This is your work, valued
Open-source tool maker, trainer, talker, fixer, eater, not really a sheep. He/him.
gotreesitter. Pure Go tree-sitter runtime
528open-midinous. A generative meta-logic-based music software
91milton. An infinite-canvas paint program
1.9kfeDisplacementMaps. Playing with SVG's <feDisplacementMap>
19signls. a non-linear, generative midi sequencer in the terminal :infinity:
245you-get. :arrow_double_down: Dumb downloader that scrapes the web
57kgomponents. HTML components in pure Go.
1.8ksignal-back. Decrypt Signal encrypted backups outside the app
718sol. A de-minifier (formatter, exploder, beautifier) for shell one-liners
517fastgron. High-performance JSON to GRON (greppable, flattened JSON) converter
674ast-grep. ⚡A CLI tool for code structural search, lint and rewriting. Written in Rust
15kwebpaste. Save your dorking results to the terminal. A modified version of TomNomNom's amazing tool!
99go-gui-projects. A list of Go GUI projects
2koctosql. OctoSQL is a query tool that allows you to join, analyse and transform data from multiple databases and file formats using SQL.
5.3kcortexguitarfx. guitar effects processor implemented on various arm cortex platforms
141NeuralAmpModelerPlugin. Plugin for Neural Amp Modeler
2.8kspark-joy. ✨😂 2000+ ways to add design flair, user delight, and whimsy to your product.
9.8kawesome-livecoding. All things livecoding
3.2kvhs. Your CLI home video recorder 📼
20kImHex. 🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.
54klensm. Go assembly and source viewer
3.7kresolvers. The most exhaustive list of reliable DNS resolvers.
1kFunctional-Light-JS. Pragmatic, balanced FP in JavaScript. @FLJSBook on twitter.
17kfunctional-programming-jargon. Jargon from the functional programming world in simple terms!
19klibbpfgo. eBPF library for Go. Powered by libbpf.
843go-tree-sitter. Golang bindings for tree-sitter https://github.com/tree-sitter/tree-sitter
559unzip-http. Extract individual files from .zip files over http without downloading the entire archive.
298cheatsheets. Community-sourced cheatsheets
2kjakt. The Jakt Programming Language
3kquamina. Home of Quamina, a fast pattern-matching library in Go
496evenmoreutils. A collection of command line tools to extend the shell environment.
93dn. 💾 dn - offline full-text search and archiving for your Chromium-based browser.
3.9kjo. JSON output from a shell
4.9kfq. jq for binary formats - tool, language and decoders for working with binary and text formats
11kquickemu. Quickly create and run optimised Windows, macOS and Linux virtual machines
15khurl. Hurl, run and test HTTP requests with plain text.
19kmatrix. matrix (web-based green code rain, made with love)
3.8kurlhunter. a recon tool that allows searching on URLs that are exposed via shortener services
1.7kclairvoyance. Obtain GraphQL API schema even if the introspection is disabled
1.5kbcal. :1234: Bits, bytes and general-purpose calculator
697gitignore. A collection of useful .gitignore templates
175kwarcannon. High speed/Low cost CommonCrawl RegExp in Node.js
256apollo. A Unix-style personal search engine and web crawler for your digital footprint.
1.4kwayback-machine-downloader. Download an entire website from the Wayback Machine.
5.9klucky-commit. Customize your git commit hashes!
2kalda. A music programming language for musicians. :notes:
5.9kCiphey. ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
21kSearch-That-Hash. 🔎Searches Hash APIs to crack your hash quickly🔎 If hash is not found, automatically pipes into HashCat⚡
1.4kName-That-Hash. 🔗 Don't know what type of hash it is? Name That Hash will name that hash type! 🤖 Identify MD5, SHA256 and 300+ other hashes ☄ Comes with a neat web app 🔥
1.7khachoir. Hachoir is a Python library to view and edit a binary stream field by field
666fuckitpy. The Python error steamroller.
5.3kpyWhat. 🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙♀️
7.3kpage-fetch. Fetch web pages using headless Chrome, storing all fetched resources including JavaScript files. Run arbitrary JavaScript on many web pages and see the returned values
530Addon. ClearURLs is an add-on based on the new WebExtensions technology and will automatically remove tracking elements from URLs to help protect your privacy.
5kArjun. HTTP parameter discovery suite.
6.3kprowler. Prowler is the world’s most widely used open-source cloud security platform that automates security and compliance across any cloud environment.
14kleaky-paths. A collection of special paths linked to common sensitive APIs, devops internals, frameworks conf, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.
1.2kcodehike. Build rich content websites with Markdown and React
5.4kwafw00f. WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.
6.5kapkleaks. Scanning APK file for URIs, endpoints & secrets.
6.1kBurpParamFlagger. A Burp extension adding a passive scan check to flag parameters whose name or value may indicate a possible insertion point for SSRF or LFI.
133dnSpy. .NET debugger and assembly editor
30kBitmapFonts. My collection of bitmap fonts pulled from various demoscene archives over the years
1.9kresources. Tools, data, and contact lists relevant to The disclose.io Project.
325web-ext. A command line tool to help build, run, and test web extensions
3.1kformats. File formats
982vanilla-todo. A case study on viable techniques for vanilla web development.
1.2kGitDorker. A Python program to scrape secrets from GitHub through usage of a large repository of dorks.
2.6kfasthttp. Fast HTTP package for Go. Tuned for high performance. Zero memory allocations in hot paths. Up to 10x faster than net/http
23kgomarkov. Markov chains in golang
381FavFreak. Making Favicon.ico based Recon Great again !
1.3kclient-side-prototype-pollution. Prototype Pollution and useful Script Gadgets
1.6khardware-hacking. Some stuff about Hardware Hacking
620hetty. An HTTP toolkit for security research.
12kelsa. ❄️ Elsa is a minimal runtime for JavaScript and TypeScript written in Go
2.8kduf. Disk Usage/Free Utility - a better 'df' alternative
15kgo-diagrams. Create beautiful system diagrams with Go
5.2krex-gym. OpenAI Gym environments for an open-source quadruped robot (SpotMicro)
1.1kWeylus. Use your tablet as graphic tablet/touch screen on your computer.
9.4kjwt-secret. Bruteforce a JWT against a list of passwords
84awesome-falsehood. 😱 Falsehoods Programmers Believe in
28kcloud-ranges. A list of cloud ranges from different providers.
461diodb. Open-source vulnerability disclosure and bug bounty program database
1.1kSQLi-Query-Tampering. SQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite's Intruder. This extension gives you the flexibility of manual testing with many powerful evasion techniques.
157TLS-poison. Rust
703macintosh.js. 🖥 A virtual Apple Macintosh with System 8, running in Electron. I'm sorry.
8.5kNoiseTorch. Real-time microphone noise suppression on Linux.
10kweird_proxies. Reverse proxies cheatsheet
1.9kurlgrab. A golang utility to spider through a website searching for additional links.
343Pwdb-Public. A collection of all the data i could extract from 1 billion leaked credentials from internet.
3.3kpromnesia. Another piece of your extended mind
1.9kgitscraper. A tool which scrapes public github repositories for common naming conventions in variables, folders and files
296asm. assembly language examples, mostly Linux
46OneForAll. OneForAll是一款功能强大的子域收集工具
9.9kgo-arg. Struct-based argument parsing in Go
2.3kburp-piper. Piper Burp Suite Extender plugin
130katana. Katana - Automatic CTF Challenge Solver in Python3
1.4kctf-katana. This repository aims to hold suggestions (and hopefully/eventually code) for CTF challenges. The "project" is nicknamed Katana.
2.9kdell-xps-9570-ubuntu-respin. Collection of scripts and tweaks to adapt Ubuntu running smooth on Dell XPS 15 9570.
994xss-cheatsheet-data. This repository contains all the XSS cheatsheet data to allow contributions from the community.
457dnsvalidator. Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses.
741services-names-wordlist. services-names-wordlist
87goawk. A POSIX-compliant AWK interpreter written in Go, with CSV support
2kApplicationInspector. A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.
4.4kbruteforce-lists. Some files for bruteforcing certain things.
1.4kpipedream. Connect APIs, remarkably fast. Free for developers.
12kthe-book-of-secret-knowledge. A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
233kgit-secrets. Prevents you from committing secrets and credentials into git repositories
13kjwtcat. A CPU-based JSON Web Token (JWT) cracker and - to some extent - scanner.
334reredirect. Tool to dynamicly redirect outputs of a running process
604Awesome-Hacking. A collection of various awesome lists for hackers, pentesters and security researchers
116kandriller. 📱 Andriller - is software utility with a collection of forensic tools for smartphones. It performs read-only, forensically sound, non-destructive acquisition from Android devices.
1.6khuginn. Create agents that monitor and act on your behalf. Your agents are standing by!
50kuni. Query the Unicode database from the commandline, with good support for emojis
856sherlock. Hunt down social media accounts by username across social networks
86khacker-laws. 🧠 Laws, Theories, Principles and Patterns for developers and technologists.
27kSourcetrail. Sourcetrail - free and open-source interactive source explorer
16kawesome-osint. :scream: A curated list of amazingly awesome OSINT
19codesearch. Fast, indexed regexp search over large file trees
4kdetect-secrets. An enterprise friendly way of detecting and preventing secrets in code.
4.6kGitHunter. A tool for searching a Git repository for interesting content
107brozzler. brozzler - distributed browser-based web crawler
806SandDance. Visually explore, understand, and present your data.
7.1kdomdig. DOM XSS scanner for Single Page Applications
420inql. InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.
1.8kn8n. Fair-code workflow automation platform with native AI capabilities. Combine visual building with custom code, self-host or cloud, 400+ integrations.
196kJailer. Database Subsetting and Relational Data Browsing Tool.
3.2keyeballer. Convolutional neural network for analyzing pentest screenshots
1.3kdnsgen. DNSGen is a powerful and flexible DNS name permutation tool designed for security researchers and penetration testers. It generates intelligent domain name variations to assist in subdomain discovery and security assessments.
1.1kstrings. Strings is a custom, Unicode-competent version of the BSD strings utility.
55xurls. Extract urls from text
1.3kpwntools. CTF framework and exploit development library
14kshhgit. Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories.
4kpentest-tools. A collection of custom security tools for quick needs.
3.3kawesome-chrome-devtools. Awesome tooling and resources in the Chrome DevTools & DevTools Protocol ecosystem
7.1kchromedp. A faster, simpler way to drive browsers supporting the Chrome DevTools Protocol.
13kgitGraber. gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...
2.3kAwesome-Asset-Discovery. List of Awesome Asset Discovery Resources
2.7kawesome-actions. A curated list of awesome actions to use on GitHub
28kstatistically-likely-usernames. Wordlists for creating statistically likely username lists for use in password attacks and security testing. Used for pentesting for over 10 years with amazing results.
1.3kmy-arsenal-of-aws-security-tools. List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
9.5khttpninja. HTTP.ninja
149pigo. Fast face detection, pupil/eyes localization and facial landmark points detection library in pure Go.
4.7kskopeo. Work with remote images registries - retrieving information, images, signing content
11kpup. Parsing HTML at the command line
8.4khtq. A grep-like tool for extracting elements from html using CSS Selectors
21xxhash. A Go implementation of the 64-bit xxHash algorithm (XXH64)
2.1kconnect. Fancy stream processing made operationally mundane
8.7kVHostScan. A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.
1.3kSundayStreams. Data from my Sunday streams
74otxurls. Fetch known urls from AlienVault's Open Threat Exchange for given hosts
63dive. A tool for exploring each layer in a docker image
54kzalenium. A flexible and scalable container based Selenium Grid with video recording, live preview, basic auth & dashboard.
2.4kcurl-to-go. Convert curl commands to Go code in your browser
1.8krecursebuster. rapid content discovery tool for recursively querying webservers, handy in pentesting and web application assessments
250ripgrep-all. rga: ripgrep, but also search in PDFs, E-Books, Office documents, zip, tar.gz, etc.
9.7kurl-knife. Extract and decompose (fuzzy) URLs (including emails, which are conceptually a part of URLs) in texts with Area-Pattern-based modularity
355badwolf. Temporal graph store abstraction layer.
986ArchiveSpark. An Apache Spark framework for easy data processing, extraction as well as derivation for web archives and archival collections, developed at Internet Archive.
161semantic. Parsing, analyzing, and comparing source code across many languages
9kTravisLeaks. A tool to find sensitive keys and passwords in Travis logs
140keywords.
374JSONBee. A ready to use JSONP endpoints/payloads to help bypass content security policy (CSP) of different websites.
763Scout2. Security auditing tool for AWS environments
1.7kchroma-code. Chroma key in your browser!
78chrome-names. Periodically updated lists of interesting Chrome (blink) "names".
3keyhacks. Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
6.3kSlackPirate. Slack Enumeration and Extraction Tool - extract sensitive information from a Slack Workspace
781find-sec-bugs. The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
2.4k50M_CTF_Writeup. $50 Million CTF from Hackerone - Writeup
604intrigue-ident. Application and Service Fingerprinting
134get_schemas. Print out URL schemas from an Android app
133upload-scanner. HTTP file upload scanner for Burp Proxy
419grofs. Simple Git Read-Only File System
13brakeman. A static analysis security vulnerability scanner for Ruby on Rails applications
7.3kPentestHardware. Kinda useful notes collated together publicly
505osquery. SQL powered operating system instrumentation, monitoring, and analytics.
23kgitbase. SQL interface to git repositories, written in Go. https://docs.sourced.tech/gitbase
2.1kgo-mysql-server. An extensible MySQL server implementation in Go.
1khash_extender. C
1.2kdarktile. :waning_crescent_moon: Darktile is an experimental/abandoned GPU rendered terminal emulator designed for tiling window managers.
3.1koff-by-slash. Burp extension to detect alias traversal via NGINX misconfiguration at scale.
266phpggc. PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.
3.8kapi-playground. The Best Buy API Playground is an API training tool for students, educators and other learners to explore the possibilities of a fully functional RESTful API in a simple, non-production environment.
263hyperscan. High-performance regular expression matching library
5.4kfdns. Concurrent Rapid7 FDNS dataset parser
93burp-extender-api-kotlin. Burp Extender API - Unofficial Kotlin version
5Open-Redirect-Payloads. Open Redirect Payloads
663pure-bash-bible. 📖 A collection of pure bash alternatives to external processes.
42kbucket-stream. Find interesting Amazon S3 Buckets by watching certificate transparency logs.
1.8kdnscache. A DNS Cache for Go
127PadBuster. Automated script for performing Padding Oracle attacks
813websocat. Command-line client for WebSockets, like netcat (or curl) for ws:// with advanced socat-like functions
8.6kaltdns. Generates permutations, alterations and mutations of subdomains and then resolves them
2.5kpathbrute. Pathbrute
455wayback. IA's public Wayback Machine (moved from SourceForge)
843BurpSuiteHTTPSmuggler. A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques
746Hackfest2017-Challenges. All of my Hackfest 2017 CTF challenges
9public-cloud-storage-search. A search engine for content shared publicly via cloud storage services
104termtosvg. Record terminal sessions as SVG animations
9.8k