This is your work, valued
MY-RCFILES. rcfiles
★ 4nspv. nspv is a password validation library for Go compatible with NIST Special Publication 800-63B.
★ 4github-dice. A useful tool for assigning someone to GitHub Issue, like a rolling dice.
★ 3peke_envs. [Experimental] peek and poke environment variables
★ 2PAC-MAN-GDD2010. GDD 2010 Dev Quiz
★ 2isucon10q-hz46. PHP
★ 1isucon10f-hz46. ISUCON10本選の一口坂46のリポジトリです。 利用した言語はGoです。
★ 1autoknitter. Automated Amazon Machine Images (AMI) builder.
★ 1MY-CODEIGNITER. edited codeigniter
★ 1GoogleCodeJam_PHP. PHP
★ 1openclaw. Your own personal AI assistant. Any OS. Any Platform. The lobster way. 🦞
★ 383kmoltworker. Run OpenClaw, (formerly Moltbot, formerly Clawdbot) on Cloudflare Workers
★ 9.9kopenwork. TypeScript
★ 1.4kevilginx2. Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
★ 15kgocontracts. A tool for design-by-contract in Go
★ 119OpenHands. 🙌 OpenHands: AI-Driven Development
★ 80kvncdotool. A command line VNC client and python library
★ 518awesome-fintech. A curated collection of open source fintech libraries and resources.
★ 349tls-scan. An Internet scale, blazing fast SSL/TLS scanner ( non-blocking, event-driven )
★ 332salesforce-security-review-automation. Salesforce Security Review Automation via Playwright
★ 5cloudsplaining. Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report.
★ 2.2korgu. orgu is a tool for implementing organization-wide workflows on GitHub
★ 24apkleaks. Scanning APK file for URIs, endpoints & secrets.
★ 6.2kgau. Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.
★ 5ksslscan. sslscan tests SSL/TLS enabled services to discover supported cipher suites
★ 2.6kgobuster. Directory/File, DNS and VHost busting tool written in Go
★ 14kgraudit. grep rough audit - source code auditing tool
★ 1.7kffuf. Fast web fuzzer written in Go
★ 16kWhatWeb. Next generation web scanner
★ 6.7kgitleaks. Find secrets with Gitleaks 🔑
★ 28klapper. Lapper is a wrapper programs for Container running on Lambda. (Beta)
★ 17gorilla. Gorilla: Training and Evaluating LLMs for Function Calls (Tool Calls)
★ 13kPentestGPT. Automated Penetration Testing Agentic Framework Powered by Large Language Models
★ 14kdnsx. dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers.
★ 2.8ktabby. Self-hosted AI coding assistant
★ 34kflan. A pretty sweet vulnerability scanner
★ 4.2khaystack. Open-source AI orchestration framework for building context-engineered, production-ready LLM applications. Design modular pipelines and agent workflows with explicit control over retrieval, routing, memory, and generation. Built for scalable agents, RAG, multimodal applications, semantic search, and conversational systems.
★ 26kopenplayground. An LLM playground you can run on your laptop
★ 6.4koffensive-ai-compilation. A curated list of useful resources that cover Offensive AI.
★ 1.4knuclei. Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.
★ 30kdmarc-email-worker. DMARC reports processor using Cloudflare Workers and Email Workers
★ 165hono. Web framework built on Web Standards
★ 31kcloudflare-worker-router. A super lightweight router (1.0K) with middleware support and ZERO dependencies for Cloudflare Workers.
★ 259itty-router. A little router.
★ 2kalpaca-lora. Instruct-tune LLaMA on consumer hardware
★ 19kalpaca.cpp. Locally run an Instruction-Tuned Chat-Style LLM
★ 10kguardrails. Adding guardrails to large language models.
★ 7.1kllama_index. LlamaIndex is the leading document agent and OCR platform
★ 51klangchain. The agent engineering platform.
★ 142klangchain-hub. Python
★ 3.4kllama. Inference code for Llama models
★ 60kCloudFlair. 🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.
★ 3kbelldog. Manage and proxy Slack webhooks
★ 13scep. Go SCEP server
★ 384cartography. Cartography is a Python tool that pulls infrastructure assets and their relationships into a Neo4j graph database.
★ 4kmobsfscan. mobsfscan is a static analysis tool that can find insecure code patterns in your Android and iOS source code. Supports Java, Kotlin, Swift, and Objective C Code. mobsfscan uses MobSF static analysis rules and is powered by semgrep and libsast pattern matcher.
★ 771BlueHound. BlueHound - pinpoint the security issues that actually matter
★ 769cloud-middleware-dataset.
★ 249sliver. Adversary Emulation Framework
★ 11kBananaPhone. It's a go variant of Hells gate! (directly calling windows kernel functions, but from Go!)
★ 532go-mimikatz. A wrapper around a pre-compiled version of the Mimikatz executable for the purpose of anti-virus evasion.
★ 629ratnet. Ratnet is a prototype anonymity network for mesh routing and embedded scenarios.
★ 217blackbird. An OSINT tool to search for accounts by username and email in social networks.
★ 7kreFlutter. Flutter Reverse Engineering Framework
★ 1.5kSambaHunter. It is a simple script to exploit RCE for Samba (CVE-2017-7494 ).
★ 57zerologon. Test script for CVE-2020-1472 for both RPC/TCP and RPC/SMB
★ 61iodine. Official git repo for iodine dns tunnel
★ 7.9kchisel. A fast TCP/UDP tunnel over HTTP
★ 16khayabusa. Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
★ 3.2kmarshalsec. Java
★ 3.7kysoserial.net. Deserialization payload generator for a variety of .NET formatters
★ 3.8kinsider. Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).
★ 553UTM. Virtual machines for iOS and macOS
★ 35ktudo. TUDO — A Vulnerable PHP Web App
★ 138go-msgraph. Golang implementation of the Microsoft Graph API
★ 58all-the-package-names. 🔤 A list of all the public package names on npm. Updated daily.
★ 297petereport. PeTeReport is an open-source application vulnerability reporting tool.
★ 563go_tpm_https_embed. TPM based mTLS
★ 21grr. GRR Rapid Response: remote live forensics for incident response
★ 5.1k3proxy. 3proxy - tiny free proxy server
★ 5.3kProjectChampollion. Reverse engineering Rosetta 2 on M1 Mac
★ 436wpscan. WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via contact@wpscan.com
★ 9.7kJavaWebApplicationStepByStep. JSP Servlets Tutorial For Beginners - in 25 Steps
★ 571NodeJS-Sample-App. Sample Employee CRUD application with Node.js, Express and MongoDB
★ 237simple-web-app-mvc-dotnet. Simple Web App MVC (C#, ASP.NET 9.0, MVC, Entity Framework ORM, Identity)
★ 54simple-php-website. An introductory example of how to build a simple and minimal website built with PHP.
★ 324bruteforce-luks. Try to find the password of a LUKS encrypted volume.
★ 280macos_security. macOS Security Compliance Project
★ 2.4kCIS-Script. Shell
★ 100RIP.
★ 1.4kEventTranscript.db-Research. A repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.
★ 43apprunner-roadmap. This is the public roadmap for AWS App Runner.
★ 302grafana. The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.
★ 76kcanarytokens. Canarytokens helps track activity and actions on your network
★ 2.1ktcardgen. Generate a TwitterCard(OGP) image for your Hugo posts.
★ 189zerologon. Exploit for zerologon cve-2020-1472
★ 697OSCP-Exam-Report-Template. Modified template for the OSCP Exam and Labs. Used during my passing attempt
★ 969feroxbuster. A fast, simple, recursive content discovery tool written in Rust.
★ 7.9kOSCP-PWK-Repo. The stuff I gathered during my time at the PWK labs and my OSCP exam.
★ 34OSCP. Materials for OSCP exam
★ 400JAWS. JAWS - Just Another Windows (Enum) Script
★ 2kphp-reverse-shell. PHP
★ 2.8kOSCP-BoF. This is a walkthrough about understanding the #BoF machine present in the #OSCP exam.
★ 62dotdotpwn. DotDotPwn - The Directory Traversal Fuzzer
★ 1.1kCVE-2017-12617. Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution
★ 400webauthn-example. Basic WebAuthn client and server in go
★ 97Symlink-Directory-Traversal-smb-manually. SAMBA Symlink Directory Traversal Manual Exploitation
★ 32Sherlock. PowerShell script to quickly find missing software patches for local privilege escalation vulnerabilities.
★ 2klambda-query. A serverless DB querying client with Lambda
★ 1crowbar. Crowbar is brute forcing tool that can be used during penetration tests. It is developed to support protocols that are not currently supported by thc-hydra and other popular brute forcing tools.
★ 1.5kPowerShell-Suite. My musings with PowerShell
★ 2.7kUACME. Defeating Windows User Account Control
★ 7.7kJuicy-Potato-x86. Juicy Potato for x86 Windows
★ 134windows-privesc-check. Standalone Executable to Check for Simple Privilege Escalation Vectors on Windows Systems
★ 1.5kwesng. Windows Exploit Suggester - Next Generation
★ 4.9knasmshell. shell for nasm
★ 65ctfpwn_challenge. C
★ 31GTFOBins.github.io. GTFOBins is a curated list of Unix-like executables that can be used to bypass local security restrictions in misconfigured systems.
★ 13kLOLBAS. Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
★ 8.7kpyroscope. Continuous Profiling Platform. Debug performance issues down to a single line of code
★ 12kHackingAllTheThings. My documentation and tools for learn ethical hacking.
★ 150juicy-potato. A sugared version of RottenPotatoNG, with a bit of juice, i.e. another Local Privilege Escalation tool, from a Windows Service Accounts to NT AUTHORITY\SYSTEM.
★ 2.8kPerfusion. Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)
★ 427hashID. Software to identify the different types of hashes -
★ 1.5kodat. ODAT: Oracle Database Attacking Tool
★ 1.8kWhatWaf. Detect and bypass web application firewalls and protection systems
★ 2.9kimpacket. Impacket is a collection of Python classes for working with network protocols.
★ 16kjwt_tool. :snake: A toolkit for testing, tweaking and cracking JSON Web Tokens
★ 6.7kHob0Rules. Password cracking rules for Hashcat based on statistics and industry patterns
★ 1.5kOSCP-Exam-Report-Template-Markdown. :orange_book: Markdown Templates for Offensive Security OSCP, OSWE, OSCE, OSEE, OSWP exam report
★ 4.2kysoserial. A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
★ 9kPEASS-ng. PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
★ 20kred_team_tool_countermeasures. YARA
★ 2.7kaws-lambda-base-images.
★ 775aws-lambda-runtime-interface-emulator. Go
★ 1.1kMY_CHEAT_SHEET. cheat sheet for penetration testing (Japanese) 🐉
★ 84local-exploits. Various local exploits
★ 147SirepRAT. Remote Command Execution as SYSTEM on Windows IoT Core (releases available for Python2.7 & Python3)
★ 390Cloak. A censorship circumvention tool to evade detection by authoritarian state adversaries
★ 4kgophish. Open-Source Phishing Toolkit
★ 14kkemon. An Open-Source Pre and Post Callback-Based Framework for macOS Kernel Monitoring.
★ 398oletools. oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.
★ 3.4kconfidential-computing-modules. A Module for Privacy-preserving State Transitions with Verifiability
★ 92conftest. Write tests against structured configuration data using the Open Policy Agent Rego query language
★ 3.2kartwork. OCI artwork and logos
★ 188enry. A faster file programming language detector
★ 457GAM. command line management for Google Workspace
★ 4.2kdiagrams. :art: Diagram as Code for prototyping cloud system architectures
★ 42kgosec. Go security checker
★ 8.9kPayloadsAllTheThings. A list of useful payloads and bypass for Web Application Security and Pentest/CTF
★ 79katlantis. Terraform Pull Request Automation
★ 9.2kSSRFTest. SSRF testing tool
★ 247rules. Repository of yara rules
★ 4.8kmodwifi. Shell
★ 491Microwalk. A microarchitectural leakage detection framework using dynamic instrumentation.
★ 84oss-fuzz. OSS-Fuzz - continuous fuzzing for open source software.
★ 12kpcapfex. 'Packet Capture Forensic Evidence eXtractor' is a tool that finds and extracts files from packet capture files
★ 228tplmap. Server-Side Template Injection and Code Injection Detection and Exploitation Tool
★ 4.2kMythic. A collaborative, multi-platform, red teaming framework
★ 4.6kdrozer. The Leading Security Assessment Framework for Android.
★ 4.6kCyBot. Open Source Threat Intelligence Chat Bot
★ 322wig-ng. WIG (WiFi Information Gathering) is a free and open source utility for WiFi device fingerprinting.
★ 39WIG. Tools for 802.11 information gathering.
★ 120acsploit. A tool for generating worst-case inputs to commonly used algorithms
★ 118zxcvbn. Low-Budget Password Strength Estimation
★ 16kLetsMapYourNetwork. Lets Map Your Network enables you to visualise your physical network in form of graph with zero manual error
★ 462chocoProxy. C#
★ 11zigdiggity. A ZigBee hacking toolkit by Bishop Fox
★ 299tainted_love. Dynamic Security Analysis for Ruby
★ 36ScoutSuite. Multi-Cloud Security Auditing Tool
★ 7.7kkube-hunter. Hunt for security weaknesses in Kubernetes clusters
★ 5.1kshadow-workers. Shadow Workers is a free and open source C2 and proxy designed for penetration testers to help in the exploitation of XSS and malicious Service Workers (SW)
★ 246AttackSurfaceAnalyzer. Attack Surface Analyzer can help you analyze your operating system's security configuration for changes during software installation.
★ 2.9kLauschgeraet. Gets in the way of your victim's traffic and out of yours
★ 27mitmengine. A MITM (monster-in-the-middle) detection tool. Used to build MALCOLM:
★ 814apple_bleee. Apple BLE research
★ 2.2kIntruderPayloads. A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.
★ 4kdeveloper-roadmap. Interactive roadmaps, guides and other educational content to help developers grow in their careers.
★ 360ksystem-design-primer. Learn how to design large-scale systems. Prep for the system design interview. Includes Anki flashcards.
★ 357kmdx-deck. ♠️ React MDX-based presentation decks
★ 11ksshpry. Seamlessly spy on SSH session like it is your tty
★ 348deep-learning-from-scratch. 『ゼロから作る Deep Learning』(O'Reilly Japan, 2016)
★ 4.8kphpdcd. Dead Code Detector (DCD) for PHP code.
★ 412hyperd. HyperContainer Daemon
★ 2klepton. Lepton is a tool and file format for losslessly compressing JPEGs by an average of 22%.
★ 5kvegeta. HTTP load testing tool and library. It's over 9000!
★ 25kvuls. Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
★ 12knetdata. The fastest path to AI-powered full stack observability, even for lean teams.
★ 80kawsecrets. AWS credentials loader
★ 17awspec. RSpec tests for your AWS resources.
★ 1.2kmod_rpaf-0.6. C
★ 19GoogleCodeJam_PHP. PHP
★ 1MY-CODEIGNITER. edited codeigniter
★ 1jquery-pjax. pushState + ajax = pjax
★ 17kMY-RCFILES. rcfiles
★ 4PAC-MAN-GDD2010. GDD 2010 Dev Quiz
★ 2vim-surround. surround.vim: Delete/change/add parentheses/quotes/XML-tags/much more with ease
★ 14k