This is your work, valued

Sat
Sun
Mon
Tue
Wed
Yesterday
Today
Active 22d ago
Yorkshire, UK

TomNomNom

Top 25%
@tomnomnom

Open-source tool maker, trainer, talker, fixer, eater, not really a sheep. He/him.

gotreesitter. Pure Go tree-sitter runtime

528

open-midinous. A generative meta-logic-based music software

91

milton. An infinite-canvas paint program

1.9k

feDisplacementMaps. Playing with SVG's <feDisplacementMap>

19

signls. a non-linear, generative midi sequencer in the terminal :infinity:

245

you-get. :arrow_double_down: Dumb downloader that scrapes the web

57k

gomponents. HTML components in pure Go.

1.8k

signal-back. Decrypt Signal encrypted backups outside the app

718

sol. A de-minifier (formatter, exploder, beautifier) for shell one-liners

517

fastgron. High-performance JSON to GRON (greppable, flattened JSON) converter

674

ast-grep. ⚡A CLI tool for code structural search, lint and rewriting. Written in Rust

15k

webpaste. Save your dorking results to the terminal. A modified version of TomNomNom's amazing tool!

99

go-gui-projects. A list of Go GUI projects

2k

octosql. OctoSQL is a query tool that allows you to join, analyse and transform data from multiple databases and file formats using SQL.

5.3k

cortexguitarfx. guitar effects processor implemented on various arm cortex platforms

141

NeuralAmpModelerPlugin. Plugin for Neural Amp Modeler

2.8k

spark-joy. ✨😂 2000+ ways to add design flair, user delight, and whimsy to your product.

9.8k

awesome-livecoding. All things livecoding

3.2k

vhs. Your CLI home video recorder 📼

20k

ImHex. 🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.

54k

lensm. Go assembly and source viewer

3.7k

resolvers. The most exhaustive list of reliable DNS resolvers.

1k

Functional-Light-JS. Pragmatic, balanced FP in JavaScript. @FLJSBook on twitter.

17k

functional-programming-jargon. Jargon from the functional programming world in simple terms!

19k

libbpfgo. eBPF library for Go. Powered by libbpf.

843

go-tree-sitter. Golang bindings for tree-sitter https://github.com/tree-sitter/tree-sitter

559

unzip-http. Extract individual files from .zip files over http without downloading the entire archive.

298

cheatsheets. Community-sourced cheatsheets

2k

jakt. The Jakt Programming Language

3k

quamina. Home of Quamina, a fast pattern-matching library in Go

496

evenmoreutils. A collection of command line tools to extend the shell environment.

93

dn. 💾 dn - offline full-text search and archiving for your Chromium-based browser.

3.9k

jo. JSON output from a shell

4.9k

fq. jq for binary formats - tool, language and decoders for working with binary and text formats

11k

quickemu. Quickly create and run optimised Windows, macOS and Linux virtual machines

15k

hurl. Hurl, run and test HTTP requests with plain text.

19k

matrix. matrix (web-based green code rain, made with love)

3.8k

urlhunter. a recon tool that allows searching on URLs that are exposed via shortener services

1.7k

clairvoyance. Obtain GraphQL API schema even if the introspection is disabled

1.5k

bcal. :1234: Bits, bytes and general-purpose calculator

697

gitignore. A collection of useful .gitignore templates

175k

warcannon. High speed/Low cost CommonCrawl RegExp in Node.js

256

apollo. A Unix-style personal search engine and web crawler for your digital footprint.

1.4k

wayback-machine-downloader. Download an entire website from the Wayback Machine.

5.9k

lucky-commit. Customize your git commit hashes!

2k

alda. A music programming language for musicians. :notes:

5.9k

Ciphey. ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

21k

Search-That-Hash. 🔎Searches Hash APIs to crack your hash quickly🔎 If hash is not found, automatically pipes into HashCat⚡

1.4k

Name-That-Hash. 🔗 Don't know what type of hash it is? Name That Hash will name that hash type! 🤖 Identify MD5, SHA256 and 300+ other hashes ☄ Comes with a neat web app 🔥

1.7k

hachoir. Hachoir is a Python library to view and edit a binary stream field by field

666

fuckitpy. The Python error steamroller.

5.3k

pyWhat. 🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙‍♀️

7.3k

page-fetch. Fetch web pages using headless Chrome, storing all fetched resources including JavaScript files. Run arbitrary JavaScript on many web pages and see the returned values

530

Addon. ClearURLs is an add-on based on the new WebExtensions technology and will automatically remove tracking elements from URLs to help protect your privacy.

5k

Arjun. HTTP parameter discovery suite.

6.3k

prowler. Prowler is the world’s most widely used open-source cloud security platform that automates security and compliance across any cloud environment.

14k

leaky-paths. A collection of special paths linked to common sensitive APIs, devops internals, frameworks conf, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.

1.2k

codehike. Build rich content websites with Markdown and React

5.4k

wafw00f. WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.

6.5k

apkleaks. Scanning APK file for URIs, endpoints & secrets.

6.1k

BurpParamFlagger. A Burp extension adding a passive scan check to flag parameters whose name or value may indicate a possible insertion point for SSRF or LFI.

133

dnSpy. .NET debugger and assembly editor

30k

BitmapFonts. My collection of bitmap fonts pulled from various demoscene archives over the years

1.9k

resources. Tools, data, and contact lists relevant to The disclose.io Project.

325

web-ext. A command line tool to help build, run, and test web extensions

3.1k

formats. File formats

982

vanilla-todo. A case study on viable techniques for vanilla web development.

1.2k

GitDorker. A Python program to scrape secrets from GitHub through usage of a large repository of dorks.

2.6k

fasthttp. Fast HTTP package for Go. Tuned for high performance. Zero memory allocations in hot paths. Up to 10x faster than net/http

23k

gomarkov. Markov chains in golang

381

FavFreak. Making Favicon.ico based Recon Great again !

1.3k

client-side-prototype-pollution. Prototype Pollution and useful Script Gadgets

1.6k

hardware-hacking. Some stuff about Hardware Hacking

620

hetty. An HTTP toolkit for security research.

12k

elsa. ❄️ Elsa is a minimal runtime for JavaScript and TypeScript written in Go

2.8k

duf. Disk Usage/Free Utility - a better 'df' alternative

15k

go-diagrams. Create beautiful system diagrams with Go

5.2k

rex-gym. OpenAI Gym environments for an open-source quadruped robot (SpotMicro)

1.1k

Weylus. Use your tablet as graphic tablet/touch screen on your computer.

9.4k

jwt-secret. Bruteforce a JWT against a list of passwords

84

awesome-falsehood. 😱 Falsehoods Programmers Believe in

28k

cloud-ranges. A list of cloud ranges from different providers.

461

diodb. Open-source vulnerability disclosure and bug bounty program database

1.1k

SQLi-Query-Tampering. SQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite's Intruder. This extension gives you the flexibility of manual testing with many powerful evasion techniques.

157

TLS-poison. Rust

703

macintosh.js. 🖥 A virtual Apple Macintosh with System 8, running in Electron. I'm sorry.

8.5k

NoiseTorch. Real-time microphone noise suppression on Linux.

10k

weird_proxies. Reverse proxies cheatsheet

1.9k

urlgrab. A golang utility to spider through a website searching for additional links.

343

Pwdb-Public. A collection of all the data i could extract from 1 billion leaked credentials from internet.

3.3k

promnesia. Another piece of your extended mind

1.9k

gitscraper. A tool which scrapes public github repositories for common naming conventions in variables, folders and files

296

asm. assembly language examples, mostly Linux

46

OneForAll. OneForAll是一款功能强大的子域收集工具

9.9k

go-arg. Struct-based argument parsing in Go

2.3k

burp-piper. Piper Burp Suite Extender plugin

130

katana. Katana - Automatic CTF Challenge Solver in Python3

1.4k

ctf-katana. This repository aims to hold suggestions (and hopefully/eventually code) for CTF challenges. The "project" is nicknamed Katana.

2.9k

dell-xps-9570-ubuntu-respin. Collection of scripts and tweaks to adapt Ubuntu running smooth on Dell XPS 15 9570.

994

xss-cheatsheet-data. This repository contains all the XSS cheatsheet data to allow contributions from the community.

457

dnsvalidator. Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses.

741

services-names-wordlist. services-names-wordlist

87

goawk. A POSIX-compliant AWK interpreter written in Go, with CSV support

2k

ApplicationInspector. A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.

4.4k

bruteforce-lists. Some files for bruteforcing certain things.

1.4k

pipedream. Connect APIs, remarkably fast. Free for developers.

12k

the-book-of-secret-knowledge. A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.

233k

git-secrets. Prevents you from committing secrets and credentials into git repositories

13k

jwtcat. A CPU-based JSON Web Token (JWT) cracker and - to some extent - scanner.

334

reredirect. Tool to dynamicly redirect outputs of a running process

604

Awesome-Hacking. A collection of various awesome lists for hackers, pentesters and security researchers

116k

andriller. 📱 Andriller - is software utility with a collection of forensic tools for smartphones. It performs read-only, forensically sound, non-destructive acquisition from Android devices.

1.6k

huginn. Create agents that monitor and act on your behalf. Your agents are standing by!

50k

uni. Query the Unicode database from the commandline, with good support for emojis

856

sherlock. Hunt down social media accounts by username across social networks

86k

hacker-laws. 🧠 Laws, Theories, Principles and Patterns for developers and technologists.

27k

Sourcetrail. Sourcetrail - free and open-source interactive source explorer

16k

awesome-osint. :scream: A curated list of amazingly awesome OSINT

19

codesearch. Fast, indexed regexp search over large file trees

4k

detect-secrets. An enterprise friendly way of detecting and preventing secrets in code.

4.6k

GitHunter. A tool for searching a Git repository for interesting content

107

brozzler. brozzler - distributed browser-based web crawler

806

SandDance. Visually explore, understand, and present your data.

7.1k

domdig. DOM XSS scanner for Single Page Applications

420

inql. InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.

1.8k

n8n. Fair-code workflow automation platform with native AI capabilities. Combine visual building with custom code, self-host or cloud, 400+ integrations.

196k

Jailer. Database Subsetting and Relational Data Browsing Tool.

3.2k

eyeballer. Convolutional neural network for analyzing pentest screenshots

1.3k

dnsgen. DNSGen is a powerful and flexible DNS name permutation tool designed for security researchers and penetration testers. It generates intelligent domain name variations to assist in subdomain discovery and security assessments.

1.1k

strings. Strings is a custom, Unicode-competent version of the BSD strings utility.

55

xurls. Extract urls from text

1.3k

pwntools. CTF framework and exploit development library

14k

shhgit. Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories.

4k

pentest-tools. A collection of custom security tools for quick needs.

3.3k

awesome-chrome-devtools. Awesome tooling and resources in the Chrome DevTools & DevTools Protocol ecosystem

7.1k

chromedp. A faster, simpler way to drive browsers supporting the Chrome DevTools Protocol.

13k

gitGraber. gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

2.3k

Awesome-Asset-Discovery. List of Awesome Asset Discovery Resources

2.7k

awesome-actions. A curated list of awesome actions to use on GitHub

28k

statistically-likely-usernames. Wordlists for creating statistically likely username lists for use in password attacks and security testing. Used for pentesting for over 10 years with amazing results.

1.3k

my-arsenal-of-aws-security-tools. List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

9.5k

httpninja. HTTP.ninja

149

pigo. Fast face detection, pupil/eyes localization and facial landmark points detection library in pure Go.

4.7k

skopeo. Work with remote images registries - retrieving information, images, signing content

11k

pup. Parsing HTML at the command line

8.4k

htq. A grep-like tool for extracting elements from html using CSS Selectors

21

xxhash. A Go implementation of the 64-bit xxHash algorithm (XXH64)

2.1k

connect. Fancy stream processing made operationally mundane

8.7k

VHostScan. A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

1.3k

SundayStreams. Data from my Sunday streams

74

otxurls. Fetch known urls from AlienVault's Open Threat Exchange for given hosts

63

dive. A tool for exploring each layer in a docker image

54k

zalenium. A flexible and scalable container based Selenium Grid with video recording, live preview, basic auth & dashboard.

2.4k

curl-to-go. Convert curl commands to Go code in your browser

1.8k

recursebuster. rapid content discovery tool for recursively querying webservers, handy in pentesting and web application assessments

250

ripgrep-all. rga: ripgrep, but also search in PDFs, E-Books, Office documents, zip, tar.gz, etc.

9.7k

url-knife. Extract and decompose (fuzzy) URLs (including emails, which are conceptually a part of URLs) in texts with Area-Pattern-based modularity

355

badwolf. Temporal graph store abstraction layer.

986

ArchiveSpark. An Apache Spark framework for easy data processing, extraction as well as derivation for web archives and archival collections, developed at Internet Archive.

161

semantic. Parsing, analyzing, and comparing source code across many languages

9k

TravisLeaks. A tool to find sensitive keys and passwords in Travis logs

140

keywords.

374

JSONBee. A ready to use JSONP endpoints/payloads to help bypass content security policy (CSP) of different websites.

763

Scout2. Security auditing tool for AWS environments

1.7k

chroma-code. Chroma key in your browser!

78

chrome-names. Periodically updated lists of interesting Chrome (blink) "names".

3

keyhacks. Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.

6.3k

SlackPirate. Slack Enumeration and Extraction Tool - extract sensitive information from a Slack Workspace

781

find-sec-bugs. The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

2.4k

50M_CTF_Writeup. $50 Million CTF from Hackerone - Writeup

604

intrigue-ident. Application and Service Fingerprinting

134

get_schemas. Print out URL schemas from an Android app

133

upload-scanner. HTTP file upload scanner for Burp Proxy

419

grofs. Simple Git Read-Only File System

13

brakeman. A static analysis security vulnerability scanner for Ruby on Rails applications

7.3k

PentestHardware. Kinda useful notes collated together publicly

505

osquery. SQL powered operating system instrumentation, monitoring, and analytics.

23k

gitbase. SQL interface to git repositories, written in Go. https://docs.sourced.tech/gitbase

2.1k

go-mysql-server. An extensible MySQL server implementation in Go.

1k

hash_extender. C

1.2k

darktile. :waning_crescent_moon: Darktile is an experimental/abandoned GPU rendered terminal emulator designed for tiling window managers.

3.1k

off-by-slash. Burp extension to detect alias traversal via NGINX misconfiguration at scale.

266

phpggc. PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.

3.8k

api-playground. The Best Buy API Playground is an API training tool for students, educators and other learners to explore the possibilities of a fully functional RESTful API in a simple, non-production environment.

263

hyperscan. High-performance regular expression matching library

5.4k

fdns. Concurrent Rapid7 FDNS dataset parser

93

burp-extender-api-kotlin. Burp Extender API - Unofficial Kotlin version

5

Open-Redirect-Payloads. Open Redirect Payloads

663

pure-bash-bible. 📖 A collection of pure bash alternatives to external processes.

42k

bucket-stream. Find interesting Amazon S3 Buckets by watching certificate transparency logs.

1.8k

dnscache. A DNS Cache for Go

127

PadBuster. Automated script for performing Padding Oracle attacks

813

websocat. Command-line client for WebSockets, like netcat (or curl) for ws:// with advanced socat-like functions

8.6k

altdns. Generates permutations, alterations and mutations of subdomains and then resolves them

2.5k

pathbrute. Pathbrute

455

wayback. IA's public Wayback Machine (moved from SourceForge)

843

BurpSuiteHTTPSmuggler. A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques

746

Hackfest2017-Challenges. All of my Hackfest 2017 CTF challenges

9

public-cloud-storage-search. A search engine for content shared publicly via cloud storage services

104

termtosvg. Record terminal sessions as SVG animations

9.8k