeJS
★ 7TeUpload. Upload all camera roll to Telegram Bot instead of Icloud.
★ 6momenbasel.
★ 6momenbasel.github.io. Personal blog
★ 6naggets. old CTF I've made sharing it publicly.
★ 5Todo-list-Api. Api Bulit with nodeJS as server side and mongoDB as database.
★ 4Facebook-Auth-PHP. Automated facebook Authentication page
★ 3Web-Cache-Vulnerability-Scanner. Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).
★ 2extract-scope-from-burpsuite-. turn burpsuite target json configuration file into a list for use outside of burp.
★ 2theHarvester. E-mail, subdomain and people names harvester
★ 2goUber. react native app for opening google maps location/link in uber
★ 2monkey-shell. Shell
★ 1keyhacks. Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
★ 1public-apis. A collective list of free APIs for use in software and web development.
★ 1objection. 📱 objection - runtime mobile exploration
★ 1OffensiveCloud. Offensive security and Penetration Testing TTP for Cloud based environment (AWS / Azure / GCP)
★ 1recaptcha-phish. Phishing with a fake reCAPTCHA
★ 1Awesome-WAF. 🔥 Everything awesome about web-application firewalls (WAF).
★ 1imageSearchSender-Messenger-bot. This is a bot for sending photos to your messenger alternative to searching the web for a photo of a specific word.
★ 1passwordless-auth. Passwordless Auth Coded using Laravel, Bootstrap
★ 1miniServerNodejs. a mini-server using node js for creating static web sites.
★ 1FavouriteFilmsPy. Just a web-page for showing films and its trailer using Python.
★ 1ChatApp. Chat App using NodeJS
★ 1skypulse-legal. Privacy Policy and Terms of Use for SkyPulse - Flight Tracker
★ 1Salati. salati ios app
★ 1cmux. Open source Ghostty-based macOS terminal with vertical tabs and notifications for AI coding agents. Built for multitasking, organization, and programmability.
★ 24kagentic-inbox. A self-hosted email client with an AI agent, running entirely on Cloudflare Workers
★ 6.2kpxpipe. cut Fable 5 token usage by rendering text context as images
★ 5.5kcaveman. 🪨 why use many token when few token do trick — Claude Code skill that cuts 65% of tokens by talking like caveman
★ 88kstrix. Open-source AI penetration testing tool to find and fix your app’s vulnerabilities.
★ 40kpesty. Free, open-source clipboard manager for macOS a native Paste app alternative with color-coded history, pinboards, search & keyboard paste. Signed, notarized, Homebrew.
★ 18Immunefi-bug-bounty-writeups-list. curation of all(most) immunefi bug bounty writeups I could find(till now)
★ 1.2kclaude-code-statusline. Shell
★ 4Awesome-Smart-Contract-Security. A curated list of Smart Contract Security materials and resources For Researchers
★ 897openvpn3-indicator. Simple GTK indicator GUI for OpenVPN 3 Linux
★ 109notebooklm-py. Unofficial Python API and agentic skill for Google NotebookLM. Full programmatic access to NotebookLM's features—including capabilities the web UI doesn't expose—via Python, CLI, and AI agents like Claude Code, Codex, and OpenClaw.
★ 18kreverse-skill. Reverse Engineering / Authorized Penetration Testing / Security Research Skill Router Pack AI-powered routing + On-demand toolchain bootstrapping + Self-evolving knowledge base Supports Claude Code, Kiro, Cursor, Cline, and other AI coding clients 逆向/渗透/安全技能路由包 - AI 自动路由 + 按需自举工具链 + 自动进化经验库 | 支持 Claude Code / Kiro / Cursor / Cline 等代码 AI 客户端
★ 8kponytail. Makes your AI agent think like the laziest senior dev in the room. The best code is the code you never wrote.
★ 80kclaude-code-tips. 40+ tips for getting the most out of Claude Code, from basics to advanced - includes a custom status line script and Claude Code running itself in a container. Also includes the dx plugin: skills for everyday dev workflows.
★ 9.2kcontainer. A tool for creating and running Linux containers using lightweight virtual machines on a Mac. It is written in Swift, and optimized for Apple silicon.
★ 48kcua. Open-source infrastructure for Computer-Use Agents. Sandboxes, SDKs, and benchmarks to train and evaluate AI agents that can control full desktops (macOS, Linux, Windows).
★ 20kgitpulse. Animated GitHub PR triage dashboard - replaces messy notifications with a prioritized action center. Pull your own data locally via gh CLI.
★ 5naggets. old CTF I've made sharing it publicly.
★ 2vulnhawk. AI-powered SAST scanner that finds auth bypass, IDOR, and logic bugs Semgrep/CodeQL miss. Free GitHub Action. Supports Python, JS/TS, Go, PHP, Ruby.
★ 2AutoWIFI. Wireless penetration testing framework. Automates WPA/WPA2/WEP/WPS attacks - recon to exploitation in one command. aircrack-ng + hashcat + PMKID.
★ 2AgentGuard. AI Agent Supply Chain Security - intercepts and validates every package install, git clone, and script download triggered by AI coding agents before execution
★ 2CryptoGuard. AI agent safety layer for crypto transactions - blocks honeypots, blacklists, and rug pulls before they happen
★ 2htb-writeups. The most comprehensive Hack The Box writeup collection - 500+ machines, 400+ challenges, interactive knowledge graph, skill trees, attack path diagrams, ProLabs, Sherlocks, OSCP/CPTS/CRTO prep. Browse: momenbasel.github.io/htb-writeups
★ 2keyFinder. Passive API key and secret discovery browser extension for Chrome and Firefox. 80+ detection patterns, zero config.
★ 2quiet-operator. A purple-team field manual for staying stealthy on the host and on the wire. Linux-first. Every offensive page paired with detection telemetry.
★ 2Phosphor. Free and open-source iOS device manager for macOS. Browse backups, export messages, extract photos, manage apps - no subscriptions, no iCloud lock-in.
★ 2puresnitch. Free, open-source application firewall for macOS. Little Snitch alternative with zero telemetry. Native SwiftUI world map, rules manager, DNS over HTTPS, pf-based blocking. Signed, notarized, MIT licensed.
★ 2gitpulse. Animated GitHub PR triage dashboard - replaces messy notifications with a prioritized action center. Pull your own data locally via gh CLI.
★ 2PureMac. Free, open-source macOS cleaner. CleanMyMac alternative with zero telemetry. Native SwiftUI, scheduled auto-cleaning, Xcode/Homebrew/system cache cleanup. MIT licensed.
★ 2greycorelabs.github.io. github page
★ 2superpowers. An agentic skills framework & software development methodology that works.
★ 252kdefending-code-reference-harness. Skills for threat modeling, scanning, triage, patching, plus an autonomous scanning harness you can /customize
★ 6.4kquiet-operator. A purple-team field manual for staying stealthy on the host and on the wire. Linux-first. Every offensive page paired with detection telemetry.
★ 5Talks. A simple reference for all of my public talks
★ 2new-google-unlocked. Modernized Google Unlocked - Manifest V3, XSS-hardened, with extra DMCA/SERP bypasses and archive fallbacks
★ 4cryptowatcher. watching price of crypto changes in your terminal using NodeJS
★ 8bitstable. Bitcoin trading bot bulit using NodeJS
★ 7momenbasel.
★ 6solidity-security-blog. Comprehensive list of known attack vectors and common anti-patterns
★ 1.5kpuresnitch. Free, open-source application firewall for macOS. Little Snitch alternative with zero telemetry. Native SwiftUI world map, rules manager, DNS over HTTPS, pf-based blocking. Signed, notarized, MIT licensed.
★ 43claude-for-legal. A suite of plugins for legal workflows
★ 8.7kbounty-targets-data. This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports
★ 3.8ktrailmark. Build and query a graph database representation of source code
★ 437ConsoleMini. Turn a Mac mini into a living-room retro/PS console - beautiful big-picture launcher (Electron + React)
★ 70timenest. Network Time Machine for every Mac on your LAN. Runs on Mac mini, Raspberry Pi, or any home server. Docker stack: Samba + vfs_fruit, Avahi Bonjour discovery, FastAPI admin UI.
★ 21awesome-mac-mini-homeserver. 260+ curated tools, guides, and projects for turning an Apple Silicon Mac mini into a 24/7 agentic AI home server. Ollama, Claude Code, Jellyfin, Vaultwarden, Home Assistant, and more - with one-command installers.
★ 9magika. Fast and accurate AI powered file content types detection
★ 17kmomenbasel.github.io. Personal blog
★ 6cyfrin-audit-reports. A list of public audit reports conducted by the Cyfrin team
★ 352liffier. Path traversal / LFI fuzzer in Go - 66 encoding bypass techniques, response analysis, goroutine concurrency, wordlist support, proxy (Burp/Caido).
★ 16gorobots. gorobots - robots.txt recon & path discovery in Go. Structured parsing, 29-category sensitivity classification, concurrent path probing, bulk domain scanning.
★ 18malware-check. Static and dynamic analysis tool for detecting malicious code, suspicious binaries, and privacy violations
★ 45Phosphor. Free and open-source iOS device manager for macOS. Browse backups, export messages, extract photos, manage apps - no subscriptions, no iCloud lock-in.
★ 423NtWarden. Windows Analysis and Research Toolkit
★ 644shodscript. Automate exploit/PoC execution against Shodan search results - concurrent dispatch, filtering, structured output, and export.
★ 12AgentGuard. AI Agent Supply Chain Security - intercepts and validates every package install, git clone, and script download triggered by AI coding agents before execution
★ 7CryptoGuard. AI agent safety layer for crypto transactions - blocks honeypots, blacklists, and rug pulls before they happen
★ 7AutoWIFI. Wireless penetration testing framework. Automates WPA/WPA2/WEP/WPS attacks - recon to exploitation in one command. aircrack-ng + hashcat + PMKID.
★ 53ipsw. iOS/macOS Research Swiss Army Knife
★ 3.6kmarkitdown. Python tool for converting files and office documents to Markdown.
★ 165kclaude-code-best-practice. from vibe coding to agentic engineering - practice makes claude perfect
★ 62kBroken-Vulnerable-Code-Snippets. A small collection of vulnerable code snippets
★ 802htb-writeups. The most comprehensive Hack The Box writeup collection - 500+ machines, 400+ challenges, interactive knowledge graph, skill trees, attack path diagrams, ProLabs, Sherlocks, OSCP/CPTS/CRTO prep. Browse: momenbasel.github.io/htb-writeups
★ 153HUNT. Python
★ 2.3kgrafana. The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.
★ 76kloki. Like Prometheus, but for logs.
★ 29kinfluxdb. Scalable datastore for metrics, events, and real-time analytics
★ 32kGraphite. Community-built comprehensive 2D content creation appplication for graphic design, digital art, and interactive real-time motion graphics powered by a node-based procedural graphics engine
★ 27kjaeger-ui. Web UI for Jaeger
★ 1.5kjaeger. CNCF Jaeger, a Distributed Tracing Platform
★ 23kawesome-llm-skills. A curated list of awesome LLM and AI Agent Skills, resources and tools for customising AI Agent workflows - that works with Claude Code, Codex, Gemini CLI and your custom AI Agents
★ 1.4kget-shit-done. A light-weight and powerful meta-prompting, context engineering and spec-driven development system for Claude Code by TÂCHES.
★ 65kawesome. 😎 Awesome lists about all kinds of interesting topics
★ 484kprompts.chat. f.k.a. Awesome ChatGPT Prompts. Share, discover, and collect prompts from the community. Free and open source — self-host for your organization with complete privacy.
★ 165kbuild-your-own-x. Master programming by recreating your favorite technologies from scratch.
★ 524klazygit. simple terminal UI for git commands
★ 80kplaywright. Playwright is a framework for Web Testing and Automation. It allows testing Chromium, Firefox and WebKit with a single API.
★ 93kawesome-mac. This project is dedicated to collecting high-quality macOS software and organizing them systematically by different categories for easy search and use.
★ 107krevanced-manager. 💊 Application to use ReVanced on Android
★ 29kllama_index. LlamaIndex is the leading document agent and OCR platform
★ 51kcareer-ops. Open-source AI job search: scan job portals, score listings A-F, tailor your CV, track applications — runs locally in your AI coding CLI (Claude Code, Gemini, Codex, OpenCode…)
★ 60kgoogle_dork_list. Google Dorks | Google helps you to find Vulnerable Websites that Indexed in Google Search Results. Here is the latest collection of Google Dorks. A collection of 13.760 Dorks. Author: Jolanda de Koff
★ 1.9kexo. Run frontier AI locally.
★ 46kvllm. A high-throughput and memory-efficient inference and serving engine for LLMs
★ 86kopen-skills. OpenSkills: Run Claude Skills Locally using any LLM
★ 445paperclip. The open-source app everyone uses to manage agents at work
★ 73kcodeql. CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
★ 9.8kairgeddon. This is a multi-use bash script for Linux systems to audit wireless networks.
★ 7.8kmetasploitable3. Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities.
★ 5.6kEyeWitness. EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.
★ 5.8kiOS-Pentesting. Wiki for Pentesting iOS apps
★ 29awesome-ios-security. A curated list of awesome iOS application security resources.
★ 663igoat. OWASP iGoat - A Learning Tool for iOS App Pentesting and Security by Swaroop Yermalkar
★ 461iOS. Most usable tools for iOS penetration testing
★ 1.3ksipvicious. SIPVicious OSS is a VoIP security testing toolset. It helps security teams, QA and developers test SIP-based VoIP systems and applications. This toolset is useful in simulating VoIP hacking attacks against PBX systems especially through identification, scanning, extension enumeration and password cracking.
★ 1.1kawesome-php-security. Awesome PHP Security Resources 🕶🐘🔐
★ 1kvps-audit. lightweight, dependency-free bash script for security, performance auditing and infrastructure monitoring of Linux servers.
★ 2.2kllm-guard. The Security Toolkit for LLM Interactions
★ 3.2kContainerSSH. ContainerSSH: Launch containers on demand
★ 3.1kPentest-Windows. ⚔️Windows11 Penetration Suite Toolkit 🔰 The First Windows Penetration Testing Environment on Mac M Chips
★ 3.5kIntelOwl. IntelOwl: manage your Threat Intelligence at scale
★ 4.6kcameradar. Cameradar hacks its way into RTSP videosurveillance cameras
★ 5.1kterrascan. Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
★ 5.2kAutoSploit. Automated Mass Exploiter
★ 5.2kThreatMapper. Open Source Cloud Native Application Protection Platform (CNAPP)
★ 5.3kawesome-security-hardening. A collection of awesome security hardening guides, tools and other resources
★ 6.4kRedTeam-Tools. Tools and Techniques for Red Team / Penetration Testing
★ 9.4krengine. reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.
★ 8.7kbandit. Bandit is a tool designed to find common security issues in Python code.
★ 8.2kscapy. Scapy: the Python-based interactive packet manipulation program & library.
★ 12kprowler. Prowler is the world’s most widely used open-source cloud security platform that automates security and compliance across any cloud environment.
★ 14kwazuh. Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
★ 16kfail2ban. Daemon to ban hosts that cause multiple authentication errors
★ 18kgitleaks. Find secrets with Gitleaks 🔑
★ 28ktrivy. Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
★ 37krequests-ip-rotator. A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.
★ 1.7kurlhunter. a recon tool that allows searching on URLs that are exposed via shortener services
★ 1.7kBurpBounty. Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.
★ 1.8kAwesome-RCE-techniques. Awesome list of step by step techniques to achieve Remote Code Execution on various apps!
★ 1.9kHolyTips. A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.
★ 2kDictionary-Of-Pentesting. Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。
★ 2.1ksubjack. DNS Takeover tool written in Go
★ 2.1kx8. Hidden parameters discovery suite
★ 2.1kOWASP-Web-Checklist. OWASP Web Application Security Testing Checklist
★ 2.2kcaido. 🚀 Caido releases, wiki and roadmap
★ 2.5kgitGraber. gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...
★ 2.3kjaeles. The Swiss Army knife for automated Web Application Testing
★ 2.4kSudomy. Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
★ 2.4kuncover. Quickly discover exposed hosts on the internet using multiple search engines.
★ 3kAwesome-OSINT-List. 📡 Comprehensive collection of OSINT tools for cybersecurity professionals, researchers, and bug bounty hunters. Topics: information gathering, reverse search, red team, trust & safety, AI.
★ 3.7kgospider. Gospider - Fast web spider written in Go
★ 3kParamSpider. Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing
★ 3.1kawesome-oneliner-bugbounty. A collection of awesome one-liner scripts especially for bug bounty tips.
★ 3.2kOneListForAll. Rockyou for web fuzzing
★ 3.2kawesome-mobile-security. An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.
★ 3.5kvulnerability-Checklist. This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter
★ 3.6kIntruderPayloads. A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.
★ 4kknockpy. Knock Subdomain Scan
★ 4.2kinteractsh. An OOB interaction gathering server and client library
★ 4.4kdalfox. 🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
★ 5.1khackerone-reports. Top disclosed reports from HackerOne
★ 6.3kscan4all. Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...
★ 6.1kapkleaks. Scanning APK file for URIs, endpoints & secrets.
★ 6.2kosmedeus. A Modern Orchestration Engine for Security
★ 6.5kAllAboutBugBounty. All about bug bounty (bypasses, payloads, and etc)
★ 6.8kHowToHunt. Collection of methodology and test case for various web vulnerabilities.
★ 7.2kreconftw. reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
★ 7.8kbbot. The recursive internet scanner for hackers. 🧡
★ 10kOneForAll. OneForAll是一款功能强大的子域收集工具
★ 9.9khttpx. httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
★ 10kawesome-hacker-search-engines. A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
★ 11kResources-for-Beginner-Bug-Bounty-Hunters. A list of resources for those interested in getting started in bug bounties
★ 12ksubfinder. Fast passive subdomain enumeration tool.
★ 14kdirsearch. Web path scanner
★ 14kActive-Directory-Exploitation-Cheat-Sheet. A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
★ 2.7kcollisions. Hash collisions and exploitations
★ 3.4khacker-roadmap. A collection of hacking tools, resources and references to practice ethical hacking.
★ 15kshannon. Shannon is an autonomous, white-box AI pentester for web applications and APIs. It analyzes your source code, identifies attack vectors, and executes real exploits to prove vulnerabilities before they reach production.
★ 46ksherlock. Hunt down social media accounts by username across social networks
★ 86kRaccoon. A high performance offensive security tool for reconnaissance and vulnerability scanning
★ 3.8kosv-scanner. Vulnerability scanner written in Go which uses the data provided by https://osv.dev
★ 11kxray. 一款长亭自研的完善的安全评估工具,支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档
★ 12kn8n. Fair-code workflow automation platform with native AI capabilities. Combine visual building with custom code, self-host or cloud, 400+ integrations.
★ 196kleaky-paths. A collection of special paths linked to common sensitive APIs, devops internals, frameworks conf, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.
★ 1.2kawesome-burp-extensions. A curated list of amazingly awesome Burp Extensions
★ 3.4kInterceptor. Agent-driven Chrome extension for full browser control via CLI
★ 300nuclei-templates. Community curated list of templates for the nuclei engine to find security vulnerabilities.
★ 13kre-mcp. A headless MCP server for IDA Pro and Ghidra
★ 128vulnhawk. AI-powered SAST scanner that finds auth bypass, IDOR, and logic bugs Semgrep/CodeQL miss. Free GitHub Action. Supports Python, JS/TS, Go, PHP, Ruby.
★ 72Web-Attack-Cheat-Sheet. Web Attack Cheat Sheet
★ 4.4kPureMac. Free, open-source macOS cleaner. CleanMyMac alternative with zero telemetry. Native SwiftUI, scheduled auto-cleaning, Xcode/Homebrew/system cache cleanup. MIT licensed.
★ 5.1kagentflow. Orchestrate thousands of agents and harnesses as a graph programatically
★ 1.3kspec-kit. 💫 Toolkit to help you get started with Spec-Driven Development
★ 119koxo. OXO is a security scanning orchestrator for the modern age.
★ 575tailsnitch. A security auditor for Tailscale configurations. Scans your tailnet for misconfigurations, overly permissive access controls, and security best practice violations.
★ 1.1kminimal. Minimal CVE Hardened container image collection
★ 506aws_pwn. A collection of AWS penetration testing junk
★ 1.2kdotfiles. *NIX dot files
★ 13dnstwist. Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
★ 5.7kDevSecOps. Ultimate DevSecOps library
★ 6.8knnn. n³ The unorthodox terminal file manager
★ 22kBugBounty. RepoToStoreBugBountyInfo
★ 407GhidrAssistMCP. An native MCP server extension for Ghidra
★ 658mactop. mactop - Apple Silicon Monitor Top
★ 1.5kJarida. Jarida (Jadx + Frida) is a Jadx GUI plugin that lets you trace and optionally patch Java method return values at runtime using Frida, directly from Jadx’s decompiled view.
★ 120Malimite. iOS and macOS Decompiler
★ 3kflights-mcp. An MCP server to search for flights.
★ 210pmd. An extensible multilanguage static code analyzer.
★ 5.4kffufai. AI-powered ffuf wrapper
★ 787GhidraMCP. MCP Server for Ghidra
★ 9.5kscreenpipe. YC (S26) | AI that knows what you've seen, said, or heard. Records everything you do, say, hear 24/7, local, private, secure. Connect to OpenClaw, Hermes agent and 100+ apps
★ 20kWordpress-Exploits. Collection of Exploit, CVES(Unauthenticated) and Wordpress Scanners
★ 114JSFScan.sh. Automation for javascript recon in bug bounty.
★ 1.1kBookmarks. Reclaim control of your Burp Suite Repeater tabs with this powerful extension
★ 69apk.sh. Makes reverse engineering Android apps easier, automating repetitive tasks like pulling, decoding, rebuilding and patching an APK.
★ 3.8kyt-dlp. A feature-rich command-line audio/video downloader
★ 177kWeb-Cache-Vulnerability-Scanner. Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).
★ 1.2krecaptcha-phish. Phishing with a fake reCAPTCHA
★ 652winutil. Chris Titus Tech's Windows Utility - Install Programs, Tweaks, Fixes, and Updates
★ 58kmalicious-pdf. 💀 Generate malicious PDF test files for testing phone-home callbacks, SSRF, XSS, NTLM credential theft, and data exfiltration in PDF viewers, converters, and web applications. Can be used with Burp Collaborator or Interact.sh
★ 4.1k