Trending repositories for topic security

A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.

Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS

A collection of various awesome lists for hackers, pentesters and security researchers

Firefox user.js for speed, privacy, and security. Your favorite browser, but better.

Knowledge Base 慢雾安全团队知识库

A static analysis tool for GitHub Actions

Slim(toolkit): Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)

Get Android app updates straight from the source.

🕵️‍♂️ All-in-one OSINT tool for analysing any website

serve as a reverse proxy to protect your web services from attacks and exploits.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

AI Native Data App Development framework with AWEL(Agentic Workflow Expression Language) and Agents

A vulnerability scanner for container images and filesystems

lightweight, dependency-free bash script for security, performance auditing and infrastructure monitoring of Linux servers.

Automation to assess the state of your M365 tenant against CISA's baselines

SiteOne Crawler is a cross-platform website crawler and analyzer for SEO, security, accessibility, and performance optimization—ideal for developers, DevOps, QA engineers, and consultants. Supports Wi...

The authentication glue you need.

Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

SimpleX - the first messaging network operating without user identifiers of any kind - 100% private by design! iOS, Android and desktop apps 📱!

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

SiteOne Crawler is a cross-platform website crawler and analyzer for SEO, security, accessibility, and performance optimization—ideal for developers, DevOps, QA engineers, and consultants. Supports Wi...

lightweight, dependency-free bash script for security, performance auditing and infrastructure monitoring of Linux servers.

💫 Nebula: An open-source secret management solution secure, scalable, and flexible handling of secret across multiple domains.

Curated list of tools, techniques and resources related to Apple Security (macOS, iOS, iPadOS, tvOS, watchOS) aimed to help people with an interest in Apple related security topics to get a hold in th...

A simple application that extracts your IoCs from garbage input and checks their reputation using multiple CTI services.

A powerful tool for automated LLM fuzzing. It is designed to help developers and security researchers identify and mitigate potential security vulnerabilities in their LLM APIs.

Run a security scan on your server and identify common gaps. Get your VPS ready for production.

A static analysis tool for GitHub Actions

自定义你的浏览器指纹，让你的浏览器更加安全 -- Chrome/Edge扩展

SiteOne Crawler GUI is a cross-platform website crawler and analyzer for SEO, security, accessibility, and performance optimization—ideal for developers, DevOps, QA engineers, and consultants. Support...

👓A collection of papers/tools/exploits for UEFI security.

Policy Reporter UI

互联网资产综合扫描/攻击面测绘

Automation to assess the state of your M365 tenant against CISA's baselines

Fluere is a powerful and versatile tool designed for network monitoring and analysis. It is capable of capturing network packets in pcap format and converting them into NetFlow data, providing a compr...

LLM security and privacy

Go implementation of Tink

Helps you build better AI agents through debuggable unit testing

Anonymous automation with fingerprint replacement technology.

This project aims to consolidate and share high-quality resources and tools across the cybersecurity domain.

lightweight, dependency-free bash script for security, performance auditing and infrastructure monitoring of Linux servers.

A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.

lightweight, dependency-free bash script for security, performance auditing and infrastructure monitoring of Linux servers.

A static analysis tool for GitHub Actions

Knowledge Base 慢雾安全团队知识库

Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS

Slim(toolkit): Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)

A collection of various awesome lists for hackers, pentesters and security researchers

Get Android app updates straight from the source.

Firefox user.js for speed, privacy, and security. Your favorite browser, but better.

☁️ The Most Secure and Easy Selfhosted Home Server. Take control of your data and privacy without sacrificing security and stability (Authentication, anti-DDOS, anti-bot)

Run a security scan on your server and identify common gaps. Get your VPS ready for production.

serve as a reverse proxy to protect your web services from attacks and exploits.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

SiteOne Crawler is a cross-platform website crawler and analyzer for SEO, security, accessibility, and performance optimization—ideal for developers, DevOps, QA engineers, and consultants. Supports Wi...

Comfortably monitor your Internet traffic 🕵️‍♂️

🔒 A compiled checklist of 300+ tips for protecting digital security and privacy in 2024

AI Native Data App Development framework with AWEL(Agentic Workflow Expression Language) and Agents

A tool which is uses to remove Windows Defender in Windows 8.x, Windows 10 (every version) and Windows 11.

A vulnerability scanner for container images and filesystems

🕵️‍♂️ All-in-one OSINT tool for analysing any website

lightweight, dependency-free bash script for security, performance auditing and infrastructure monitoring of Linux servers.

Run a security scan on your server and identify common gaps. Get your VPS ready for production.

A simple application that extracts your IoCs from garbage input and checks their reputation using multiple CTI services.

SiteOne Crawler GUI is a cross-platform website crawler and analyzer for SEO, security, accessibility, and performance optimization—ideal for developers, DevOps, QA engineers, and consultants. Support...

A powerful tool for automated LLM fuzzing. It is designed to help developers and security researchers identify and mitigate potential security vulnerabilities in their LLM APIs.

SiteOne Crawler is a cross-platform website crawler and analyzer for SEO, security, accessibility, and performance optimization—ideal for developers, DevOps, QA engineers, and consultants. Supports Wi...

💫 Nebula: An open-source secret management solution secure, scalable, and flexible handling of secret across multiple domains.

A static analysis tool for GitHub Actions

Roadmap to get up to speed with CosmWasm smart contract audits and security vulnerabilities

An open source database of disallowed usernames for software projects to prevent phishing and impersonation.

reNgine-ng is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous ...

Curated list of tools, techniques and resources related to Apple Security (macOS, iOS, iPadOS, tvOS, watchOS) aimed to help people with an interest in Apple related security topics to get a hold in th...

Exposor is a tool using internet search engines to detect exposed technologies with a unified syntax.

自定义你的浏览器指纹，让你的浏览器更加安全 -- Chrome/Edge扩展

Keep your personal data truly personal

Knowledge Base 慢雾安全团队知识库

A plugin manager for the asdf version manager

Helps you build better AI agents through debuggable unit testing

Strelka Web UI for File Submission and Analysis

Flexible LDAP proxy that can be used to inspect & transform all LDAP packets generated by other tools on the fly.

DarkFlare Firewall Piercing (TCP over CDN)

lightweight, dependency-free bash script for security, performance auditing and infrastructure monitoring of Linux servers.

Run a security scan on your server and identify common gaps. Get your VPS ready for production.

Flexible LDAP proxy that can be used to inspect & transform all LDAP packets generated by other tools on the fly.

A powerful tool for automated LLM fuzzing. It is designed to help developers and security researchers identify and mitigate potential security vulnerabilities in their LLM APIs.

oauth-labs: an intentionally vulnerable set of OAuth 2.0 labs for security training and learning

Exposor is a tool using internet search engines to detect exposed technologies with a unified syntax.

A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.

serve as a reverse proxy to protect your web services from attacks and exploits.

DarkFlare Firewall Piercing (TCP over CDN)

A collection of various awesome lists for hackers, pentesters and security researchers

A static analysis tool for GitHub Actions

Slim(toolkit): Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)

Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Applied offensive security with Rust - https://kerkour.com/black-hat-rust

🛡️ Open-source and next-generation Web Application Firewall (WAF)

Get Android app updates straight from the source.

lightweight, dependency-free bash script for security, performance auditing and infrastructure monitoring of Linux servers.

Firefox user.js for speed, privacy, and security. Your favorite browser, but better.

The authentication glue you need.

♾ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure, prevent secret leaks, and manage internal PKI

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the int...

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

Find, verify, and analyze leaked credentials

An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

List of Computer Science courses with video lectures.

lightweight, dependency-free bash script for security, performance auditing and infrastructure monitoring of Linux servers.

A Laravel package that proactively monitors your dependencies for security vulnerabilities by running automated composer audits and sending notifications via webhooks and email

💫 Nebula: An open-source secret management solution secure, scalable, and flexible handling of secret across multiple domains.

A simple application that extracts your IoCs from garbage input and checks their reputation using multiple CTI services.

Exposor is a tool using internet search engines to detect exposed technologies with a unified syntax.

Run a security scan on your server and identify common gaps. Get your VPS ready for production.

A KeyLogger using eBPF 🐝

oauth-labs: an intentionally vulnerable set of OAuth 2.0 labs for security training and learning

A static analysis tool for GitHub Actions

SiteOne Crawler GUI is a cross-platform website crawler and analyzer for SEO, security, accessibility, and performance optimization—ideal for developers, DevOps, QA engineers, and consultants. Support...

一个网络安全法律法规、安全政策、国家标准、行业标准知识库。A knowledge base of cybersecurity laws and regulations, security policies, national standards, and industry standards.

SPIKE is a lightweight secrets store that uses SPIFFE as its identity control plane. It protects your secrets and helps your ops, SREs, and sysadmins manage sensitive data securely with minimal overhe...

Password management through LSB image steganography.

IoM implant, C2 Framework and Infrastructure

Permguard is an Open Source Multi-Account, Multi-Tenant, Zero-Trust Auth* Provider.

A Completely Modular LLM Reverse Engineering, Red Teaming, and Vulnerability Research Framework.

openai-captcha-detection 是一个使用 OpenAI 进行验证码识别的工具。目前验证码识别准确率100%，通过调用 OpenAI 的 API，这个项目可以实现对复杂验证码图片的文本识别，帮助开发者在验证码处理场景中进行自动化操作。

portchecker.io is a free online utility to check the port status of a given hostname or IP address.

SiteOne Crawler is a cross-platform website crawler and analyzer for SEO, security, accessibility, and performance optimization—ideal for developers, DevOps, QA engineers, and consultants. Supports Wi...

Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.

8 Lessons, Kick-start Your Cybersecurity Learning.

The open source Tines / Splunk SOAR alternative for security engineers.

A static analysis tool for GitHub Actions

Zero shot vulnerability discovery using LLMs

ARL官方仓库备份项目：ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

DarkFlare Firewall Piercing (TCP over CDN)

一款部署于云端或本地的代理池中间件，可将静态代理IP灵活运用成隧道IP，提供固定请求地址，一次部署终身使用

LLM powered fuzzing via OSS-Fuzz.

A reading list for large models safety, security, and privacy (including Awesome LLM Security, Safety, etc.).

The successor to xp-AntiSpy, designed for the modern Windows experience

🕵️‍♂️ TUI for sniffing network traffic using eBPF on Linux

Nuclei POC，每日更新 | 自动整合全网Nuclei的漏洞POC，实时同步更新最新POC，保存已被删除的POC。通过批量克隆Github项目，获取Nuclei POC，并将POC按类别分类存放，使用Github Action实现（已有14wPOC，已校验有效性并去重）

A very small, very simple, yet very secure encryption tool.

Customizable Linux Persistence Tool for Security Research and Detection Engineering.

ARL 资产侦察灯塔系统（可运行，添加指纹，提高并发，升级工具及系统，无限制修改版） | ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

Galah: An LLM-powered web honeypot.

🦫 | GoRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team, with a specific focus on the Go programming language, all is made for educatio...

lightweight, dependency-free bash script for security, performance auditing and infrastructure monitoring of Linux servers.

A Terminal UI for browsing security vulnerabilities (CVEs)

Make your GenAI Apps Safe & Secure :rocket: Test & harden your system prompt

A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.

🕵️‍♂️ All-in-one OSINT tool for analysing any website

A collection of various awesome lists for hackers, pentesters and security researchers

Opiniated RAG for integrating GenAI in your apps 🧠 Focus on your product rather than the RAG. Easy integration in existing products with customisation! Any LLM: GPT4, Groq, Llama. Any Vectorstore:...

The authentication glue you need.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS

serve as a reverse proxy to protect your web services from attacks and exploits.

Comfortably monitor your Internet traffic 🕵️‍♂️

♾ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure, prevent secret leaks, and manage internal PKI

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the int...

🚀 An open and lightweight modification to Windows, designed to optimize performance, privacy and usability.

AI Native Data App Development framework with AWEL(Agentic Workflow Expression Language) and Agents

Get Android app updates straight from the source.

List of Computer Science courses with video lectures.

Find, verify, and analyze leaked credentials

8 Lessons, Kick-start Your Cybersecurity Learning.

🔒 A compiled checklist of 300+ tips for protecting digital security and privacy in 2024

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

8 Lessons, Kick-start Your Cybersecurity Learning.

The open source Tines / Splunk SOAR alternative for security engineers.

SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.

secator - the pentester's swiss knife

lightweight, dependency-free bash script for security, performance auditing and infrastructure monitoring of Linux servers.

A very small, very simple, yet very secure encryption tool.

A reading list for large models safety, security, and privacy (including Awesome LLM Security, Safety, etc.).

Verify apps easily.

The successor to xp-AntiSpy, designed for the modern Windows experience

Privacy-first, end-to-end encrypted Mail, Pages, Drive, and Calendar.

BlueToolkit is an extensible Bluetooth Classic vulnerability testing framework that helps uncover new and old vulnerabilities in Bluetooth-enabled devices. Could be used in the vulnerability research...

Full Toolkit for Next-Level Domain Analysis

Powerpipe: Dashboards for DevOps. Visualize cloud configurations. Assess security posture against a massive library of benchmarks. Build custom dashboards with code.

自定义你的浏览器指纹，让你的浏览器更加安全 -- Chrome/Edge扩展

Hoop.dev is an open-source access gateway that provides secure, seamless, and audited access to databases and infrastructure without exposing credentials or sensitive data.

PostgreSQL database anonymization and synthetic data generation tool

Copy links from the sharing menu with automatic removal of shorteners and trackers

互联网资产综合扫描/攻击面测绘

Athena OS Nix configuration files focused on Cybersecurity. Learn, practice and enjoy with any hacking tool!

Active Directory and Internal Pentest Cheatsheets