Security Testing

#ios-app#runtime-analysis#mobile-security

AppMonJavaScript

An automated framework for monitoring and tampering with system API calls of native macOS, iOS, and Android apps using Frida.

Stars1.6k

Forks280

#penetration-testing#cybersecurity-tools#offensive-security

OneRuleToRuleThemAll

A comprehensive password cracking rule combining multiple sources for improved hashcat performance.

Stars1.6k

Forks298

#traffic-analysis#simulation#honeypot

faproPython

A free, cross-platform, single-file fake protocol server simulator that can start or stop multiple network services.

Stars1.6k

Forks181

#penetration-testing#offensive-security#password-cracking

Hob0Rules

Statistical password cracking rules for Hashcat based on industry patterns and frequency analysis.

Stars1.5k

Forks312

Last commit6 years ago

terraform-compliancePython

A lightweight, security-focused BDD test framework for Terraform that enables compliance and negative testing for infrastructure-as-code.

#devops#policy-as-code#bdd-style

Stars1.5k

Forks158

Last commit

Network Flight Simulator (flightsim)Go

A lightweight utility to generate malicious network traffic patterns for evaluating security controls and network visibility.

#c2-traffic#malware-simulation#command-line-tool

Stars1.4k

Forks145

Last commit

Statistically Likely UsernamesPython

Wordlists for statistically likely usernames, optimized for horizontal password attacks and security testing.

#statistical-analysis#horizontal-attack#penetration-testing

An AI-powered tool that analyzes source code to discover every endpoint, exposing shadow APIs and mapping the complete attack surface for security testing.

#shadow api#hacktoberfest#endpoints

Stars1.3k

Forks130

Last commit4 hours ago

kalitorifyShell

A shell script that creates a transparent proxy through the Tor network for Kali Linux, routing all system traffic anonymously.

#privacy-tools#kalitorify#kali-linux

Stars1.2k

Forks256

Red Team Automation (RTA)Python

MettaPython

An information security preparedness tool for adversarial simulation using Redis/Celery, Python, and Vagrant.

#yaml#redis#network

Stars1.1k

Forks155

Last commit7 years ago

A framework of Python scripts for blue teams to test detection capabilities against malicious tradecraft modeled after MITRE ATT&CK.

#detection-validation#mitre-attack#cybersecurity

Stars1.1k

Forks218

Last commit7 years ago

HerculesPython

An open-source AI testing agent that automates UI, API, security, accessibility, and visual validations using Gherkin without code.

#playwright#ai#no-code

Stars1.0k

Forks161

Last commit2 days ago

RockYou2021

A massive 82 billion entry wordlist compiled from multiple password dictionaries for security testing.

#rockyou2021#wordlist-collection#rockyou

Stars1.0k

Forks127

#attack-framework#ruggedization#bdd

GauntltRuby

A ruggedization framework for security testing that is usable by developers, operations, and security teams.

Stars995

Forks187

#vulnerability-discovery#cpuu#fuzzing

Fuzzing

A curated list of awesome fuzzing resources, tools, and academic papers for software security testing.

Stars971

Forks95

Last commit15 days ago

AngoraC++

A mutation-based coverage-guided fuzzer that increases branch coverage by solving path constraints without symbolic execution.

#software-testing#fuzzer#vulnerability-discovery

Stars952

Forks171

#xcp#can-bus#diagnostic-tools

Caring CaribouPython

A friendly automotive security exploration tool for the CAN bus, enabling zero-knowledge discovery of services and vulnerabilities.

Stars918

Forks224

Injured Android - CTFKotlin

A vulnerable Android CTF application demonstrating real-world security vulnerabilities and exploitation techniques.

#vulnerable-app#webview-security#mobile-pentesting

Stars749

Forks163

Last commit5 years ago

MARAPython

A comprehensive mobile application reverse engineering and analysis framework for security testing against OWASP mobile threats.

#mobile-security#owasp#apk-analysis

Stars668

Forks177

Last commit6 years ago

Whonow DNS ServerJavaScript

A malicious DNS server for executing DNS rebinding attacks dynamically via domain name requests.

#dns-rebinding#dns#penetration-testing

Stars661

Forks94

#serverless#hash-cracking#password-recovery

NPKJavaScript

A serverless distributed hash-cracking platform built on AWS, offering pay-as-you-go GPU power with an intuitive UI.

Stars656

Forks79

Last commit5 months ago

kwprocessorC

An advanced keyboard-walk generator for password cracking, configurable with base characters, keymaps, and routes.

#human-behavior-simulation#penetration-testing#keyboard-walk

Stars605

Forks93

Last commit9 months ago

PowershelleryPowerShell

A collection of PowerShell scripts for security testing, penetration testing, and general system administration tasks.

#windows-automation#penetration-testing#system-administration

Stars581

Forks120

Jenkins Attack FrameworkPython

A command-line tool for security testing and offensive operations against Jenkins CI/CD servers.

#credential-dumping#jenkins#command-line-tool

Stars576

Forks60

Last commit10 months ago

captcha_recognizePython

A TensorFlow-based image recognition system for captchas that works without image segmentation.

#image-recognition-captchas#deep-learning#python-2

Stars570

Forks175

#wordlist-fuzzing#fuzzer#enumerator

monsoonGo

A fast and flexible HTTP fuzzer for content discovery, credential bruteforcing, and security testing.

Stars496

Forks40

Automatic API Attack ToolJava

An automated API security testing tool that generates and runs fuzzing attacks based on an OpenAPI/Swagger specification.

#gradle#fuzzing#swagger

Stars495

Forks94

#iot#iot-security-testing#web-security

drefJavaScript

A framework for exploiting DNS rebinding vulnerabilities to bypass Same-Origin Policy and attack internal networks from browsers.

Stars493

Forks70

Last commit5 years ago

badtouchRust

A scriptable network authentication cracker for custom services, using Lua scripts to test credentials.

#cracking#bruteforce-tool#lua-scripting

Stars418

Forks46

#ddos-attack#penetration-testing#denial-of-service

torDDoSPython

A Python tool that automates DDoS attacks through the Tor network for security testing and education.

Stars397

Forks58

#fuzzer#smart-contract-security#regression-testing

tridentRust

A Rust-based manually-guided fuzzing framework for Solana programs, processing up to 12,000 transactions per second.

Stars392

Forks56

Last commit18 days ago

PacketFuRuby

A Ruby library for reading, writing, and manipulating network packets at a mid-level.

#libpcap#network-programming#packet-injection

Stars392

Forks86

#vulnerability-discovery#embedded-security#llvm-analysis

DIFUZEC++

A fuzzer for Linux kernel drivers that combines interface recovery via LLVM analysis with a fuzzing engine to find security vulnerabilities.

Stars386

Forks85