This is your work, valued
sol. A de-minifier (formatter, exploder, beautifier) for shell one-liners
★ 517jqfmt. like gofmt, but for jq
★ 410CVE-2019-18935. RCE exploit for a .NET JSON deserialization vulnerability in Telerik UI for ASP.NET AJAX.
★ 373slice. SAST + LLM Interprocedural Context Extractor
★ 205siftrank. Use LLMs to rank anything
★ 187chromedb. Read Chromium data (namely, cookies and local storage) straight from disk, without spinning up the browser.
★ 138panos-scanner. Determine the Palo Alto PAN-OS software version of a remote GlobalProtect portal or management interface.
★ 134yknotify. Notify when YubiKey needs touch on macOS
★ 87membrane. Selectively permeable boundary for AI agents
★ 60curlmin. Remove unnecessary headers, cookies, and query parameters from a curl command while ensuring the response remains the same.
★ 53wifi-unredactor. Bypass Wi-Fi (B)SSID redaction on CLI in macOS Sonoma+
★ 48dotfiles. Ensuring that Bash uses vi mode wherever I go.
★ 20zip-snip. Social engineering attack using a .zip domain.
★ 5google-foobar. Solutions to Google's foo.bar programming challenge.
★ 3free. Cross-reference multiple calendars to find free time slots
★ 3open-webui. User-friendly AI Interface (Supports Ollama, OpenAI API, ...)
★ 3htmlq. Like jq, but for HTML.
★ 2guides. Guides to install/configure/use various OSs and applications.
★ 2minifloppies. Containerized, self-hosted, and S3-compatible file share.
★ 2grandorgue. GrandOrgue software
★ 1dalfox. 🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
★ 1shpool. Think tmux, then aim... lower
★ 1sunpise. Time-lapse camera built on the Raspberry Pi.
★ 1resume. A one-page , two-asymmetric-column resume template in XeTeX that caters to a DoD-affiliated infosec professional.
★ 1landing-page. Personal landing page.
★ 1macrophone. Join your computer in a sing-along. Macs only, folks.
★ 1local-deep-research. ~95% on SimpleQA (e.g. Qwen3.6-27B on a 3090). Supports all local and cloud LLMs (llama.cpp, Ollama, Google, ...). 10+ search engines - arXiv, PubMed, your private documents. Everything Local & Encrypted.
★ 8.7kpi-bench. Common Lisp
★ 30mlx-vulkan. Home for the Development of MLX Vulkan backend
★ 38ds4. DeepSeek 4 Flash and PRO local inference engine for Metal, CUDA and ROCm
★ 18kmatchlock. Matchlock secures AI agent workloads with a Linux-based sandbox.
★ 603gvisor. Application Kernel for Containers
★ 19ksysbox. An open-source, next-generation "runc" that empowers rootless containers to run workloads such as Systemd, Docker, Kubernetes, just like VMs.
★ 3.8kllmfit. Hundreds of models & providers. One command to find what runs on your hardware.
★ 29kmost-stars. This repository will have the most Stars on GitHub
★ 8heretic. Fully automatic censorship removal for language models
★ 26knanoclaw. A lightweight alternative to OpenClaw that runs in containers for security. Connects to WhatsApp, Telegram, Slack, Discord, Gmail and other messaging apps,, has memory, scheduled jobs, and runs directly on Anthropic's Agents SDK
★ 30kscribe. Local transcription and speaker diarization with pyannote and parakeet
★ 40VoiceInk. The best open-source alternative to Superwhisper & Wispr Flow. Voice-to-text app for macOS with no subscription
★ 5.5kvoxtral.c. Pure C inference of Mistral Voxtral Realtime 4B speech to text model
★ 1.7kMorefixes. MoreFixes: A Large-Scale Dataset of CVE Fix Commits Mined through Enhanced Repository Discovery
★ 80binpool. Python
★ 73Cyber-AutoAgent. AI agent for autonomous cyber operations
★ 533openwork. An open-source alternative to Claude Cowork (powered by opencode)
★ 17kskills. Trail of Bits Claude Code skills for security research, vulnerability detection, and audit workflows
★ 6.1kpcopy. pcopy is a temporary file host, nopaste and clipboard across machines. It can be used from the Web UI, via a CLI or without a client by using curl.
★ 415tally. Let agents classify your bank transactions.
★ 1.1kLifeOS. An General Purpose AI Harness for magnifying human capabilities. [CODING, BUILDING, CREATING, BUSINESS, LIFE, WORK, ...]
★ 17kshannon. Shannon is an autonomous, white-box AI pentester for web applications and APIs. It analyzes your source code, identifies attack vectors, and executes real exploits to prove vulnerabilities before they reach production.
★ 46kraptor. Raptor turns Claude Code into a general-purpose AI offensive/defensive security agent. By using Claude.md and creating rules, sub-agents, and skills, and orchestrating security tool usage, we configure the agent for adversarial thinking, and perform research or attack/defense operations.
★ 3.3kir_datasets. Provides a common interface to many IR ranking datasets.
★ 390CVE-2025-6980-check. Safely test Arista NGFW for information disclosure
★ 3index.php. Alas, GitHub does not run on WordPress. Yet.
★ 227fortiweb-auth-bypass-check. Python
★ 5cpgqls-client-python. Python library for CPGQL server
★ 43diffalayze. LLM-based automated patch diffing
★ 101aerospace-swipe. switch workspaces in AeroSpace with trackpad swipes
★ 135shpool. Think tmux, then aim... lower
★ 1.9kinstructor-go. structured outputs for llms
★ 211kittentts-server. A FastAPI-based TTS server that provides OpenAI-compatible API endpoints using KittenTTS
★ 17claude-code-security-review. An AI-powered security review GitHub Action using Claude to analyze code changes for security vulnerabilities.
★ 5.5kKittenTTS. State-of-the-art TTS model under 25MB 😻
★ 15kchatterbox. SoTA open-source TTS
★ 25kawesome-selfhosted. A list of Free Software network services and web applications which can be hosted on your own servers
★ 304kmatcha. Daily Digest Reader - for markdown readers or terminals
★ 745RSSbrew. Self-hosted, easy-to-deploy RSS tool - Aggregate, filter, digest and AI summarize articles in RSS feeds.
★ 288mcpo. A simple, secure MCP-to-OpenAPI proxy server
★ 4.3kmcp-searxng. Private web search for AI assistants via SearXNG — supports Claude, Cursor, and any MCP client
★ 1kLLMSCAN. Parsing-based Analyzer
★ 78RepoAudit. An autonomous LLM-agent for large-scale, repository-level code auditing
★ 420s5cmd. Parallel S3 and local filesystem execution tool.
★ 4.1kdelayed-streams-modeling. Kyutai's Speech-To-Text and Text-To-Speech models based on the Delayed Streams Modeling framework.
★ 3kHex. VOICE → WORDS
★ 2.5kwallabagger. Chrome-like / Firefox plugin for wallabag v2.
★ 463golem. Golem automates C/C++ vulnerability discovery with SemGrep+LLVM+LLM
★ 101fraim. A flexible framework for security teams to build and deploy AI-powered workflows that complement their existing security operations.
★ 158request-minimizer. Python
★ 27ffuf. Fast web fuzzer written in Go
★ 16kgraftcp. A flexible tool for redirecting a program's TCP, UDP, and DNS traffic to SOCKS5 or HTTP proxies.
★ 2.5kfingerprintx. Standalone utility for service discovery on open ports!
★ 760o3_finds_cve-2025-37899. Artefacts for blog post on finding CVE-2025-37899 with o3
★ 354Homeassistant-polygonal-zones. Python
★ 14turbodrone. reverse engineering the best-selling drones on Amazon to control programmatically
★ 522uit. Uithub-Inspired Tool
★ 20homebrew-autoupdate. :tropical_drink: An easy, convenient way to automatically update Homebrew.
★ 1.5klitellm. Python SDK, Proxy Server (AI Gateway) to call 100+ LLM APIs in OpenAI (or native) format, with cost tracking, guardrails, loadbalancing and logging. [Bedrock, Azure, OpenAI, VertexAI, Cohere, Anthropic, Sagemaker, HuggingFace, VLLM, NVIDIA NIM]
★ 53kkill-the-newsletter. Convert email newsletters into Atom feeds
★ 3.1kFreshRSS. A free, self-hostable news aggregator…
★ 16kDrag.spoon. Drag window to a new space in Mission Control
★ 11tabwrangler. A browser extension that automatically closes your unused tabs so you can focus on the tabs that matter
★ 629NotaGen. NotaGen: Advancing Musicality in Symbolic Music Generation with Large Language Model Training Paradigms
★ 1.2khexyl. A command-line hex viewer
★ 10krogue. Automated web vulnerability scanning with LLM agents
★ 478baby-naptime. A very simple open source implementation of Google's Project Naptime
★ 190dalfox. 🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
★ 5.1kgopy. gopy generates a CPython extension module from a go package.
★ 2.3kraink. Use LLMs for document ranking
★ 176llm-sort. Sort input lines semantically with llm
★ 122binja-headless. Binja (sort of) headless
★ 72pam_rssh. Remote sudo authenticated via ssh-agent
★ 190browser-use. 🌐 Make websites accessible for AI agents. Automate tasks online with ease.
★ 104koauth2c. User-friendly OAuth2 CLI
★ 930trafilatura. Python & Command-line tool to gather text and metadata on the Web: Crawling, scraping, extraction, output as CSV, JSON, HTML, MD, TXT, XML
★ 6.3kgguf-parser-go. Review/Check GGUF files and estimate the memory usage and maximum tokens per second.
★ 272ollama-grid-search. A multi-platform desktop application to evaluate and compare LLM models, written in Rust and React.
★ 948open-webui. User-friendly AI Interface (Supports Ollama, OpenAI API, ...)
★ 145kyubikey-touch-detector. A tool to detect when your YubiKey is waiting for a touch (to send notification or display a visual indicator on the screen)
★ 524ndt7-client-go. ndt7 reference client implementation in Go
★ 52hAFL1. Python
★ 141ghidriff. Python Command-Line Ghidra Binary Diffing Engine
★ 791grandorgue. GrandOrgue software
★ 261facebook-marketplace-scraper. This repository contains a script to scrape Facebook Marketplace data using Playwright, BeautifulSoup and Streamlit.
★ 390yq. yq is a portable command-line YAML, JSON, XML, CSV, TOML, HCL and properties processor
★ 16kntfy. Send push notifications to your phone or desktop using PUT/POST
★ 32knerve. The Simple Agent Development Kit.
★ 1.3kautobrowse. AutoBrowse is an autonomous AI agent that can perform web browsing tasks.
★ 110goleveldb. LevelDB key/value database in Go.
★ 6.3kccl_chromium_reader. (Sometimes partial) Python re-implementations of the technologies involved in reading various data sources in Chrome-esque applications.
★ 238json-viewer. Web Component to visualize JSON data in a tree view
★ 239morss. Get full text RSS feeds
★ 775python-readability. fast python port of arc90's readability tool, updated to match latest readability.js!
★ 2.9kunshield. Tool and library to extract CAB files from InstallShield installers
★ 423ISx. ISx is an InstallShield installer extractor
★ 229katana. A next-generation crawling and spidering framework.
★ 17kwordlist. English Speller Database (ESDB)
★ 525udedup. A modular URL deduplication tool.
★ 19xsv. A fast CSV command line toolkit written in Rust.
★ 11kfaup. Fast URL decoder library
★ 178Log4jAttackSurface.
★ 2.1ktwofactorauth. List of sites with two factor auth support which includes SMS, email, phone calls, hardware, and software.
★ 3.5kjq-tutorial. Interactive exercises for learning jq
★ 142python-vipaccess. A free software implementation of Symantec's VIP Access application and protocol
★ 1kvimium. The hacker's browser.
★ 27kopensnitch. OpenSnitch is a GNU/Linux interactive application firewall inspired by Little Snitch.
★ 14kNoiseTorch. Real-time microphone noise suppression on Linux.
★ 10kdocker-swag. Nginx webserver and reverse proxy with php support and a built-in Certbot (Let's Encrypt) client. It also contains fail2ban for intrusion prevention.
★ 3.7kplaywright-go. Playwright for Go a browser automation library to control Chromium, Firefox and WebKit with a single API.
★ 3.4kkitty. If you live in the terminal, kitty is made for you! Cross-platform, fast, feature-rich, GPU based.
★ 34kbarrier. Open-source KVM software
★ 31kleadsheets. A LaTeX package for creating leadsheets and songbooks
★ 59dog. A command-line DNS client.
★ 6.7kexa. A modern replacement for ‘ls’.
★ 24ksimple-node-logger. simple multi-level logger for console and file
★ 126i3-balance-workspace. Balance windows and workspaces in i3wm
★ 18playwright. Playwright is a framework for Web Testing and Automation. It allows testing Chromium, Firefox and WebKit with a single API.
★ 93kdocker-nginx-fpm-alpine. PrivateBin docker image based on Nginx, php-fpm & Alpine Linux stack
★ 206h2csmuggler. HTTP Request Smuggling over HTTP/2 Cleartext (h2c)
★ 803send. Simple, private file sharing from the makers of Firefox
★ 13kShouldIShred. Web app to check surf conditions at your local spots
★ 1github-search. A collection of tools to perform searches on GitHub.
★ 1.5knicinfo. NicInfo is a smart, command-line RDAP client
★ 164lastpass-cli. LastPass command line interface tool
★ 2.9kysoserial.net. Deserialization payload generator for a variety of .NET formatters
★ 3.8kpwntools. CTF framework and exploit development library
★ 14kysoserial. A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
★ 9kwebsocat. Command-line client for WebSockets, like netcat (or curl) for ws:// with advanced socat-like functions
★ 8.6ksc-im. sc-im - Spreadsheet Calculator Improvised -- An ncurses spreadsheet program for terminal
★ 5.7ktridactyl. A Vim-like interface for Firefox, inspired by Vimperator/Pentadactyl.
★ 6.3kwebshell. This is a webshell open source project
★ 11kskhd. Simple hotkey daemon for macOS
★ 8kmarshalsec. Java
★ 3.7kPoC-in-GitHub. 📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
★ 7.9kCVE-2020-2551. Weblogic IIOP CVE-2020-2551
★ 337electric-scan. Electron based screenshot scanner
★ 68RAU_crypto. Telerik UI for ASP.NET AJAX File upload and .NET deserialisation exploit (CVE-2017-11317, CVE-2017-11357, CVE-2019-18935)
★ 181iodine. Official git repo for iodine dns tunnel
★ 7.9kyabai. A tiling window manager for macOS based on binary space partitioning
★ 29kuebersicht. ˈyːbɐˌzɪçt
★ 5kghidra. Ghidra is a software reverse engineering (SRE) framework
★ 71kminio-arm. This Dockerfile installs Minio on your ARM-Plarform (e.g. Raspberry Pi)
★ 20Validity90. Reverse engineering of Validity/Synaptics 138a:0090, 138a:0094, 138a:0097, 06cb:0081, 06cb:009a fingerprint readers protocol
★ 1.9klibfprint. Library for fingerprint readers
★ 421twill-legacy. A simple command-line Web browser, for testing and Web automation.
★ 58gphotos-uploader-cli. Command line tool to mass upload media folders to your google photos account(s) (Mac OS / Linux)
★ 761ccat. Colorizing `cat`
★ 3.2kqutebrowser. A keyboard-driven, vim-like browser based on Python and Qt.
★ 12klinuxatemyram.com. The contents on linuxatemyram.com
★ 399sparsebundlefs. FUSE filesystem for reading Mac OS sparse-bundle disk images
★ 2compiletools. Build C++ fast, with practically no configuration
★ 26Detect-SSLmitm. This PowerShell script will determine if your connection to external servers over HTTPS is being decrypted by an intercepting proxy such as the internet proxies commonly found in corporate environments. It does this by comparing the SSL intermediate certificate being used for your connection to the true/known SSL certificate for the server.
★ 68platform. Ushahidi Platform API version 3+
★ 726