Skip to content

marksowell/stars

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 

Repository files navigation

Awesome Stars Awesome

A curated list of my GitHub stars! Generated by starred.

Contents

ai

  • ghostsecurity/reaper - 💀 Don't fear the Reaper 👻
  • The-Art-of-Hacking/h4cker - This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artif

android

  • patrickfav/uber-apk-signer - A cli tool that helps signing and zip aligning single or multiple Android application packages (APKs) with either debug or provided release certificates. It supports v1, v2 and v3 Android signing sche
  • WithSecureLabs/drozer - The Leading Security Assessment Framework for Android.
  • androguard/androguard - Reverse engineering and pentesting for Android applications
  • AzeemIdrisi/PhoneSploit-Pro - An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.
  • iBotPeaches/Apktool - A tool for reverse engineering Android apk files
  • requestly/requestly - Requestly was built to save developers time by intercepting and modifying HTTP Requests. It has now developed into an open-source alternative to Charles Proxy and Telerik Fiddler that works directly i
  • wasabeef/awesome-android-ui - A curated list of awesome Android UI/UX libraries
  • Hack-with-Github/Awesome-Hacking - A collection of various awesome lists for hackers, pentesters and security researchers
  • appwrite/appwrite - Your backend, minus the hassle.
  • Solido/awesome-flutter - An awesome list that curates the best Flutter libraries, tools, tutorials, articles and more.
  • flutter/flutter - Flutter makes it easy and fast to build beautiful apps for mobile and beyond
  • skylot/jadx - Dex to Java decompiler
  • B3nac/InjuredAndroid - A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.
  • OWASP/owasp-mastg - The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls
  • n1nj4sec/pupy - Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C

angular

api

aspnet

  • bitwarden/server - Bitwarden infrastructure/backend (API, database, Docker, etc).

awesome

awesome-list

aws

azure

bash

  • MegaManSec/SSH-Snake - SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.
  • stateful/vscode-runme - DevOps Notebooks Built with Markdown - VS Code extension
  • nvm-sh/nvm - Node Version Manager - POSIX-compliant bash script to manage multiple active node.js versions
  • royalapplications/toolbox - This repository contains various automation scripts for Royal TS (for Windows) and Royal TSX (for macOS). Also included are dynamic folder samples. This collection consists of scripts by the Royal App
  • RealityNet/ios_triage - Bash script to extract data from a "chekcra1ned" iOS device
  • hyperupcall/autoenv - Directory-based environments.
  • v1s1t0r1sh3r3/airgeddon - This is a multi-use bash script for Linux systems to audit wireless networks.
  • peass-ng/PEASS-ng - PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

bootstrap

c

chrome

chrome-extension

  • AlecBlance/S3BucketList - Chrome extension that lists Amazon S3 Buckets while browsing
  • requestly/requestly - Requestly was built to save developers time by intercepting and modifying HTTP Requests. It has now developed into an open-source alternative to Charles Proxy and Telerik Fiddler that works directly i
  • LasCC/HackTools - The all-in-one browser extension for offensive security professionals 🛠
  • altair-graphql/altair - ✨⚡️ A feature-rich GraphQL Client for all platforms.

cli

  • patrickfav/uber-apk-signer - A cli tool that helps signing and zip aligning single or multiple Android application packages (APKs) with either debug or provided release certificates. It supports v1, v2 and v3 Android signing sche
  • projectdiscovery/dnsx - dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers.
  • pypa/pipx - Install and Run Python Applications in Isolated Environments
  • projectdiscovery/katana - A next-generation crawling and spidering framework.
  • sharkdp/bat - A cat(1) clone with wings.
  • asciinema/asciinema - Terminal session recorder 📹
  • abhijithvijayan/stargazed - 📋 Creating your own Awesome List of GitHub stars!

code-quality

code-review

  • Cyber-Buddy/APKHunt - APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security testers,

cpp

  • microsoft/vcpkg - C++ Library Manager for Windows, Linux, and MacOS
  • Ciphey/Ciphey - ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

csharp

  • bitwarden/server - Bitwarden infrastructure/backend (API, database, Docker, etc).
  • dnSpyEx/dnSpy - Unofficial revival of the well known .NET debugger and assembly editor, dnSpy
  • Aetsu/OffensivePipeline - OfensivePipeline allows you to download and build C# tools, applying certain modifications in order to improve their evasion for Red Team exercises.
  • peass-ng/PEASS-ng - PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

css

dart

  • flutter/flutter - Flutter makes it easy and fast to build beautiful apps for mobile and beyond
  • rustdesk/rustdesk - An open-source remote desktop application designed for self-hosting, as an alternative to TeamViewer.

database

docker

documentation

dotnet

  • bitwarden/server - Bitwarden infrastructure/backend (API, database, Docker, etc).
  • dnSpyEx/dnSpy - Unofficial revival of the well known .NET debugger and assembly editor, dnSpy

electron

express

firebase

firefox

flutter

  • macosui/macos_ui - Flutter widgets and themes implementing the current macOS design language.
  • appwrite/appwrite - Your backend, minus the hassle.
  • Solido/awesome-flutter - An awesome list that curates the best Flutter libraries, tools, tutorials, articles and more.
  • flutter/flutter - Flutter makes it easy and fast to build beautiful apps for mobile and beyond
  • B3nac/InjuredAndroid - A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.
  • rustdesk/rustdesk - An open-source remote desktop application designed for self-hosting, as an alternative to TeamViewer.

framework

git

go

golang

graphql

hacking

  • MegaManSec/SSH-Snake - SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.
  • summitt/Nope-Proxy - TCP/UDP Non-HTTP Proxy Extension (NoPE) for Burp Suite.
  • six2dez/pentest-book -
  • t3l3machus/Villain - Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share them
  • infosecn1nja/Red-Teaming-Toolkit - This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
  • AzeemIdrisi/PhoneSploit-Pro - An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.
  • ghostsecurity/reaper - 💀 Don't fear the Reaper 👻
  • LasCC/HackTools - The all-in-one browser extension for offensive security professionals 🛠
  • Hack-with-Github/Awesome-Hacking - A collection of various awesome lists for hackers, pentesters and security researchers
  • dolevf/Black-Hat-GraphQL - The Black Hat GraphQL Book Repository
  • t3l3machus/toxssin - An XSS exploitation command-line interface and payload generator.
  • nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters - A list of resources for those interested in getting started in bug bounties
  • OWASP/owasp-mastg - The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls
  • codingo/NoSQLMap - Automated NoSQL database enumeration and web application exploitation tool.
  • trimstray/the-book-of-secret-knowledge - A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
  • chenjj/espoofer - An email spoofing testing tool that aims to bypass SPF/DKIM/DMARC and forge DKIM signatures.🍻
  • BiZken/PhishMailer - Generate Professional Phishing Emails Fast And Easy
  • yogeshojha/rengine - reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous mon
  • j3ssie/osmedeus - A Workflow Engine for Offensive Security
  • HackTricks-wiki/hacktricks - Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
  • SpiderLabs/HostHunter - HostHunter a recon tool for discovering hostnames using OSINT techniques.
  • Ciphey/Ciphey - ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
  • diego-treitos/linux-smart-enumeration - Linux enumeration tool for pentesting and CTFs with verbosity levels
  • Hackplayers/evil-winrm - The ultimate WinRM shell for hacking/pentesting
  • maurosoria/dirsearch - Web path scanner
  • v1s1t0r1sh3r3/airgeddon - This is a multi-use bash script for Linux systems to audit wireless networks.
  • samratashok/nishang - Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
  • RustScan/RustScan - 🤖 The Modern Port Scanner 🤖
  • juice-shop/juice-shop - OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
  • The-Art-of-Hacking/h4cker - This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artif
  • 0x00-0x00/ShellPop - Pop shells like a master.
  • swisskyrepo/PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
  • mitre/caldera - Automated Adversary Emulation Platform

hacktoberfest

homebridge

html

http

  • rofl0r/proxychains-ng - proxychains ng (new generation) - a preloader which hooks calls to sockets in dynamically linked programs and redirects it through one or more socks/http proxies. continuation of the unmaintained prox
  • vapor/vapor - 💧 A server-side Swift HTTP web framework.
  • projectdiscovery/interactsh - An OOB interaction gathering server and client library
  • carlospolop/fuzzhttpbypass - This tool use fuuzzing to try to bypass unknown authentication methods, who knows...

ios

  • palera1n/palera1n - Jailbreak for A8 through A11, T2 devices, on iOS/iPadOS/tvOS 15.0, bridgeOS 5.0 and higher.
  • RealityNet/ios_triage - Bash script to extract data from a "chekcra1ned" iOS device
  • requestly/requestly - Requestly was built to save developers time by intercepting and modifying HTTP Requests. It has now developed into an open-source alternative to Charles Proxy and Telerik Fiddler that works directly i
  • vsouza/awesome-ios - A curated list of awesome iOS ecosystem, including Objective-C and Swift Projects
  • appwrite/appwrite - Your backend, minus the hassle.
  • Solido/awesome-flutter - An awesome list that curates the best Flutter libraries, tools, tutorials, articles and more.
  • flutter/flutter - Flutter makes it easy and fast to build beautiful apps for mobile and beyond
  • noobpk/frida-ios-hook - A tool that helps you easy trace classes, functions, and modify the return values of methods on iOS platform
  • airsquared/blobsaver - A cross-platform GUI and CLI app for automatically saving SHSH blobs
  • AloneMonkey/frida-ios-dump - pull decrypted ipa from jailbreak device
  • nabla-c0d3/ssl-kill-switch2 - Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS and macOS applications.
  • OWASP/owasp-mastg - The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls
  • ChiChou/grapefruit - (WIP) Runtime Application Instruments for iOS. Previously Passionfruit
  • libimobiledevice/libimobiledevice - A cross-platform protocol library to communicate with iOS devices
  • utmapp/UTM - Virtual machines for iOS and macOS

java

javascript

jekyll

  • just-the-docs/just-the-docs - A modern, high customizable, responsive Jekyll theme for documentation with built-in search.
  • jekyll/jekyll-seo-tag - A Jekyll plugin to add metadata tags for search engines and social networks to better index and display your site's content.

kotlin

  • B3nac/InjuredAndroid - A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.

kubernetes

  • openappsec/openappsec - open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.

latex

library

linux

  • shellhub-io/shellhub - 💻 Get seamless remote access to any Linux device. Centralized SSH for the edge and cloud computing
  • royalapplications/toolbox - This repository contains various automation scripts for Royal TS (for Windows) and Royal TSX (for macOS). Also included are dynamic folder samples. This collection consists of scripts by the Royal App
  • n1nj4sec/pupy - Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C
  • rustdesk/rustdesk - An open-source remote desktop application designed for self-hosting, as an alternative to TeamViewer.
  • trimstray/the-book-of-secret-knowledge - A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
  • htr-tech/nexphisher - Advanced Phishing tool
  • calebstewart/pwncat - Fancy reverse and bind shell handler
  • mzfr/gtfo - Search gtfobins and lolbas files from your terminal
  • v1s1t0r1sh3r3/airgeddon - This is a multi-use bash script for Linux systems to audit wireless networks.
  • CISOfy/lynis - Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
  • future-architect/vuls - Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
  • GTFOBins/GTFOBins.github.io - GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems
  • peass-ng/PEASS-ng - PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

lua

machine-learning

  • SoftDesLab/PIRANHA - Project for Software Design Laboratory -- Topic: Detecting Phishing Website with Machine Learning

macos

  • jordanbaird/Ice - Powerful menu bar manager for macOS
  • sieren/WidgetToggler - macOS Sonoma Widget Toggler for the Tray Bar - Easily Show and Hide Widgets
  • Hammerspoon/hammerspoon - Staggeringly powerful macOS desktop automation with Lua
  • royalapplications/toolbox - This repository contains various automation scripts for Royal TS (for Windows) and Royal TSX (for macOS). Also included are dynamic folder samples. This collection consists of scripts by the Royal App
  • macosui/macos_ui - Flutter widgets and themes implementing the current macOS design language.
  • jaywcjlove/awesome-mac -  Now we have become very big, Different from the original idea. Collect premium software in various categories.
  • flutter/flutter - Flutter makes it easy and fast to build beautiful apps for mobile and beyond
  • nabla-c0d3/ssl-kill-switch2 - Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS and macOS applications.
  • sickcodes/Docker-OSX - Run macOS VM in a Docker! Run near native OSX-KVM in Docker! X11 Forwarding! CI/CD for OS X Security Research! Docker mac Containers.
  • sethmlarson/truststore - Verify certificates using OS trust stores
  • utmapp/UTM - Virtual machines for iOS and macOS
  • macports/macports-ports - The MacPorts ports tree

markdown

material-design

mobile

  • WithSecureLabs/drozer - The Leading Security Assessment Framework for Android.
  • Solido/awesome-flutter - An awesome list that curates the best Flutter libraries, tools, tutorials, articles and more.
  • flutter/flutter - Flutter makes it easy and fast to build beautiful apps for mobile and beyond
  • ChiChou/grapefruit - (WIP) Runtime Application Instruments for iOS. Previously Passionfruit

mongodb

mysql

nextjs

nodejs

  • nvm-sh/nvm - Node Version Manager - POSIX-compliant bash script to manage multiple active node.js versions
  • sindresorhus/awesome-nodejs - ⚡ Delightful Node.js packages and resources
  • q-nick/npm-gui - Tired of the package.json dependency juggle? Meet npm-gui! We seamlessly integrate with npm, pnpm, or yarn. Managing, installing, and updating dependencies is as easy as it gets. Try npm-gui today and
  • expressjs/express - Fast, unopinionated, minimalist web framework for node.
  • abhijithvijayan/stargazed - 📋 Creating your own Awesome List of GitHub stars!
  • lmammino/jwt-cracker - Simple HS256, HS384 & HS512 JWT token brute force cracker.

nosql

npm

  • q-nick/npm-gui - Tired of the package.json dependency juggle? Meet npm-gui! We seamlessly integrate with npm, pnpm, or yarn. Managing, installing, and updating dependencies is as easy as it gets. Try npm-gui today and

objective-c

open-source

  • t3l3machus/Villain - Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share them
  • requestly/requestly - Requestly was built to save developers time by intercepting and modifying HTTP Requests. It has now developed into an open-source alternative to Charles Proxy and Telerik Fiddler that works directly i
  • commixproject/commix - Automated All-in-One OS Command Injection Exploitation Tool.
  • SpiderLabs/HostHunter - HostHunter a recon tool for discovering hostnames using OSINT techniques.

others

p2p

  • fatedier/frp - A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
  • rustdesk/rustdesk - An open-source remote desktop application designed for self-hosting, as an alternative to TeamViewer.
  • syncthing/syncthing - Open Source Continuous File Synchronization

package-manager

  • microsoft/vcpkg - C++ Library Manager for Windows, Linux, and MacOS
  • q-nick/npm-gui - Tired of the package.json dependency juggle? Meet npm-gui! We seamlessly integrate with npm, pnpm, or yarn. Managing, installing, and updating dependencies is as easy as it gets. Try npm-gui today and
  • macports/macports-ports - The MacPorts ports tree

perl

  • royalapplications/toolbox - This repository contains various automation scripts for Royal TS (for Windows) and Royal TSX (for macOS). Also included are dynamic folder samples. This collection consists of scripts by the Royal App

powershell

pwa

python

python3

  • MattKeeley/Spoofy - Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
  • vmware/vsphere-automation-sdk-python - Python samples, language bindings, and API reference documentation for vSphere, VMC, and NSX-T using the VMware REST API
  • byt3bl33d3r/WitnessMe - Web Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to make life easier.
  • SoftDesLab/PIRANHA - Project for Software Design Laboratory -- Topic: Detecting Phishing Website with Machine Learning
  • Liodeus/swaggerHole - A python3 script searching for secret on swaggerhub
  • get-get-get-get/PowerProxy - PowerShell SOCKS proxy with reverse proxy capabilities

raspberry-pi

  • shellhub-io/shellhub - 💻 Get seamless remote access to any Linux device. Centralized SSH for the edge and cloud computing

react

  • ant-design/ant-design - An enterprise-class UI design language and React UI library
  • q-nick/npm-gui - Tired of the package.json dependency juggle? Meet npm-gui! We seamlessly integrate with npm, pnpm, or yarn. Managing, installing, and updating dependencies is as easy as it gets. Try npm-gui today and
  • styled-components/styled-components - Visual primitives for the component age. Use the best bits of ES6 and CSS to style your apps without stress 💅
  • appwrite/appwrite - Your backend, minus the hassle.
  • rahuldkjain/github-profile-readme-generator - 🚀 Generate GitHub profile README easily with the latest add-ons like visitors count, GitHub stats, etc using minimal UI.

react-native

reactjs

  • dsternlicht/RESTool - RESTool is an open source UI tool for managing RESTful APIs. It could save you time developing your own internal tools. A live example:

rest-api

  • kyleboe/zoom_rb - Ruby REST API Wrapper for zoom.us API
  • dsternlicht/RESTool - RESTool is an open source UI tool for managing RESTful APIs. It could save you time developing your own internal tools. A live example:

ruby

rust

security

  • gitleaks/gitleaks - Protect and discover secrets using Gitleaks 🔑
  • GitGuardian/ggshield - Find and fix 400+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.
  • praetorian-inc/noseyparker - Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.
  • netwrix/pingcastle - PingCastle - Get Active Directory Security at 80% in 20% of the time
  • WithSecureLabs/drozer - The Leading Security Assessment Framework for Android.
  • MegaManSec/SSH-Snake - SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.
  • six2dez/pentest-book -
  • MattKeeley/Spoofy - Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
  • infobyte/faraday - Open Source Vulnerability Management Platform
  • sensepost/gowitness - 🔍 gowitness - a golang, web screenshot utility using Chrome Headless
  • EdOverflow/can-i-take-over-xyz - "Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
  • ghostsecurity/reaper - 💀 Don't fear the Reaper 👻
  • AlecBlance/S3BucketList - Chrome extension that lists Amazon S3 Buckets while browsing
  • pwndoc/pwndoc - Pentest Report Generator
  • marksowell/Clickjacking-POC - A Python package for creating a clickjacking proof of concept (POC).
  • OWASP/API-Security - OWASP API Security Project
  • inonshk/31-days-of-API-Security-Tips - This challenge is Inon Shkedy's 31 days API Security Tips.
  • HolyBugx/HolyTips - A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.
  • akto-api-security/tests-library - Community generated list of API security tests to find OWASP top10, HackerOne top 10 vulnerabilities
  • akto-api-security/akto - Proactive, Open source API security → API discovery, Testing in CI/CD, Test Library with 150+ Tests, Add custom tests, Sensitive data exposure
  • Hack-with-Github/Awesome-Hacking - A collection of various awesome lists for hackers, pentesters and security researchers
  • Cyber-Buddy/APKHunt - APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security testers,
  • jeremylong/DependencyCheck - OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
  • radareorg/radare2 - UNIX-like reverse engineering framework and command-line toolset
  • nabla-c0d3/ssl-kill-switch2 - Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS and macOS applications.
  • dradis/dradis-ce - Dradis Framework: Collaboration and reporting for IT Security teams
  • byt3bl33d3r/WitnessMe - Web Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to make life easier.
  • trufflesecurity/trufflehog - Find, verify, and analyze leaked credentials
  • shieldfy/API-Security-Checklist - Checklist of the most important security countermeasures when designing, testing, and releasing your API
  • uber-common/metta - An information security preparedness tool to do adversarial simulation.
  • hahwul/dalfox - 🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
  • haccer/subjack - Subdomain Takeover tool written in Go
  • nccgroup/ScoutSuite - Multi-Cloud Security Auditing Tool
  • trimstray/the-book-of-secret-knowledge - A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
  • projectdiscovery/nuclei - Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the int
  • chenjj/espoofer - An email spoofing testing tool that aims to bypass SPF/DKIM/DMARC and forge DKIM signatures.🍻
  • CanIPhish/Phishious - An open-source Secure Email Gateway (SEG) evaluation toolkit designed for red-teamers.
  • noraj/rawsec-cybersecurity-inventory - An inventory of tools and resources about CyberSecurity that aims to help people to find everything related to CyberSecurity.
  • OWASP/Nettacker - Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
  • j3ssie/osmedeus - A Workflow Engine for Offensive Security
  • evilsocket/xray - XRay is a tool for recon, mapping and OSINT gathering from public networks.
  • MojtabaTajik/Robber - Robber is open source tool for finding executables prone to DLL hijacking
  • projectdiscovery/interactsh - An OOB interaction gathering server and client library
  • cisagov/log4j-scanner - log4j-scanner is a project derived from other members of the open-source community by CISA to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities.
  • google/oss-fuzz - OSS-Fuzz - continuous fuzzing for open source software.
  • OWASP/CheatSheetSeries - The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
  • WithSecureLabs/chainsaw - Rapidly Search and Hunt through Windows Forensic Artefacts
  • threat9/routersploit - Exploitation Framework for Embedded Devices
  • lc/gau - Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.
  • lmammino/jwt-cracker - Simple HS256, HS384 & HS512 JWT token brute force cracker.
  • zaproxy/zap-extensions - ZAP Add-ons
  • cddmp/enum4linux-ng - A next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for security professionals and CTF players.
  • EnableSecurity/sipvicious - SIPVicious OSS is a VoIP security testing toolset. It helps security teams, QA and developers test SIP-based VoIP systems and applications. This toolset is useful in simulating VoIP hacking attacks ag
  • wpscanteam/wpscan - WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via contact@wpscan.com
  • maurosoria/dirsearch - Web path scanner
  • andresriancho/w3af - w3af: web application attack and audit framework, the open source web vulnerability scanner.
  • v1s1t0r1sh3r3/airgeddon - This is a multi-use bash script for Linux systems to audit wireless networks.
  • gophish/gophish - Open-Source Phishing Toolkit
  • samratashok/nishang - Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
  • RustScan/RustScan - 🤖 The Modern Port Scanner 🤖
  • michenriksen/aquatone - A Tool for Domain Flyovers
  • juice-shop/juice-shop - OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
  • scipag/vulscan - Advanced vulnerability scanning with Nmap NSE
  • future-architect/vuls - Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
  • swisskyrepo/PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
  • secdev/scapy - Scapy: the Python-based interactive packet manipulation program & library.

server

serverless

shell

  • MegaManSec/SSH-Snake - SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.
  • stateful/vscode-runme - DevOps Notebooks Built with Markdown - VS Code extension
  • nvm-sh/nvm - Node Version Manager - POSIX-compliant bash script to manage multiple active node.js versions
  • zsh-users/zsh-autosuggestions - Fish-like autosuggestions for zsh
  • n1nj4sec/pupy - Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C
  • hyperupcall/autoenv - Directory-based environments.
  • Hackplayers/evil-winrm - The ultimate WinRM shell for hacking/pentesting
  • CISOfy/lynis - Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
  • 0x00-0x00/ShellPop - Pop shells like a master.
  • peass-ng/PEASS-ng - PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

sql

swift

telegram

  • projectdiscovery/notify - Notify is a Go-based assistance package that enables you to stream the output of several tools (or read from a file) and publish it to a variety of supported platforms.

terminal

testing

  • puppeteer/puppeteer - JavaScript API for Chrome and Firefox
  • sinfulz/JustTryHarder - JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)

typescript

unity

  • dnSpyEx/dnSpy - Unofficial revival of the well known .NET debugger and assembly editor, dnSpy

vagrant

  • uber-common/metta - An information security preparedness tool to do adversarial simulation.

vue

web

webapp

  • HolyBugx/HolyTips - A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

windows

  • microsoft/vcpkg - C++ Library Manager for Windows, Linux, and MacOS
  • royalapplications/toolbox - This repository contains various automation scripts for Royal TS (for Windows) and Royal TSX (for macOS). Also included are dynamic folder samples. This collection consists of scripts by the Royal App
  • flutter/flutter - Flutter makes it easy and fast to build beautiful apps for mobile and beyond
  • bitsadmin/wesng - Windows Exploit Suggester - Next Generation
  • n1nj4sec/pupy - Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C
  • sethmlarson/truststore - Verify certificates using OS trust stores
  • byt3bl33d3r/CrackMapExec - A swiss army knife for pentesting networks
  • calebstewart/pwncat - Fancy reverse and bind shell handler
  • WithSecureLabs/chainsaw - Rapidly Search and Hunt through Windows Forensic Artefacts
  • itm4n/PrivescCheck - Privilege Escalation Enumeration Script for Windows
  • mzfr/gtfo - Search gtfobins and lolbas files from your terminal
  • ohpe/juicy-potato - A sugared version of RottenPotatoNG, with a bit of juice, i.e. another Local Privilege Escalation tool, from a Windows Service Accounts to NT AUTHORITY\SYSTEM.
  • SecWiki/windows-kernel-exploits - windows-kernel-exploits Windows平台提权漏洞集合
  • Aetsu/OffensivePipeline - OfensivePipeline allows you to download and build C# tools, applying certain modifications in order to improve their evasion for Red Team exercises.
  • peass-ng/PEASS-ng - PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

wordpress

  • wpscanteam/wpscan - WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via contact@wpscan.com

License

CC0

To the extent possible under law, marksowell has waived all copyright and related or neighboring rights to this work.

About

A curated list of my GitHub stars!

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published