Awesome Stars

A curated list of my GitHub stars! Generated by starred

Arduino
Assembly
Batchfile
Bro
C
C#
C++
CSS
CoffeeScript
Erlang
Go
HTML
Haskell
Java
JavaScript
[Jupyter Notebook](#jupyter notebook)
KiCad
Kotlin
Logos
Lua
Makefile
Max
Objective-C
Others
PHP
Perl
PostScript
PowerShell
Python
Rascal
Roff
Ruby
Rust
Shell
Smali
Swift
TeX
TypeScript
[Vim script](#vim script)
VimL
[Visual Basic](#visual basic)
Vue
nesC

Arduino

MissionControl - This kids' homework desk has top that flips up to reveal a space-themed control panel.
wifi_keylogger - DIY Arduino Wi-Fi Keylogger (Proof of Concept)

Assembly

Apollo-11 - Original Apollo 11 Guidance Computer (AGC) source code for the command and lunar modules.

Batchfile

RDPInception - A proof of concept for the RDP Inception Attack
Win-Sec - Windows Automation Security Fix - All In Batch/Powershell For Compatability
win-socks-to-Virtual-adapter - 帮助你将socks代理转到一张虚拟网卡上，所有经过虚拟网卡的流量会被发送到代理
WinSystemHelper - A tool that checks and downloads scripts that will aid with privilege escalation on a Windows system.
Disable-Intel-AMT - Tool to disable Intel AMT on Windows
fake-sandbox - This script will simulate fake processes of analysis sandbox/VM software that some malware will try to avoid.
ngrok-caddy - Script to run ngrok with (optional) caddy server

Bro

Threat-Intelligence-Data - Snort_rules detection bad actors.

C

net-speeder - net-speeder 在高延迟不稳定链路上优化单线程下载速度
vmware_escape - VMware Escape Exploit before VMware WorkStation 12.5.5
axel - light command line download accelerator
dnsforwarder - Just a DNS utility.
Beagle_SDR_GPS - KiwiSDR: BeagleBone web-accessible shortwave receiver and software-defined GPS
Acrylic-DNS-Proxy-GUI - Acrylic DNS Proxy 的中文GUI版本
kcp - KCP - A Fast and Reliable ARQ Protocol
gps-sdr-sim - Software-Defined GPS Signal Simulator
keepassxc-debian - Debian source package for the KeePassXC password manager.
Android_Kernel_CVE_POCs - A list of my CVE's with POCs
linux-firmware -
linux-firmware -
ios-kexec-utils - I'm taking a break, I swear
filewatcher - A simple auditing utility for macOS
HSEVD-ArbitraryOverwrite - HackSys Extreme Vulnerable Driver - ArbitraryOverwrite Exploit
sudo-CVE-2017-1000367 -
linux-exploits - exploits
ModSecurity - ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx that is developed by Trustwave's SpiderLabs. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. With over 10,000 deployments world-wide, ModSecurity is the most widely deployed WAF in existence.
kcptun-raw - Simplified kcptun with raw socket and fake TCP headers.
Invoke-Vnc - Powershell VNC injector
icmptunnel - Transparently tunnel your IP traffic through ICMP echo and reply packets.
shujit - Java Just-in-Time Compiler for x86 processors
exploit-CVE-2017-7494 - SambaCry exploit and vulnerable container (CVE-2017-7494)
linux-4.8.0-netfilter_icmp - Anatomy of a linux kernel development
heap-exploitation - This book on heap exploitation is a guide to understanding the internals of glibc's heap and various attacks possible on the heap structure. https://heap-exploitation.dhavalkapil.com/
AD-control-paths - Active Directory Control Paths auditing and graphing tools
GoodbyeDPI - GoodbyeDPI — Passive Deep Packet Inspection blocker and Active DPI circumvention utility (for Windows)
pcileech - Direct Memory Access (DMA) Attack Software
DoubleAgent - Zero-Day Code Injection and Persistence Technique
wanafork - WanaCryptor file encryption/decryption
wanakiwi - Automated wanadecrypt with key recovery if lucky
linux-kernel-exploits - linux-kernel-exploits Linux平台提权漏洞集合
windows_pentest_tools - My pentest tools used two years ago. Part1
public-pentesting-reports - Curated list of public penetration test reports released by several consulting firms and academic security groups
Privilege-Escalation - This contains common local exploits and enumeration scripts
drool - DNS Replay Tool
Adafruit-GPIO-Halt - Press-to-halt program for headless Raspberry Pi. Similar functionality to the rpi_power_switch kernel module from the fbtft project, but easier to compile (no kernel headers needed).
mptunnel - MPUDP Tunnel (User space MultiPath UDP)
Rhme-2016 - Rhme2 challenge (2016)
UnmanagedPowerShell - Executes PowerShell from an unmanaged process
injectopi - A set of tutorials about code injection for Windows.
demos - Demos of various injection techniques found in malware
honggfuzz - Security oriented fuzzer with powerful analysis options. Supports evolutionary, feedback-driven fuzzing based on code coverage (software- and hardware-based)
post-exploitation - Post Exploitation Collection
smart7ec-scan-console - 基于Linux c开发的插件式扫描器(Python/lua)
esp8266_deauther - ESP8266 deauther
eaphammer - Targeted evil twin attacks against WPA2-Enterprise networks. Indirect wireless pivots using hostile portal attacks.
Unix-Privilege-Escalation-Exploits-Pack - Exploits for getting local root on Linux, BSD, AIX, HP-UX, Solaris, RHEL, SUSE etc.
scap - Network Sniffer (Scan and Capture Incoming Packets)
poc-exp - poc or exp of android vulnerability
StringBleed-CVE-2017-5135 - Stringbleed The CVE 2017-5135 SNMP authentication bypass, created and reserved for this issue, vulnerability type: Incorrect Access Control.
ncrack - Ncrack network authentication tool
windows-kernel-exploits - windows-kernel-exploits Windows平台提权漏洞集合
Android-Inline-Hook - thumb16 thumb32 arm32 inlineHook in Android
cve-2015-6639 - QSEE Privilege Escalation Exploit using PRDiag* commands (CVE-2015-6639)
inetutils - the copy of https://git.savannah.gnu.org/cgit/inetutils.git/ with knali support
mtr - Official repository for mtr, a network diagnostic tool
libproofofwork - Simple hash-mining c library and its python binding.
wifi_crack_windows - wifi crack project for windows
NTDSDumpEx - NTDS.dit offline dumper with non-elevated
android_security - Public Android Vulnerability Information (CVE PoCs etc)
winafl - A fork of AFL for fuzzing Windows binaries
f-stack - F-Stack is an user space network development kit with high performance based on DPDK, FreeBSD TCP/IP stack and coroutine API.
pentestkoala - Modified dropbear server which acts as a client and allows authless login
JohnTheRipper - This is the official repo for the Jumbo version of John the Ripper. The "bleeding-jumbo" branch (default) is based on 1.8.0-Jumbo-1 (but we are literally thousands of commits ahead of it). This is a bug tracker, not a support forum. It's also not the place to report bugs you see in any version of Jumbo other than the LATEST, from HERE! Thanks.
firejail - Linux namespaces and seccomp-bpf sandbox
SE315-OperatingSystem - SJTU-SE315 Operating System labs from MIT 6.828, by a SE12er.
my-little-exploit-database -
megatools - Open-source command line tools and C library (libmega) for accessing Mega.co.nz cloud storage.
linux - Kernel source tree for Raspberry Pi Foundation-provided kernel builds. Issues unrelated to the linux kernel should be posted on the community forum at https://www.raspberrypi.org/forum
passivedns - A network sniffer that logs all DNS server replies for use in a passive DNS setup
wifi_ducky - Upload, save and run keystroke injection payloads with an ESP8266 + ATMEGA32U4
android_kernel_crash_poc -
USG - The USG is Good, not Bad
ossec-hids - OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
rpi-firmware - Firmware files for the Raspberry Pi
ip2region - 准确率99.9%的ip地址定位库，0.0x毫秒级查询，数据库文件大小只有1.5M，提供了java,php,c,python,nodejs,golang查询绑定和Binary,B树,内存三种查询算法，妈妈再也不用担心我的ip地址定位！
redis - Redis is an in-memory database that persists on disk. The data model is key-value, but many different kind of values are supported: Strings, Lists, Sets, Sorted Sets, Hashes
How-to-Make-a-Computer-Operating-System - How to Make a Computer Operating System in C++
Learn-Algorithms - 算法学习笔记
wrk - Modern HTTP benchmarking tool

C#

FangMomFucker - FangMomFucker 原作者代码的备份
SyncTrayzor - Windows tray utility / filesystem watcher / launcher for Syncthing
PSAttack - A portable console aimed at making pentesting with PowerShell a little easier.
RunShellcode - .NET GUI program that runs shellcode
ChromeUpdater - :)
Arthas-WPFUI - 这是一个WPF的UI库（实际应该算个控件库吧）
ChromeAutoUpdate - 一个自动更新chrome的小工具
7Zip4Powershell - Powershell module for creating and extracting 7-Zip archives
PowerShdll - Run PowerShell with rundll32. Bypass software restrictions.
CASCExplorer - CASCExplorer
WopiHost - Wopi Host implement, With Cobalt support for Office Web Apps. Support DOCX Editing.
cve-2017-7269-tool - CVE-2017-7269 to webshell or shellcode loader
R10 - The Fastest Most Lightweight Ransomware Targeting Windows 10 @Choudai
awesome-dotnet-core - 🐝 A collection of awesome .NET core libraries, tools, frameworks and software
Windows-Event-Log-Messages - Retrieves the definitions of Windows Event Log messages embedded in Windows binaries and provides them in discoverable formats. iadgov
Phalanger - PHP 5.4 compiler for .NET/Mono frameworks. Phalanger compiles legacy PHP code to MSIL while being fully compatible with PHP behavior.
cs2php - C# to PHP compiler
SSMSPwd - SQL Server Management Studio(SSMS) saved password dumper
flatpipes - A TCP proxy over named pipes. Originally created for maintaining a meterpreter session over 445 for less network alarms.
KeeAnywhere - A cloud storage provider plugin for KeePass
sandbox-attacksurface-analysis-tools -
SuperSQLInjectionV1 - 超级SQL注入工具简介：超级SQL注入工具（SSQLInjection）是一款基于HTTP协议自组包的SQL注入工具,采用C#开发，程序采用自写代码来操作HTTP交互，支持出现在HTTP协议任意位置的SQL注入，支持各种类型的SQL注入，支持HTTPS模式注入；支持以盲注、错误显示、Union注入等方式来获取数据；支持Access/MySQL/SQLServer/Oracle等数据库；支持手动灵活的进行SQL注入绕过，可自定义进行字符替换等绕过注入防护。本工具为渗透测试人员、信息安全工程师等掌握SQL注入技能的人员设计，需要使用人员对SQL注入有一定了解。工具特点： 1.支持任意地点出现的任意SQL注入 2.支持全自动识别注入标记，也可人工识别注入并标记。 3.支持各种语言环境。大多数注入工具在盲注下，无法获取中文等多字节编码字符内容，本工具可完美解决。 4.支持注入数据发包记录。让你了解程序是如何注入，有助于快速学习和找出注入问题。 5.依靠关键字/时间等进行盲注，可通过HTTP相应状态码判断，还可以通过关键字取反功能，反过来取关键字。 6.程序采用自编码操作HTTP请求，HTTP发包和获取速度较快。
Altman - the cross platform webshell tool in .NET
Altman - the cross platform webshell tool in .NET
Windows-Hacks - Creative and unusual things that can be done with the Windows API.
Cowboy - Cowboy is a C# library for building sockets based services.
MongoCola - A MongoDB Administration Tool
PTVS - Python Tools for Visual Studio
Wox - Launcher for Windows, an alternative to Alfred and Launchy.

C++

mini-tor - proof-of-concept implementation of tor protocol using Microsoft CNG/CryptoAPI
ZeroTierOne - A Smart Ethernet Switch for Earth
i2pd - Full C++ implementation of I2P client
hexed - Windows console-based hex editor
fastnetmon - FastNetMon community - very fast DDoS analyzer with sflow/netflow/mirror support
CodingInterviews - 剑指Offer——名企面试官精讲典型编程题
shadowsocks-qt5 - A cross-platform shadowsocks GUI client
aria2 - aria2 is a lightweight multi-protocol & multi-source, cross platform download utility operated in command-line. It supports HTTP/HTTPS, FTP, SFTP, BitTorrent and Metalink.
libFuzzer -
bitcoin - Bitcoin Core integration/staging tree
HackSysDriverExploits -
psi - XMPP client
librime - Rime Input Method Engine, the core library
Pcap_DNSProxy - Pcap_DNSProxy, a local DNS server based on WinPcap and LibPcap
AV_Kernel_Vulns - Pocs for Antivirus Software‘s Kernel Vulnerabilities
captcha-break - captcha break based on opencv2, tesseract-ocr and some machine learning algorithm.
From-System-authority-to-Medium-authority - Penetration test
0net - 一个简单的Windows远程控制后门
InjectProc - InjectProc - Process Injection Techniques
gargoyle - A memory scanning evasion technique
CascLib - An open-source implementation of library for reading CASC storage from Blizzard games since 2014
HElib - An Implementation of homomorphic encryption
wannakey - Wannacry in-memory key recovery
rocksutil - A c++ develop toolkit
libfuzzer-workshop - Repository for materials of "Modern fuzzing of C/C++ Projects" workshop.
ARMv6m_Simulator - Simple Simulator of ARMv6m instructions
hidviz - A tool for in-depth analysis of USB HID devices communication
x64dbg - An open-source x64/x32 debugger for windows.
keepassxc - KeePassXC is a cross-platform community-driven port of the Windows application “Keepass Password Safe”.
exploits -
HookCase - Tool for reverse engineering macOS/OS X
ShellcodeStdio - An extensible framework for easily writing compiler optimized position independent x86 shellcode for windows platforms.
OPCDE - OPCDE DXB 2017 Materials
Richkware - Framework for building Windows malware, written in C++
network_backdoor_scanner - This is a backdoor about discover network device ,and it can hidden reverse connecting the hacker's server with encrypt commuication 后渗透后门程序,适合在已经攻陷的内网中做下一步的网络信息扫描..
InfectPE - InfectPE - Inject custom code into PE file
snippets - Various code snippets and small PoCs, to be used for tests or as ready-made skeletons.
SISE_Traning_CTF_RE - SNST Traning RE Project .华软网络安全小组逆向工程训练营,尝试以CTF 的形式来使大家可以动手训练快速提升自己的逆向工程水平.CTF 的训练程序又浅到深,没有使用太复杂的算法,在逆向的过程中遇到的难关都是在分析病毒和破解中遇到的实际情况,注重于实用.训练营还包含有源代码文件,训练程序和思路.希望可以帮助小伙伴们入门逆向工程这个神奇的世界..
pe_recovery_tools - Helper tools for recovering dumped PE files
CNTK - Microsoft Cognitive Toolkit (CNTK), an open source deep-learning toolkit
PiAUISuite - Raspberry PI AUI Suite
Firmware - PX4 Pro Autopilot Software
Firmware - PX4 Pro Autopilot Software
iaito - A Qt and C++ GUI for radare2 reverse engineering framework
koalaOS - Microkernel KoalaOS source code
RpcView -
bcc - BCC - Tools for BPF-based Linux IO analysis, networking, monitoring, and more
RedisStudio - RedisStudio Redis GUI client(tool) for windows
RedisDesktopManager - 🔧 Cross-platform GUI management tool for Redis
fastText.py - A Python interface for Facebook fastText
simhash - 中文文档simhash值计算

CSS

XssApp - 本项目是一个Xss跨站脚本测试平台，适用于白帽子对各大厂商进行Xss跨站脚本测试
Arukas-API - Arukas API 自动获取IP和端口，SSR服务器订阅，Arukas 监测启动
OSX-Arc-White - a flat theme collection based on arc with transparent elements for GTK 3, GTK 2 and Unity, Pantheon, XFCE, Mate, etc.
numix-gtk-theme - Numix is a modern flat theme with a combination of light and dark elements.
GitHub-Dark - Dark GitHub style
mhackgyver - mhackgyver pentest team official website
goodman - a clean hexo theme
cobra - Source Code Security Audit (源代码安全审计)
site - The website for Hexo.
empire-web - PowerShell Empire Web Interface
hexo-theme-jsimple - Simple three columns theme for Hexo.Inspired by JianShu.com
hexo-theme-next - Mala theme is modify base on iissnan/hexo-theme-next
Farbox-NexT - A hexo theme NexT for Farbox.
gitbook-use - 记录GitBook的一些配置及插件信息
cssicon - icon set made with pure css code, no dependencies, "grab and go" icons
tmt-workflow - A web developer workflow used by WeChat team based on Gulp, with cross-platform supported and solutions prepared.
rust-book-chinese - rust 程序设计语言中文版
pd3 - 基于D3 v4+进行二次封装及扩展。示例来源于日常项目及客户提出的需求，转化成数据可视化。
hbase-manager - 可视化hbase数据库

CoffeeScript

SwitchyOmega - Manage and switch between multiple proxies quickly & easily.
nullchan - Imageboard engine for ZeroNet
shadowsocks-heroku - 本项目已删除
chinese-copywriting-guidelines - Chinese copywriting guidelines for better written communication／中文文案排版指北

Erlang

scannerl - The modular distributed fingerprinting engine

Go

gscan_quic -
fetchserver - phuslu删掉了fetchserver，我重新传一个
auth_proxy - A proxy + UI server for Contiv which handles authentication (local users/LDAP/AD) + authorization (RBAC)
syncthing - Open Source Continuous File Synchronization
avege - Yet Another Redsocks Golang Fork
glider - glider is a forward proxy with multiple protocols support.
brook - Brook is a cross-platform(Linux/MacOS/Windows/Android/iOS) proxy software
awesome-go - A curated list of awesome Go frameworks, libraries and software
caddy - Fast, cross-platform HTTP/2 web server with automatic HTTPS
xray - XRay is a tool for recon, mapping and OSINT gathering from public networks.
flora-kit - 💐 基于 shadowsocks-go 做的完善实现，自动网络分流，完全兼容 Surge 的配置文件。
gh-polls - Polls for GitHub issues and readmes
WindowsSpyBlocker - 🛡 Block spying and tracking on Windows
dnssearch - A subdomain enumeration tool.
tcpproxy - Go package for writing TCP proxies, routing based on HTTP Host headers and SNI server names.
zgrab - Application layer scanner that operates with ZMap
brutemachine - A Go library which main purpose is giving an interface to loop over a dictionary and use those words/lines as input for some custom logic such as HTTP file bruteforcing, DNS bruteforcing, etc.
rqlite - The lightweight, distributed relational database built on SQLite.
git-all-secrets - A tool to capture all the git secrets by leveraging multiple open source git searching tools
clair - Vulnerability Static Analysis for Containers
tap0901 - Go语言虚拟网卡库，可用于制作对战平台、加速器、防火墙、VPN等
repo-security-scanner - CLI tool that finds secrets accidentally committed to a git repo, eg passwords, private keys
crack_ssh - go写的协程版的ssh\redis\mongodb弱口令破解工具
cronsun - A Distributed, Fault-Tolerant Cron-Style Job System.
fsql - Search through your filesystem with SQL-esque queries.
blockchain_guide - Introduce blockchain related technologies, with bitcoin, ethereum and hyperledger.
node - Decentralised VPN built on blockchain
ebreader - 一个让你可以在浏览器中阅读Epub电子书的CLI程序，使用Golang编写
pilosa - Pilosa is an open source, distributed bitmap index that dramatically accelerates queries across multiple, massive data sets.
kr - kr | SSH using a key stored in Kryptonite.
go-mbf - MongoDB Login Brute Forcer
nvm-windows - A node.js version management utility for Windows. Ironically written in Go.
toxiproxy - ⏰ 🔥 A TCP proxy to simulate network and system conditions for chaos and resiliency testing
frp - A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
cilium - Linux Native, HTTP Aware Networking and Security for Containers
scope - Monitoring, visualisation & management for Docker & Kubernetes
gdrive - Google Drive CLI Client
dnscontrol - Synchronize your DNS to multiple providers from a simple DSL
ruler - A tool to abuse Exchange services
honeybits - A simple tool designed to enhance the effectiveness of your traps by spreading breadcrumbs & honeytokens across your production servers and workstations to lure the attacker toward your honeypots
qshell - qshell是利用七牛文档上公开的API实现的一个方便开发者测试和使用七牛API服务的命令行工具。
geoip - query geo-locations of ips
wukong - 高度可定制的全文搜索引擎
build-web-application-with-golang - A golang ebook intro how to build a web with golang
beego - beego is an open-source, high-performance web framework for the Go programming language.
kcptun - A Secure Tunnel Based On KCP with N:M Multiplexing
go - The Go programming language
the-way-to-go_ZH_CN - 《The Way to Go》中文译本，中文正式名《Go入门指南》
negroni - Idiomatic HTTP Middleware for Golang
kingshard - A high-performance MySQL proxy

HTML

privacytools.io - encryption against global mass surveillance
wooyun-wiki - wiki.wooyun.org的部分快照网页
skills - Linux、WAF、正则、web安全等一些知识点的总结
Manual -
drek - A static-code-analysis tool that can be used to perform security-focused code reviews. It enables an auditor to swiftly map the attack-surface of a large application, with an emphasis on identifying development anti-patterns and footguns.
angryFuzzer - tools for information gathering
domainhunter - Checks expired domains, bluecoat categorization, and Archive.org history to determine good candidates for phishing and C2 domain names
ipot - Honeypot Research Blog 蜜罐技术研究小组
debugger-protocol-viewer - DevTools Protocol API docs—its domains, methods, and events
visualize_logs - A Python library and command line tools to provide interactive log visualization.
WamaCry - a fake WannaCry
OSINT_Team_Links - Links for the OSINT Team
HTTPLeaks - HTTPLeaks - All possible ways, a website can leak HTTP requests
WooyunDrops - Wooyun知识库，乌云知识库，https://superkieran.github.io/WooyunDrops
OldMirrorsFrontend - mirrors.zju.edu.cn
Broadlink-RM-SmartThings-Alexa - Control RF and Ir devices using SmartThings and Alexa.
linux-im -
zTree_v3 - jQuery Tree Plugin
sleepy-puppy - Deprecated please use https://github.com/Netflix/sleepy-puppy
fe - 《我的职业是前端工程师》 - Ebook：I'm a FrontEnd Developer
Sreg - Sreg可对使用者通过输入email、phone、username的返回用户注册的所有互联网护照信息。
1000php - 1000个PHP代码审计案例(2016.7以前乌云公开漏洞)
badssl.com - 🔒 Memorable site for testing clients against bad SSL configs.
portainer - Simple management UI for Docker
solid - Solid - Re-decentralizing the web (project directory)
awesome-mac -  This repo is a collection of awesome Mac applications and tools for developers and designers.
kodachi - Linux Kodachi operating system is based on Debian 8.6 it will provide you with a secure, anti forensic, and anonymous operating system considering all features that a person who is concerned about privacy would need to have in order to be secure.
TheHive - TheHive: a Scalable, Open Source and Free Security Incident Response Platform
Anti-Anti-Spider - 越来越多的网站具有反爬虫特性，有的用图片隐藏关键数据，有的使用反人类的验证码，建立反反爬虫的代码仓库，通过与不同特性的网站做斗争（无恶意）提高技术。（欢迎提交难以采集的网站）（因工作原因去TX写验证码了，项目暂停）
ElvisProjs -
material-blog -
cs231n.github.io - Public facing notes page
elasticsearch-definitive-guide - 欢迎加QQ群：109764489，贡献力量！
pandas-datareader -
d3-v4-whats-new -
WebFundamentals - Best practices for modern web development
learning-react - materials about learning react
linux-command - Linux命令大全搜索工具，内容包含Linux命令手册、详解、学习、搜集。
php_webDataMining - php_webDataMining，PHP网络数据挖掘，第一个应用是爬取并分析和（草）谐（榴）论坛的一个版块数据并作可视化分析
Zhihu_bigdata - 使用scrapy和pandas完成对知乎300w用户的数据分析。首先使用scrapy爬取知乎网的300w，用户资料，最后使用pandas对数据进行过滤，找出想要的知乎大牛，并用图表的形式可视化。

Haskell

FuncShell - Improve your shell by making it functional through Haskell! (An update to Awkward)
real-world-haskell-cn - 《Real World Haskell》中文翻译项目

Java

hack400tool - hack400tool
bypasswaf - Add headers to all Burp requests to bypass some WAF products
sqlmap4burp - sqlmap embed in burpsuite
burp-paramalyzer - Paramalyzer - Burp extension for parameter analysis of large-scale web application penetration tests.
SuperSerial-Active - SuperSerial-Active - Java Deserialization Vulnerability Active Identification Burp Extender
PHPUnserializeCheck - PHP Unserialize Check - Burp Scanner Extension
BurpCRLFPlugin - Another plugin for CRLF vulnerability detection
ShakaApktool - ShakaApktool
JKS-private-key-cracker-hashcat - Nail in the JKS coffin - Cracking passwords of private key entries in a JKS file
CharlesLoader - CharlesProxy crack Loader , maybe support all the 4.x
java-binary-deserializer - Java Binary data Deserializer/Serializer - Convert serialized Java Objects into readable XML
J2EEScan - J2EEScan is a plugin for Burp Suite Proxy. The goal of this plugin is to improve the test coverage during web application penetration tests on J2EE applications.
JavaRansomware - Simple Ransomware Tool in Pure Java
csp-auditor - Burp and ZAP plugin to analyse Content-Security-Policy headers or generate template CSP configuration from crawling a Website
xssValidator - This is a burp intruder extender that is designed for automation and validation of XSS vulnerabilities.
psychoPATH - psychoPATH - hunting file uploads & LFI in the dark. This tool is a highly configurable payload generator detecting LFI & web root file uploads. Involves advanced path traversal evasive techniques, dynamic web root list generation, output encoding, site map-searching payload generator, LFI mode, nix & windows support, single byte generator. Now available in the Burp App Store!
marshalsec -
Burp-Hunter - XSS Hunter Burp Plugin
whois - RIPE Database whois code repository
security - Happy Hacker
EquationExploit - Eternalblue Doublepulsar exploit
tomcat-maven -
WebLogicPasswordDecryptor - PowerShell script and Java code to decrypt WebLogic passwords
hack_sjtu_2017 -
Wsdler - WSDL Parser extension for Burp
Java-Deserialization-Scanner - All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities
RxHttpUtils - Rxjava+Retrofit封装，便捷使用
browserprint - An open-source browser fingerprinting suite.
hack-android - Collection tools for hack android, java
ysoserial - A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
fastjson-remote-code-execute-poc - fastjson remote code execute poc 直接用intellij IDEA打开即可首先编译得到Test.class，然后运行Poc.java
itchat4j - itchat4j -- 用Java扩展个人微信号的能力
Halcyon - First IDE for Nmap Script (NSE) Development.
ApkToolPlus - ApkToolPlus 是一个 apk 逆向分析工具（a apk analysis tools）。
SerialKiller - Look-Ahead Java Deserialization Library
binnavi - BinNavi is a binary analysis IDE that allows to inspect, navigate, edit and annotate control flow graphs and call graphs of disassembled code.
android-vts - Android Vulnerability Test Suite - In the spirit of open data collection, and with the help of the community, let's take a pulse on the state of Android security. NowSecure presents an on-device app to test for recent device vulnerabilities.
burplist -
backslash-powered-scanner - Finds unknown classes of injection vulnerabilities
netty-in-action-cn - Netty In Action 中文版（www.epubit.com.cn/book/details/4228），中文唯一正版《Netty实战》的代码清单
android-tips-tricks - ☑️ [Cheatsheet] Tips and tricks for Android Development
zhihuWebSpider - https://github.com/QiuMing/zhihuWebSpider.git
zaproxy - The OWASP ZAP core project
shelling - SHELLING - a comprehensive OS command injection payload generator
SpidersMaven - 爬虫程序：支持爬取问答类网站（Quora/SO/Yahoo Answer/知乎/百度知道等）、百科类网站（百度百科/中英文维基百科等）、博客类网站（CSDN/Twitter等）
disconf - Distributed Configuration Management Platform(分布式配置管理平台)
moco - Easy Setup Stub Server
DanmakuFlameMaster - Android开源弹幕引擎·烈焰弹幕使～
AndroidUtilCode - 🔥 Android developers should collect the following utils(updating)
MSEC - Mass Service Engine in Cluster(MSEC) is opened source by QQ team from Tencent. It is a backend DEV &OPS engine, including RPC,name finding,load balance,monitoring,release and capacity management.
WechatLuckyMoney - WechatLuckyMoney(微信红包插件)
GitClub - An elegent Android Client for Github. 不仅仅是Github客户端，而且是一个发现优秀Github开源项目的app
jvm-mon - Console-based JVM monitoring
incubator-rocketmq - Mirror of Apache RocketMQ
preWork - 陈炯栩SRP-专利联机分析挖掘可视化系统，所需要的预备性工作，包括获取专利文件、数据库的建立、索引等等
StockData2Hbase - 股票交易数据处理的整个业务流程数据源--->数据采集--->数据归类--->数据储存--->数据分析--->数据可视化
VisualSocialNetwork - 用图状数据结构表达社交网络中实体、边的关系，以 web 应用形式可视化展示。
bigtable-sql - 分布式大数据SQL查询可视化界面！
Burp-Non-HTTP-Extension - Non-HTTP Protocol Extension (NoPE) Proxy and DNS for Burp Suite.

JavaScript

customization - JS files for Redirector and rules I maintained for subscription
squid-with-net-speeder - SQUID Proxy with net speed
shadowsocks-over-websocket - 免费使用 Heroku 部署 shadowsocks
cms - 社工库
AriaNg - AriaNg, a web frontend making aria2 easier to use.
electron-ssr - Shadowsocksr client using electron
squidproxy - squid 技術部署、客戶端(原創)提供
openwebrx - Open source, multi-user SDR receiver software with a web interface
git-point - ⚡ GitHub for iOS. Built with React Native.
gateway - Things Gateway
beaker - An experimental browser with peer-to-peer Web protocols.
BaiduExporter - Assistant for Baidu to export download links to aria2/aria2-rpc
borgweb - Web UI for Borg Backup
Stacer - Linux System Optimizer and Monitoring
hound - Lightning fast code searching made easy
twister-react - proxy-based Twister client written with react-js
SRCMS - SRCMS企业应急响应与缺陷管理系统
Music-Downloader - Download any music from web
anyproxy - A fully configurable http/https proxy in NodeJS
w8scan - 一款模仿bugscan的漏洞扫描器
NooBoss - NooBoss is an extension that handles your extensions like a boss!
tech-interview-handbook - 🖥 [WIP] Crowdsourced questions and study notes for landing your dream tech job.
link-hijacker - Hijack clicks on and within links, probably for client-side routing
git-visualizer - 👁‍🗨:octocat:Visualizes directory structure of GitHub repos
xssor2 - XSS'OR - Hack with JavaScript.
fanqiang - 翻墙-科学上网
GenPass - 用Vue.js给健忘的女票写的在线密码生成器。
XSS-Radar -
windows-syscall-table - windows syscall table from xp ~ 10 rs2
datasploit - A tool to perform various OSINT techniques, aggregate all the raw data, visualise it on a dashboard, and facilitate alerting and monitoring on the data.
securelogin - SecureLogin Client Implementation for Web, Desktop (with Electron) and Mobile (with Cordova)
browser-autofill-phishing - A simple demo of phishing by abusing the browser autofill feature
evilwaf - Web Application Firewall (WAF) Detection Tool
eme - ✏️ Elegant Markdown Editor.
Geist - A personal knowledge base with a focus on connections
wssip - Application for capturing, modifying and sending custom WebSocket data from client to server and vice versa.
Shellcode-Via-HTA - How To Execute Shellcode via HTA
learn-anything - 🌍 Search Interactive Mind Maps to learn anything
hexo-admin-qiniu - 根据hexo-admin@2.2.0进行修改，添加粘贴图片上传至七牛
platformio-atom-ide - PlatformIO IDE for Atom: The next generation integrated development environment for IoT
node.bittrex.api - Node Bittrex API is an asynchronous node.js library for the Bittrex API, the data can be received either via GET request or Stream.
Clustered-Single-Value-Map-Visualization - Splunk Custom Visualization
sizzy - A tool for testing responsive websites crazy-fast
truffle - The most popular Ethereum development framework
DOMPurify - DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
git-unsaved - 🔎 Scan your projects directory for dirty git repositories.
MuscleDog_Club - The Graduation Project
How-To-Ask-Questions-The-Smart-Way - 本文原文由知名 Hacker Eric S. Raymond 所撰寫，教你如何正確的提出技術問題並獲得你滿意的答案。
mostly-adequate-guide-chinese - JS函数式编程指南中文版
pkg - Package your Node.js project into an executable
sdu-mirror-website - 山大镜像站首页
LinkedServerPwdDumper - SqlServer Linked Password Dumper.
front-end-collect - 分享自己长期关注的前端开发相关的优秀网站、博客、以及活跃开发者
tinytime - A straightforward date and time formatter in <1kb
pcap-analyzer - online pcap forensic
DomainFuzz - Domain name permutation engine for detecting typo squatting, phishing and corporate espionage
Formstone - Library of modular front end components.
SResume - 一个简洁的网页简历生成器
codemirror-anywhere - [Greasemonkey] use codemirror instead of textarea in anywhere
frida-java - Java runtime interop from Frida
gitment - A comment system based on GitHub Issues.
xpath_tester - Demo
APlayer - 🍭 Wow, such a beautiful HTML5 music player
wheels - 笨办法造轮子
faraday - Collaborative Penetration Test and Vulnerability Management Platform
h2gb-ui -
My_CTF_Challenges -
leanote - Not Just A Notepad! (golang + mongodb) http://leanote.org
OSINT-Framework - OSINT Framework
wooyun-node - wooyun.org
tamperchrome - Tamper Chrome is a Chrome extension that allows you to modify HTTP requests on the fly and aid on web security testing. Tamper Chrome works across all operating systems (including Chrome OS).
keepasshttp - KeePass plugin to expose password entries securely (256bit AES/CBC) over HTTP
ui-for-docker - A web interface for Docker, formerly known as DockerUI. This repo is deprecated, see:
GitHub-Spider - 👀GitHub上的人都在干嘛:sparkles::sparkles:
electron-anyproxy - 📢 A http/https proxy client, using to analyze and mock.
magic-mirror-demo - A ⚡Magic Mirror⚡ powered by a UWP Hosted Web App 🚀
webui-aria2 - The aim for this project is to create the worlds best and hottest interface to interact with aria2. Very simple to use, just download and open index.html in any web browser.
web-scraper-chrome-extension - Web data extraction tool implemented as chrome extension
crackFile - Encrypt binary - Decrypt binary
tcp-over-websockets - Tunnel TCP through WebSockets.
e2email - E2EMail is a simple Chrome application - a Gmail client that exchanges OpenPGP mail.
JianshuSpider - Use Node.js,HighChart,BootStrap,Mongo,Cucumber with Gulp to scrapy information from Jianshu.
Google-IPs - 🇺🇸 Google 全球 IP 地址库
lib-qqwry - 用NodeJS解析纯真IP库(QQwry.dat) 支持IP段查询
keeweb - Free cross-platform password manager compatible with KeePass
adminMongo - adminMongo is a Web based user interface (GUI) to handle all your MongoDB connections/databases needs.
cnpmjs.org - Private npm registry and web for Enterprise
ubuntu_config - This is use for configure ubuntu after install ubuntu
gitbook-pdf - PDF Generator for GitBook
PiBox - PiBox is a web control Interface written to control Embedded Board(Raspberry Pi).
github-hans - GitHub 汉化插件，GitHub 中文化界面。 (GitHub Translation To Chinese)
calibration-box - 图片标定：一个 Fabric 的小插件，可用于标定图片中车辆、人、交通灯标识、区域等。
weapp-ide-crack - 【应用号】IDE + 破解 + Demo
vue-sui-demo - 用vue 和 SUI-Mobile 写了一个移动端demo，用来反馈学习vue的成果（禁用了SUI自带的路由，使用vue-router, vue-resource, webpack）[a web app written by vue & sui-mobile]
clipboard.js - ✂️ Modern copy to clipboard. No Flash. Just 3kb gzipped 📋
nodeclub - 🐤Nodeclub 是使用 Node.js 和 MongoDB 开发的社区系统
How-To-Ask-Questions-The-Smart-Way - Any update requests plz redirect to original --->
WeFlow - A web developer workflow tool by WeChat team based on tmt-workflow, with cross-platform supported and environment ready.
atrament.js - Tiny JS library for beautiful drawing and handwriting on the HTML Canvas.
vue-hackernews-2.0 - HackerNews clone built with Vue 2.0, vue-router & vuex, with server-side rendering
Web-Development-And-Engineering-Practices - 我的前端之路：Web 开发基础与工程实践
jumpserver - 开源跳板机(堡垒机):认证,授权,审计,自动化运维(Open source springboard machine ( fortress machine ): Authentication, authorization, audit, automated operation and maintenance).http://www.jumpserver.org
500lines - 500 Lines or Less
Scrippy - Scrippy is a browser extension that holds sql statements to aid in the testing of websites for code injections.
xsshunter - The XSS Hunter service - a portable version of XSSHunter.com
xss-scanner - Cross-Site Scripting (XSS) scanner. This tool helps to find possible XSS vulnerabilities. Cross platform - macOS, Linux, and Windows.
xsser - xss监控（xss monitor）
back_manager - Paladin是啥？它是一个以JFinal为底层的java基础后台框架。结合了以下第三方组件： Beetl、Druid、Shiro、Ehcache（JFinal自带有工具类）。界面使用的拼图的后台模板，自己做了些优化和更改。最初目的：为了学习jfinal，通过一点点的摸索，把它建立起来了。最终理想：形成一个工作中比较通用的基础后台框架。适用人群刚入门JFinal的同学，可以拿过去做个参考各种大牛，看过、路过，给点指导，求虐求喷部署方式 1、还原数据库文件；在app.properties中修改数据库配置 2、项目导入Eclipse，按照JFinal手册中的方式配置Java Applcation，使用jetty启动项目。 3、默认账号/密码：superadmin/asdasd 交流 QQ群：240452848 欢迎大家前来交流，给予宝贵的建议。希望能在社区的力量下（高人指点、建议；喷子鄙视、虐待）下，逐步完善，让众人受益。现在项目的难度还不是很高，功能、操作、代码都还有很大的提升空间。所以有兴趣的兄弟，可以多多提交Pull Requests。同一个功能，同一个操作，每个人都有自己的解决方案；可以拿出来聊一聊，比一比，哪种更加科学、实用。就当是一场游戏，大家一起打怪，各路神仙，各显神通。让我们一起享受其中的乐趣吧_^ 目前初步已经完成的功能，很多还需要完善、改进基础功能登陆、注销访问页面时，更具ActionKey获取WildcardPermission并进行权限判断开始欢迎使用个人资料修改密码系统系统设置组织机构用户管理角色管理资源管理导航管理开发模型代码模板预览控制器代码模板预览视图代码模板预览为啥要叫它Paladin？ Paladin翻译过来貌似是游侠、圣骑士的意思。感觉这个名字挺酷的，所以它就叫这个吧。
SailsAdmin - 利用nodejs sails框架搭建的权限管理系统和数据可视化界面的B/S
DataVistual - 数字校园项目-大数据可视化平台
weiboDataVis - 新浪微博数据可视化.
The-FlowingData-Guide - 自己整理的《鲜活的数据——数据可视化指南》一书的笔记，还有自己根据书中的讲解，整理出的各章代码。
dataBase-operate - 可视化操作数据库数据
nodejs-nedb-excel - 基于nodejs+webpack,以nosql轻量级嵌入式数据库nedb作为存储，页面渲染采用react+redux,样式框架为ant design,实现了excel表格上传导出以及可视化
log-date-view - 日志数据可视化
csv2dv - 将csv数据转换成可视化所需的数据格式
lagou-spider-data-handle - 拉勾数据处理，echarts数据可视化
Life-Time-Tracker - 个人时间跟踪，可视化个人活动数据，管理个人生活，利用过去来指导未来，基于柳比歇夫的统计方法
medlog - 数据可视化系统，持续迭代，包括前端采集+数据设计+大数据存储+可视化展示几个大块
data-visualization - 数据可视化
Compiler - 哈工大编译原理实验，使用node语言，实现了基于状态转换机制的词法分析器,以及自顶而下分析的语法分析器，gui基于electron&angular制作，数据可视化使用的是d3.js。
d3 - Bring data to life with SVG, Canvas and HTML. 📊📈🎉
d3-plugins - A repository for sharing D3.js plugins.
ascii-art - A Node.js library for ansi codes, figlet fonts, ascii art and other ASCII graphics

Jupyter Notebook

PythonDataScienceHandbook - Jupyter Notebooks for the Python Data Science Handbook
100days - 100 days of algorithms
Duke-STA-663-CN - A Chinese Translation of the Resources for Duke University STA 633 杜克大学计算机统计学（Python）全部内容的中文翻译
pandas-videos - Jupyter notebook and datasets from the pandas Q&A video series
pandas-zh - pandas 0.19.2 官方文档中文版
python-cheat-sheet - Python for Data Science - NumPy, Matplotlib, Pandas, SciKit Learn ...
pandas-cookbook - Recipes for using Python's pandas library
pycon-pandas-tutorial - PyCon 2015 Pandas tutorial materials
jupyter_hub - 机器学习算法、可视化、数据分析的Python代码

KiCad

growdammit - Garden thing

Kotlin

kotlin-koans - Kotlin workshop

Logos

linuxkit - A toolkit for building secure, portable and lean operating systems for containers
UIDaemon - An iOS daemon that can show UI /over/ SpringBoard

Lua

rtools - pentest floating repo, based off git submodules), and some useful scripts i wrote
nmap-nse-info - Tool to browse and search through nmap's NSE scripts.
nmapii - Automated script for NMAP Scanner with some custom .nse scripts :) for lazy geeks :V
SambaCry - CVE-2017-7494 - Detection Scripts
nmap-nse-scripts - My collection of nmap NSE scripts

Makefile

dircolors-solarized - This is a repository of themes for GNU ls (configured via GNU dircolors) that support Ethan Schoonover’s Solarized color scheme.
h2fuzz - everyone can fuzz h2
kubernetes-handbook - Kubernetes中文指南/实践手册
reverse-engineering-for-beginners - translate project of Drops
open-shell-book - 开源书籍：《Shell 编程范例》，面向操作对象学 Shell！

Max

microllaborators - microllaborators 👩‍👦‍👦🔮🔬👩‍🏫 - the revolution in teaching

Objective-C

KeychainCracker - macOS keychain cracking tool
sequelpro - MySQL/MariaDB database management for macOS

Others

Google-IP-Range - 一个超大的 Google 全球 IP 扫描范围库
goproxy-ci -
shadowsocks-rss - ShadowsocksR update rss, SSR organization https://github.com/shadowsocksr
Androl4b - A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis
HyperApp-Guide - HyperApp user's manual
android_app_security_checklist - Android App Security Checklist
whotofollowontwitter - Who to follow on Twitter
Dockertools - Some tools based on docker
Debian-Privacy-Server-Guide - How to configure privacy and security enhancing services on a remote Debian GNU/Linux server.
conky_solar_burn - Conky theme with weather support and a spiffy layout.
la-capitaine-icon-theme - La Capitaine is an icon pack designed to integrate with most desktop environments. The set of icons takes inspiration from the latest iterations of macOS and Google's Material Design.
ShadowAgentNotes -
Theme-By-Mame -
sites - 【编程随想】收藏的各色网站
awesome-windows-domain-hardening - A curated list of awesome Security Hardening techniques for Windows.
Awesome - 💻 An awesome & curated list of best applications and tools for Windows.
new-pac -
Digital-rights - Promote digital rights in China
infographics - infographic
ipfs - IPFS - The Permanent Web
respin - Tool to backup and clone Ubuntu or Debian distros
sync_hosts - 使用go hosts解除Resilio Sync/BTSync限制china地区
os-observe - 我的Linux / 隐私安全笔记
awesome-c - A curated list of awesome C frameworks, libraries and software.
awesome-nodejs - ⚡ Delightful Node.js packages and resources
china-cdn-domain-whitelist - 中国CDN服务提供商域名白名单（China CDN Service Providers' Domain Whitelist）
php_cve-2014-8142_cve-2015-0231 - php_cve-2014-8142_cve-2015-0231的漏洞环境docker
API-Security-Checklist - Checklist of the most important security countermeasures when designing, testing, and releasing your API
BurpPlugins - The open source plugins of BurpSuite for cyber security test - 可用于安全测试的开源burpsuite插件🕷
shadowsocksdeb - shadowsocks-qt5的debian版本
Debian_SSqt5 - Debian系列linux安装shadowsocks-qt科学上网
vuldocker -
wooyunallbugs - wooyun_all_bugs
gfwlist - The one and only one gfwlist here
SurgeRule - 一个高度可定制化的 Surge 规则集
Exploit-Exercises-Nebula - Exploit-Exercises Nebula全攻略——Linux平台下的漏洞分析入门
Docker-Secure-Deployment-Guidelines - Deployment checklist for securely deploying Docker
forum - 蓝灯(Lantern)官方论坛
vulnerability-analysis-report - here records some personal vulnerability analysis reports
Blockchain-stuff - Blockchain and Crytocurrency Resources
RedTips - Red Team Tips as posted by @vysecurity on Twitter
howto-make-more-money - 程序员如何优雅的挣零花钱
Awesome-Hacking-Practice - A curated list of websites and apps to help you practice hacking
RussiaDNSLeak - Summary and archives of leaked Russian TLD DNS data
INB-Principles - Blockchain related ICO Investing Principles by INBlockchain
guide - Kubernetes clusters for the hobbyist.
domxsswiki - Automatically exported from code.google.com/p/domxsswiki
awesome-malware-analysis - A curated list of awesome malware analysis tools and resources
cheatsheets-ai - Essential Cheat Sheets for deep learning and machine learning researchers
awesome-design-systems - 💅🏻 ⚒ A collection of awesome design systems
CVE-2017-0213- -
symbolic-execution - History of symbolic execution
Exploit-Challenges - A collection of vulnerable ARM binaries for practicing exploit development
awesome-bug-bounty - A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups.
Online-Privacy-Test-Resource-List - Privacy Online Test And Resource Compendium (POTARC)
platformsh-third-party-resources - A Big List of known third party resources for Platform.sh
Best-websites-a-programmer-should-visit - 🔗 Some useful websites for programmers.
awesome-wasm - 😎 Curated list of awesome things regarding WebAssembly (wasm) ecosystem.
android-security-awesome - A collection of android security related resources
english-level-up-tips-for-Chinese - 可能是让你受益匪浅的英语进阶指南
awesome-graphql - Awesome list of GraphQL & Relay
security-guide-for-developers - Security Guide for Developers (实用性开发人员安全须知)
AttackDetection - Attack Detection
password_cracking_rules - One rule to crack all passwords. or atleast we hope so.
SecurityRSS - 网络安全相关的RSS订阅列表
php-static-analysis-tools - A reviewed list of useful PHP static analysis tools
awesome-funny-markov - A curated list of delightfully amusing and facetious Markov chain output.
PracticalMalwareAnalysis-Labs - Binaries for the book Practical Malware Analysis
pentest_tools - 收集一些小型实用的工具
awesome-java - A curated list of awesome frameworks, libraries and software for the Java programming language.
firmware-security-training -
Android-Crack-Tool - Android crack tool Just For Mac
awesome-pentest-cheat-sheets - Collection of the cheat sheets useful for pentesting
Google-Dorks-Analysis - World Wide Web
persistence-aggressor-script - initial commit
My_PHP_Kernel_Handbook_For_PWN - 这一切的开始，都要从我爷爷在悬崖下捡到一本白帽子讲web安全说起
Chinese-Names-Corpus - 中文人名语料库。中文姓名,姓氏,名字,称呼,日本人名,翻译人名,英文人名。
Analysis-Tools - 恶意软件分析套件
ICS-Security-Tools - Tools, tips, tricks, and more for exploring ICS Security.
WebDeveloperSecurityChecklist - A checklist of important security issues you should consider when creating a web application.
WebshellCCL - A python script help with webshell bypassing.
awesome-ruby - 💎 A collection of awesome Ruby libraries, tools, frameworks and software
security-onion - Linux distro for IDS, NSM, and Log Management
awesome-hacking - A curated list of awesome Hacking tutorials, tools and resources
awesome-embedded-systems - A curated list of delightful Embedded Systems libraries, RTOSes, modules, references and more!
awesome-python-books - 如果有人让你推荐 Python 技术书，请让他看这个列表
awesome-compilers - 😎 Curated list of awesome resources on Compilers, Interpreters and Runtimes.
Social-Engineering-Payloads - Collection of generic social engineering payloads
windows_kernel_resources - Papers, blogposts, tutorials etc for learning about Windows kernel exploitation, internals and (r|b)ootkits
sec-chart - 安全思维导图集合
SecPaper - SecurityPaper For www.mottoin.com
RootKits-List-Download - This is the list of all rootkits found so far on github and othersites.
Awesome-Fuzzing - A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Development like root cause analysis.
awesome-python3-webapp - 小白的Python入门教程实战篇：网站+iOS App源码→ http://t.cn/R2PDyWN 赞助→ http://t.cn/R5bhVpf
CTF-pwn-tips - Here records some tips about pwn that I have learned.
awesome-ml-for-cybersecurity - Machine Learning for Cyber Security
web-security-basics - Web security concepts
Powerful-Plugins - Powerful plugins and add-ons for hackers
pasc2at - 高级PHP应用程序漏洞审核技术 by 80vul
Security-and-Networking-eBooks-Collection -
PowerShell-AD-Recon - PowerShell Scripts I find useful
Free-Security-eBooks-from-PacktPub - Collection of free Security eBooks from Packt Publishing [Regularly Updated]
filterbypass -
unfixed-security-bugs - A list of publicly known but unfixed security bugs
check_py - 中国网络安全技术对抗赛代码
android-best-practices - Do's and Don'ts for Android development, by Futurice developers
cors-book - Cross-Origin Resource Sharing zh little book
raw-ioc -
awesome-web-hacking - A list of web application security
cnvd_database -
xv6-chinese - 中文版的 MIT xv6 文档
twitter-analysis - The original dataset for my 2013 article on Twitter's network patterns
docker-cheat-sheet - Docker Cheat Sheet
mousejack - MouseJack device discovery and research tools
Threat-Intelligence-Analyst - 威胁情报，恶意样本分析，开源Malware代码收集
awesome-microservices - A curated list of Microservice Architecture related principles and technologies.
iPic - iPic could automatically upload images and save Markdown links.
BashOnWindows - Issues found within and using Bash on Ubuntu on Windows
bug-bounty-reference - Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature
Checklists - Pentesting checklists for various engagements
sec-jobs - 信息安全实习和校招的面经、真题和资料减少安全选手找实习/工作的痛苦
typesetting-standard - 中文排版所需遵循的标准和规范
Probable-Wordlists - Wordlists sorted by probability originally created for password generation and testing
awesome-deeplearning-resources - Deep Learning and deep reinforcement learning research papers and some codes
security-notes - 📓 Some security related notes
Reverse-Engineering-for-Beginners-CHS - Reverse Engineering for Beginners 这本书的翻译完善
Benchmarks - 常用服务器、数据库、中间件安全配置基线 - 基本包括了所有的操作系统、数据库、中间件、网络设备、浏览器，安卓、IOS、云的安全配置 For benchmarks.cisecurity.org
recdnsfp.github.io -
Suricata-Signatures - Suricata rules for Emerging Threats and funkyness
awesome-static-analysis - A curated list of static analysis tools, linters and code quality checkers for various programming languages
awesome-web-security - 🐶 A curated list of Web Security materials and resources.
flexidie - Source code and binaries of FlexiSpy from the Flexidie dump
ebook - php-vuls-handbook
awesome-osint - 😱 A curated list of amazingly awesome OSINT
awesome-cve-poc - ✍️ A curated list of CVE PoCs.
awesome-docker - 🐳 A curated list of Docker resources and projects
awesome-incident-response - A curated list of tools for incident response
documentation - Full documentation repository for Mastodon
chaoxing - 学校选修课选的超星慕课，后台自动暂停，中间还会跳出题目，答题才能继续，就做了这个脚本，自动答题，后台播放
Red-Team-Infrastructure-Wiki - Wiki to collect Red Team infrastructure hardening resources
bash-guide - A guide to learn bash
Exploit-Writeups - A collection where my current and future writeups for exploits/CTF will go
misp-book - User guide of MISP
fuzz_dict - 常用的一些fuzz及爆破字典，欢迎大神继续提供新的字典及分类。
hacking-reading-list - 📖 信息安全阅读材料
ng-conf-2017 - Everything #ngConf2017 - talks - slides - resources
awesome - 😎 Curated list of awesome lists
awesome-raspberry-pi-zh - 树莓派(Raspberry Pi )资源大全中文版 , 包括工具、项目、镜像、资源等
awesome-raspberry-pi - A curated list of awesome Raspberry Pi tools, projects, images and resources
osx-re-101 - A collection of resources for OSX/iOS reverse engineering.
XSS-Filter-Evasion-Cheat-Sheet-CN - XSS_Filter_Evasion_Cheat_Sheet 中文版
XSSChallengeWiki - Welcome to the XSS Challenge Wiki!
awesome-hacking - awesome hacking chinese version
Awesome-Hacking - A collection of various awesome lists for hackers, pentesters and security researchers
Free-Security-eBooks - Free Security and Hacking eBooks
RFSec-ToolKit - RFSec-ToolKit is a collection of Radio Frequency Communication Protocol Hacktools.
understanding-csrf - What are CSRF tokens and how do they work?
developer-roadmap - Roadmap to becoming a web developer in 2017
gettorbrowser - This is a repository to provide links for downloading Tor Browser from Github.
dnswalk - A DNS database debugger
FlowAnalysisDocker - A Dockerfile for creation of an Ubuntu Docker with SiLK/YAF/FlowBAT for testing.
ThreatHunter-Playbook - A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.
ThreatPinchLookup - Documentation and Sharing Repository for ThreatPinch Lookup Chrome Extension
awesome-osx-command-line - Use your OS X terminal shell to do awesome things.
learn-hacking - 开始学习Kali Linux 各种破解教程渗透测试逆向工程 HackThisSite挑战问题解答
IoT-Security-Wiki -
Surge - Twitter：@lhie1x
awesome-github - A curated list of awesome GitHub guides, articles, sites, tools, projects and resources. 收集这个列表，只是为了更好地使用亲爱的GitHub,欢迎提交pr和issue。
awesome-raspberry-pi-zh - 树莓派工具，镜像，教程，文章
awesome-linux - 🐧 A list of awesome projects and resources that make Linux even more awesome. 🐧
Awesome-Linux-Software-zh_CN - 🐧 一个 Linux 上超赞的应用，软件，工具以及其它资源的集中地。
sublime - A collection of some of the best Sublime Text packages, themes, and goodies.
awesome-crawler - A collection of awesome web crawler,spider in different languages
Gitbook - 收录找到的不错的文档
awesome-android-ui - A curated list of awesome Android UI/UX libraries
Sec-Box - information security Tools Box （信息安全工具以及资源集合）
Resources - A resource directory for PHP programming on a Raspberry Pi
node123 - node.js中文资料导航
LearningNotes - Enjoy Learning.
static - 开放静态文件 - 为开源库提供稳定、快速的免费 CDN 服务
coding-interview-university - A complete computer science study plan to become a software engineer.
styleguide - 文档与源码编写风格
jstraining - 全栈工程师培训材料
golang-open-source-projects - 为互联网IT人打造的中文版awesome-go
best-chinese-front-end-blogs - 收集优质的中文前端博客
machine-learning-for-software-engineers - A complete daily plan for studying to become a machine learning engineer.
book - 学习笔记
python-data-structure-cn - problem-solving-with-algorithms-and-data-structure-using-python 中文版
react-cookbook - 编写简洁漂亮，可维护的 React 应用
go-lang-cheat-sheet - An overview of Go syntax and features.
chinese-programmer-wrong-pronunciation - 中国程序员容易发音错误的单词
Awesome_APIs - A collection of APIs
IntelliJ-IDEA-Tutorial - IntelliJ IDEA 简体中文专题教程
docker-dvwa-wooyun - docker contained dvwa with wooyun plugin
awesome-python-cn - Python资源大全中文版，包括：Web框架、网络爬虫、模板引擎、数据库、数据可视化、图片处理等，由伯乐在线持续更新。

PHP

wooyun_public - 乌云公开漏洞、知识库爬虫和搜索 crawl and search for wooyun.org public bug(vulnerability) and drops
caddy-docker - Docker container for Caddy
gshark-framework - This framework can be perform web post exploitation, with this you can interact with multiple web backdoor and execute custom module, script.
GuruWebScanner - An On-The-Cloud free "greybox" box scanner for various purposes.
RED_HAWK - RED HAWK is An All In One Tool For Information Gathering, SQL Vulnerability Scanning and Crawling. Coded In PHP
WebShell - Webshell && Backdoor Collection
OpenVPN-Admin - Install and administrate OpenVPN with a web interface (logs visualisations, users managing...)
xiao-webshell - a collection of webshell
security-research-pocs - Proof-of-concept codes created as part of security research done by Google Security Team.
tiebarobot - 贴吧自动删帖机器人
pingpp-php -
XssHtml - php富文本过滤类，XSS Filter
safecurl - SSRF Protection Library for PHP - http://safecurl.fin1te.net
kafka-php - kafka php client
phpvulhunter - A tool that can scan php vulnerabilities automatically using static analysis methods
copywriting-correct - 中英文文案排版纠正器
phpspider - 《我用爬虫一天时间“偷了”知乎一百万用户，只为证明PHP是世界上最好的语言》所使用的程序
SimHashPhp - SimHashPhp is a PHP 5.4+ library to use the SimHash algorithm.
xApi-Manager - XAPI MANAGER -专业实用的开源接口管理平台，为程序开发者提供一个灵活，方便，快捷的API管理工具，让API管理变的更加清晰、明朗
xwebshell - 免杀webshell
shadowsocks-manage-system - 科学上网管理系统
Scanners-Box - The toolbox of open source scanners - 安全行业从业人员自研开源扫描器合集👻
Sn1per - Automated Pentest Recon Scanner
fuzzXssPHP - PHP版本的反射型xss扫描，支持GET，POST
LDAP-credentials-collector-backdoor-generator - This script generate backdoor code which log username password of an user who have passed HTTP basic auth using LDAP credentials.
ip-location-zh - 查询并返回IP地址的真实地理位置
twitter - Twitter API for Laravel 4/5
Front-end-tutorial - 🐼最全的资源教程-前端涉及的所有知识体系
DVWA-WooYun - It is a DVWA with some plugins based on real wooyun bug reports
WebRtcXSS - 利用XSS入侵内网(Use XSS automation Invade intranet)
dom-based-xss-detector - Detector of DOM based XSS

Perl

rsnapshot - a tool for backing up your data using rsync (if you want to get help, use https://lists.sourceforge.net/lists/listinfo/rsnapshot-discuss)
psad - psad: Intrusion Detection and Log Analysis with iptables
StrutScan - Struts2 Vuls Scanner base perl script
lua-resty-waf - High-performance WAF built on the OpenResty stack
nikto - Nikto web server scanner
EQGRP - Decrypted content of eqgrp-auction-file.tar.xz
ATSCAN - Advanced Search & Mass Exploit Scanner- فاحص متقدم لبحث و استغلال الثغرات بالجملة

PostScript

pgdoc-cn - PostgreSQL manual Chinese translation by China PostgreSQL Users Group

PowerShell

windows-privilege-escalation - Metasploit modules, powershell scripts and custom exploit to perform local privilege escalation on windows systems.
GPRegistryPolicy -
Wireless_Query - Query Active Directory for Workstations and then pull their Wireless Network Passwords
PowerSploit - PowerSploit - A PowerShell Post-Exploitation Framework
portia - Portia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account has been compromised. Portia performs privilege escalation as well as lateral movement automatically in the network
PowerTools - PowerTools is a collection of PowerShell projects with a focus on offensive operations.
Sales_OSINT - OSINT for Sales Research
SlackShell - PowerShell to Slack C2
Code-Execution-and-Process-Injection - Powershell to CodeExecution and ProcessInjection
windows-update-selective-kb- - Update Windows Security patch update using PowerShell and Ansible
Posh-SecMod - PowerShell Module with Security cmdlets for security work
PowerShell - Useful PowerShell scripts
IR-Tools - IR-Tools - PowerShell tools for IR
MailSniper - MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It can be used as a non-administrative user to search their own email, or by an administrator to search the mailboxes of every user in a domain.
Invoke-Phant0m - Windows Event Log Killer
PivotAll - Comprehensive Pivoting Framework
Invoke-CradleCrafter - PowerShell Remote Download Cradle Generator & Obfuscator
WMImplant - This is a PowerShell based tool that is designed to act like a RAT. Its interface is that of a shell where any command that is supported is translated into a WMI-equivalent for use on a network/remote machine. WMImplant is WMI based.
Empire - Empire is a PowerShell and Python post-exploitation agent.
Dump-Clear-Password-after-KB2871997-installed -
windows-operating-system-archaeology - windows-operating-system-archaeology @Enigma0x3 @subTee
HackSysTeam-PSKernelPwn -
PSKernel-Primitives - Exploit primitives for PowerShell
Sherlock - PowerShell script to quickly find missing software patches for local privilege escalation vulnerabilities.

Python

altdns - Generates permutations, alterations and mutations of subdomains and then resolves them
Reclaim - 一个可以跨平台帮助你更有效的找到可用 Google IP 的工具
dowsDNS - 快速翻跃中国防火墙
XX-Net - a web proxy tool
GoAgent-Always-Available - 一直可用的GoAgent，会定时扫描可用的google gae ip，提供可自动化获取ip运行的版本
backuptoqiniu - 备份vps到七牛云存储脚本
calibre-web - 📚 Web app for browsing, reading and downloading eBooks stored in a Calibre database
sec-awvs-agent - High Concurrency of Awvs Scan Agent By AWVS HTTP API
ctf-wiki - ctf wiki online
FuckSubDomain - FuckSubDomain(FSD) is a fast find Subdomain tool.
aget - Aget - Asynchronous Downloader
my-boring-python - shhh.... sth interesting. Incloud 破解百度云限速/arch安装向导/一些小脚本 and so on
freedomfighting - A collection of scripts which may come in handy during your freedom fighting activities.
smap - Shellcode mapper
Struts2Shell -
packet_analysis - 数据包分析
bugcrowd-levelup-subdomain-enumeration - This repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bucrowd LevelUp 2017 virtual conference
ChineseNER - A neural network model for Chinese named entity recognition
katoolin4china - Made the katoolin use the china source
shodanwave - Shodanwave - Netwave IP Camera
rtcp -
rdiff-backup - rdiff-backup
magic-wormhole - get things from one computer to another, safely
PRET - Printer Exploitation Toolkit - The tool that made dumpster diving obsolete.
mps-youtube - Terminal based YouTube player and downloader
shootback - a reverse TCP tunnel let you access target behind NAT or firewall
OSINTretasNoHayPastebines - Trabajo de OSINT para búsqueda de patrones en pastebin.
k8sec - Run OSSEC in Kubernetes
awesome-math - A curated list of awesome mathematics resources
python-idb - Pure Python parser and analyzer for IDA Pro database files (.idb).
tornado - Tornado is a Python web framework and asynchronous networking library, originally developed at FriendFeed.
data_hacking - Click Security Data Hacking Project
Struts2-048 - CVE-2017-9791
ctf-crypto-writeups -
AWSBucketDump - Security Tool to Look For Interesting Files in S3 Buckets
ssl_logger - Decrypts and logs a process's SSL traffic.
basicRAT - python remote access trojan
crackcoin - Very basic blockchain-free cryptocurrency PoC in Python
lightbulb-framework - Tools for auditing WAFS
WMD - Python framework for IT security tools
borg-import - importer for rsync+hardlink based backups / rsnapshot
bcloud - 百度网盘的linux桌面客户端
retext - ReText: Simple but powerful editor for Markdown and reStructuredText
osxcollector - A forensic evidence collection & analysis toolkit for OS X
CloudFail - Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network
LFISuite - Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner
RFIDIOt - python RFID / NFC library & tools
web3.py - A python interface for interacting with the Ethereum blockchain and ecosystem.
firmware-analysis-toolkit - Toolkit to emulate firmware and analyse it for security vulnerabilities
brutespray - Brute-Forcing from Nmap output - Automatically attempts default creds on found services.
CTFd - CTFs as you need them
fibratus - Tool for exploration and tracing of the Windows kernel
Dr0p1t-Framework - A framework that create an advanced stealthy dropper that bypass most AVs and have a lot of tricks
autoDANE - Auto Domain Admin and Network Exploitation.
FeelUOwn - trying to be a hackable music player
htcap - htcap is a web application scanner able to crawl single page application (SPA) in a recursive manner by intercepting ajax calls and DOM changes.
viSQL - Scan SQL vulnerability on target site and sites of on server.
Winpayloads - Undetectable Windows Payload Generation
TextRank4ZH - 🌳从中文文本中自动提取关键词和摘要
bitcoinbook - Mastering Bitcoin 2nd Edition - Programming the Open Blockchain
wikiextractor - A tool for extracting plain text from Wikipedia dumps
bypass_waf - waf自动爆破(绕过)工具
crawler-user-agents - Lists syntactic patterns of HTTP user-agents used by bots/robots/crawlers/spiders (pull-request welcome)
PocCollect - a plenty of poc based on python
pyfiscan - Free web-application vulnerability and version scanner
dnsAutoRebinding - ssrf、ssrfIntranetFuzz、dnsRebinding、recordEncode、dnsPoisoning、Support ipv4/ipv6
pentestly - Python and Powershell internal penetration testing framework
HEVD-Exploits - Various exploits for the HackSys Extreme Vulnerable Driver
struts2_check - 一个用于识别目标网站是否采用Struts2框架开发的工具demo
sudo-backdoor - Wraps sudo; transparently steals user's credentials and exfiltrate over DNS. For those annoying times when you get a shell/file write on a sudoers account and need to leverage their credentials.
crossdomainscanner - Python tool for expired domain discovery in crossdomain.xml files
discover-books - 📚 发现图书
passive_scan - 基于http代理的web漏洞扫描器的实现
getproxy - getproxy 是一个抓取发放代理网站，获取 http/https 代理的程序
xunfengES -
keysniffer-poc - Simple PoC Linux keysniffer showing impact of a lack of GUI-isolation in X display server.
WPSeku - WPSeku - Wordpress Security Scanner
goSecure - An easy to use and portable Virtual Private Network (VPN) system built with Linux and a Raspberry Pi. iadgov
salt-scanner - Linux vulnerability scanner based on Salt Open and Vulners audit API, with Slack notifications and JIRA integration
rtfm - A database of common, interesting or useful commands, in one handy referable form
cupper - It comes!!
kekescan - automate scanner
F-NAScan - Scanning a network asset information script
ReconScan - Network reconnaissance and vulnerability assessment tools.
crack-geetest - 滑动验证码破解示例，仅供学习使用。
CMS-Hunter - CMS漏洞测试用例集合
DamnWebScanner - Another web vulnerabilities scanner, this extension works on Chrome and Opera
windows-exploits - exploits
dirsearch - Web path scanner
gain - Web crawling framework based on asyncio for everyone.
firminator_backend - The first open source vulnerability scanner for firmwares
wafpass - Analysing parameters with all payloads' bypass methods, aiming at benchmarking security solutions like WAF.
WordSteal - This script will create a POC that will steal NTML hashes from a remote computer. Do not use this for illegal purposes.The author does not keep responsibility for any illegal action you do.
win_driver_plugin - A tool to help when dealing with Windows IOCTL codes or reversing Windows drivers.
cryptoradio - Python script to encrypt and publish on Twitter. Also decrypt tweets from file
java_deserialization_exploits - A collection of Java Deserialization Exploits
svn_git_scanner - 用于扫描git，svn泄露
CVE-2017-7494 - Remote root exploit for the SAMBA CVE-2017-7494 vulnerability
ansigenome - A tool to help you gather information and manage your Ansible roles.
debops-tools - Your Debian-based data center in a box
debops-playbooks - Ansible playbooks used by DebOps project
subdomain3 -
svn-extractor - simple script to extract all web resources by means of .SVN folder exposed over network.
Fwaf-Machine-Learning-driven-Web-Application-Firewall - Machine learning driven web application firewall to detect malicious queries with high accuracy.
portSpider - 🕷 A lightning fast multithreaded network scanner framework with modules.
getsploit - Command line utility for searching and downloading exploits
subbrute - A DNS meta-query spider that enumerates DNS records, and subdomains.
fshell - 基于机器学习的分布式webshell检测系统
SweetSecurity - Network Security Monitoring on Raspberry Pi type devices
BurpSmartBuster - A Burp Suite content discovery plugin that add the smart into the Buster!
owtf - Offensive Web Testing Framework (OWTF), is an OWASP+PTES focused try to unite great tools and make pen testing more efficient, written mostly in Python @owtfp http://owtf.org
maltrail - Malicious traffic detection system
gibbersense - Extract Sense out of Gibberish stuff
morphHTA - morphHTA - Morphing Cobalt Strike's evil.HTA
pwn-tools - Various tools I have made for pwnage.
HVACScanner - Locates Honeywell/Tridium/Niagara HVAC JACEs/Controllers via HTTP fingerprints/strings. Very handy for vulnerability/pentesting.
zabbixPwn - Zabbix Jsrpc.php Injection Exploit
microscan - MicroScan 基于B/S架构微扫描器
webshell-find-tools - 分析web访问日志以及web目录文件属性，用于根据查找可疑后门文件的相关脚本。
OWASP-Xenotix-XSS-Exploit-Framework - OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework.
EvilOSX - A pure python, post-exploitation, RAT (Remote Administration Tool) for macOS / OSX.
osrframework - OSRFramework, the Open Sources Research Framework is a AGPLv3+ project by i3visio focused on providing API and tools to perform more accurate online researches.
PowerLessShell - Run PowerShell command without invoking powershell.exe
musicbox - 网易云音乐命令行版本
SambaHunter - It is a simple script to exploit RCE for Samba (CVE-2017-7494 ).
DeathStar - Automate getting Domain Admin using Empire (https://github.com/EmpireProject/Empire)
sqlparse - A non-validating SQL parser module for Python
massExpConsole - adding more exploits and tools
NXcrypt - NXcrypt - 'python backdoor' framework
denyhosts - Automated host blocking from SSH brute force attacks
python3-cookbook - 《Python Cookbook》 3rd Edition Translation
Reverse_DNS_Shell - A python reverse shell that uses DNS as the c2 channel
ICS-Vulnerabilities - Some ICS Vulnerabilities I've found will be listed here.
Password-Guessing-Framework - A Framework for Comparing Password Guessing Strategies
osint-series - Source codes related to the articles about OSINT. Using social media APIs and Python language.
kali-tools - Run Kali tools on all distributions. Offline search, including in package descriptions.
cve-2017-7494 - Proof-of-Concept exploit for CVE-2017-7494(Samba RCE from a writable share)
CMSmap -
osint_tools_security_auditing - osint_tools_security_auditing
docker-hacklab - My personal hacklab
CoolPool - 仓库已经废弃，新仓库地址
osint-combiner - Combining OSINT sources in Elastic Stack
Mastodon-OSINT - Scripts related to Mastodon investigations
hostintel - A modular Python application to collect intelligence for malicious hosts.
flunym0us - Flunym0us is a Vulnerability Scanner for Wordpress and Moodle designed by Flu Project Team. Flunym0us has been developed in Python. Flunym0us performs dictionary attacks against Web sites. By default, Flunym0us includes a dictionary for Wordpress and other for Moodle.
burp-ui - Burp-UI is a web-ui for burp backup written in python with Flask and jQuery/Bootstrap
BoopSuite - A Suite of Tools written in Python for wireless auditing and security testing.
cangibrina - A fast and powerfull dashboard (admin) finder
IDASynergy - A combination of an IDAPython Plugin and a control version system that result in a new reverse engineering collaborative addon for IDA Pro. By
ms17-010-m4ss-sc4nn3r - MS17-010 multithreading scanner written in python.
free-PACKT-eBooks-Crawler - A tool for claim and save PACKT's FREE TECHNOLOGY EBOOKS.
ssct - A wrapper tool for shadowsocks to consistently bypass firewalls.
burpproxypacextension - Exemple d'extension Burp permettant d'utiliser les fichiers de configuration de proxy PAC
Joomla3.7-SQLi-CVE-2017-8917 - Joomla 3.7 SQL injection (CVE-2017-8917)
CVE-2017-7269-Echo-PoC - CVE-2017-7269 回显PoC ,用于远程漏洞检测..
code - The sourecode
deep-anpr - Using neural networks to build an automatic number plate recognition system
BrainDamage - A fully featured backdoor that uses Telegram as a C&C server
CVE-2017-3599 - Proof of concept exploit for CVE-2017-3599
routerz - Some exploits for ZeroNights 0x03
ZTExploit - ZTE ZXV10 H108L Router with <= V1.0.01_WIND_A01 - Remote root RCE Exploit
rexploit - RExploit (Router Exploitation) is a tool that search exploits for any router SOHO. It is written on Python and QT.
Huawei - Some Of Huawei Routers Exploits
ssh-mitm - SSH man-in-the-middle tool
github-dorks - Collection of github dorks and helper tool to automate the process of checking dorks
goMS17-010 - Simple program for detecting if host(s) are vulnerable to SMB exploit(MS17-010)
NagaScan - NagaScan is a distributed passive scanner for Web application.
sof-elk - Configuration files for the SOF-ELK VM, used in SANS FOR572
gnunigma - Enigma encryption machine emulation in python.
theZoo - A repository of LIVE malwares for your own joy and pleasure
CatMyFish - Search for categorized domain
AnyScan - AnyScan
microsoftSpider - 爬取微软漏洞信息，MS对应的每个版本操作系统KB号以及补丁下载地址。
HexRaysPyTools - Ida Pro plugin
IIS_shortname_Scanner - an IIS shortname Scanner
ds_store_exp - A .DS_Store file disclosure exploit. It parse .DS_Store file and download files recursively.
Forensic-Tools - A collection of tools for forensic analysis
howmanypeoplearearound - Count the number of people around you 👨‍👨‍👦 by monitoring wifi signals 📡
clean-baidutieba - 删除自己在百度贴吧的发帖和回复
fuzzbunch-debian - Fuzzbunch deployment for Debian - Intructions: Readme.md
EyeWitness - EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.
QQParking - QQBot, QQ机器人，用于QQ挂机。自动回复私聊及临时对话，记录留言并转发至邮箱，账号（被踢）下线邮件提醒。
QBotWebWrap - Web Wrap for QBot series QQ/QQ空间在线挂机
cve-crawler -
z3-stuff - z3 scripts and ctf challenge solutions.
emailwhois - Look up an email domain (@example.com), using Python, across all known domains.
pytorch-dnc - Neural Turing Machine (NTM) & Differentiable Neural Computer (DNC) with pytorch & visdom
macOS-Security-and-Privacy-Guide - A practical guide to securing macOS.
WebEye -
pygeoip - Pure Python API for Maxmind's binary GeoIP databases
histstat - history for netstat
spoodle - A mass subdomain + poodle vulnerability scanner
exploit-database-bin-sploits - Exploit Database binary exploits located in the /sploits directory
WindowsExploits - Windows exploits, mostly precompiled.
rsync_scan - rsync空口令扫描器
ida-arm-system-highlight - IDA script for highlighting and decoding ARM system instructions
opmanager_exp - opmanager运维监控系统上传漏洞测试工具
AssistantPi - Bring both Google Assistant and Alexa to your Raspberry Pi
dnschef - DNSChef - DNS proxy for Penetration Testers and Malware Analysts
bgp-ranking - BGP ranking is a free software to calculate the security ranking of Internet Service Provider (ASN).
openai_lab - An experimentation framework for Reinforcement Learning using OpenAI Gym, Tensorflow, and Keras.
pwnbin - Python Pastebin Webcrawler that returns list of public pastebins containing keywords
scanless - online port scan scraper
jackhammer - Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.
wxpy - 微信机器人 / 可能是最优雅的微信个人号 API ✨✨
RtspFuzzer - RTSP network protocol fuzzer
The-Password-Manager - Manager/Generator With AES Encrypted Password Storage - v1.2.3
certitude - The Seeker of IOC
ssh-audit - SSH server auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)
nsshell - A DNS connectback shell executed by strings in payloads.txt
tplmap - Code and Server-Side Template Injection Detection and Exploitation Tool
pyekaboo - A proof-of-concept program that is able to to hijack/hook/proxy Python module(s) thanks to $PYTHONPATH variable
pyvulhunter - python audit tool 审计注入 inject
Deformable-ConvNets - Deformable Convolutional Networks
pocserver - Scripts running in public webserver for vulnerability PoC
CTF-Challenges - A repository of challenges from various CTF competitions.
droopescan - A plugin-based scanner that aids security researchers in identifying issues with several CMSs, mainly Drupal & Silverstripe.
bookmark-archiver - 🗄 Save an archived copy of all websites starred using Pocket/Pinboard/Bookmarks. Outputs browseable html.
bropy - Basic Anomaly IDS capabilities with Python and Bro
wifiphisher - Automated victim-customized phishing attacks against Wi-Fi clients
intel_amt_honeypot - intel amt honeypot
RouterExploitScan - RouterExploit
CrackMapExec - A swiss army knife for pentesting networks
fInd0 - Tool to find domains in sold about a target
ctf - Ctf solutions from p4 team
struts2_045_scan - Struts2-045 Scanner
CNVDSpider - CNVDSpider
apiscout -
Zulu - The Zulu fuzzer
pylnker - This is a Python port of lnk-parse-1.0, a tool to parse Windows .lnk files.
IIS_exploit - Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016.
APKiD - Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android
plasma - Plasma is an interactive disassembler for x86/ARM/MIPS. It can generates indented pseudo-code with colored syntax.
BitcoinStrategy - bitcoin arbitrage between Huobi and Okcoin
BitcoinExchangeFH - Cryptocurrency exchange market data feed handler (Poloniex, Bittrex, Bitstamp, BTCC, Bitfinex, BitMEX, Gatecoin, GDAX, Huobi, Kraken, OkCoin, Quoine)
NoEye - A blind mode exploit framework (a dns server and a web app) that like wvs's AcuMonitor Service or burpsuite's collabrator or cloudeye
not-your-average-web-crawler - A web crawler that gathers more than you can imagine.
kcshell - Simple Python3 based interactive assembly/disassembly shell for various architectures powered by Keystone/Capstone.
write-ups-2017 - Wiki-like CTF write-ups repository, maintained by the community. 2017
CryptoBook - Learning Cryptography, math and programming with Cryptol (and maybe some Python)
iScript - 各种脚本 -- 关于虾米 xiami.com, 百度网盘 pan.baidu.com, 115网盘 115.com, 网易音乐 music.163.com, 百度音乐 music.baidu.com, 360网盘/云盘 yunpan.cn, 视频解析 flvxz.com, bt torrent ↔ magnet, ed2k 搜索, tumblr 图片下载, unzip
pwndbg - Exploit Development and Reverse Engineering with GDB Made Easy
dnsdiag - DNS Diagnostics and Performance Measurement Tools
bearded-avenger - CIF v3 -- the fastest way to consume threat intelligence
PoC - Various PoCs
ZipCrack - ZipCrack with Python
octodns - Tools for managing DNS across multiple providers
trsh - Telegram Remote-Shell
tldextract - Accurately separate the TLD from the registered domain and subdomains of a URL, using the Public Suffix List.
splinter - splinter - python test framework for web applications
gixy - Nginx configuration static analyzer
ZEROScan - Just a scan by Z3r0yu
hacking - OpenStack Hacking Style Checks
XSSYA-V-2.0 -
coursera-dl - Script for downloading Coursera.org videos and naming them.
python-broadlink - Python module for controlling Broadlink RM2/3 (Pro) remote controls, A1 sensor platforms and SP2/3 smartplugs
Broadlink-e-control-db-dump - These two scripts will "parse" the broadlink e-Control Android application database or SharedData and dump the IR / RF codes for selected accessories into a text file which can be later used with broadlink-python to send the codes to the RM PRO hub
qiniu4blog - 使用七牛云存储创建自己的图床,用于写博客
subconscious - redis-backed (in memory) db for python3 that is asyncio compatible
mocktailsmixer - Make a DIY Robotic Mocktails Mixer Powered by the Google Assistant SDK
irc-client - Simple IRC (Internet Relay Chat) Client written in Python
katoolin - Automatically install all Kali linux tools
hexo-git-backup - Back-up the source files of my blog.
docker-ida - Run IDA Pro disassembler in Docker containers for automating, scaling and distributing the use of IDAPython scripts.
fonttools - A library to manipulate font files from Python.
aptc - Automated Payload Test Controller
BigDataML -
WebHubBot - Python + Scrapy + MongoDB . 5 million data per day !!!💥 The world's largest website.
cve-offline - An easy to grep dump of the NVD database showing only; CVE-ID, CVSS Risk Score, and Summary.
leviathan - wide range mass audit toolkit
Hack - A typeface designed for source code
Mobile-Security-Framework-MobSF - Mobile Security Framework is an intelligent, all-in-one open source mobile application (Android/iOS/Windows) automated pen-testing framework capable of performing static, dynamic analysis and web API testing.
Beehive - Beehive is an open-source vulnerability detection framework based on Beebeeto-framework. Security researcher can use it to find vulnerability, exploits, subsequent attacks, etc.
pacemaker - Heartbleed (CVE-2014-0160) client exploit
searx - Privacy-respecting metasearch engine
Py-DNS-over-HTTPS-Proxy - Provides a simple Python based proxy for running DNS over HTTPS to Google's DNS over HTTPS service.
weblogic-serialization-exploit-updated - Updated the FoxGlove Security WebLogic serialization exploit.
hackUtils - It is a hack tool kit for pentest and web security research.
algorithms - Minimal examples of data structures and algorithms in Python
JavaUnserializeExploits -
shellnoob - A shellcode writing toolkit
labs - Vulnerability Labs for security analysis
virtualenv-burrito - One command to have a working virtualenv + virtualenvwrapper environment.
scan -
eval -
blindy - Simple script to automate brutforcing blind sql injection vulnerabilities
weibo_terminater - Final Weibo Crawler Scrap Anything From Weibo, comments, weibo contents, followers, anythings. The Terminator
mblogic-S2-client - The client side HMI for the S2 modbus control. This has many html and css pages which were custom edited and also have needed server and client base programs.
cheetah - a very fast brute force webshell password tool
multiscanner - Modular file scanning/analysis framework
manticore - Dynamic binary analysis tool
exp - 各种流行的POC批量扫描工具，当然其中的目标需要自己去收集。
Sublist3r - Fast subdomains enumeration tool for penetration testers
sicklepoc -
scantastic-tool - It's bloody scantastic
jieba - 结巴中文分词
hacking_script - 开发或收集的一些网络安全方面的脚本、小工具
CustomDeserializer - Custom Deserializer
theHarvester - E-mail, subdomain and people names harvester
Nosql-Exploitation-Framework - A Python Framework For NoSQL Scanning and Exploitation
jdwp-shellifier -
truffleHog - Searches through git repositories for high entropy strings, digging deep into commit history
OSTrICa -
GitMiner - Tool for advanced mining for content on Github
eqgrp-free-file - Free sampling of files from the purported Equation Group hack.
tutorials - 机器学习相关教程
jexboss - JexBoss: Jboss (and Java Deserialization Vulnerabilities) verify and EXploitation Tool
libheap - python library to examine ptmalloc (the glibc userland heap implementation)
PortScan -
weakDeviceScan - 扫描网段内存在弱点的设备或者应用
NVRScanner -
password - 1
op1-fw-repacker - Tool for unpacking, modifying and repacking firmware for the OP-1 synth by Teenage Engineering.
exploits - Miscellaneous exploit code
yeti - Your Everyday Threat Intelligence
userline - Query and report user logons relations from MS Windows Security Events
fuzzbunch_wrapper - Fuzzbunch Python-Wine wrapper
AIL-framework - AIL framework - Analysis Information Leak framework
expdevBadChars - Bad Characters highlighter for exploit development purposes supporting multiple input formats while comparing.
osint_public -
IDA_loader - Some loader module for IDA
Smbtouch-Scanner - Automatically scan the inner network to detect whether they are vulnerable.
datasploit - Utilizing various Open Source Intelligence (OSINT) tools and techniques that we have found to be effective, DataSploit brings them all into one place, correlates the raw data captured and gives the user, all the relevant information about the domain/email/ phone number/person, etc. It allows you to collect relevant information about a target which can expand your attack/defence surface very quickly. Sometimes it might even pluck the low hanging fruits for you without even touching the target and give you quick wins. More documentation here: http://datasploit.readthedocs.io/en/latest/.
focuson - A tool to surface security issues in python code
pyt - A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications
CVE-2017-0199 - Exploit toolkit CVE-2017-0199 - v3.0 is a handy python script which provides pentesters and security researchers a quick and effective way to exploit Microsoft RTF RCE. It could generate a malicious (Obfuscated) RTF file and deliver metasploit / meterpreter / other payload to victim without any complex configuration.
vrnetlab - Run virtual routers with docker
compileShellCode -
DAMM - Differential Analysis of Malware in Memory
leakPasswd - Python 密码泄露查询模块
opensnitch - OpenSnitch is a GNU/Linux port of the Little Snitch application firewall.
Loki - Loki - Simple IOC and Incident Response Scanner
casper - Casper contract, daemon and related software and tests
writeups - CTF writeups
signature-base - Signature base for my scanner tools
pentest-wiki - PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.
nmap-converter - Python script for converting nmap reports into XLS
jsnu_Erya - 尝试用selenium刷超星尔雅课
fuzzbunch - NSA finest tool
doublepulsar-detection-script - A python2 script for sweeping a network to find windows systems compromised with the DOUBLEPULSAR implant.
pynmap - A serious(Tried to be) attempt to implement multi-threading to nmap module, which would result in faster scanning speed. I know that one can write NSE scripts for multi-threaded scanning with it, but I wanted to try it on python.
haveibeenpwned - Python script to verify multiple email addresses for pwnage
PyPwned - A Python client for the HaveIBeenPwned REST API
jackit - JackIt - Exploit Code for Mousejack
GithubLeakAlert -
shadowbroker - The Shadow Brokers "Lost In Translation" leak
pyscap - Python implementation of a Security Content Automation Protocol compatible Configuration, Vulnerability, Patch and Inventory Scanner
creak - Poison, reset, spoof, redirect MITM script
FakeGit - FakeGit: A great tool to fool yourself and others
dns-parallel-prober - PoC for an adaptive parallelised DNS prober
cisco-rce - CVE-2017-3881 Cisco Catalyst Remote Code Execution PoC
tun64 - IPv6 transition tunnel-based mechanism information exfiltration tool
whereami - Uses WiFi signals 📶 and machine learning to predict where you are
ipwndfu - open-source jailbreaking tool for older iOS devices
genpac - PAC/Dnsmasq/Wingy file Generator, working with gfwlist, support custom rules.
pythonwebhack - 用python实现的web框架建立的在线渗透平台
github_trending_spider -
commitsSpider - 爬取ffmpeg，linux，wireshark在github上的commits，并提取出其中的CVE号
githubSpider - 使用python爬虫批量爬取GitHub上的高star项目并定期pull保持最新
github_relationship - a simple spider for github instead of api
webdirscan - 跨平台的web目录扫描工具
Exploit - 常用的一些Exploit，经常会更新，也欢迎各位提交新的exp给我。
gsmsniff - GSM短信嗅探分析套件
proxy_pool - python爬虫代理IP池(proxy pool)
pyinotify - Monitoring filesystems events with inotify on Linux.
netattack - Python script to scan and attack wireless networks
POC-T - 渗透测试插件化并发框架
CTFCrackTools - China's first CTFTools framework.中国国内首个CTF工具框架,旨在帮助CTFer快速攻克难关
punter - Hunt domain names using DNSDumpster, WHOIS, Reverse WHOIS, Shodan, Crimeflare
apticket-nonce-checker - Python script which parses 32-bit SHSH/APTickets and prints the APTicket nonce, if any.
awesome-iot - Awesome IoT. A collaborative list of great resources about IoT Framework, Library, OS, Platform
TaobaoUser - Get anonymous user of Taobao
OnlineJudge - Open source online judge based on Python, Django and Docker. | 开源 Online Judge | 如果您在使用这个系统，请watch或者加入QQ群，这样可以收到最新的更新 | 2.0重构版正在开发
xsscrapy - XSS spider - 66/66 wavsep XSS detected
Report-IP-hourly - 📬 Report Linux IP by email hourly.
documentation - Official documentation for the Raspberry Pi
CTF - CTF's writeups
EaST - Exploits and Security Tools Framework 2.0.0
yara-exporter - Exporting MISP event attributes to yara rules usable with Thor apt scanner
timesketch - Collaborative forensic timeline analysis
RC4-PowerShell-RAT - Small powershell reverse shell using RC4 encryption
RePEconstruct -
PloitKit - The Hacker's ToolBox
spiderfoot - SpiderFoot, the open source footprinting and intelligence-gathering tool.
advanced-web-scraping-tutorial - The Zipru scraper developed in the Advanced Web Scraping Tutorial.
pytorch-tutorial - PyTorch Tutorial for Deep Learning Researchers
oletools - oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.
urh - Universal Radio Hacker: investigate wireless protocols like a boss
datasploit - An #OSINT Framework to perform various recon techniques, aggregate all the raw data, and give data in multiple formats.
RTTanalysis - Estimation and analysis of round trip time in TCP traffic
findcrypt-yara - IDA pro plugin to find crypto constants (and more)
Get-ip-address - python脚本自动获取本机ip，并发送到邮箱。适应linux系统和树莓派（raspberry pi）
CnblogsSpider - 用scrapy采集cnblogs列表页爬虫
Sisyphus - 一个方便的用来分析LOL中数据的工具
AutOSINT - Tool to automate common OSINT tasks
DorkNet - Selenium powered Python script to automate searching for vulnerable web apps.
pyscatwave - Fast Scattering Transform with CuPy/PyTorch
isp-data-pollution - ISP Data Pollution to Protect Private Browsing History with Obfuscation
evilginx - Man-in-the-middle attack framework used for phishing credentials and session cookies of any web service.
og-miner - OpenDNS Graph Miner
scripts -
TravelPhotoBackup - Backing up photos from an SD Card while traveling with a Raspberry Pi and an iOS device.
gdbida - gdbida - a visual bridge between a GDB session and IDA Pro's disassembler
drawlikebobross - Draw like Bob Ross using the power of Neural Networks (With PyTorch)!
MongoDB_AutoDump - 用于快速探测未授权MongoDB数据库结构，取第一条内容，并统计数据数量。A tool for unauthorized MongoDB database , take the first content, and the number of statistical data.
genPass - 渗透测试中关于字典生成和整理辅助的工具
SAKS-tutorials - SAKS Tutorials
pycookiecheat - Borrow cookies from your browser's authenticated session for use in Python scripts.
ipcheck - Serivce that sends you an email when your WAN address changes
qqwry-python3 - 在纯真IP数据库（qqwry.dat）查询IP归属地， for python 3.0+，已上传至pypi。
taobao_bra_crawler - a taobao web crawler just for fun.
GitPrey - Searching sensitive files and contents in GitHub associated to company name or other key words
DSXS - Damn Small XSS Scanner
weakfilescan - 动态多线程敏感信息泄露检测工具
genpAss - 中国特色的弱口令生成器
Distributed_Microblog_Spider - 分布式新浪微博爬虫
IPProxyPool - IPProxyPool代理池项目，提供代理ip
listen1 - one for all free music in china (origin edition)
SinaWeiboSpider-Mongodb - weibo spider
tweets_analyzer - Tweets metadata scraper & activity analyzer
tweepy - Twitter for Python!
twitter-user-geocoder - Resolve the location string in Twitter users' profiles to US states (and cities)
tweetf0rm - A twitter crawler in Python
ScrapyTwitter - Crawling twitter info Using Scrapy+Splash
TwitterScrape - A Twitter scraping tool using Scrapy
msku-etkinlik - MSKU Etkinlik Kodları
cbg-scrapy - Simple HTTP server for asynchronous scrapping data from Twitter API using Twisted library
scrapy-twitter -
python-ngrokd -
awesome-linux-software-cn - Linux 优秀软件资源大全中文版：一些针对 Linux 发行版的非常棒的应用程序、实用工具以及其它相关材料。A curated list of awesome applications, softwares, tools and other materials for Linux distros.
Awesome-Linux-Software - 🐧 A list of awesome applications, softwares, tools and other materials for Linux distros.
ubuntu-make - Ubuntu Make
SublimeOnSave - Executes commands on file save.
github_search - 根据 keywords 搜索 github 上面的 repos, 并通过 web 展示
TwitterSpider - Parsing tweets from Twitter Profiles with Python
woeid - Scrapy crawling woeid and twitter trends (using api)
scrapy-twitter - crawl twitter timeline using scrapy
twitter_scrapy - Use Scrapy to crwal Twitter .THE 1.0 Edition
Sneaker-Notify - Sneaker/Restock/Monitor Notify via Twitter coded in Python using Scrapy.
reddit_all_rising - Simple example of a Scrapy spider that scrapes Reddit + Twitter bot made with python-twitter, deployed to Heroku
pyc2 - simple c2 written in python to demonstrate security concepts
WPForce - Wordpress Attack Suite
mimipenguin - A tool to dump the login password from the current linux user
awesome-python - A curated list of awesome Python frameworks, libraries, software and resources
HelloGitHub - 分享、推荐 GitHub 上好玩、容易上手的项目，帮你找到编程的乐趣
you-get - ⏬ Dumb downloader that scrapes the web
gitbookspider -
gitbook-wiki - 📖 Wiki powered by Gitbook :)
docbook - 通过gitbook把固定格式的markdown文件转成html，然后上传至qiniu存储为静态站点，通过特定URL访问，也可以通过域名CNAME到特定URL访问
gitbook-deploy - a simple tool help me deploy gitbook to github pages.
weixinpy - Python client SDK for Micro Message Public Platform API.
tushare - TuShare is a utility for crawling historical data of China stocks
pandasql - sqldf for pandas
HackRequests - It is a dedicated requests lib that supports cookie, headers, get/post, etc. And it also supports rendering the response (e.g. Javascript, CSS, etc.) of GET requests by using PhantomJs enginee.
Github_Nuggests - 自动爬取Github上文件敏感信息泄露，抓取邮箱密码并自动登录邮箱验证，支持126，qq，sina，163邮箱
bypy - Python client for Baidu Yun (Personal Cloud Storage) 百度云/百度网盘Python客户端
cupp - Common User Passwords Profiler (CUPP)
qrcode - artistic QR Code in Python （Animated GIF qr code）- Python 艺术二维码生成器（GIF动态二维码、图片二维码）
textfilter - 敏感词过滤的几种实现+某1w词敏感词库
httpie - Modern command line HTTP client – user-friendly curl alternative with intuitive UI, JSON support, syntax highlighting, wget-like downloads, extensions, etc. https://httpie.org
langid.py - Stand-alone language identification system
reddit - the code that powers reddit.com
httpstat - curl statistics made simple
PyMySQL - Pure Python MySQL Client
flask-limiter - rate limiting extension for flask applications
glances - Glances an Eye on your system. A top/htop alternative.
sh - Python process launching
nginx-book - Nginx开发从入门到精通
explore-flask - Source of Explore Flask book
locust - Scalable user load testing tool written in Python
saythanks.io - Spreading Thankfulness in Open Source.
mycli - A Terminal Client for MySQL with AutoCompletion and Syntax Highlighting.
explore-python - 📗 The Beauty of Python Programming.
500LineorLess_CN - 500 line or less 中文翻译计划。
algorithm -
Raspberry_face_recognition_attendance_machine - 2016年完成，调用face++进行人脸识别语音发音的树莓派平台下的考勤机。
Nyspider - 各种爬虫---大众点评,安居客，58，人人贷，拍拍贷, IT桔子,拉勾网，豆瓣,搜房网,ASO100,气象数据,猫眼电影,链家,PM25.in...
PTWeiboSpider - 针对新浪微博的多功能爬虫
SinaHouseCrawler - 基于scrapy,scrapy-redis实现的一个分布式网络爬虫,爬取了新浪房产的楼盘信息及户型图片,实现了常用的爬虫功能需求.
phantomJS-weibo - phantomJS新浪微博爬虫
SinaSpider - 动态IP解决新浪的反爬虫机制，快速抓取内容。
telnet-scanner - telnet服务密码撞库
V3n0M-Scanner - Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
BruteXSS - BruteXSS is a tool written in python simply to find XSS vulnerabilities in web application. This tool was originally developed by Shawar Khan in CLI. I just redesigned it and made it GUI for more convienience.
pythem - pentest framework
log_visual - 日志可视化
thinkstats - 程序员统计入门, fork自thinkstats, 改动: 用Numpy, Pandas处理数据, Seaborn可视化
QUANTAXIS_SPIDER - QUANTAXIS 爬虫mod python/javascript/mongodb
AnalysePass -
py-feedr - A Python parser to tweet the latest updates from multiple RSS feeds.
Shortcut-Downloader - Shortcut Downloader

Rascal

hosts - 🗽最新可用的google hosts文件。镜像：

Roff

websearch - Search engine for web assets

Ruby

ssh_scan - A prototype SSH configuration and policy scanner (Blog: https://mozilla.github.io/ssh_scan/)
tails-zh_CN - Website of Tails ( l10n project for Simplified Chinese )
shuffler - Just a quick ruby script to explore perfect card shuffles. :)
aquatone - A Tool for Domain Flyovers
joomlavs - A black box, Ruby powered, Joomla vulnerability scanner
cve_server - Simple REST-style web service for the CVE searching
timing_attack - Perform timing attacks against web applications
fuzzapi - Fuzzapi is a tool used for REST API pentesting and uses API_Fuzzer gem
watobo -
WhatWeb - Website Fingerprinter
wordpress-exploit-framework - A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.
inspec - InSpec: Auditing and Testing Framework
pedump - dump windows PE files using ruby
Learning-SICP - 《计算机程序的构造和解释》公开课中文化项目。
puppetlabs-firewall - Puppet Firewall Module
huginn - Create agents that monitor and act on your behalf. Your agents are standing by!
whitewidow - SQL Vulnerability Scanner
rubynew - Ruby new project generator.
HatCloud - Bypass CloudFlare with Ruby
secureheaders - Manages application of security headers with many safe defaults
Eternalblue-Doublepulsar-Metasploit -
zen-rails-security-checklist - Checklist of security precautions for Ruby on Rails applications.
BloodHound-Owned - A collection of files for adding and leveraging custom properties in BloodHound.
birdwatcher - Data analysis and OSINT framework for Twitter
gitrob - Reconnaissance tool for GitHub organizations
ccc_privacy_crawler - Tカードの個人情報提供の停止対象企業一覧の新着を通知するためのTwitterボットです
dockscan - dockscan is security vulnerability and audit scanner for Docker installations
metasploit-framework - Metasploit Framework
discourse - A platform for community discussion. Free, open, simple.
arachni - Web Application Security Scanner Framework

Rust

shadowsocks-rust - Oh my implementation of Shadowsocks in Rust
rust-youtube-downloader - Youtube video downloader written in Rust
dirt - Dynamic Identification and Recognition Technology
minimal-tls - A minimal implementation of TLS

Shell

Ocserv-install-script-for-CentOS-RHEL-7 - Ocserv(AnyConnect Server) install script for CentOS/RHEL 7
Linux-Tutorial - 《Java 程序员眼中的 Linux》
shell-scripts - Linux Shell Scripts
ssr-finalspeed-server-docker -
nghttpx-tinyproxy -
ssr-with-net-speeder - Shadowsocksr with net speeder
shadowsocksr-kcptun - shadowsocksr-kcptun
ssr-bbr-docker - Dockerfile for ssr+bbr without TAP
docker-cobaltstrike -
doubi - 一个逗比写的各种逗比脚本~
Fail2ban - 最简单的防止SSH暴力破解的脚本
YankeeBBR - 来自Loc大佬Yankee魔改的BBR的Debian一键安装包
serverSpeeser_Install - redirect to https://github.com/0oVicero0/serverSpeeder_Install
PowerShellEmpireDocker - PowerShell Empire docker build
setup-ipsec-vpn - Scripts to build your own IPsec VPN server, with IPsec/L2TP and Cisco IPsec on Ubuntu, Debian and CentOS
docker-ipsec-vpn-server - Docker image to run an IPsec VPN server, with IPsec/L2TP and Cisco IPsec
oh-my-zsh - A delightful community-driven (with 1,000+ contributors) framework for managing your zsh configuration. Includes 200+ optional plugins (rails, git, OSX, hub, capistrano, brew, ant, php, python, etc), over 140 themes to spice up your morning, and an auto-update tool so that makes it easy to keep up with the latest updates from the community.
OpenVPN-install - Improved OpenVPN installer for Debian, Ubuntu, CentOS and Arch Linux
Resilio-Sync - Resilio Sync一键安装脚本
ReverseAPK - Quickly analyze and reverse engineer Android packages
kms-server - a docker image for kms
PNP-PortableHackingMachine - This script will convert your Raspberry Pi 3 into a portable hacking machine.
arch-linux-anywhere - Custom arch linux installer
GooGle-BBR - GooGle开源TCP加速算法
dropkick.sh - Detect and disconnect hidden WiFi cameras in that AirBnB you're staying in
hosts -
borg-backup.sh - A simple shell script for driving BorgBackup
borg-cron-helper - Helper shell scripts for BorgBackup to automate backups and make your life easier… 😉
CustomDebian - script to build your custom live Debian
openvpn-install - OpenVPN road warrior installer for Debian, Ubuntu and CentOS
linux-live - Linux Live Kit
remastersys - Remastersys Tool for Backup Your Ubuntu System
debian-custom-iso-scripts - These are scripts I made to help with the design and customization of a Debian ISO (Primarily WeakerThan Linux)
LinuxRespin - Fork of remastersys - updates
STIG-4-Debian - Security Technical Implementation Guide for Debian
shadowsocks_install - Auto install shadowsocks server，thanks 秋水逸冰
hack_tools_for_me - 自己为了方便收集的小工具
bash-powerline - Powerline-style Bash prompt in pure Bash script. See also https://github.com/riobard/zsh-powerline
parsing-techniques - parsing techniques 中文译本——《解析技术》
Awesome-Shadowsocks-Qt5-Installation-on-Debian - Installation Script For shadowsocks-Qt5 on Debian
infinality-debian-package - Necessary files and scripts to build Infinality for Debian
Zeus - AWS Auditing & Hardening Tool
Arch-Installer -
rules - Repository of yara rules
Woobuntu -
elasticsearch-definitive-guide-cn - Elasticsearch权威指南中文版
Auto-Root-Exploit - Auto Root Exploit Tool
LazyDroid - bash script to facilitate some aspects of an Android application assessment
astroid - ASTROID v 1.2 bypass most A.V softwares
jboss-autopwn - A JBoss script for obtaining remote shell access
vpn - vpn一键安装包
GitTools - A repository with 3 tools for pwn'ing websites with .git repositories available
across - Across the Great Wall we can reach every corner in the world
awesome-ci - Awesome Continuous Integration - Lot's of tools for git, file and static source code analysis.
hispagatos-enumeration - Bash script that runs most of the external enumeration with some logic
tutorial-darknet - Follow up files/scripts for i2pd+vpn+ubuntu remote i2p router setup
oh-my-shadowsocks - shadowsocks config on server, supervisor support
OSINT_Script -
dumbpentester - Fire and forget pentest script automating the finding of all vulns which can be found automaticaly
linux-exploit-suggester - Linux privilege escalation auditing tool
Meterpreter_Paranoid_Mode-SSL - Meterpreter Paranoid Mode - SSL/TLS connections
oss-fuzz - OSS-Fuzz - continuous fuzzing of open source software
build-linux - A short tutorial about building Linux based operating systems.
Goohak - Automatically Launch Google Hacking Queries Against A Target Domain
sn1per-docker - Dockerized version of Sn1per (https://github.com/1N3/Sn1per)
mhn - Modern Honey Network
fluxion - Fluxion is a remake of linset by vk496 with (hopefully) less bugs and more functionality.
FakeImageExploiter - Use a Fake image.jpg (hide known file extensions) to exploit targets
dnscrypt-proxy-installer - Linux installer for dnscrypt-proxy
git-remote-gcrypt - PGP-encrypted git remotes
pyenv - Simple Python version management
zsh-iterm-touchbar - Display feedback of terminal in the 🍏 Touchbar
Pentest-Scripts - Github for the scripts utilised during Penetration test
E2P - Email 2 Post: 监测并解析博客管理员邮件，自动部署博文，更新博客。（针对hexo博客系统）
docker-gitlab - Dockerized GitLab
dnspop - Analysis of DNS records to find popular trends
vulhub - Docker-Compose file for vulnerability environment
GhostInTheNet - Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan
Ubuntu-Telemetry-Free-Privacy-Secure - Bash script, which helps to remove telemetry and do system more private and secure
arm-docker-fixes - Scripts and hotfixes to fix some issues with Docker on ARM devices
nvm - Node Version Manager - Simple bash script to manage multiple active node.js versions
openvas-docker - A Docker container for Openvas
ccrm - 新手检测树莓派国内源脚本
payloads - Git All the Payloads! A collection of web attack payloads.
myPiLFS - linux from scratch (lfs) on raspberry pi
pwnbox - Docker container with tools for binary reverse engineering and exploitation.
ip2hosts -
snuff - Automate ARP poisoning, ssltrip, and ettercap.
crypscan - A suite of tools for cryptographic analysis developed with system administrators in mind.
rpi-update - An easier way to update the firmware of your Raspberry Pi
testssl.sh - Testing TLS/SSL encryption anywhere on any port
OnLive - Onlive Firmware Dumps
graudit - Grep rough audit - source code auditing tool
nomohead - Simple Bash script that announces IP Address and ngrok tunnel of Raspberry Pi at boot
ngrok-script - A script to run local ngrok client for linux and windows
Alic_env - 开发者常用脚本sh
n - Node version management
bash-it - A community Bash framework.
algo - Set up a personal IPSEC VPN in the cloud
ubuntu_config - some configuration. As: root user, ssh ......
ubuntu-configuration - Configuration of Debian based OS, such as: Ubuntu, Mint, and Elementary OS
config-ubuntu - Quickly Setup Ubuntu Desktop or Server with all-in-one Bash Scripts.
gvm - Go Version Manager
VulApps - 快速搭建各种漏洞环境(Various vulnerability environment)
docker_practice - Learn and understand Docker technologies, with real DevOps practice!
cc_iptables - 收集处理DDOS、CC攻击各类脚本，包括NGINX日志中的CC攻击IP处理。
HCTF2016-Docker-ELK - 基于docker的elk，曾应用于HCTF2016做日志可视化分析
EasyKit - Rootkit developed via Shell

Smali

AhMyth-Android-RAT - Android Remote Administration Tool

Swift

iInjection -
NEKit - A toolkit for Network Extension Framework
v2ex - The unofficial V2EX app for iOS

TeX

nndl - Another Chinese Translation of Neural Networks and Deep Learning
deeplearningbook-chinese - Deep Learning Book Chinese Translation
awesome-tls-security - A collection of (not-so, yet) awesome resources related to TLS, PKI and related stuff
Ankihelp - LaTeX 排版的中文 Anki 手册
RE-for-beginners - "Reverse Engineering for Beginners" free book
typeset -
redisbook - 《Redis 设计与实现》（网络版）的书稿源码

TypeScript

uProxy-p2p - Internet without borders
jigsaw - Jigsaw-七巧板是基于Angular(4+)实现的组件集，它是中兴通讯大数据应用支撑组件 RDK 的下一代组件集。RDK被广泛应用在中兴大数据的各个产品，在国内外已有多个商用局。Jigsaw-七巧板这套组件最主要的设计目标是用于构建复杂、交互密集型页面。
intelli-octo - A browser extension which adds IntelliSense to GitHub, GitLab and Bitbucket.

Vim script

dotfiles - A set of vim, zsh, git, and tmux configuration files.(*nix开发环境一键配置）😀
k-vim - vim配置

VimL

vim-colors-solarized - precision colorscheme for the vim text editor

Visual Basic

StarFighters - A JavaScript and VBScript Based Empire Launcher, which runs within their own embedded PowerShell Host.
VBSMeter - VBS Reversed TCP Meterpreter Stager
ISPiggy - Decentralized DNS fuzzer to mitigate ISP Snooping

Vue

iview - A high quality UI Toolkit built on Vue.js
tong2-family - 基于vue、vuex、vue-router、echarts的数据可视化展示平台

nesC

TinyOS_IDS - A IDS system for WSN based on CTP and TinyOS

License

To the extent possible under law, tcpsec has waived all copyright and related or neighboring rights to this work.

Files

tcpsec.md

Latest commit

History

tcpsec.md

File metadata and controls

Awesome Stars

Contents

Arduino

Assembly

Batchfile

Bro

C

C#

C++

CSS

CoffeeScript

Erlang

Go

HTML

Haskell

Java

JavaScript

Jupyter Notebook

KiCad

Kotlin

Logos

Lua

Makefile

Max

Objective-C

Others

PHP

Perl

PostScript

PowerShell

Python

Rascal

Roff

Ruby

Rust

Shell

Smali

Swift

TeX

TypeScript

Vim script

VimL

Visual Basic

Vue

nesC

License