Security Tools

#vulnerability-assessment#infection-monkey#malware-simulation

Infection MonkeyPython

An open-source adversary emulation platform that simulates malware attacks to test and improve network security defenses.

Stars7.0k

Forks817

Last commit11 months ago

AppSecPHP

A curated list of books, articles, websites, and tools for learning application security across multiple programming languages.

#secure-coding#security-experts#owasp

Stars6.9k

Forks791

#secure-coding#security-experts#owasp

Application SecurityPHP

A curated list of books, articles, websites, and tools for learning application security across multiple programming languages.

Stars6.9k

Forks791

#hacking-tools#vulnerability-assessment#vulnerabilities

Awesome Web Hacking

A curated list of resources for learning and practicing web application security, including tools, books, courses, and vulnerable labs.

Stars6.8k

Forks1.3k

Last commit14 days ago

blackboxGo

A simple wrapper for GPG to encrypt secrets in version control systems like Git, Mercurial, and Subversion.

#mercurial#version-control#devops

Stars6.8k

Forks385

Last commit5 months ago

spicedbGo

An open-source, Google Zanzibar-inspired database for storing and querying fine-grained authorization data at scale.

#database#acl#distributed-systems

Stars6.6k

Forks382

Last commit2 days ago

Awesome Security Hardening

A curated collection of security hardening guides, best practices, checklists, benchmarks, and tools for various systems and services.

#infrastructure-security#windows-hardening#infosec

Stars6.3k

Forks646

#fuzzer#operating-systems#bug-discovery

syzkallerGo

An unsupervised coverage-guided kernel fuzzer for finding bugs in operating system kernels like Linux, Windows, and BSD variants.

Stars6.1k

Forks1.4k

Last commit2 days ago

PEDAPython

A Python extension for GDB that enhances exploit development with colorized displays, security checks, and specialized commands.

#exploit-development#rop-gadgets#penetration-testing

Stars6.1k

Forks828

#security-training#reference-guide#osint

Infosec_ReferenceCSS

A comprehensive, free information security reference covering techniques, tools, tactics, and resources for learning and professional development.

Stars5.9k

Forks1.2k

Last commit6 months ago

awesome-bug-bounty

A curated list of bug bounty programs, write-ups, and resources for security researchers and ethical hackers.

#hacker-resources#security-tools#bug-bounty

Stars5.6k

Forks1.0k

#information-gathering#osint#security-automation

Recon-ngPython

A modular reconnaissance framework for conducting open source intelligence (OSINT) gathering from web-based sources.

Stars5.5k

Forks857

#ptes#archlinux#penetration-testing

PTFPython

A Python framework to automate the installation and updating of penetration testing tools on Debian/Ubuntu/ArchLinux systems.

Stars5.5k

Forks1.3k

#network-forensics#traffic-inspection#protocol-analysis

DshellPython

An extensible Python framework for network forensic analysis through plugin-based dissection of packet captures.

Stars5.5k

Forks1.1k

#stream-processing#c-library#deep-packet-inspection

HyperscanC++

A high-performance multiple regex matching library using hybrid automata for simultaneous pattern matching across data streams.

Stars5.4k

Forks792

Last commit2 months ago

ThreatMapperTypeScript

Open source CNAPP that hunts for threats in cloud native platforms, ranks them by risk, and visualizes attack paths.

#container-security#vulnerability-management#compliance-scanning

Stars5.3k

Forks640

#open-source#honeypots#security-automation

Cybersecurity Blue Team

A curated collection of awesome resources, tools, and other shiny things for cybersecurity blue teams.

Stars5.3k

Forks787

#devops#terrascan#kubernetes

TerrascanGo

A static code analyzer that detects security and compliance violations in Infrastructure as Code before provisioning cloud infrastructure.

Stars5.2k

Forks550

Last commit5 months ago

terrascanGo

A static code analyzer that detects security and compliance violations in Infrastructure as Code before provisioning cloud infrastructure.

#devops#terrascan#policy-as-code

Stars5.2k

Forks550

Last commit5 months ago

Mobile App Pentest Cheat Sheet

A comprehensive cheat sheet and tool collection for mobile application penetration testing, mapped to OWASP Mobile Top 10 risks.

#ios-app#vulnerability-assessment#runtime-analysis

Stars5.2k

Forks1.3k

#digital-forensics#remote-forensics#enterprise-security

grrPython

An incident response framework for remote live forensics with Python client-server architecture.

Stars5.1k

Forks797

Last commit8 days ago

Awesome Forensics

A curated list of awesome free forensic analysis tools, resources, and learning materials for digital investigators.

#digital-forensics#open-source#ctf-challenges

Stars5.0k

Forks733

Last commit12 days ago

Forensics

A curated list of awesome free (mostly open source) forensic analysis tools and resources for digital investigations.

#digital-forensics#open-source#ctf-challenges

Stars5.0k

Forks733

Last commit12 days ago

CameradarGo

A penetration testing tool that discovers and accesses RTSP video surveillance cameras through network scanning and dictionary attacks.

#video-surveillance#network-scanner#dictionary-attack

Stars5.0k

Forks621

Last commit10 days ago

Awesome Threat Detection and Hunting

A curated list of awesome open-source tools, detection rules, datasets, and resources for threat detection and hunting.

#sigma-rules#awesome-list#security

Stars4.6k

Forks734

Last commit3 months ago

ROP GadgetPython

A tool to search for ROP gadgets in binary files to facilitate Return-Oriented Programming exploitation.

#rop#exploit-development#disassembly

Stars4.4k

Forks575

Last commit4 months ago

ApplicationInspectorC#

A source code analyzer that identifies features and characteristics in software components using static analysis and a JSON rules engine.

#multi-language#dotnet-tool#rules-engine

Stars4.4k

Forks367

Last commit2 months ago

LinkFinderPython

A Python script that discovers endpoints and their parameters in JavaScript files for penetration testing and bug hunting.

#endpoints#web-security#javascript-analysis

Stars4.3k

Forks654

Awesome Pentest Cheat Sheets

A curated collection of cheat sheets and resources for penetration testing and security assessments.

#vulnerability-assessment#pentest#penetration-testing

Stars4.3k

Forks787

#supply-chain-security#workflow-analysis#vulnerability-detection

zizmorRust

A static analysis tool that finds security vulnerabilities and misconfigurations in GitHub Actions workflows.

A curated list of awesome YARA rules, tools, and resources for malware researchers and security professionals.

#digital-forensics#yara-rules#yara-scanner

Stars4.2k

Forks550

#web-security#vulnerability-database#penetration-testing

bug-bounty-reference

A categorized collection of bug bounty write-ups organized by vulnerability type for security researchers.

Stars4.2k

Forks1.0k

#vulnerability-exploitation#ssti-detection#web-security

tplmapPython

A penetration testing tool that detects and exploits Server-Side Template Injection (SSTI) and code injection vulnerabilities.

Stars4.1k

Forks685