SecLists. SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
72kFabric. Fabric is an open-source framework for augmenting humans using AI. It provides a modular system for solving specific problems using a crowdsourced set of AI prompts that can be used anywhere.
43kLifeOS. An General Purpose AI Harness for magnifying human capabilities. [CODING, BUILDING, CREATING, BUSINESS, LIFE, WORK, ...]
17kRobotsDisallowed. A curated list of the most common and most interesting robots.txt disallowed directories.
1.5kTelos. Telos is an open-sourced framework for creating Deep Context about things that matter to humans.
1.5kSubstrate. An Open-source Framework for Human Understanding, Meaning, and Progress.
867Daemon. An open-source personal API framework.
219blackhat-arsenal-tools. Official Black Hat Arsenal Security Tools Repository
164Source2URL. Parse source code directories and output list of URLs that are then sent through a proxy.
163vim. My Vim configuration.
156ExtractWisdom. An AI prompt project that uses AI to extract wisdom from all sorts of text, from podcast transcripts, conversations, talks, lectures, papers, articles, blog posts, essays, presentations, or whatever you can get into text form.
149Caparser. A quick and dirty PCAP parser that helps you identify who your applications are sending sensitive data to without encryption.
121yt. The yt command stands for YouTube Transcript, and pulls transcripts from YouTube.
117HoneyCredIPTracker. Quick script to gather stats on incoming credentials and IPs for a honey listener.
112nginx. My Nginx configuration files, for all to use and improve upon.
111egression. Test a network's egress controls with various levels of success and failure.
106SecurityTools. A repo for collecting and organizing security tools of various types. As new ones come out, they get added to the list.
104iptables. An iptables firewall configuration template.
80DNSHarvester. This tool will harvest valid DNS subdomains from a given domain.
77BugOutBag. BugOutBag
68athi. ATHI — An AI Threat Modeling Framework for Policymakers
65TechStack. This project exists as a free (and transparent) alternative to paid services that show you what technologies are running on a given website.
59CTFSolutionTypes. A collection of CTF solution types, i.e. not solutions to specific CTF challenges, but the general categories that those solutions fall under. Includes CTF solution categories for web, binary, network, crypto, and others. Please contribute!
57GeoHarvest. A simple script for translating IP addresses to GeoLocations
54ATM. The Adaptive Security Testing Methodology (ASTM) provides context-adjusted testing methodologies based on factors such as time available to test, platform, technology stack, versions, plugins, modules, and other variables.
50augmented-course. The website for the AUGMENTED AI course.
47VimBlog. A Vim plugin for managing a Wordpress blog.
45geoip. A Ruby script that takes in IPs and returns Country, State, and City
42mobiletools. Free tools for mobile testing.
41Frames. An open-source collection of positive and negative mental frames.
39Books. A list of the books that I am reading, with priorities.
37tmux. My tmux stuff
37neovim. My Neovim settings
35unsupervised-learning.
34Self. A tracking system for everything me, e.g.: beliefs, passions, must-haves, must-dos, favorite movies, favorite quotes, favorite aphorisms, etc.
32hostfind. Does a dictionary lookup on common, valuable hostnames for a given domain.
26ServerConfig. My various configuration files for zsh, vim, tmux, etc.
26threshold-site. The website for the Threshold.
24top-domains. A repository for maintaining a list of the top domains based on multiple lists
24mst. A meta-scan tool used to kick off a number of command-line security tools during VA/PT work.
23GitHubRating. A composite score for one's GitHub quality.
22CertExpirationCheck. Checks to see when the cert for a given domain expires.
20import-alignment. A library-based attempt to increase our chances for achieving AI Alignment with an emergent AGI.
20NewBox. Zsh and Vim on new Linux boxen.
19Personal. A repository for personal tracking.
19gscour. Find all hostnames related to a given domain. Helpful during VA/PT work.
17GetTweets. Get a number of your tweets from the Twitter API.
15.dotfiles. Dotfiles for nvim, oh-my-zsh, and other stuff…
12MostPoweredBy. Checks to see the most common X-Powered-By headers for the world's most popular websites.
9owasp-summit-2017. Content for OWASP Summit 2017 site
9WorkDay. An ideal (regular) work day.
7Dicematch. Determines how many times a given number of dice match each other.
6Intimate. INTIMATE -- The audience management platform.
5CaliforniaAirQuality. Get the air quality for your area from California's AIrNow website using Ruby and Nokogiri.
5diceroll. A dice-rolling application for rolling any number of six-side dice any number of times.
3BandShuffle. Shuffle some bands, yo.
2mhp. A proof-by-simulation of the Monty Hall problem [Python]
1