Trending repositories for topic security-tools

A static analysis tool for GitHub Actions

🕵️‍♂️ All-in-one OSINT tool for analysing any website

lightweight, dependency-free bash script for security, performance auditing and infrastructure monitoring of Linux servers.

Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)

Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

🔒 A compiled checklist of 300+ tips for protecting digital security and privacy in 2024

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

🧿 AutorizePro是一款强大越权检测 Burp 插件，通过增加 AI 辅助分析 && 进一步优化检测逻辑，大幅降低误报率，提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it si...

Find, verify, and analyze leaked credentials

Daemon to ban hosts that cause multiple authentication errors

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

Find secrets with Gitleaks 🔑

♾ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure, prevent secret leaks, and manage internal PKI

🤖 The Modern Port Scanner 🤖

Prowler is an Open Cloud Security tool for AWS, Azure, GCP and Kubernetes. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics re...

Adversary Emulation Framework

An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.

Scapy: the Python-based interactive packet manipulation program & library.

🔍 Trace syscalls from user-space functions, by using eBPF

The Official USB Rubber Ducky Payload Repository

lightweight, dependency-free bash script for security, performance auditing and infrastructure monitoring of Linux servers.

🔍 Trace syscalls from user-space functions, by using eBPF

Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)

A simple application that extracts your IoCs from garbage input and checks their reputation using multiple CTI services.

🧿 AutorizePro是一款强大越权检测 Burp 插件，通过增加 AI 辅助分析 && 进一步优化检测逻辑，大幅降低误报率，提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it si...

A static analysis tool for GitHub Actions

Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!

Framework for testing vulnerabilities of large language models (LLM).

A comprehensive collection of cheatsheets for reverse engineering, binary analysis, and assembly programming tools. This repository serves as a one-stop reference for security researchers, reverse eng...

Arcjet JS SDKs. Bot detection, rate limiting, email validation, attack protection, data redaction for Node.js, Next.js, Deno, Bun, Remix, SvelteKit, NestJS.

Fluere is a powerful and versatile tool designed for network monitoring and analysis. It is capable of capturing network packets in pcap format and converting them into NetFlow data, providing a compr...

AWS云平台 AccessKey 泄漏利用工具

This project aims to consolidate and share high-quality resources and tools across the cybersecurity domain.

强大的 Frida 重打包工具，用于 iOS 和 Android。轻松修改 Frida 特征，增强隐蔽性，绕过检测。简化逆向工程和安全测试。Powerful Frida repackaging tool for iOS and Android. Easily modify Frida servers to enhance stealth and bypass detection. Streamli...

A very small, very simple, yet very secure encryption tool.

Ingesting, pipelining, and enhancing your DNS logs with usage indicators, security analysis, and additional metadata.

Beacon Object File (BOF) launcher - library for executing BOF files in C/C++/Zig applications

Collection of several DDos tools.

基于ARL v2.6.2版本源码，生成docker镜像进行快速部署，同时提供七千多条指纹

TangGo测试平台是无糖信息技术有限公司集多年渗透测试实战经验设计和开发的国产化综合性测试平台，为软件测试、网络安全从业人员提供强大且易用的测试工具及多人协同的工作环境，主要用于Web站点的功能测试、安全测试和安全评估。

lightweight, dependency-free bash script for security, performance auditing and infrastructure monitoring of Linux servers.

lightweight, dependency-free bash script for security, performance auditing and infrastructure monitoring of Linux servers.

A static analysis tool for GitHub Actions

🔒 A compiled checklist of 300+ tips for protecting digital security and privacy in 2024

🕵️‍♂️ All-in-one OSINT tool for analysing any website

Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

Find, verify, and analyze leaked credentials

🧿 AutorizePro是一款强大越权检测 Burp 插件，通过增加 AI 辅助分析 && 进一步优化检测逻辑，大幅降低误报率，提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it si...

Daemon to ban hosts that cause multiple authentication errors

A simple application that extracts your IoCs from garbage input and checks their reputation using multiple CTI services.

Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)

♾ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure, prevent secret leaks, and manage internal PKI

Find secrets with Gitleaks 🔑

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

🤖 The Modern Port Scanner 🤖

An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.

Prowler is an Open Cloud Security tool for AWS, Azure, GCP and Kubernetes. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics re...

Adversary Emulation Framework

A very small, very simple, yet very secure encryption tool.

lightweight, dependency-free bash script for security, performance auditing and infrastructure monitoring of Linux servers.

A simple application that extracts your IoCs from garbage input and checks their reputation using multiple CTI services.

A static analysis tool for GitHub Actions

🧿 AutorizePro是一款强大越权检测 Burp 插件，通过增加 AI 辅助分析 && 进一步优化检测逻辑，大幅降低误报率，提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it si...

ChainReactor is a research project that leverages AI planning to discover exploitation chains for privilege escalation on Unix systems. The project models the problem as a sequence of actions to achie...

🔍 Trace syscalls from user-space functions, by using eBPF

reNgine-ng is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous ...

Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)

Exposor is a tool using internet search engines to detect exposed technologies with a unified syntax.

A comprehensive collection of cheatsheets for reverse engineering, binary analysis, and assembly programming tools. This repository serves as a one-stop reference for security researchers, reverse eng...

Keep your personal data truly personal

A very small, very simple, yet very secure encryption tool.

Arcjet JS SDKs. Bot detection, rate limiting, email validation, attack protection, data redaction for Node.js, Next.js, Deno, Bun, Remix, SvelteKit, NestJS.

AWS云平台 AccessKey 泄漏利用工具

Hack The Box CPTS, CBBH Exam and Lab Reporting / Note-Taking Tool

强大的 Frida 重打包工具，用于 iOS 和 Android。轻松修改 Frida 特征，增强隐蔽性，绕过检测。简化逆向工程和安全测试。Powerful Frida repackaging tool for iOS and Android. Easily modify Frida servers to enhance stealth and bypass detection. Streamli...

Collection of several DDos tools.

This project aims to consolidate and share high-quality resources and tools across the cybersecurity domain.

SecNotes: 记录安全学习之路。包含红蓝攻防，安全运营，甲方安全建设，威胁情报，安全事件响应，蜜罐，安全证书考试等。

Beacon Object File (BOF) launcher - library for executing BOF files in C/C++/Zig applications

DarkFlare Firewall Piercing (TCP over CDN)

lightweight, dependency-free bash script for security, performance auditing and infrastructure monitoring of Linux servers.

Exposor is a tool using internet search engines to detect exposed technologies with a unified syntax.

DarkFlare Firewall Piercing (TCP over CDN)

A static analysis tool for GitHub Actions

Applied offensive security with Rust - https://kerkour.com/black-hat-rust

lightweight, dependency-free bash script for security, performance auditing and infrastructure monitoring of Linux servers.

♾ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure, prevent secret leaks, and manage internal PKI

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

Find, verify, and analyze leaked credentials

Daemon to ban hosts that cause multiple authentication errors

🔒 A compiled checklist of 300+ tips for protecting digital security and privacy in 2024

Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

🤖 The Modern Port Scanner 🤖

🕵️‍♂️ All-in-one OSINT tool for analysing any website

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

Find secrets with Gitleaks 🔑

An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

🧿 AutorizePro是一款强大越权检测 Burp 插件，通过增加 AI 辅助分析 && 进一步优化检测逻辑，大幅降低误报率，提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it si...

Adversary Emulation Framework

A comprehensive collection of cheatsheets for reverse engineering, binary analysis, and assembly programming tools. This repository serves as a one-stop reference for security researchers, reverse eng...

Tools and Techniques for Red Team / Penetration Testing

lightweight, dependency-free bash script for security, performance auditing and infrastructure monitoring of Linux servers.

A Laravel package that proactively monitors your dependencies for security vulnerabilities by running automated composer audits and sending notifications via webhooks and email

A simple application that extracts your IoCs from garbage input and checks their reputation using multiple CTI services.

Exposor is a tool using internet search engines to detect exposed technologies with a unified syntax.

A static analysis tool for GitHub Actions

Framework for testing vulnerabilities of large language models (LLM).

ChainReactor is a research project that leverages AI planning to discover exploitation chains for privilege escalation on Unix systems. The project models the problem as a sequence of actions to achie...

A fast, customizable service detection tool powered by a flexible fingerprint system. It helps you identify services, APIs, and network configurations across your infrastructure.

simpleIAST- 基于污点追踪的灰盒漏洞扫描工具。

A fast subdomain takeover tool

🧿 AutorizePro是一款强大越权检测 Burp 插件，通过增加 AI 辅助分析 && 进一步优化检测逻辑，大幅降低误报率，提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it si...

A comprehensive collection of cheatsheets for reverse engineering, binary analysis, and assembly programming tools. This repository serves as a one-stop reference for security researchers, reverse eng...

A curated list of amazingly projects

Telling tales on you for leaking secrets!

🔍 Trace syscalls from user-space functions, by using eBPF

Backend for HTTP Observatory on MDN

强大的 Frida 重打包工具，用于 iOS 和 Android。轻松修改 Frida 特征，增强隐蔽性，绕过检测。简化逆向工程和安全测试。Powerful Frida repackaging tool for iOS and Android. Easily modify Frida servers to enhance stealth and bypass detection. Streamli...

collectvars collects JavaScript variables, highlights risky ones, and helps you understand code structure, while you casually browse.

Keep your personal data truly personal

Awesome frontend security guides, cheat sheets, libraries, tools, courses, and other resources.

A static analysis tool for GitHub Actions

ARL官方仓库备份项目：ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

DarkFlare Firewall Piercing (TCP over CDN)

一款部署于云端或本地的代理池中间件，可将静态代理IP灵活运用成隧道IP，提供固定请求地址，一次部署终身使用

A very small, very simple, yet very secure encryption tool.

Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)

Bringing back the most advanced system and security analysis tool.

ARL 资产侦察灯塔系统（可运行，添加指纹，提高并发，升级工具及系统，无限制修改版） | ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

🧿 AutorizePro是一款强大越权检测 Burp 插件，通过增加 AI 辅助分析 && 进一步优化检测逻辑，大幅降低误报率，提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it si...

Galah: An LLM-powered web honeypot.

lightweight, dependency-free bash script for security, performance auditing and infrastructure monitoring of Linux servers.

Make your GenAI Apps Safe & Secure :rocket: Test & harden your system prompt

Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!

基于ARL v2.6.2版本源码，生成docker镜像进行快速部署，同时提供七千多条指纹

A comprehensive collection of cheatsheets for reverse engineering, binary analysis, and assembly programming tools. This repository serves as a one-stop reference for security researchers, reverse eng...

BlueToolkit is an extensible Bluetooth Classic vulnerability testing framework that helps uncover new and old vulnerabilities in Bluetooth-enabled devices. Could be used in the vulnerability research...

Verify apps easily.

An OSINT / digital forensics tool built in Python

"chanzi" is a simple and user-friendly JAVA SAST tool that utilizes taint analysis technology, includes built-in common vulnerability rules, supports decompilation, custom rule creation, and is compa...

SecretPixel is a cutting-edge steganography tool designed to securely conceal sensitive information within images. It stands out in the realm of digital steganography by combining advanced encryption,...

🕵️‍♂️ All-in-one OSINT tool for analysing any website

♾ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure, prevent secret leaks, and manage internal PKI

Find, verify, and analyze leaked credentials

🔒 A compiled checklist of 300+ tips for protecting digital security and privacy in 2024

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

Find secrets with Gitleaks 🔑

🤖 The Modern Port Scanner 🤖

Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

Daemon to ban hosts that cause multiple authentication errors

An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

Prowler is an Open Cloud Security tool for AWS, Azure, GCP and Kubernetes. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics re...

SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.

The Network Execution Tool

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

Adversary Emulation Framework

Tools and Techniques for Red Team / Penetration Testing

A static analysis tool for GitHub Actions

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous mon...

802.11 Attack Tool

SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.

secator - the pentester's swiss knife

lightweight, dependency-free bash script for security, performance auditing and infrastructure monitoring of Linux servers.

A very small, very simple, yet very secure encryption tool.

Verify apps easily.

BlueToolkit is an extensible Bluetooth Classic vulnerability testing framework that helps uncover new and old vulnerabilities in Bluetooth-enabled devices. Could be used in the vulnerability research...

PostgreSQL database anonymization and synthetic data generation tool

Copy links from the sharing menu with automatic removal of shorteners and trackers

Athena OS Nix configuration files focused on Cybersecurity. Learn, practice and enjoy with any hacking tool!

免杀知识库 | 开源免杀木马效果测试 360 火绒 卡巴斯基 Microsoft Defender | 免杀工具汇总

A comprehensive collection of cheatsheets for reverse engineering, binary analysis, and assembly programming tools. This repository serves as a one-stop reference for security researchers, reverse eng...

📡 802.11 broadcast analyzer & injector

The most powerful bruteforcer / password sprayer Artifact

一款部署于云端或本地的代理池中间件，可将静态代理IP灵活运用成隧道IP，提供固定请求地址，一次部署终身使用

Identify the accounts most vulnerable to dictionary attacks

Galah: An LLM-powered web honeypot.

🧿 AutorizePro是一款强大越权检测 Burp 插件，通过增加 AI 辅助分析 && 进一步优化检测逻辑，大幅降低误报率，提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it si...

Fully automated host & network intrusion detection platform. Detects malware from behavioural patterns rather than signatures and enables deeper visibility than legacy tools.

The Most Advanced Client-Side Prototype Pollution Scanner