说明

英文版本
因Github Readme显示行数有限, 当前页面显示的为不完整版, 只显示了星数最高的前1000个工具. 点击查看完整版

工具列表

[45523星][11d] [C#] shadowsocks/shadowsocks-windows If you want to keep a secret, you must also hide it from yourself.
[34554星][16d] [C++] x64dbg/x64dbg Windows平台x32/x64调试器
[33926星][10d] [Py] minimaxir/big-list-of-naughty-strings “淘气”的字符串列表，当作为用户输入时很容易引发问题
[32844星][2m] hack-with-github/awesome-hacking A collection of various awesome lists for hackers, pentesters and security researchers
[32022星][4y] [Py] shadowsocks/shadowsocks
[30689星][14d] [Go] fatedier/frp 快速的反向代理, 将NAT或防火墙之后的本地服务器暴露到公网
[27836星][2d] [Kotlin] shadowsocks/shadowsocks-android A shadowsocks client for Android
[25977星][2d] [Py] certbot/certbot Certbot is EFF's tool to obtain certs from Let's Encrypt and (optionally) auto-enable HTTPS on your server. It can also act as a client for any other CA that uses the ACME protocol.
[25643星][28d] [Swift] shadowsocks/shadowsocksx-ng Next Generation of ShadowsocksX
[25330星][3d] [Go] v2ray/v2ray-core A platform for building proxies to bypass network restrictions.
[24826星][2d] xitu/gold-miner
[24727星][5d] trimstray/the-book-of-secret-knowledge A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
[22556星][14d] [Shell] mathiasbynens/dotfiles
[21874星][9d] [PHP] danielmiessler/seclists 多种类型资源收集：用户名、密码、URL、敏感数据类型、Fuzzing Payload、WebShell等
[21778星][12d] [Go] filosottile/mkcert A simple zero-config tool to make locally trusted development certificates with any names you'd like.
[20680星][5d] [Java] skylot/jadx dex 转 java 的反编译器
[20159星][5d] [Shell] streisandeffect/streisand Streisand sets up a new server running your choice of WireGuard, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, sslh, Stunnel, or a Tor bridge. It also generates custom instructions for all of these services. At the end of the run you are given an HTML file with instructions that can be shared with friends, family members, and fellow activists.
[19692星][2m] [Jupyter Notebook] camdavidsonpilon/probabilistic-programming-and-bayesian-methods-for-hackers aka "Bayesian Methods for Hackers": An introduction to Bayesian methods + probabilistic programming with a computation/understanding-first, mathematics-second point of view. All in pure Python ;)
[19212星][1y] alvin9999/new-pac 科学/自由上网，免费ss/ssr/v2ray/goflyway账号，搭建教程
[19076星][2d] [Ruby] rapid7/metasploit-framework Metasploit Framework
[18676星][3y] fallibleinc/security-guide-for-developers Security Guide for Developers (实用性开发人员安全须知)
[18476星][2d] [Java] nationalsecurityagency/ghidra 软件逆向框架
[18390星][3d] [Java] alibaba/arthas Alibaba Java诊断利器Arthas
[17641星][4y] [Go] inconshreveable/ngrok 反向代理，在公网终端和本地服务之间创建安全的隧道
[17069星][6d] [Py] mitmproxy/mitmproxy An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
[16769星][2d] [C#] powershell/powershell PowerShell for every system!
[15824星][2d] [Py] sqlmapproject/sqlmap Automatic SQL injection and database takeover tool
[15731星][9m] micropoor/micro8 从业10年渗透笔记
[15718星][3d] [C] curl/curl A command line tool and library for transferring data with URL syntax, supporting HTTP, HTTPS, FTP, FTPS, GOPHER, TFTP, SCP, SFTP, SMB, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3, RTSP and RTMP. libcurl offers a myriad of powerful features
[15363星][21d] [Py] drduh/macos-security-and-privacy-guide Guide to securing and improving privacy on macOS
[14744星][1m] gfwlist/gfwlist gfwlist
[14518星][7d] [Java] tencent/tinker Tinker is a hot-fix solution library for Android, it supports dex, library and resources update without reinstall apk.
[13736星][9m] [JS] bannedbook/fanqiang 翻墙-科学上网
[13548星][28d] [Py] corentinj/real-time-voice-cloning Clone a voice in 5 seconds to generate arbitrary speech in real-time
[13241星][19d] [Go] jesseduffield/lazydocker The lazier way to manage everything docker
[12966星][12d] [Py] cool-rr/pysnooper Never use print for debugging again
[12742星][3d] [Vue] liyasthomas/postwoman
[12693星][8d] [C] shadowsocks/shadowsocks-libev libev port of shadowsocks
[12544星][9d] [C#] 0xd4d/dnspy .NET debugger and assembly editor
[12325星][2m] [Ruby] diaspora/diaspora A privacy-aware, distributed, open source social network.
[12241星][5d] [Java] signalapp/signal-android A private messenger for Android.
[11977星][1m] [Go] buger/goreplay 实时捕获HTTP流量并输入测试环境，以便持续使用真实数据测试你的系统
[11890星][6d] [C] openssl/openssl TLS/SSL and crypto library
[11530星][2d] [C] radareorg/radare2 unix-like reverse engineering framework and commandline tools
[11418星][3m] [C] robertdavidgraham/masscan masscan：世界上最快的互联网端口扫描器，号称可6分钟内扫描整个互联网
[11404星][2d] getlantern/download Lantern官方版本下载蓝灯翻墙科学上网外网加速器梯子路由
[11342星][1m] facert/awesome-spider 爬虫集合
[11278星][2d] [Java] oracle/graal Run Programs Faster Anywhere
[11200星][5d] [Py] swisskyrepo/payloadsallthethings A list of useful payloads and bypass for Web Application Security and Pentest/CTF
[11143星][2m] [Jupyter Notebook] selfteaching/the-craft-of-selfteaching One has no future if one couldn't teach themself.
[11110星][5d] [Py] owasp/cheatsheetseries The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
[11016星][2y] [ObjC] bang590/jspatch JSPatch bridge Objective-C and Javascript using the Objective-C runtime. You can call any Objective-C class and method in JavaScript by just including a small engine. JSPatch is generally used to hotfix iOS App.
[10925星][2d] [ObjC] flipboard/flex An in-app debugging and exploration tool for iOS
[10907星][2m] [CSS] hacker0x01/hacker101 Hacker101
[10830星][15d] enaqx/awesome-pentest 渗透测试资源/工具集
[10780星][2y] [CoffeeScript] dropbox/zxcvbn Low-Budget Password Strength Estimation
[10757星][19d] [Java] konloch/bytecode-viewer A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)
[10318星][5d] ruanyf/weekly 科技爱好者周刊，每周五发布
[10226星][3d] [Go] goharbor/harbor An open source trusted cloud native registry project that stores, signs, and scans content.
[9830星][8m] imthenachoman/how-to-secure-a-linux-server An evolving how-to guide for securing a Linux server.
[9613星][4d] [Py] sherlock-project/sherlock Find Usernames Across Social Networks
[9389星][3d] [Go] cnlh/nps 一款轻量级、功能强大的内网穿透代理服务器。支持tcp、udp流量转发，支持内网http代理、内网socks5代理，同时支持snappy压缩、站点保护、加密传输、多路复用、header修改等。支持web图形化管理，集成多用户模式。
[9358星][6d] [Ruby] postalhq/postal 全功能邮件服务器
[9266星][3m] [JS] localtunnel/localtunnel expose yourself
[9229星][12d] [Java] ibotpeaches/apktool A tool for reverse engineering Android apk files
[9185星][2d] [C#] icsharpcode/ilspy .NET Decompiler
[9148星][29d] [JS] valve/fingerprintjs2 Modern & flexible browser fingerprinting library
[9069星][11d] [PS] lukesampson/scoop A command-line installer for Windows.
[9015星][2m] vitalysim/awesome-hacking-resources A collection of hacking / penetration testing resources to make you better!
[8854星][6m] [Go] rkt/rkt rkt is a pod-native container engine for Linux. It is composable, secure, and built on standards.
[8739星][17d] [C] gentilkiwi/mimikatz A little tool to play with Windows security
[8646星][28d] [Java] android-hacker/virtualxposed A simple app to use Xposed without root, unlock the bootloader or modify system image, etc.
[8525星][1m] microsoft/wsl Issues found on WSL
[8443星][7m] [Shell] 233boy/v2ray 最好用的 V2Ray 一键安装脚本 & 管理脚本
[8424星][2d] [Py] wifiphisher/wifiphisher 流氓AP框架, 用于RedTeam和Wi-Fi安全测试
[8420星][2y] brannondorsey/wifi-cracking 破解WPA/WPA2 Wi-Fi 路由器
[8044星][9d] trimstray/the-practical-linux-hardening-guide This guide details creating a secure Linux production system. OpenSCAP (C2S/CIS, STIG).
[8002星][2m] [Py] facebook/chisel Chisel is a collection of LLDB commands to assist debugging iOS apps.
[7986星][1m] [Py] mailpile/mailpile A free & open modern, fast email client with user-friendly encryption and privacy features
[7965星][3y] [Go] cyfdecyf/cow HTTP proxy written in Go. COW can automatically identify blocked sites and use parent proxies to access.
[7945星][4y] [ObjC] shadowsocks/shadowsocks-ios Removed according to regulations.
[7840星][6d] [C++] shiqiyu/libfacedetection An open source library for face detection in images. The face detection speed can reach 1500FPS.
[7731星][3d] [JS] gchq/cyberchef The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis
[7712星][2d] [Go] git-lfs/git-lfs Git extension for versioning large files
[7670星][24d] [Java] java-decompiler/jd-gui A standalone Java Decompiler GUI
[7524星][29d] [Py] threat9/routersploit Exploitation Framework for Embedded Devices
[7474星][9d] [Go] snail007/goproxy Proxy是高性能全功能的http代理、https代理、socks5代理、内网穿透、内网穿透p2p、内网穿透代理、内网穿透反向代理、内网穿透服务器、Websocket代理、TCP代理、UDP代理、DNS代理、DNS加密代理，代理API认证，全能跨平台代理服务器。
[7412星][1m] [C++] shadowsocks/shadowsocks-qt5 A cross-platform shadowsocks GUI client
[7397星][1m] [Py] s0md3v/xsstrike Most advanced XSS scanner.
[7246星][19d] [Java] lionsoul2014/ip2region Ip2region is a offline IP location library with accuracy rate of 99.9% and 0.0x millseconds searching performance. DB file is less then 5Mb with all ip address stored. binding for Java,PHP,C,Python,Nodejs,Golang,C#,lua. Binary,B-tree,Memory searching algorithm
[7186星][7m] [Shell] teddysun/shadowsocks_install Auto Install Shadowsocks Server for CentOS/Debian/Ubuntu
[7017星][16d] [Go] future-architect/vuls 针对Linux/FreeBSD 编写的漏洞扫描器. Go 语言编写
[6989星][5d] [C] hashcat/hashcat 世界上最快最先进的密码恢复工具
[6984星][2d] [Go] nats-io/nats-server High-Performance server for NATS, the cloud native messaging system.
[6984星][2m] [JS] cs01/gdbgui Browser-based frontend to gdb (gnu debugger). Add breakpoints, view the stack, visualize data structures, and more in C, C++, Go, Rust, and Fortran. Run gdbgui from the terminal and a new tab will open in your browser.
[6957星][11d] greatfire/wiki 自由浏览
[6949星][3m] [Java] pxb1988/dex2jar Tools to work with android .dex and java .class files
[6869星][2m] [Go] sqshq/sampler A tool for shell commands execution, visualization and alerting. Configured with a simple YAML file.
[6812星][19d] [Shell] awslabs/git-secrets Prevents you from committing secrets and credentials into git repositories
[6732星][9m] [Java] amitshekhariitbhu/android-debug-database A library for debugging android databases and shared preferences - Make Debugging Great Again
[6683星][3d] [Java] zaproxy/zaproxy 在开发和测试Web App时自动发现安全漏洞
[6682星][3y] [C++] alibaba/andfix AndFix is a library that offer hot-fix for Android App.
[6668星][12d] [C++] keepassxreboot/keepassxc KeePassXC is a cross-platform community-driven port of the Windows application “Keepass Password Safe”.
[6595星][3d] [Py] networkx/networkx 用于创建、操纵和研究复杂网络的结构，Python包
[6555星][6m] [Go] shadowsocks/shadowsocks-go go port of shadowsocks (Deprecated)
[6518星][1m] [Py] h2y/shadowrocket-adblock-rules 提供多款 Shadowrocket 规则，带广告过滤功能。用于 iOS 未越狱设备选择性地自动翻墙。
[6462星][5d] [Shell] cisofy/lynis Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
[6451星][17d] [Go] bettercap/bettercap 新版的bettercap, Go 编写. bettercap 是强大的、模块化、可移植且易于扩展的 MITM 框架, 旧版用 Ruby 编写
[6448星][9m] [HTML] open-power-workgroup/hospital OpenPower工作组收集汇总的医院开放数据
[6310星][29d] [Py] seatgeek/fuzzywuzzy Fuzzy String Matching in Python
[6197星][2m] [ObjC] johnno1962/injectionforxcode Runtime Code Injection for Objective-C & Swift
[6194星][3y] [PS] powershellmafia/powersploit PowerSploit - A PowerShell Post-Exploitation Framework
[6192星][2m] [Py] yandex/gixy Nginx 配置静态分析工具，防止配置错误导致安全问题，自动化错误配置检测
[6187星][6m] rmerl/asuswrt-merlin Enhanced version of Asus's router firmware (Asuswrt) (legacy code base)
[6146星][2d] [JS] avwo/whistle 基于Node实现的跨平台抓包调试代理工具（HTTP, HTTP2, HTTPS, Websocket）
[6137星][1y] [Hack] facebook/fbctf Platform to host Capture the Flag competitions
[6128星][9m] [Py] schollz/howmanypeoplearearound 检测 Wifi 信号统计你周围的人数
[6092星][15d] [Go] usefathom/fathom Fathom Lite. Simple, privacy-focused website analytics. Built with Golang & Preact.
[6074星][16d] [Go] quay/clair Vulnerability Static Analysis for Containers
[6074星][16d] [Go] quay/clair clair：容器（appc、docker）漏洞静态分析工具。
[6073星][5m] [Java] qihoo360/replugin RePlugin - A flexible, stable, easy-to-use Android Plug-in Framework
[6070星][2y] [C] jgamblin/mirai-source-code Leaked Mirai Source Code for Research/IoC Development Purposes
[6021星][3d] [Py] cyrus-and/gdb-dashboard Modular visual interface for GDB in Python
[6017星][7d] berzerk0/probable-wordlists Version 2 is live! Wordlists sorted by probability originally created for password generation and testing - make sure your passwords aren't popular!
[5972星][2m] [Java] google/android-classyshark 分析基于Android/Java的App或游戏
[5968星][2d] [Py] gallopsled/pwntools CTF framework and exploit development library
[5942星][6m] [JS] haotian-wang/google-access-helper 谷歌访问助手破解版
[5888星][2d] [Py] asciimoo/searx searx：网络元数据搜索引擎。汇总70 多个搜索引擎的搜素结果，避免用户被追踪或者被分析。可与 Tor 结合使用
[5879星][2d] [C++] radareorg/cutter 逆向框架 radare2的Qt界面，iaito的升级版
[5871星][2m] [Gnuplot] nasa-jpl/open-source-rover A build-it-yourself, 6-wheel rover based on the rovers on Mars!
[5815星][7m] [JS] sindresorhus/fkill-cli Fabulously kill processes. Cross-platform.
[5773星][1y] qinyuhang/shadowsocksx-ng-r Next Generation of ShadowsocksX
[5766星][3m] [ObjC] square/ponydebugger Remote network and data debugging for your native iOS app using Chrome Developer Tools
[5762星][2m] [C] spacehuhn/esp8266_deauther 使用ESP8266 制作Wifi干扰器
[5742星][2y] [Py] newsapps/beeswithmachineguns 创建多个micro EC2实例, 攻击指定Web App
[5740星][8m] [C] xoreaxeaxeax/movfuscator C编译器，编译的二进制文件只有1个代码块。
[5694星][9d] [JS] swagger-api/swagger-editor Swagger Editor
[5693星][2d] [Go] casbin/casbin An authorization library that supports access control models like ACL, RBAC, ABAC in Golang
[5626星][1m] [C] rofl0r/proxychains-ng proxychains ng (new generation) - a preloader which hooks calls to sockets in dynamically linked programs and redirects it through one or more socks/http proxies. continuation of the unmaintained proxychains project. the sf.net page is currently not updated, use releases from github release page instead.
[5593星][10d] [Ruby] presidentbeef/brakeman ROR程序的静态分析工具
[5565星][29d] [Roff] max2max/freess 免费ss账号免费shadowsocks账号免费v2ray账号 (长期更新)
[5540星][20d] rshipp/awesome-malware-analysis A curated list of awesome malware analysis tools and resources.
[5476星][8m] carpedm20/awesome-hacking Hacking教程、工具和资源
[5417星][2m] [Py] axi0mx/ipwndfu open-source jailbreaking tool for many iOS devices
[5413星][2y] [Rust] autumnai/leaf Open Machine Intelligence Framework for Hackers. (GPU/CPU)
[5371星][5m] [C] pwn20wndstuff/undecimus unc0ver jailbreak for iOS 11.0 - 12.4
[5371星][2d] [Py] mlflow/mlflow Open source platform for the machine learning lifecycle
[5324星][4d] [Go] zricethezav/gitleaks Audit git repos for secrets
[5205星][7m] [Py] usarmyresearchlab/dshell 网络审计分析
[5196星][3m] [Py] ytisf/thezoo A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.
[5192星][1m] [Py] refirmlabs/binwalk 固件分析工具（命令行+IDA插件）
- IDA插件
- binwalk
[5167星][20d] [Shell] vulhub/vulhub Pre-Built Vulnerable Environments Based on Docker-Compose
[5167星][1y] [JS] samyk/poisontap Exploits locked/password protected computers over USB, drops persistent WebSocket-based backdoor, exposes internal router, and siphons cookies using Raspberry Pi Zero & Node.js.
[5148星][6d] [PHP] tennc/webshell webshell收集
[5123星][21d] [C++] avast/retdec 基于 LLVM 的可重定位机器码反编译器, 可检测壳、检测和重构C++类继承、重构函数/类型/结构体等、可反编译为 C 或 Python 2种高级语言格式
[5118星][15d] [ObjC] macpass/macpass A native OS X KeePass client
[5118星][4m] [Py] n1nj4sec/pupy Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python
[5089星][2d] [Go] dnscrypt/dnscrypt-proxy 灵活的DNS代理，支持现代的加密DNS协议，例如：DNS protocols such as DNSCrypt v2, DNS-over-HTTPS and Anonymized DNSCrypt.
[5082星][2m] sbilly/awesome-security 与安全相关的软件、库、文档、书籍、资源和工具等收集
[5065星][2m] [Shell] stackexchange/blackbox 文件使用PGP加密后隐藏在Git/Mercurial/Subversion
[5059星][1m] [Java] meituan-dianping/walle Android Signature V2 Scheme签名下的新一代渠道包打包神器
[5054星][4y] [Py] shadowsocksr-backup/shadowsocksr Python port of ShadowsocksR
[5042星][2d] [HTML] owasp/owasp-mstg 关于移动App安全开发、测试和逆向的相近手册
[5037星][4m] [PS] empireproject/empire 后渗透框架. Windows客户端用PowerShell, Linux/OSX用Python. 之前PowerShell Empire和Python EmPyre的组合
[5021星][2d] [Py] mobsf/mobile-security-framework-mobsf Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
[5005星][2d] [C++] coatisoftware/sourcetrail Sourcetrail - free and open-source interactive source explorer
[4996星][2d] [ASP] hq450/fancyss fancyss is a project providing tools to across the GFW on asuswrt/merlin based router.
[4996星][6d] [Go] inlets/inlets Expose your local endpoints to the Internet
[4994星][1m] [Py] snare/voltron A hacky debugger UI for hackers
[4953星][22d] [Py] trustedsec/social-engineer-toolkit The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.
[4920星][2d] [TS] jigsaw-code/outline-client Outline clients, developed by Jigsaw. The Outline clients use the popular Shadowsocks protocol, and lean on the Cordova and Electron frameworks to support Windows, Android / ChromeOS, Linux, iOS and macOS.
[4913星][1y] [Go] yinghuocho/firefly-proxy A proxy software to help circumventing the Great Firewall.
[4909星][2d] [Shell] denisidoro/navi An interactive cheatsheet tool for the command-line
[4897星][11m] [Go] bitly/oauth2_proxy 反向代理，静态文件服务器，提供Providers(Google/Github)认证
[4883星][2m] [Rust] sharkdp/hexyl 命令行中查看hex
[4881星][5d] [Java] guardianproject/haven 通过Android应用和设备上的传感器保护自己的个人空间和财产而又不损害
[4869星][2d] [Swift] yanue/v2rayu V2rayU,基于v2ray核心的mac版客户端,用于科学上网,使用swift编写,支持vmess,shadowsocks,socks5等服务协议,支持订阅, 支持二维码,剪贴板导入,手动配置,二维码分享等
[4867星][10d] [Py] alessandroz/lazagne Credentials recovery project
[4847星][3d] [Go] gcla/termshark A terminal UI for tshark, inspired by Wireshark
[4841星][2d] [C] offensive-security/exploitdb The official Exploit Database repository
[4803星][8m] [Py] 10se1ucgo/disablewintracking Uses some known methods that attempt to minimize tracking in Windows 10
[4782星][2d] [C] google/oss-fuzz 开源软件fuzzing
[4761星][2d] [C++] facebook/redex Android App字节码优化器
[4724星][2d] [C++] paddlepaddle/paddle-lite Multi-platform high performance deep learning inference engine (『飞桨』多平台高性能深度学习预测引擎）
[4691星][9d] [Py] manisso/fsociety fsociety Hacking Tools Pack – A Penetration Testing Framework
[4639星][3d] [Py] secdev/scapy 交互式数据包操作, Python, 命令行+库
[4638星][18d] [C] google/ios-webkit-debug-proxy A DevTools proxy (Chrome Remote Debugging Protocol) for iOS devices (Safari Remote Web Inspector).
[4637星][6m] powershell/win32-openssh Win32 port of OpenSSH
[4633星][2d] [JS] beefproject/beef The Browser Exploitation Framework Project
[4615星][12d] [Go] ginuerzh/gost GO语言实现的安全隧道
[4589星][11m] [Py] ecthros/uncaptcha2 defeating the latest version of ReCaptcha with 91% accuracy
[4583星][1y] [C] upx/upx UPX - the Ultimate Packer for eXecutables
[4575星][4d] [C++] mozilla/rr 记录与重放App的调试执行过程
[4543星][4d] [Ruby] wpscanteam/wpscan WPScan is a free, for non-commercial use, black box WordPress Vulnerability Scanner written for security professionals and blog maintainers to test the security of their WordPress websites.
[4529星][6d] [C] jedisct1/dsvpn A Dead Simple VPN.
[4498星][6d] [TS] apis-guru/graphql-voyager
[4459星][8d] [Py] jopohl/urh Universal Radio Hacker: investigate wireless protocols like a boss
[4458星][1y] [Go] wallix/awless A Mighty CLI for AWS
[4449星][3d] [Go] dragonflyoss/dragonfly Dragonfly is an intelligent P2P based image and file distribution system.
[4446星][2d] [Makefile] frida/frida Clone this repo to build Frida
[4443星][24d] [Py] jofpin/trape 学习在互联网上跟踪别人，获取其详细信息，并避免被别人跟踪
[4411星][2m] [Shell] zardus/ctf-tools Some setup scripts for security research tools.
[4359星][6d] [Swift] signalapp/signal-ios A private messenger for iOS.
[4346星][1m] [JS] cure53/dompurify a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
[4344星][12m] [Py] lennylxx/ipv6-hosts Fork of
[4313星][5m] [Py] diafygi/acme-tiny A tiny script to issue and renew TLS certs from Let's Encrypt
[4283星][7d] [Py] tensorflow/cleverhans Python库，基准测试（benchmark）机器学习系统的漏洞生成（to）对抗样本（adversarial examples）
[4280星][1m] [Shell] ashishb/android-security-awesome A collection of android security related resources
[4261星][5d] [Rust] timvisee/ffsend Easily and securely share files from the command line
[4258星][11m] [JS] butterproject/butter-desktop All the free parts of Popcorn Time
[4244星][2y] imeiji/shadowsocks_install Auto install shadowsocks server，thanks 秋水逸冰
[4241星][4m] [Py] dxa4481/trufflehog Searches through git repositories for high entropy strings and secrets, digging deep into commit history
[4215星][7m] [ObjC] alonemonkey/monkeydev CaptainHook Tweak、Logos Tweak and Command-line Tool、Patch iOS Apps, Without Jailbreak.
[4211星][9d] [Go] gophish/gophish 网络钓鱼工具包
[4205星][11d] qazbnm456/awesome-web-security web 安全资源列表
[4204星][1y] [Go] michenriksen/gitrob 查找push到公开的Github repo中的敏感信息
[4202星][2m] [Py] evilsocket/opensnitch opensnitch：Little Snitch 应用程序防火墙的 GNU/Linux 版本。（Little Snitch：Mac操作系统的应用程序防火墙，能防止应用程序在你不知道的情况下自动访问网络）
[4198星][2d] [Py] openmined/pysyft A library for encrypted, privacy preserving machine learning
[4190星][13d] we5ter/scanners-box 安全行业从业者自研开源扫描器合辑
[4171星][2y] forter/security-101-for-saas-startups 初学者安全小窍门
[4149星][12m] [JS] kdzwinel/betwixt Betwixt will help you analyze web traffic outside the browser using familiar Chrome DevTools interface.
[4131星][5d] [Java] spring-projects/spring-security Spring Security
[4120星][5m] [Py] spiderclub/haipproxy
[4120星][2m] [Py] aboul3la/sublist3r Fast subdomains enumeration tool for penetration testers
[4096星][2y] [Py] xoreaxeaxeax/sandsifter sandsifter：x86 处理器 Fuzzer，查找 Intel 的隐藏指令和 CPU bug
[4092星][9m] wtsxdev/reverse-engineering List of awesome reverse engineering resources
[4046星][1m] [JS] sigalor/whatsapp-web-reveng WhatsApp Web API逆向与重新实现
[4045星][2m] [Java] jesusfreke/smali smali/baksmali
[4044星][2d] [Py] google/clusterfuzz Scalable fuzzing infrastructure.
[4022星][22d] drduh/yubikey-guide Guide to using YubiKey for GPG and SSH
[4021星][3m] [JS] cuckoosandbox/cuckoo Cuckoo Sandbox is an automated dynamic malware analysis system
[4000星][1y] [JS] travist/jsencrypt A Javascript library to perform OpenSSL RSA Encryption, Decryption, and Key Generation.
[3967星][3m] [Py] nullarray/autosploit Automated Mass Exploiter
[3961星][5d] [Go] dexidp/dex OpenID Connect Identity (OIDC) and OAuth 2.0 Provider with Pluggable Connectors
[3953星][2m] [JS] apsdehal/awesome-ctf A curated list of CTF frameworks, libraries, resources and softwares
[3953星][2m] [JS] apsdehal/awesome-ctf A curated list of CTF frameworks, libraries, resources and softwares
[3937星][3d] [Py] angr/angr A powerful and user-friendly binary analysis platform!
[3935星][4m] [PHP] paragonie/awesome-appsec A curated list of resources for learning about application security
[3933星][8m] [Go] eranyanay/1m-go-websockets handling 1M websockets connections in Go
[3923星][1m] [C] aquynh/capstone Capstone disassembly/disassembler framework: Core (Arm, Arm64, BPF, EVM, M68K, M680X, MOS65xx, Mips, PPC, RISCV, Sparc, SystemZ, TMS320C64x, Web Assembly, X86, X86_64, XCore) + bindings.
[3920星][2y] [C#] shadowsocksr-backup/shadowsocksr-csharp
[3915星][16d] [Rust] svenstaro/genact a nonsense activity generator
[3893星][2d] [C++] baldurk/renderdoc RenderDoc is a stand-alone graphics debugging tool.
[3878星][2m] [PHP] fuzzdb-project/fuzzdb 通过动态App安全测试来查找App安全漏洞, 算是不带扫描器的漏洞扫描器
[3869星][2d] [Py] secureauthcorp/impacket Python类收集, 用于与网络协议交互
[3848星][7d] [JS] shadowsocks/shadowsocks-manager A shadowsocks manager tool for multi user and traffic control.
[3845星][2d] hq450/fancyss_history_package 科学上网插件的离线安装包储存在这里
[3838星][2m] [ObjC] sveinbjornt/sloth Mac app that shows all open files, directories and sockets in use by all running processes. Nice GUI for lsof.
[3831星][4y] iosre/iosappreverseengineering The world’s 1st book of very detailed iOS App reverse engineering skills :)
[3813星][1m] jivoi/awesome-osint OSINT资源收集
[3799星][5y] shadowsocksr-backup/shadowsocks-rss ShadowsocksR update rss, SSR organization
[3767星][10m] [Py] longld/peda Python Exploit Development Assistance for GDB
[3763星][2m] [Py] paralax/awesome-honeypots an awesome list of honeypot resources
[3755星][2m] [PHP] ethicalhack3r/dvwa Damn Vulnerable Web Application (DVWA)
[3752星][2m] [Go] microsoft/ethr Ethr is a Network Performance Measurement Tool for TCP, UDP & HTTP.
[3736星][8d] [Go] hashicorp/consul-template Template rendering, notifier, and supervisor for
[3733星][2m] [C] iaik/meltdown This repository contains several applications, demonstrating the Meltdown bug.
[3730星][4m] [Py] malwaredllc/byob BYOB (Build Your Own Botnet)
[3719星][6d] jjqqkk/chromium Chromium browser with SSL VPN. Use this browser to unblock websites.
[3713星][2d] [C] atmosphere-nx/atmosphere Atmosphère is a work-in-progress customized firmware for the Nintendo Switch.
[3684星][2y] [JS] samyk/evercookie JavaScript API，在浏览器中创建超级顽固的cookie，在标准Cookie、Flask Cookie等被清除之后依然能够识别客户端
[3682星][10d] [HTML] hamukazu/lets-get-arrested This project is intended to protest against the police in Japan
[3670星][2d] [JS] lesspass/lesspass
[3668星][8d] [C#] 0xd4d/de4dot .NET deobfuscator and unpacker.
[3667星][1y] [Py] misterch0c/shadowbroker 方程式最新泄露
[3666星][5m] [C] secwiki/windows-kernel-exploits windows-kernel-exploits Windows平台提权漏洞集合
[3663星][4m] [C] facebook/fishhook A library that enables dynamically rebinding symbols in Mach-O binaries running on iOS.
[3652星][4d] acl4ssr/acl4ssr SSR 去广告ACL规则/SS完整GFWList规则，Telegram频道订阅地址
[3647星][2y] [Py] qiyeboy/ipproxypool IPProxyPool代理池项目，提供代理ip
[3622星][6d] [TS] javascript-obfuscator/javascript-obfuscator A powerful obfuscator for JavaScript and Node.js
[3621星][7d] [HTML] consensys/smart-contract-best-practices A guide to smart contract security best practices
[3619星][5y] [C#] brandonlw/psychson Phison 2251-03 (2303) Custom Firmware & Existing Firmware Patches (BadUSB)
[3611星][2m] [Java] ffay/lanproxy lanproxy是一个将局域网个人电脑、服务器代理到公网的内网穿透工具，支持tcp流量转发，可支持任何tcp上层协议（访问内网网站、本地支付接口调试、ssh访问、远程桌面...）。目前市面上提供类似服务的有花生壳、TeamView、GoToMyCloud等等，但要使用第三方的公网服务器就必须为第三方付费，并且这些服务都有各种各样的限制，此外，由于数据包会流经第三方，因此对数据安全也是一大隐患。技术交流QQ群 946273429
[3604星][8d] [PS] bloodhoundad/bloodhound a single page Javascript web application, uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment.
[3598星][26d] [C++] anbox/anbox 在常规GNU / Linux系统上引导完整的Android系统，基于容器
[3597星][1y] [C#] nummer/destroy-windows-10-spying Destroy Windows Spying tool
[3595星][3y] [Perl] x0rz/eqgrp Decrypted content of eqgrp-auction-file.tar.xz
[3583星][3d] [Shell] drwetter/testssl.sh 检查服务器任意端口对 TLS/SSL 的支持、协议以及一些加密缺陷，命令行工具
[3580星][5d] [C] nmap/nmap Nmap
[3562星][5d] [Pascal] cheat-engine/cheat-engine Cheat Engine. A development environment focused on modding
[3542星][6y] [R] johnmyleswhite/ml_for_hackers 《Machine Learning for Hackers》随书代码
[3540星][6d] blacckhathaceekr/pentesting-bible links reaches 10000 links & 10000 pdf files .Learn Ethical Hacking and penetration testing .hundreds of ethical hacking & penetration testing & red team & cyber security & computer science resources.
[3538星][4m] [Shell] chengr28/revokechinacerts Revoke Chinese certificates.
[3533星][14d] [C] tencent/tencentos-tiny 腾讯物联网终端操作系统
[3514星][3y] [C] hak5darren/usb-rubber-ducky
[3510星][2d] [JS] aol/moloch 数据包捕获、索引工具，支持数据库
[3501星][8m] [Go] fanpei91/torsniff torsniff - a sniffer that sniffs torrents from BitTorrent network
[3501星][8m] [Go] fanpei91/torsniff 从BitTorrent网络嗅探种子
[3493星][9m] [C] rpisec/mbe Course materials for Modern Binary Exploitation by RPISEC
[3485星][5m] [PHP] hanc00l/wooyun_public This repo is archived. Thanks for wooyun! 乌云公开漏洞、知识库爬虫和搜索 crawl and search for wooyun.org public bug(vulnerability) and drops
[3481星][8d] [C] cyan4973/xxhash Extremely fast non-cryptographic hash algorithm
[3471星][2m] [C++] trojan-gfw/trojan An unidentifiable mechanism that helps you bypass GFW.
[3442星][9d] [C] shellphish/how2heap 学习各种堆利用技巧的repo
[3442星][8d] [Java] meituan-dianping/robust Robust is an Android HotFix solution with high compatibility and high stability. Robust can fix bugs immediately without a reboot.
[3441星][15d] [Perl] sullo/nikto Nikto web server scanner
[3419星][9d] [C] mikebrady/shairport-sync AirPlay audio player. Shairport Sync adds multi-room capability with Audio Synchronisation
[3412星][27d] icodesign/potatso Potatso is an iOS client that implements different proxies with the leverage of NetworkExtension framework in iOS 10+.
[3410星][5m] [Go] jpillora/chisel 基于HTTP的快速 TCP 隧道
[3408星][24d] [PS] samratashok/nishang 渗透框架，脚本和Payload收集，主要是PowerShell，涵盖渗透的各个阶段
[3397星][2y] shadowsocksrr/shadowsocks-rss ShadowsocksR update rss, SSR organization
[3344星][2d] jivoi/awesome-ml-for-cybersecurity 针对网络安全的机器学习资源列表
[3343星][6d] [C] screetsec/thefatrat Thefatrat a massive exploiting tool : Easy tool to generate backdoor and easy tool to post exploitation attack like browser attack and etc . This tool compiles a malware with popular payload and then the compiled malware can be execute on windows, android, mac . The malware that created with this tool also have an ability to bypass most AV softw…
[3340星][5m] [C++] wangyu-/udp2raw-tunnel udp 打洞。通过raw socket给UDP包加上TCP或ICMP header，进而绕过UDP屏蔽或QoS，或在UDP不稳定的环境下提升稳定性
[3334星][10d] [Smarty] anankke/sspanel-uim 专为 Shadowsocks / ShadowsocksR / V2Ray 设计的多用户管理面板
[3331星][15d] [Py] google/grr remote live forensics for incident response
[3330星][2d] [Py] stamparm/maltrail 恶意网络流量检测系统
[3319星][2y] scanate/ethlist The Comprehensive Ethereum Reading List
[3303星][22d] [C] vanhauser-thc/thc-hydra 网络登录破解，支持多种服务
[3301星][2m] [Swift] yagiz/bagel a little native network debugging tool for iOS
[3298星][9d] [C++] fireice-uk/xmr-stak Free Monero RandomX Miner and unified CryptoNight miner
[3285星][7d] [C] microsoft/windows-driver-samples This repo contains driver samples prepared for use with Microsoft Visual Studio and the Windows Driver Kit (WDK). It contains both Universal Windows Driver and desktop-only driver samples.
[3278星][6d] [C] virustotal/yara The pattern matching swiss knife
[3276星][3m] [C] nbs-system/naxsi NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX
[3263星][10d] [Java] oldmanpushcart/greys-anatomy Java诊断工具
[3262星][2m] [Py] volatilityfoundation/volatility An advanced memory forensics framework
[3260星][8d] [Shell] toniblyx/my-arsenal-of-aws-security-tools List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
[3260星][5y] [C++] google/lmctfy lmctfy is the open source version of Google’s container stack, which provides Linux application containers.
[3259星][7m] [JS] sindresorhus/speed-test Test your internet connection speed and ping using speedtest.net from the CLI
[3255星][4d] [ObjC] objective-see/lulu LuLu is the free macOS firewall
[3247星][29d] [JS] koenkk/zigbee2mqtt Zigbee
[3242星][16d] [Py] laramies/theharvester E-mails, subdomains and names Harvester - OSINT
[3238星][2d] [TS] jigsaw-code/outline-server Outline Manager, developed by Jigsaw. The Outline Manager application creates and manages Outline servers, powered by Shadowsocks. It uses the Electron framework to offer support for Windows, macOS and Linux.
[3236星][5m] [Go] meshbird/meshbird cloud-native multi-region multi-cloud decentralized private networking
[3234星][2y] [CSS] jbtronics/crookedstylesheets 使用纯CSS收集网页/用户信息
[3233星][9d] [Go] mozilla/sops Simple and flexible tool for managing secrets
[3228星][2d] [C] betaflight/betaflight Open Source Flight Controller Firmware
[3223星][2m] [Shell] gfw-breaker/ssr-accounts 一键部署Shadowsocks服务；免费Shadowsocks账号分享；免费SS账号分享; 翻墙；无界，自由门，SquirrelVPN
[3222星][6d] [C] tmate-io/tmate Instant Terminal Sharing
[3222星][6d] [Go] dvyukov/go-fuzz Randomized testing for Go
[3221星][4y] [C] shadowsocks/chinadns Protect yourself against DNS poisoning in China.
[3213星][1m] [TS] google/incremental-dom An in-place DOM diffing library
[3210星][7m] [HTML] leizongmin/js-xss Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist
[3209星][5m] [ObjC] naituw/ipapatch Patch iOS Apps, The Easy Way, Without Jailbreak.
[3208星][4m] [C] yarrick/iodine 通过DNS服务器传输(tunnel)IPV4数据
[3205星][15d] [Py] maurosoria/dirsearch Web path scanner
[3202星][10d] [Rich Text Format] the-art-of-hacking/h4cker 资源收集：hacking、渗透、数字取证、事件响应、漏洞研究、漏洞开发、逆向
[3187星][1y] [Py] kootenpv/whereami 使用Wifi信号和机器学习预测你的位置，精确度2-10米
[3187星][6m] hslatman/awesome-threat-intelligence A curated list of Awesome Threat Intelligence resources
[3186星][1m] [C++] spiderlabs/modsecurity ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx that is developed by Trustwave's SpiderLabs. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analys…
[3180星][27d] [C] magnumripper/johntheripper This is the official repo for John the Ripper, "Jumbo" version. The "bleeding-jumbo" branch is based on 1.9.0-Jumbo-1 which was released on May 14, 2019. An import of the "core" version of john this jumbo was based on (or newer) is found in the "master" branch (CVS:
[3169星][1m] [C] valdikss/goodbyedpi GoodbyeDPI—Passive Deep Packet Inspection blocker and Active DPI circumvention utility (for Windows)
[3162星][1y] [Shell] toyodadoubi/doubi 一个逗比写的各种逗比脚本~
[3159星][3d] [JS] minbrowser/min A fast, minimal browser that protects your privacy
[3140星][6d] [C] meetecho/janus-gateway Janus WebRTC Server
[3137星][2y] shadowsocksr-backup/shadowsocksr-android A ShadowsocksR client for Android
[3134星][2d] [C++] px4/firmware PX4 Autopilot Software
[3125星][3d] [Shell] 1n3/sn1per 自动化渗透测试框架
[3123星][30d] meirwah/awesome-incident-response A curated list of tools for incident response
[3123星][2m] [PS] fireeye/commando-vm Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. [email protected]
[3122星][5d] [Go] uber/kraken P2P Docker registry capable of distributing TBs of data in seconds
[3121星][30d] [CSS] readthedocs/sphinx_rtd_theme Sphinx theme for readthedocs.org
[3121星][8d] [JS] duo-labs/cloudmapper 生成AWS环境的网络拓扑图
[3118星][3d] [Shell] speed47/spectre-meltdown-checker 检查 Linux 主机是否受处理器漏洞Spectre & Meltdown 的影响
[3113星][2d] [C] qemu/qemu Official QEMU mirror. Please see
[3107星][2m] [Py] byt3bl33d3r/crackmapexec 后渗透工具，自动化评估大型Active Directory网络的安全性
[3106星][7d] [Java] deathmarine/luyten An Open Source Java Decompiler Gui for Procyon
[3105星][10d] [Shell] softwaredownload/openwrt-fanqiang 最好的路由器翻墙、科学上网教程—OpenWrt—shadowsocks
[3088星][9d] [Shell] trimstray/htrace.sh My simple Swiss Army knife for http/https troubleshooting and profiling.
[3087星][3d] [Py] tribler/tribler Privacy enhanced BitTorrent client with P2P content discovery
[3085星][11d] [Go] tencent/bk-cmdb 蓝鲸智云配置平台(BlueKing CMDB)
[3084星][22d] [C] unicorn-engine/unicorn Unicorn CPU emulator framework (ARM, AArch64, M68K, Mips, Sparc, X86)
[3080星][3m] [C] zmap/zmap ZMap is a fast single packet network scanner designed for Internet-wide network surveys.
[3076星][7m] [Go] michenriksen/aquatone 子域名枚举工具。除了经典的爆破枚举之外，还利用多种开源工具和在线服务大幅度增加发现子域名的数量。
[3071星][9m] [JS] jipegit/osxauditor OS X Auditor is a free Mac OS X computer forensics tool
[3065星][1m] [Java] calebfenton/simplify Generic Android Deobfuscator
[3063星][1y] [Swift] zhuhaow/spechtlite A rule-based proxy for macOS
[3052星][2m] [JS] valve/fingerprintjs Anonymous browser fingerprint
[3049星][4m] [C++] google/robotstxt The repository contains Google's robots.txt parser and matcher as a C++ library (compliant to C++11).
[3043星][3m] [Py] spiderlabs/responder LLMNR/NBT-NS/MDNS投毒，内置HTTP/SMB/MSSQL/FTP/LDAP认证服务器, 支持NTLMv1/NTLMv2/LMv2
[3029星][2m] [Go] gwuhaolin/lightsocks 轻量级网络混淆代理，基于 SOCKS5 协议，可用来代替 Shadowsocks
[3027星][9m] [C] secwiki/linux-kernel-exploits linux-kernel-exploits Linux平台提权漏洞集合
[3001星][1y] [PHP] owner888/phpspider 《我用爬虫一天时间“偷了”知乎一百万用户，只为证明PHP是世界上最好的语言》所使用的程序
[2991星][2d] [JS] ntop/ntopng 基于Web的流量监控工具
[2986星][7d] [Py] guardicore/monkey 自动化渗透测试工具, 测试数据中心的弹性, 以防范周边(perimeter)泄漏和内部服务器感染
[2969星][29d] [Go] cookiey/yearning A most popular sql audit platform for mysql
[2968星][2d] [ObjC] google/santa 用于Mac系统的二进制文件白名单/黑名单系统
[2955星][4d] [Py] twintproject/twint An advanced Twitter scraping & OSINT tool written in Python that doesn't use Twitter's API, allowing you to scrape a user's followers, following, Tweets and more while evading most API limitations.
[2955星][11d] [Go] dominikh/go-tools Staticcheck – a collection of static analysis tools for working with Go code
[2949星][8d] [JS] webgoat/webgoat 带漏洞WebApp
[2948星][2m] [Dockerfile] thinkdevelop/free-ss-ssr SS账号、SSR账号、V2Ray账号
[2947星][1m] [Py] andresriancho/w3af Web App安全扫描器, 辅助开发者和渗透测试人员识别和利用Web App中的漏洞
[2945星][2y] phith0n/mind-map 各种安全相关思维导图整理收集
[2942星][21d] [Py] cowrie/cowrie 中型/交互型 SSH/Telnet 蜜罐，
[2936星][1y] [Py] danmcinerney/wifijammer 持续劫持范围内的Wifi客户端和AP
[2933星][2d] [Zeek] zeek/zeek Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
[2932星][11m] [Shell] 91yun/serverspeeder 锐速破解版
[2920星][23d] [Go] securego/gosec Golang security checker
[2916星][2d] [JS] evilsocket/pwnagotchi 深度学习+Bettercap，基于A2C，从周围的WiFi环境中学习，以最大程度地利用捕获的WPA关键信息
[2915星][12d] [C] libfuse/sshfs A network filesystem client to connect to SSH servers
[2909星][2d] [Py] trustedsec/ptf 创建基于Debian/Ubuntu/ArchLinux的渗透测试环境
[2901星][1y] [Py] byt3bl33d3r/mitmf Framework for Man-In-The-Middle attacks
[2897星][3d] secfigo/awesome-fuzzing A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Development like root cause analysis.
[2883星][7m] [C] p-h-c/phc-winner-argon2 The password hash Argon2, winner of PHC
[2877星][4y] [ObjC] maciekish/iresign iReSign allows iDevice app bundles (.ipa) files to be signed or resigned with a digital certificate from Apple for distribution. This tool is aimed at enterprises users, for enterprise deployment, when the person signing the app is different than the person(s) developing it.
[2858星][2d] [C] lxc/lxc LXC - Linux Containers
[2850星][2d] [HTML] ctf-wiki/ctf-wiki CTF Wiki Online. Come and join us, we need you!
[2850星][4d] [Go] 99designs/aws-vault A vault for securely storing and accessing AWS credentials in development environments
[2845星][2d] [ObjC] facebook/idb idb is a flexible command line interface for automating iOS simulators and devices
[2842星][5m] [Py] instantbox/instantbox Get a clean, ready-to-go Linux box in seconds.
[2840星][23d] [C] ossec/ossec-hids 入侵检测系统
[2840星][2m] infosecn1nja/red-teaming-toolkit A collection of open source and commercial tools that aid in red team operations.
[2839星][8m] [C++] wangyu-/udpspeeder A Tunnel which Improves your Network Quality on a High-latency Lossy Link by using Forward Error Correction,for All Traffics(TCP/UDP/ICMP)
[2837星][17d] [Py] espressif/esptool ESP8266 and ESP32 serial bootloader utility
[2834星][8m] [Shell] goreliu/wsl-terminal Terminal emulator for Windows Subsystem for Linux (WSL)
[2829星][4m] [C] juliocesarfort/public-pentesting-reports Curated list of public penetration test reports released by several consulting firms and academic security groups
[2829星][1m] [Assembly] ************/x86-bare-metal-examples 几十个用于学习 x86 系统编程的小型操作系统
[2823星][2y] [CSS] maxchehab/css-keylogging Chrome extension and Express server that exploits keylogging abilities of CSS.
[2820星][7d] [C] tmk/tmk_keyboard Atmel AVR 和 Cortex-M键盘固件收集
[2814星][8m] [C#] quasar/quasarrat Remote Administration Tool for Windows
[2814星][5d] [Py] jrohy/multi-v2ray v2ray easy delpoy & manage tool， support multiple user & protocol manage
[2808星][2m] paulsec/awesome-sec-talks A collected list of awesome security talks
[2803星][9m] [Py] plasma-disassembler/plasma Plasma is an interactive disassembler for x86/ARM/MIPS. It can generates indented pseudo-code with colored syntax.
[2798星][19d] [Py] androguard/androguard Reverse engineering, Malware and goodware analysis of Android applications ... and more (ninja !)
[2793星][6d] [C] klange/toaruos A completely-from-scratch hobby operating system: bootloader, kernel, drivers, C library, and userspace including a composited graphical UI, dynamic linker, syntax-highlighting text editor, network stack, etc.
[2793星][2m] [Go] kgretzky/evilginx2 独立的MITM攻击工具，用于登录凭证钓鱼，可绕过双因素认证
[2791星][7d] [C++] xmrig/xmrig xmrig: 门罗币挖矿代码 CPU 版
[2789星][4y] [Lua] loveshell/ngx_lua_waf ngx_lua_waf是一个基于lua-nginx-module(openresty)的web应用防火墙
[2783星][30d] [Makefile] shadowsocks/openwrt-shadowsocks Shadowsocks-libev for OpenWrt/LEDE
[2782星][2y] [C] seclab-ucr/intang research project for circumventing the "TCP reset attack" from the Great Firewall of China (GFW) by disrupting/desynchronizing the TCP Control Block (TCB) on the censorship devices.
[2777星][9d] [C++] qtox/qtox qTox is a chat, voice, video, and file transfer IM client using the encrypted peer-to-peer Tox protocol.
[2769星][4d] [C] processhacker/processhacker A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware.
[2766星][1m] [JS] trufflesuite/ganache-cli Fast Ethereum RPC client for testing and development
[2756星][2m] secwiki/sec-chart 安全思维导图集合
[2742星][5d] [TS] webhintio/hint
[2742星][24d] [Makefile] theos/theos A cross-platform suite of tools for building and deploying software for iOS and other platforms.
[2741星][8m] [Py] p0cl4bs/wifi-pumpkin AP攻击框架, 创建虚假网络, 取消验证攻击、请求和凭证监控、透明代理、Windows更新攻击、钓鱼管理、ARP投毒、DNS嗅探、Pumpkin代理、动态图片捕获等
[2739星][23d] [JS] s0md3v/awesomexss Awesome XSS stuff
[2737星][1y] [C] vanhoefm/krackattacks-scripts 检测客户端和AP是否受KRACK漏洞影响
[2735星][18d] [JS] cyu/rack-cors Rack Middleware for handling Cross-Origin Resource Sharing (CORS), which makes cross-origin AJAX possible.
[2730星][3y] [Py] hephaest0s/usbkill 反取证开关. 监控USB端口变化, 有变化时立即关闭计算机
[2717星][2d] [PS] redcanaryco/atomic-red-team Small and highly portable detection tests based on MITRE's ATT&CK.
[2713星][1m] [C] taviso/loadlibrary 使 Linux系统加载并调用 Windows DLL
[2703星][3y] [Eagle] samyk/magspoof 信用卡/磁条欺骗
[2701星][3d] [Go] aquasecurity/trivy A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI
[2698星][7d] [ObjC] dantheman827/ios-app-signer This is an app for OS X that can (re)sign apps and bundle them into ipa files that are ready to be installed on an iOS device.
[2690星][1m] [ObjC] kjcracks/clutch Fast iOS executable dumper
[2682星][22d] [Go] google/syzkaller 一个unsupervised、以 coverage 为导向的Linux 系统调用fuzzer
[2681星][1y] [Py] mame82/p4wnp1 基于Raspberry Pi Zero 或 Raspberry Pi Zero W 的USB攻击平台, 高度的可定制性
[2674星][3m] [Py] drivendata/cookiecutter-data-science A logical, reasonably standardized, but flexible project structure for doing and sharing data science work.
[2662星][2m] rmusser01/infosec_reference An Information Security Reference That Doesn't Suck
[2654星][17d] [JS] bkimminich/juice-shop OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
[2652星][3m] [Java] frohoff/ysoserial 生成会利用不安全的Java对象反序列化的Payload
[2645星][2m] xairy/linux-kernel-exploitation Linux 内核 Fuzz 和漏洞利用的资源收集
[2645星][1y] [HTML] chybeta/web-security-learning Web-Security-Learning
[2641星][1y] [C] ckolivas/cgminer ASIC and FPGA miner in c for bitcoin
[2640星][2d] [Go] slackhq/nebula A scalable overlay networking tool with a focus on performance, simplicity and security
[2637星][4m] [Java] teevity/ice AWS Usage Tool
[2625星][8m] leandromoreira/linux-network-performance-parameters Learn where some of the network sysctl variables fit into the Linux/Kernel network flow
[2615星][2m] [Swift] zhuhaow/nekit A toolkit for Network Extension Framework
[2612星][4d] [JS] popcorn-official/popcorn-desktop Popcorn Time is a multi-platform, free software BitTorrent client that includes an integrated media player. Desktop ( Windows / Mac / Linux ) a Butter-Project Fork
[2607星][3y] [Ruby] arachni/arachni Web Application Security Scanner Framework
[2603星][23d] [JS] knownsec/kcon KCon is a famous Hacker Con powered by Knownsec Team.
[2601星][1m] pditommaso/awesome-pipeline A curated list of awesome pipeline toolkits inspired by Awesome Sysadmin
[2596星][21d] [C++] fanout/pushpin Reverse proxy for realtime web services
[2581星][3d] [Go] adguardteam/adguardhome Network-wide ads & trackers blocking DNS server
[2581星][1m] [Shell] medicean/vulapps 快速搭建各种漏洞环境(Various vulnerability environment)
[2575星][2m] [C] huntergregal/mimipenguin dump 当前Linux用户的登录密码
[2574星][8y] [C] id-software/quake Quake GPL Source Release
[2568星][1m] [C] esnet/iperf A TCP, UDP, and SCTP network bandwidth measurement tool
[2566星][2d] [C++] danmar/cppcheck static analysis of C/C++ code
[2565星][5m] [Java] google/binnavi 二进制分析IDE, 对反汇编代码的控制流程图和调用图进行探查/导航/编辑/注释.(IDA插件的作用是导出反汇编)
[2562星][3m] [Py] greenwolf/social_mapper 对多个社交网站的用户Profile图片进行大规模的人脸识别
[2553星][2y] evilsocket/bettercap 中间人攻击框架，功能完整，模块化设计，轻便且易于扩展。
[2551星][9d] [Py] cloudflare/flan A pretty sweet vulnerability scanner
[2549星][6m] [C] geohot/qira QEMU Interactive Runtime Analyser
[2543星][19d] [Py] hugsy/gef gdb增强工具，使用Python API，用于漏洞开发和逆向分析。
[2542星][23d] [Go] drk1wi/modlishka Modlishka. Reverse Proxy.
[2533星][8m] offensive-security/kali-nethunter The Kali NetHunter Project
[2533星][2y] [Py] google/nogotofail 网络安全测试, 辅助定位和修复弱TLS/SSL连接和敏感明文流量
[2526星][2d] [Shell] teddysun/across This is a shell script for configure and start WireGuard VPN server
[2525星][3y] [HTML] dirtycow/dirtycow.github.io Dirty COW
[2522星][26d] [C] yrutschle/sslh Applicative Protocol Multiplexer (e.g. share SSH and HTTPS on the same port)
[2516星][3m] kbandla/aptnotes Various public documents, whitepapers and articles about APT campaigns
[2508星][5m] [Go] oj/gobuster Directory/File, DNS and VHost busting tool written in Go
[2507星][2m] [Java] jboss-javassist/javassist Java bytecode engineering toolkit
[2507星][3y] [C] dhavalkapil/icmptunnel Transparently tunnel your IP traffic through ICMP echo and reply packets.
[2503星][7m] [C++] chengr28/pcap_dnsproxy Pcap_DNSProxy, a local DNS server based on packet capturing
[2501星][28d] [Py] ysrc/xunfeng 巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。
[2498星][6m] taichi-framework/taichi A framework to use Xposed module with or without Root/Unlock bootloader, supportting Android 5.0 ~ 10.0
[2497星][6d] onlurking/awesome-infosec A curated list of awesome infosec courses and training resources.
[2488星][5y] [PHP] audi-1/sqli-labs SQLI labs to test error based, Blind boolean based, Time based.
[2480星][2y] [Py] feross/spoofmac 伪造MAC地址(OS X, Windows, Linux)
[2476星][11m] [JS] weixin/miaow A set of plugins for Sketch include drawing links & marks, UI Kit & Color sync, font & text replacing.
[2476星][4m] [Go] ne0nd0g/merlin Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.
[2469星][6d] [JS] vitaly-t/pg-promise PostgreSQL interface for Node.js
[2466星][30d] [Py] smicallef/spiderfoot 自动收集指定目标的信息：IP、域名、主机名、网络子网、ASN、邮件地址、用户名
[2464星][3m] [C] martin-ger/esp_wifi_repeater A full functional WiFi Repeater (correctly: a WiFi NAT Router)
[2461星][11m] [C#] yck1509/confuserex An open-source, free protector for .NET applications
[2461星][26d] [C++] pavel-odintsov/fastnetmon 快速 DDoS 检测/分析工具，支持 sflow/netflow/mirror
[2454星][21d] [Shell] rebootuser/linenum Scripted Local Linux Enumeration & Privilege Escalation Checks
[2451星][3y] [Py] google/enjarify 将Dalvik字节码转换为对应的Java字节码
[2444星][2d] [PHP] misp/misp MISP (core software) - Open Source Threat Intelligence and Sharing Platform (formely known as Malware Information Sharing Platform)
[2429星][1m] [Py] 0xinfection/awesome-waf
[2423星][2d] [Py] pwndbg/pwndbg GDB插件，辅助漏洞开发和逆向
[2420星][1m] [TSQL] rapid7/metasploitable3 Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities.
[2417星][26d] [Py] infobyte/faraday 渗透测试和漏洞管理平台
[2416星][3y] [Py] arthepsy/ssh-audit SSH server auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)
[2411星][26d] [Py] xmendez/wfuzz Web application fuzzer
[2410星][8m] [Py] lionsec/katoolin Automatically install all Kali linux tools
[2407星][3y] rpisec/malware Course materials for Malware Analysis by RPISEC
[2404星][20d] [Java] m66b/netguard A simple way to block access to the internet per app
[2395星][3y] [OCaml] facebookarchive/pfff 一堆工具的集合，用于执行静态分析、代码可视化、代码导航、保持格式的源码转换（例如：源码重构）。完美支持C、Java、JS、PHP，后续将支持其他一大堆语言。
[2392星][1m] [Go] xtaci/kcp-go provide a smooth, resilient, ordered, error-checked and anonymous delivery of streams over UDP packets,
[2389星][8d] [C] wireshark/wireshark Read-only mirror of Wireshark's Git repository. GitHub won't let us disable pull requests. ☞ THEY WILL BE IGNORED HERE ☜ Please upload them at
[2386星][2y] [Py] secretsquirrel/the-backdoor-factory 为PE, ELF, Mach-O二进制文件添加Shellcode后门
[2384星][2d] [Go] owasp/amass In-depth Attack Surface Mapping and Asset Discovery
[2381星][11m] [C] haad/proxychains a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4, SOCKS5 or HTTP(S) proxy. Supported auth-types: "user/pass" for SOCKS4/5, "basic" for HTTP.
[2376星][2d] [Java] mock-server/mockserver MockServer enables easy mocking of any system you integrate with via HTTP or HTTPS with clients written in Java, JavaScript and Ruby. MockServer also includes a proxy that introspects all proxied traffic including encrypted SSL traffic and supports Port Forwarding, Web Proxying (i.e. HTTP proxy), HTTPS Tunneling Proxying (using HTTP CONNECT) and…
[2376星][1y] [Py] danmcinerney/lans.py Inject code and spy on wifi users
[2369星][7d] security-onion-solutions/security-onion Linux distro for intrusion detection, enterprise security monitoring, and log management
[2369星][2m] [TeX] crypto101/book Crypto 101, the introductory book on cryptography.
[2366星][4m] [Go] mlabouardy/komiser
[2364星][2m] [Py] ab77/netflix-proxy Smart DNS proxy to watch Netflix
[2362星][1m] [Lua] snabbco/snabb Simple and fast packet networking
[2357星][2d] [C] domoticz/domoticz monitor and configure various devices like: Lights, Switches, various sensors/meters like Temperature, Rain, Wind, UV, Electra, Gas, Water and much more
[2352星][1m] [Py] ctfd/ctfd CTFs as you need them
[2349星][11m] hack-with-github/free-security-ebooks Free Security and Hacking eBooks
[2342星][3m] [Go] vuvuzela/vuvuzela Private messaging system that hides metadata
[2340星][6y] [C] stefanesser/dumpdecrypted Dumps decrypted mach-o files from encrypted iPhone applications from memory to disk. This tool is necessary for security researchers to be able to look under the hood of encryption.
[2340星][1m] [C] hfiref0x/uacme Defeating Windows User Account Control
[2337星][1m] [JS] pa11y/pa11y Pa11y is your automated accessibility testing pal
[2335星][3d] [C] tsl0922/ttyd Share your terminal over the web
[2323星][3d] [C#] netchx/netch Game accelerator. Support Socks5, Shadowsocks, ShadowsocksR, V2Ray protocol. UDP NAT FullCone
[2321星][11m] yeyintminthuhtut/awesome-red-teaming List of Awesome Red Teaming Resources
[2318星][5y] [C] abrasive/shairport Airtunes emulator! Shairport is no longer maintained.
[2304星][1y] [Java] csploit/android cSploit - The most complete and advanced IT security professional toolkit on Android.
[2301星][15d] [HTML] tikam02/devops-guide DevOps Guide from basic to advanced with Interview Questions and Notes
[2295星][3y] [Py] lmacken/pyrasite 向运行中的 Python进程注入代码
[2287星][2y] [Py] rootphantomer/blasting_dictionary 爆破字典
[2284星][1m] [C] moby/hyperkit A toolkit for embedding hypervisor capabilities in your application
[2283星][5m] [Py] guohongze/adminset 自动化运维平台：CMDB、CD、DevOps、资产管理、任务编排、持续交付、系统监控、运维管理、配置管理
[2282星][3y] [Py] therook/subbrute A DNS meta-query spider that enumerates DNS records, and subdomains.
[2281星][3m] [JS] retirejs/retire.js scanner detecting the use of JavaScript libraries with known vulnerabilities
[2276星][24d] [JS] talkingdata/inmap 大数据地理可视化
[2274星][1m] [Shell] v1s1t0r1sh3r3/airgeddon This is a multi-use bash script for Linux systems to audit wireless networks.
[2270星][1m] [C] aurorawright/luma3ds Noob-proof (N)3DS "Custom Firmware"
[2255星][3m] [Py] novnc/websockify Websockify is a WebSocket to TCP proxy/bridge. This allows a browser to connect to any application/server/service. Implementations in Python, C, Node.js and Ruby.
[2252星][18d] dumb-password-rules/dumb-password-rules Shaming sites with dumb password rules.
[2252星][1m] [Shell] eliaskotlyar/xiaomi-dafang-hacks
[2248星][12d] [PS] k8gege/k8tools K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)
[2245星][2y] [Go] mehrdadrad/mylg 网络诊断工具
[2226星][5y] [Go] filosottile/heartbleed A checker (site and tool) for CVE-2014-0160
[2217星][1y] [JS] cure53/h5sc HTML5 Security Cheatsheet - A collection of HTML5 related XSS attack vectors
[2215星][6y] [C++] codebutler/firesheep 演示HTTP会话劫持攻击的Firefox扩展
[2213星][2d] [Go] aquasecurity/kube-bench Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark
[2211星][1m] [C] texane/stlink stm32 discovery line linux programmer
[2211星][6d] [Go] google/mtail extract whitebox monitoring data from application logs for collection in a timeseries database
[2209星][22d] [Rust] cloudflare/boringtun an implementation of the WireGuard® protocol designed for portability and speed.
[2192星][23d] [C++] google/bloaty Bloaty McBloatface: a size profiler for binaries
[2189星][1m] sobolevn/awesome-cryptography A curated list of cryptography resources and links.
[2187星][7d] getlantern/lantern-binaries Lantern installers binary downloads.
[2186星][1y] [Py] datasploit/datasploit 对指定目标执行多种侦查技术：企业、人、电话号码、比特币地址等
[2184星][3y] enddo/awesome-windows-exploitation A curated list of awesome Windows Exploitation resources, and shiny things. Inspired by awesom
[2183星][2d] [C] armmbed/mbedtls An open source, portable, easy to use, readable and flexible SSL library
[2179星][1m] [JS] secgroundzero/warberry WarBerryPi - Tactical Exploitation
[2173星][1y] [JS] iam4x/pokemongo-webspoof
[2163星][2m] [Go] mmatczuk/go-http-tunnel Fast and secure tunnels over HTTP/2
[2162星][1y] [C++] maestron/botnets This is a collection of #botnet source codes, unorganized. For EDUCATIONAL PURPOSES ONLY
[2159星][1m] [Py] commixproject/commix Automated All-in-One OS command injection and exploitation tool.
[2158星][9m] exakat/php-static-analysis-tools A reviewed list of useful PHP static analysis tools
[2158星][1m] [C] conorpp/u2f-zero U2F USB token optimized for physical security, affordability, and style
[2158星][2m] [PHP] antonioribeiro/tracker Tracker gathers a lot of information from your requests to identify and store
[2153星][6y] [Ruby] plamoni/siriproxy A (tampering) proxy server for Apple's Siri
[2149星][8d] [Java] google/wycheproof Project Wycheproof tests crypto libraries against known attacks.
[2138星][2m] [Py] trustedsec/unicorn 通过PowerShell降级攻击, 直接将Shellcode注入到内存
[2132星][1m] [Py] jonathansalwan/ropgadget This tool lets you search your gadgets on your binaries to facilitate your ROP exploitation. ROPgadget supports ELF, PE and Mach-O format on x86, x64, ARM, ARM64, PowerPC, SPARC and MIPS architectures.
[2127星][18d] [Assembly] pret/pokered disassembly of Pokémon Red/Blue
[2122星][2y] [Py] rub-nds/pret Printer Exploitation Toolkit - The tool that made dumpster diving obsolete.
[2118星][4d] goq/telegram-list List of telegram groups, channels & bots // Список интересных групп, каналов и ботов телеграма // Список чатов для программистов
[2117星][1m] [Py] elceef/dnstwist 域名置换引擎，用于检测打字错误，网络钓鱼和企业间谍活动
[2116星][7m] [Py] calebmadrigal/trackerjacker 映射你没连接到的Wifi网络, 类似于NMap, 另外可以追踪设备
[2115星][2d] [Py] fortynorthsecurity/eyewitness 给网站做快照，提供服务器Header信息，识别默认凭证等
[2114星][7y] [C++] lloyd/node-memwatch A NodeJS library to keep an eye on your memory usage, and discover and isolate leaks.
[2107星][4y] [C] hashcat/hashcat-legacy Advanced CPU-based password recovery utility
[2105星][8m] [Py] linkedin/qark 查找Android App的漏洞, 支持源码或APK文件
[2103星][3m] yeahhub/hacking-security-ebooks Top 100 Hacking & Security E-Books (Free Download)
[2103星][23d] infoslack/awesome-web-hacking A list of web application security
[2095星][2d] [C] wireguard/wireguard fast, modern, secure kernel VPN tunnel
[2093星][22d] [Ruby] urbanadventurer/whatweb Next generation web scanner
[2084星][5d] [C] flatpak/flatpak Linux application sandboxing and distribution framework
[2078星][1m] [Go] theupdateframework/notary Notary is a project that allows anyone to have trust over arbitrary collections of data
[2071星][15d] [Shell] wulabing/v2ray_ws-tls_bash_onekey V2Ray Nginx+vmess+ws+tls/ http2 over tls 一键安装脚本
[2066星][9m] jermic/android-crack-tool
[2058星][4m] [Py] whaleshark-team/cobra Source Code Security Audit (源代码安全审计)
[2057星][1y] bluscreenofjeff/red-team-infrastructure-wiki Wiki to collect Red Team infrastructure hardening resources
[2054星][7d] swiftonsecurity/sysmon-config Sysmon configuration file template with default high-quality event tracing
[2051星][2m] tanprathan/mobileapp-pentest-cheatsheet The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.
[2048星][6m] [Go] maxmcd/webtty Share a terminal session over WebRTC
[2047星][1m] edoverflow/bugbounty-cheatsheet A list of interesting payloads, tips and tricks for bug bounty hunters.
[2045星][2m] [C++] lordnoteworthy/al-khaser 在野恶意软件使用的技术：虚拟机，仿真，调试器，沙盒检测。
[2045星][8m] [Shell] foospidy/payloads web 攻击 Payload 集合
[2043星][12d] [Py] nabla-c0d3/sslyze SSL/TLS服务器扫描
[2042星][2y] [Py] derv82/wifite 自动化无线攻击工具
[2039星][5d] [C++] openthread/openthread OpenThread released by Google is an open-source implementation of the Thread networking protocol
[2033星][2d] [ObjC] ios-control/ios-deploy Install and debug iPhone apps from the command line, without using Xcode
[2033星][2d] [Py] sensepost/objection runtimemobile exploration
[2029星][3d] [Go] goodrain/rainbond Enterprise application cloud operating system(企业应用云操作系统)
[2025星][5y] [CoffeeScript] shadowsocks/shadowsocks-gui Shadowsocks GUI client
[2024星][2d] [C++] darthton/blackbone Windows memory hacking library
[2017星][3y] [Swift] urinx/iosapphook 专注于非越狱环境下iOS应用逆向研究，从dylib注入，应用重签名到App Hook
[2016星][23d] [Java] genymobile/gnirehtet Gnirehtet provides reverse tethering for Android
[2016星][9m] [C] dekunukem/nintendo_switch_reverse_engineering A look at inner workings of Joycon and Nintendo Switch
[2014星][1y] [C] xoreaxeaxeax/rosenbridge Hardware backdoors in some x86 CPUs
[2014星][5d] [Java] jeremylong/dependencycheck OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
[2005星][4y] [C] probablycorey/wax Wax is now being maintained by alibaba
[2003星][2m] [Go] skynetservices/skydns DNS service discovery for etcd
[2000星][1m] qazbnm456/awesome-cve-poc CVE PoC列表
[1996星][29d] [Java] elderdrivers/edxposed Elder driver Xposed Framework.
[1994星][7m] [Py] fsecurelabs/drozer The Leading Security Assessment Framework for Android.
[1994星][3m] infosecn1nja/ad-attack-defense Attack and defend active directory using modern post exploitation adversary tradecraft activity
[1994星][27d] [Swift] github/softu2f Software U2F authenticator for macOS
[1992星][5d] [C#] mathewsachin/captura Capture Screen, Audio, Cursor, Mouse Clicks and Keystrokes
[1990星][8d] [HTML] gtfobins/gtfobins.github.io Curated list of Unix binaries that can be exploited to bypass system security restrictions
[1989星][4y] [Go] yahoo/gryffin Gryffin is a large scale web security scanning platform.
[1989星][2m] [C++] asmjit/asmjit Complete x86/x64 JIT and AOT Assembler for C++
[1987星][2y] dloss/python-pentest-tools 可用于渗透测试的Python工具收集
[1977星][5d] [Go] projectdiscovery/subfinder Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.
[1977星][5d] [Go] projectdiscovery/subfinder 使用Passive Sources, Search Engines, Pastebins, Internet Archives等查找子域名
[1972星][1m] [Py] momosecurity/aswan 陌陌风控系统静态规则引擎，零基础简易便捷的配置多种复杂规则，实时高效管控用户异常行为。
[1971星][5d] [Py] j3ssie/osmedeus Fully automated offensive security framework for reconnaissance and vulnerability scanning
[1966星][11d] [Go] ullaakut/cameradar Cameradar hacks its way into RTSP videosurveillance cameras
[1966星][9m] [JS] weichiachang/stacks-cli Check website stack from the terminal
[1966星][1y] [BitBake] 1n3/intruderpayloads A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.
[1955星][7d] [Perl] spiderlabs/owasp-modsecurity-crs OWASP ModSecurity Core Rule Set (CRS) Project (Official Repository)
[1953星][2y] obfuscator-llvm/obfuscator Obfuscator-LLVM
[1952星][1y] [Go] hyperhq/hyperd HyperContainer Daemon
[1951星][8d] [Py] cea-sec/miasm Reverse engineering framework in Python
[1947星][29d] [Py] nixawk/pentest-wiki PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.
[1945星][5d] [C] microsoft/procdump-for-linux Linux 版本的 ProcDump
[1942星][3y] [C#] lazocoder/windows-hacks Creative and unusual things that can be done with the Windows API.
[1938星][4m] [C] meituan-dianping/logan Logan is a lightweight case logging system based on mobile platform.
[1938星][7d] [Go] zalando/skipper An HTTP router and reverse proxy for service composition, including use cases like Kubernetes Ingress
[1935星][19d] [Go] mpolden/echoip IP address lookup service
[1933星][5m] [C] darkk/redsocks transparent TCP-to-proxy redirector
[1923星][3y] [Py] aoncyberlabs/windows-exploit-suggester This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins.
[1920星][4y] [Py] ziggear/shadowsocks backup of
[1920星][2d] [C++] powerdns/pdns PowerDNS
[1920星][9d] [CSS] cyb3rward0g/helk 对ELK栈进行分析，具备多种高级功能，例如SQL声明性语言，图形，结构化流，机器学习等
[1918星][3m] toolswatch/blackhat-arsenal-tools Black Hat 武器库
[1917星][2d] [C] ntop/ndpi Open Source Deep Packet Inspection Software Toolkit
[1915星][18d] [Py] lanjelot/patator Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.
[1914星][7d] [Go] solo-io/gloo An Envoy-Powered API Gateway
[1914星][2d] chaitin/xray xray 安全评估工具 | 使用之前务必先阅读文档
[1903星][3m] [Go] minishift/minishift Run OpenShift 3.x locally
[1901星][9d] [C] chipsec/chipsec 分析PC平台的安全性, 包括硬件、系统固件（BIOS/UEFI）和平台组件
[1900星][1y] [Py] derv82/wifite2 无线网络审计工具wifite 的升级版/重制版
[1898星][3d] [C++] mhammond/pywin32 Python for Windows (pywin32) Extensions
[1896星][7d] [Shell] toniblyx/prowler AWS Security Best Practices Assessment, Auditing, Hardening and Forensics Readiness Tool. It follows guidelines of the CIS Amazon Web Services Foundations Benchmark and DOZENS of additional checks including GDPR and HIPAA (+100). Official CIS for AWS guide:
[1893星][6d] [Py] mozilla/mozdef Mozilla Enterprise Defense Platform
[1893星][6m] [Java] fuzion24/justtrustme An xposed module that disables SSL certificate checking for the purposes of auditing an app with cert pinning
[1886星][4m] [C] shadowsocks/simple-obfs A simple obfuscating tool (Deprecated)
[1884星][1y] [Py] aploium/zmirror The next-gen reverse proxy for full site mirroring
[1880星][4m] [Py] python-security/pyt Python Web App 安全漏洞检测和静态分析工具
[1878星][16d] [YARA] yara-rules/rules Repository of yara rules
[1878星][5y] [C++] tum-vision/lsd_slam LSD-SLAM
[1878星][2m] [Py] pycqa/bandit 在Python代码中查找常见的安全问题
[1877星][2d] [C] merbanan/rtl_433 Program to decode traffic from Devices that are broadcasting on 433.9 MHz like temperature sensors
[1876星][9d] olivierlaflamme/cheatsheet-god Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet
[1876星][27d] hmaverickadams/beginner-network-pentesting Notes for Beginner Network Pentesting Course
[1873星][12d] [Py] aquasecurity/kube-hunter Hunt for security weaknesses in Kubernetes clusters
[1870星][5d] [C#] hmbsbige/shadowsocksr-windows 【自用】Bug-Oriented Programming
[1869星][6d] [Java] adoptopenjdk/jitwatch Log analyser / visualiser for Java HotSpot JIT compiler. Inspect inlining decisions, hot methods, bytecode, and assembly. View results in the JavaFX user interface.
[1865星][6d] [C++] acidanthera/lilu Arbitrary kext and process patching on macOS
[1865星][10m] [PHP] bartblaze/php-backdoors A collection of PHP backdoors. For educational or testing purposes only.
[1864星][23d] [C] tinyproxy/tinyproxy a light-weight HTTP/HTTPS proxy daemon for POSIX operating systems
[1862星][4y] [ObjC] xcodeghostsource/xcodeghost "XcodeGhost" Source
[1860星][9d] [Lua] vulnerscom/nmap-vulners NSE script based on Vulners.com API
[1857星][5m] bypass007/emergency-response-notes 应急响应实战笔记，一个安全工程师的自我修养。
[1855星][2m] [Py] pwnlandia/mhn 蜜罐网络
[1854星][5d] [TS] snyk/snyk CLI and build-time tool to find & fix known vulnerabilities in open-source dependencies
[1854星][11m] [C++] googlecreativelab/open-nsynth-super Open NSynth Super is an experimental physical interface for the NSynth algorithm
[1853星][2d] [Py] bregman-arie/devops-interview-questions Linux, Jenkins, AWS, SRE, Prometheus, Docker, Python, Ansible, Git, Kubernetes, Terraform, OpenStack, SQL, NoSQL, Azure, GCP, DNS, Elastic
[1853星][4m] [Shell] arismelachroinos/lscript 自动化无线渗透和Hacking 任务的脚本
[1852星][3d] [C] github/glb-director GitHub Load Balancer Director and supporting tooling.
[1851星][1y] [Java] jindrapetrik/jpexs-decompiler JPEXS Free Flash Decompiler
[1848星][6m] [Assembly] pooler/cpuminer cpuminer：莱特币和比特币的多线程 CPU 矿机
[1847星][8m] [Py] netflix-skunkworks/stethoscope Personalized, user-focused recommendations for employee information security.
[1842星][1m] [Jupyter Notebook] hunters-forge/threathunter-playbook A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.
[1842星][1y] [Java] yeriomin/yalpstore Download apks from Google Play Store
[1842星][2d] [C++] pytorch/glow Compiler for Neural Network hardware accelerators
[1841星][2m] [C] retroplasma/earth-reverse-engineering Reversing Google's 3D satellite mode
[1839星][3y] [Java] chora10/cknife Cknife
[1838星][1y] [Py] jinnlynn/genpac PAC/Dnsmasq/Wingy file Generator, working with gfwlist, support custom rules.
[1830星][2m] [Go] influxdata/kapacitor Open source framework for processing, monitoring, and alerting on time series data
[1828星][3m] [JS] coreybutler/node-windows Windows support for Node.JS scripts (daemons, eventlog, UAC, etc).
[1828星][1y] [CSS] ctfs/write-ups-2015 Wiki-like CTF write-ups repository, maintained by the community. 2015
[1824星][5d] [Py] trailofbits/manticore 动态二进制分析工具，支持符号执行（symbolic execution）、污点分析（taint analysis）、运行时修改。
[1819星][6d] [C] mgba-emu/mgba mGBA Game Boy Advance Emulator
[1818星][2m] djadmin/awesome-bug-bounty A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups.
[1815星][5m] [Py] veil-framework/veil generate metasploit payloads that bypass common anti-virus solutions
[1814星][6m] [C++] iagox86/dnscat2 在 DNS 协议上创建加密的 C&C channel
[1804星][10d] [Go] gdamore/tcell Tcell is an alternate terminal package, similar in some ways to termbox, but better in others.
[1801星][12m] [Go] intelsdi-x/snap an open telemetry framework designed to simplify the collection, processing and publishing of system data through a single API.
[1800星][3y] [ObjC] kpwn/yalu102 incomplete iOS 10.2 jailbreak for 64 bit devices by qwertyoruiopz and marcograssi
[1795星][7m] [Py] lijiejie/subdomainsbrute 子域名爆破
[1790星][12m] [Py] ctfs/write-ups-2017 Wiki-like CTF write-ups repository, maintained by the community. 2017
[1785星][1y] aozhimin/ios-monitor-platform
[1784星][16d] [Shell] pirate/wireguard-docs
[1781星][15d] [Shell] leebaird/discover 自定义的bash脚本, 用于自动化多个渗透测试任务, 包括: 侦查、扫描、解析、在Metasploit中创建恶意Payload和Listener
[1779星][4y] caesar0301/awesome-pcaptools A collection of tools developed by other researchers in the Computer Science area to process network traces. All the right reserved for the original authors.
[1778星][15d] [C++] apitrace/apitrace Tools for tracing OpenGL, Direct3D, and other graphics APIs
[1777星][7m] [C++] wrbug/dumpdex Android脱壳
[1777星][7d] [PHP] ezyang/htmlpurifier Standards compliant HTML filter written in PHP
[1777星][5d] [Go] convox/rack Private PaaS built on native AWS services for maximum privacy and minimum upkeep
[1774星][3y] [ObjC] tapwork/heapinspector-for-ios Find memory issues & leaks in your iOS app without instruments
[1774星][3m] [Py] epinna/weevely3 Weaponized web shell
[1772星][2y] [JS] cazala/coin-hive CoinHive cryptocurrency miner for node.js
[1770星][3y] [ObjC] alibaba/wax Wax is a framework that lets you write native iPhone apps in Lua.
[1761星][6d] [C] google/wuffs Wrangling Untrusted File Formats Safely
[1761星][2y] [CSS] b374k/b374k PHP Webshell with handy features
[1760星][3y] [Go] elastic/logstash-forwarder An experiment to cut logs in preparation for processing elsewhere. Replaced by Filebeat:
[1758星][12m] [JS] puppeteer/examples Use case-driven examples for using Puppeteer and headless chrome
[1756星][10d] 17mon/china_ip_list
[1754星][2m] onethawt/idaplugins-list IDA插件收集
[1747星][2d] [PHP] wordpress/wordpress-coding-standards PHP_CodeSniffer rules (sniffs) to enforce WordPress coding conventions
[1745星][1y] [PS] fuzzysecurity/powershell-suite My musings with PowerShell
[1744星][1y] coreb1t/awesome-pentest-cheat-sheets Collection of the cheat sheets useful for pentesting
[1742星][3m] tunz/js-vuln-db A collection of JavaScript engine CVEs with PoCs
[1739星][21d] ngalongc/bug-bounty-reference Inspired by
[1738星][2y] [Go] vzex/dog-tunnel p2p tunnel,(udp mode work with kcp,
[1735星][2m] [PHP] orangetw/my-ctf-web-challenges Collection of CTF Web challenges I made
[1731星][1m] [PS] fireeye/flare-vm 火眼发布用于 Windows 恶意代码分析的虚拟机：FLARE VM
[1730星][3y] [Go] s-rah/onionscan OnionScan is a free and open source tool for investigating the Dark Web.
[1730星][6m] [Smali] ahmyth/ahmyth-android-rat Android Remote Administration Tool
[1723星][14d] selierlin/share-ssr-v2ray
[1719星][4d] [C] google/honggfuzz Security oriented fuzzer with powerful analysis options. Supports evolutionary, feedback-driven fuzzing based on code coverage (software- and hardware-based)
[1718星][9m] [Py] constverum/proxybroker Proxy [Finder | Checker | Server]. HTTP(S) & SOCKS
[1717星][4m] [Py] lgandx/responder Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
[1714星][5d] [Ruby] cliffe/secgen Create randomly insecure VMs
[1710星][1m] [Go] eth0izzle/shhgit 监听Github Event API，实时查找Github代码和Gist中的secret和敏感文件
[1709星][3m] [Py] anorov/cloudflare-scrape A Python module to bypass Cloudflare's anti-bot page.
[1709星][1y] [Java] ac-pm/inspeckage Android Package Inspector - dynamic analysis with api hooks, start unexported activities and more. (Xposed Module)
[1707星][3d] [TSQL] brentozarultd/sql-server-first-responder-kit sp_Blitz, sp_BlitzCache, sp_BlitzFirst, sp_BlitzIndex, and other SQL Server scripts for health checks and performance tuning.
[1706星][16d] [Go] hashicorp/memberlist Golang package for gossip based membership and failure detection
[1700星][8m] [Py] guelfoweb/knock 使用 Wordlist 枚举子域名
[1697星][9m] [CSS] bagder/http2-explained A detailed document explaining and documenting HTTP/2, the successor to the widely popular HTTP/1.1 protocol
[1696星][3m] [PHP] xtr4nge/fruitywifi FruityWiFi is a wireless network auditing tool. The application can be installed in any Debian based system (Jessie) adding the extra packages. Tested in Debian, Kali Linux, Kali Linux ARM (Raspberry Pi), Raspbian (Raspberry Pi), Pwnpi (Raspberry Pi), Bugtraq, NetHunter.
[1696星][1y] [Swift] haxpor/potatso Potatso is an iOS client that implements Shadowsocks proxy with the leverage of NetworkExtension framework. ***This project is unmaintained, try taking a look at this fork
[1695星][6m] [Py] yelp/osxcollector A forensic evidence collection & analysis toolkit for OS X
[1695星][3y] [CoffeeScript] okturtles/dnschain A blockchain-based DNS + HTTP server that fixes HTTPS security, and more!
[1689星][5m] [C] networkprotocol/netcode.io A protocol for secure client/server connections over UDP
[1687星][5m] [JS] expressjs/csurf CSRF token middleware
[1687星][15d] [HTML] chromium/badssl.com
[1686星][8m] [Makefile] raspberrypi/noobs NOOBS (New Out Of Box Software) - An easy Operating System install manager for the Raspberry Pi
[1685星][4m] [R] briatte/awesome-network-analysis A curated list of awesome network analysis resources.
[1683星][1y] owasp/devguide The OWASP Guide
[1682星][3m] [Py] rootm0s/winpwnage UAC bypass, Elevate, Persistence and Execution methods
[1677星][30d] [Swift] pmusolino/wormholy iOS network debugging, like a wizard 🧙‍♂️
[1674星][2d] [C++] microsoft/detours Detours is a software package for monitoring and instrumenting API calls on Windows. It is distributed in source code form.
[1671星][7m] [C++] yegord/snowman Snowman反编译器，支持x86, AMD64, ARM。有独立的GUI工具、命令行工具、IDA/Radare2/x64dbg插件，也可以作为库使用
- IDA插件
- snowman QT界面
- nocode 命令行工具
- nc 核心代码，可作为库使用
[1668星][2m] [NSIS] angryip/ipscan Angry IP Scanner - fast and friendly network scanner
[1666星][2d] [Java] apache/geode Apache Geode
[1663星][4y] [Java] dodola/hotfix 安卓App热补丁动态修复框架
[1661星][6m] [C] easyhook/easyhook The reinvention of Windows API Hooking
[1661星][2d] [Py] cea-sec/ivre Network recon framework.
[1659星][10d] roave/securityadvisories ensures that your application doesn't have installed dependencies with known security vulnerabilities
[1656星][6d] [JS] tylerbrock/mongo-hacker MongoDB Shell Enhancements for Hackers
[1655星][3m] [Py] boppreh/keyboard Hook and simulate global keyboard events on Windows and Linux.
[1654星][2d] [JS] ghacksuserjs/ghacks-user.js An ongoing comprehensive user.js template for configuring and hardening Firefox privacy, security and anti-fingerprinting
[1652星][2y] [Shell] juude/droidreverse android 逆向工程工具集
[1652星][7m] dsasmblr/game-hacking Tutorials, tools, and more as related to reverse engineering video games.
[1651星][10m] [JS] evilcos/xssor2 XSS'OR - Hack with JavaScript.
[1650星][1m] [Py] ehco1996/django-sspanel 用diango开发的全新的shadowsocks网络面板
[1650星][7d] [HTML] clong/detectionlab Vagrant & Packer scripts to build a lab environment complete with security tooling and logging best practices
[1649星][1y] [Py] evyatarmeged/raccoon 高性能的侦查和漏洞扫描工具
[1648星][2d] [C#] jbevain/cecil C#库, 探查/修改/生成 .NET App/库
[1645星][3y] [JS] camwiegert/baffle A tiny javascript library for obfuscating and revealing text in DOM elements.
[1643星][9m] tylerha97/awesome-reversing A curated list of awesome reversing resources
[1643星][11m] [Java] fesh0r/fernflower Unofficial mirror of FernFlower Java decompiler (All pulls should be submitted upstream)
[1638星][4y] [Py] ctfs/write-ups-2014 Wiki-like CTF write-ups repository, maintained by the community. 2014
[1638星][11m] [C] dlundquist/sniproxy Proxies incoming HTTP and TLS connections based on the hostname contained in the initial request of the TCP session.
[1638星][4y] [Py] ctfs/write-ups-2014 Wiki-like CTF write-ups repository, maintained by the community. 2014
[1636星][4m] [Java] jaredrummler/androidprocesses DEPRECATED
[1634星][14d] [Go] awnumar/memguard 处理内存中敏感的值，纯Go语言编写。
[1631星][6m] [Objective-C++] tencent/oomdetector OOMDetector is a memory monitoring component for iOS which provides you with OOM monitoring, memory allocation monitoring, memory leak detection and other functions.
[1630星][6d] [JS] efforg/privacybadger Privacy Badger is a browser extension that automatically learns to block invisible trackers.
[1630星][29d] [PHP] c0ny1/upload-labs 一个帮你总结所有类型的上传漏洞的靶场
[1629星][5d] sarojaba/awesome-devblog 어썸데브블로그. 국내 개발 블로그 모음(only 실명으로).
[1624星][2y] jhaddix/tbhm The Bug Hunters Methodology
[1624星][4m] [CSS] functionclub/v2ray.fun 正在开发的全新 V2ray.Fun
[1621星][2m] [Shell] internetwache/gittools find websites with their .git repository available to the public
[1618星][28d] [Java] tiann/epic Dynamic java method AOP hook for Android(continution of Dexposed on ART), Supporting 4.0~10.0
[1615星][2y] [JS] addyosmani/a11y Accessibility audit tooling for the web (beta)
[1614星][2m] [Go] ysrc/yulong-hids 一款由 YSRC 开源的主机入侵检测系统
[1614星][7m] [Go] sipt/shuttle A web proxy in Golang with amazing features.
[1612星][3y] [Makefile] drizzlerisk/drizzledumper 是一款基于内存搜索的Android脱壳工具。
[1608星][9m] [JS] localtunnel/server server for localtunnel.me
[1608星][10m] [C] nmikhailov/validity90 Reverse engineering of Validity/Synaptics 138a:0090, 138a:0094, 138a:0097, 06cb:0081, 06cb:009a fingerprint readers protocol
[1606星][2d] [C++] lief-project/lief Library to Instrument Executable Formats
[1602星][6m] [Py] w1109790800/penetration 渗透超全面的渗透资料
[1601星][1y] [Py] nccgroup/scout2 Security auditing tool for AWS environments
[1601星][5m] [Py] mozilla/cipherscan 查找指定目标支持的SSL ciphersuites
[1600星][5d] [Go] bitnami-labs/sealed-secrets A Kubernetes controller and tool for one-way encrypted Secrets
[1599星][2y] [JS] keraf/nocoin No Coin is a tiny browser extension aiming to block coin miners such as Coinhive.
[1598星][15d] [Java] spotbugs/spotbugs SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.
[1597星][3m] [Py] knownsec/pocsuite This project has stopped to maintenance, please to
[1591星][28d] [C] ntop/n2n Peer-to-peer VPN
[1591星][24d] ivrodriguezca/re-ios-apps A completely free, open source and online course about Reverse Engineering iOS Applications.
[1584星][6m] [Ruby] brunofacca/zen-rails-security-checklist Checklist of security precautions for Ruby on Rails applications.
[1583星][4y] l3m0n/pentest_study 从零开始内网渗透学习
[1582星][1m] [ObjC] ealeksandrov/provisionql Quick Look plugin for apps and provisioning profile files
[1581星][1y] [C] qihoo360/phptrace A tracing and troubleshooting tool for PHP scripts.
[1570星][2m] [C] firmianay/ctf-all-in-one CTF竞赛入门指南
[1569星][2y] [C] samyk/pwnat The only tool and technique to punch holes through firewalls/NATs where both clients and server can be behind separate NATs without any 3rd party involvement. Pwnat uses a newly developed technique, exploiting a property of NAT translation tables, with no 3rd party, port forwarding, DMZ, router administrative requirements, STUN/TURN/UPnP/ICE, or…
[1569星][29d] [Py] opendevops-cn/opendevops CODO是一款为用户提供企业多混合云、一站式DevOps、自动化运维、完全开源的云管理平台、自动化运维平台
[1566星][14d] [C] codahale/bcrypt-ruby Ruby binding for the OpenBSD bcrypt() password hashing algorithm, allowing you to easily store a secure hash of your users' passwords.
[1565星][17d] [Go] sofastack/sofa-mosn 使用 Go 语言开发的网络代理软件，作为云原生的网络数据平面，旨在为服务提供多协议，模块化，智能化，安全的代理能力
[1562星][19d] [C] p-gen/smenu Terminal utility that reads words from standard input or from a file and creates an interactive selection window just below the cursor. The selected word(s) are sent to standard output for further processing.
[1562星][14d] [Py] k4m4/kickthemout 使用ARP欺骗，将设备从网络中踢出去
[1561星][16d] [Java] gchq/gaffer A large-scale entity and relation database supporting aggregation of properties
[1560星][1y] [Py] unkl4b/gitminer Github内容挖掘
[1560星][6d] [Go] caffix/amass 子域名枚举, 搜索互联网数据源, 使用机器学习猜测子域名. Go语言
[1557星][8m] [Py] m4ll0k/wascan WAScan - Web Application Scanner
[1556星][15d] [Go] eolinker/goku-api-gateway A Powerful HTTP API Gateway in pure golang！Goku API Gateway （中文名：悟空 API 网关）是一个基于 Golang开发的微服务网关，能够实现高性能 HTTP API 转发、服务编排、多租户管理、API 访问权限控制等目的，拥有强大的自定义插件系统可以自行扩展，并且提供友好的图形化配置界面，能够快速帮助企业进行 API 服务治理、提高 API 服务的稳定性和安全性。
[1555星][1m] [Shell] mzet-/linux-exploit-suggester Linux privilege escalation auditing tool
[1549星][7d] [PHP] mewebstudio/captcha Captcha for Laravel 5 & 6
[1549星][1m] [Py] joxeankoret/diaphora program diffing
[1548星][1y] [C] ctfs/write-ups-2016 Wiki-like CTF write-ups repository, maintained by the community. 2016
[1544星][15d] [C] raspberrypi/userland Source code for ARM side libraries for interfacing to Raspberry Pi GPU.
[1544星][6y] [Py] google/pyringe Debugger capable of attaching to and injecting code into python processes.
[1543星][2d] [Go] juju/juju Simple, secure devops tooling built to manage today's complex applications wherever you run your software.
[1541星][2y] [Py] awolfly9/ipproxytool python ip proxy tool scrapy crawl. 抓取大量免费代理 ip，提取有效 ip 使用
[1540星][2y] [C++] hteso/iaito Radare2 GUI，使用Qt和C++
[1539星][2y] [C] ezlippi/webbench Webbench是Radim Kolar在1997年写的一个在linux下使用的非常简单的网站压测工具。它使用fork()模拟多个客户端同时访问我们设定的URL，测试网站在压力下工作的性能，最多可以模拟3万个并发连接去测试网站的负载能力。官网地址:
[1537星][9d] [Py] lifting-bits/mcsema 将x86, amd64, aarch64二进制文件转换成LLVM字节码
- IDA7插件用于反汇编二进制文件并生成控制流程图
- IDA插件用于反汇编二进制文件并生成控制流程图
- Binja插件用于反汇编二进制文件并生成控制流程图
- mcsema
[1536星][4d] [Java] ukanth/afwall AFWall+ (Android Firewall +) - iptables based firewall for Android
[1533星][13d] emijrp/awesome-awesome A curated list of awesome curated lists of many topics.
[1532星][3y] [Py] x0rz/eqgrp_lost_in_translation ShadowBrokers泄漏
[1526星][2d] [C++] nmap/npcap Nmap Project's packet sniffing library for Windows, based on WinPcap/Libpcap improved with NDIS 6 and LWF.
[1522星][1y] [HTML] qiwihui/hiwifi-ss 极路由+ss配置
[1521星][4m] [TS] spring-guides/tut-spring-security-and-angular-js Spring Security and Angular:: A tutorial on how to use Spring Security with a single page application with various backend architectures, ranging from a simple single server to an API gateway with OAuth2 authentication.
[1521星][3d] [C] jiangwenyuan/nuster A high performance HTTP proxy cache server and RESTful NoSQL cache server based on HAProxy
[1519星][10m] [PS] joefitzgerald/packer-windows 使用Packer创建Vagrant boxes的模板
[1518星][9m] [Py] google/rekall Rekall Memory Forensic Framework
[1517星][8d] [Py] zerosum0x0/koadic 类似于Meterpreter、Powershell Empire 的post-exploitation rootkit，区别在于其大多数操作都是由 Windows 脚本主机 JScript/VBScript 执行
[1516星][5m] snowming04/the-hacker-playbook-3-translation 对 The Hacker Playbook 3 的翻译。
[1514星][3y] [Py] sensepost/regeorg The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.
[1510星][1y] dripcap/dripcap
[1508星][2m] [Shell] haugene/docker-transmission-openvpn Docker container running Transmission torrent client with WebUI over an OpenVPN tunnel
[1505星][2y] [Py] eldraco/domain_analyzer 通过查找所有能够查找的信息，来分析任意域名的安全性
[1504星][27d] [Py] hannob/snallygaster Python脚本, 扫描HTTP服务器"秘密文件"
[1499星][5d] [YARA] cybermonitor/apt_cybercriminal_campagin_collections APT & CyberCriminal Campaign Collection
[1497星][4m] [Py] epinna/tplmap 代码注入和服务器端模板注入（Server-Side Template Injection）漏洞利用，若干沙箱逃逸技巧。
[1489星][5d] [Py] ahupp/python-magic A python wrapper for libmagic
[1486星][2y] [Kotlin] gh0u1l5/wechatmagician WechatMagician is a Xposed module written in Kotlin, that allows you to completely control your Wechat.
[1485星][7m] [C++] wangyu-/tinyfecvpn A VPN Designed for Lossy Links, with Build-in Forward Error Correction(FEC) Support. Improves your Network Quality on a High-latency Lossy Link.
[1482星][7d] [Py] bitsadmin/wesng Windows Exploit Suggester - Next Generation
[1481星][2d] [C] sleuthkit/sleuthkit The Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence.
[1480星][1y] [C++] f1xpl/openauto AndroidAuto headunit emulator
[1479星][3d] [C] ctcaer/hekate Nintendo Switch Bootloader - CTCaer mod
[1478星][8d] [C] iqiyi/xhook a PLT (Procedure Linkage Table) hook library for Android native ELF
[1477星][2d] [Shell] blackarch/blackarch BlackArch Linux is an Arch Linux-based distribution for penetration testers and security researchers.
[1476星][2m] [C++] jmpews/hookzz a hook framework for arm/arm64/ios/android, and [dev] branch is being refactored.
[1471星][27d] minimaxir/hacker-news-undocumented Some of the hidden norms about Hacker News not otherwise covered in the Guidelines and the FAQ.
[1470星][3y] [Py] veil-framework/veil-evasion a tool designed to generate metasploit payloads that bypass common anti-virus solutions.
[1470星][2d] [Go] google/keytransparency A transparent and secure way to look up public keys.
[1469星][6y] [C] alibaba/lvs A distribution of Linux Virtual Server with some advanced features. It introduces a new packet forwarding method - FULLNAT other than NAT/Tunneling/DirectRouting, and defense mechanism against synflooding attack - SYNPROXY.
[1466星][29d] [Go] neex/phuip-fpizdam Exploit for CVE-2019-11043
[1464星][6m] [Py] oros42/imsi-catcher This program show you IMSI numbers of cellphones around you.
[1463星][7d] [C] ufrisk/pcileech DMA攻击工具。通过 PCIe 硬件设备使用 DMA，直接读写目标系统的内存。目标系统不需要安装驱动。
[1462星][9d] edoverflow/can-i-take-over-xyz "Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
[1459星][3d] [Py] enablesecurity/wafw00f 识别保护网站的WAF产品
[1458星][1y] [C++] acaudwell/logstalgia a visualization tool that replays or streams web server access logs as a retro arcade game simulation.
[1455星][1y] [Py] d4vinci/cr3dov3r Know the dangers of credential reuse attacks.
[1453星][13d] [C++] srslte/srslte Open source SDR LTE software suite from Software Radio Systems (SRS)
[1451星][2d] [Py] rocky/python-uncompyle6 Python反编译器，跨平台
[1447星][3y] tiancode/learn-hacking 开始学习Kali Linux 各种破解教程渗透测试逆向工程 HackThisSite挑战问题解答
[1447星][3y] tiancode/learn-hacking 开始学习Kali Linux 各种破解教程渗透测试逆向工程 HackThisSite挑战问题解答
[1447星][2m] [Py] neo23x0/loki Loki - Simple IOC and Incident Response Scanner
[1446星][5d] [C] tianocore/edk2 A modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications
[1446星][20d] [Go] skydive-project/skydive An open source real-time network topology and protocols analyzer
[1446星][14d] [C++] microsoft/seal Microsoft SEAL is an easy-to-use and powerful homomorphic encryption library.
[1445星][3m] [C++] vaibhavpandeyvpz/apkstudio Open-source, cross platform Qt based IDE for reverse-engineering Android application packages.
[1437星][5d] [Go] google/gapid Graphics API Debugger
[1436星][20d] [Kotlin] cypherpunkarmory/userland The easiest way to run a Linux distribution or application on Android
[1433星][11m] [C] tpruvot/ccminer CUDA Open Source miner project, for most nvidia cards
[1433星][1y] [TS] pedronauck/reworm
[1432星][6m] [C++] x64dbg/scyllahide Advanced usermode anti-anti-debugger
[1432星][2m] [C] feralinteractive/gamemode Optimise Linux system performance on demand
[1429星][5y] [C++] gdbinit/machoview MachOView fork
[1427星][9d] [ObjC] nabla-c0d3/ssl-kill-switch2 Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS and OS X Apps
[1426星][20d] [C++] plasma-umass/coz Finding Code that Counts with Causal Profiling
[1426星][4y] [C++] aappleby/smhasher Automatically exported from code.google.com/p/smhasher
[1425星][3m] [Go] google/stenographer Stenographer is a packet capture solution which aims to quickly spool all packets to disk, then provide simple, fast access to subsets of those packets. Discussion/announcements at [email protected]
[1424星][8y] [Py] moxie0/sslstrip A tool for exploiting Moxie Marlinspike's SSL "stripping" attack.
[1424星][11m] [Java] aslody/legend (Android)无需Root即可Hook Java方法的框架, 支持Dalvik和Art环境
[1423星][14d] [Go] google/google-ctf Google CTF
[1422星][3y] [Py] nathanlopez/stitch Python Remote Administration Tool (RAT)
[1422星][3y] mandatoryprogrammer/northkoreadnsleak Snapshot of North Korea's DNS data taken from zone transfers.
[1419星][1m] [Py] xdavidhu/mitmap
[1419星][3y] [C] antirez/dump1090 Dump1090 is a simple Mode S decoder for RTLSDR devices
[1418星][5m] [PHP] s4n7h0/xvwa XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security.
[1417星][4m] yadox666/the-hackers-hardware-toolkit 用于Red Team、渗透、安全研究的最佳硬件产品集合
[1417星][4d] [Rust] shadowsocks/shadowsocks-rust A Rust port of shadowsocks
[1417星][1m] [Go] barnybug/cli53 Command line tool for Amazon Route 53
[1415星][7d] [C] z3apa3a/3proxy 3proxy - tiny free proxy server
[1414星][8d] [C] ettercap/ettercap Ettercap Project
[1413星][24d] [XSLT] lolbas-project/lolbas Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
[1413星][24d] [Java] chrisk44/hijacker Aircrack, Airodump, Aireplay, MDK3 and Reaver GUI Application for Android
[1412星][9d] [C] namhyung/uftrace Function (graph) tracer for user-space
[1412星][5m] gitguardian/apisecuritybestpractices Resources to help you keep secrets (API keys, database credentials, certificates, ...) out of source code and remediate the issue in case of a leaked API key. Made available by GitGuardian.
[1411星][7d] [C++] eteran/edb-debugger edb is a cross platform AArch32/x86/x86-64 debugger.
[1411星][3d] [Go] cosmos72/gomacro Interactive Go interpreter and debugger with REPL, Eval, generics and Lisp-like macros
[1410星][3m] [Go] hellogcc/100-gdb-tips A collection of gdb tips. 100 maybe just mean many here.
[1408星][3m] [HTML] owasp/top10 Official OWASP Top 10 Document Repository
[1407星][4d] [C++] google/nsjail A light-weight process isolation tool, making use of Linux namespaces and seccomp-bpf syscall filters (with help of the kafel bpf language)
[1405星][1y] [HTML] gwuhaolin/blog 浩麟的技术博客
[1405星][1y] [C++] dotnet/llilc This repo contains LLILC, an LLVM based compiler for .NET Core. It includes a set of cross-platform .NET code generation tools that enables compilation of MSIL byte code to LLVM supported platforms.
[1404星][7d] [Java] chinashiyu/gfw.press GFW.Press新一代军用级高强度加密抗干扰网络数据高速传输软件
[1403星][2d] [Go] crazy-max/windowsspyblocker
[1401星][9m] [JS] anttiviljami/browser-autofill-phishing A simple demo of phishing by abusing the browser autofill feature
[1399星][16d] [Swift] johnno1962/injectioniii Re-write of Injection for Xcode in (mostly) Swift4
[1397星][1y] [Go] filosottile/whosthere A ssh server that knows who you are
[1396星][3y] [PS] putterpanda/mimikittenz A post-exploitation powershell tool for extracting juicy info from memory.
[1395星][27d] [C] quiet/org.quietmodem.quiet Quiet for Android - TCP over sound
[1393星][4d] atarity/deploy-your-own-saas List of "only yours" cloud services for everyday needs
[1393星][9d] [Py] ekultek/whatwaf 检测并绕过WAF和保护系统
[1392星][16d] [C++] jonathansalwan/triton Triton is a Dynamic Binary Analysis (DBA) framework. It provides internal components like a Dynamic Symbolic Execution (DSE) engine, a dynamic taint engine, AST representations of the x86, x86-64 and AArch64 Instructions Set Architecture (ISA), SMT simplification passes, an SMT solver interface and, the last but not least, Python bindings.
[1388星][4y] [PHP] johntroony/php-webshells Common php webshells. Do not host the file(s) on your server!
[1387星][11m] [Py] eth0izzle/bucket-stream 通过certstream 监控多种证书 transparency 日志, 进而查找有趣的 Amazon S3 Buckets
[1386星][2y] [JS] sqren/fb-sleep-stats 使用Facebook追踪用户的睡觉习惯
[1384星][5d] [JS] ix64/unlock-music Unlock encrypted music file in browser. 在浏览器中解锁加密的音乐文件。
[1381星][6m] [Py] almandin/fuxploider 文件上传漏洞扫描和利用工具
[1380星][15d] [C] dynamorio/drmemory Memory Debugger for Windows, Linux, Mac, and Android
[1380星][13d] [Shell] drduh/pwd.sh GPG symmetric password manager
[1378星][13d] [OCaml] mirage/mirage MirageOS is a library operating system that constructs unikernels
[1378星][2d] [JS] lockfale/osint-framework OSINT Framework
[1375星][15d] [Go] unrolled/secure HTTP middleware for Go that facilitates some quick security wins.
[1375星][11m] [JS] intika/librefox Firefox with privacy enhancements
[1374星][4y] [C++] valvesoftware/vogl OpenGL capture / playback debugger.
[1373星][5m] [Py] s0md3v/striker Striker is an offensive information and vulnerability scanner.
[1373星][9m] [PS] danielbohannon/invoke-obfuscation PowerShell Obfuscator
[1371星][1m] [C] zyantific/zydis 快速的轻量级x86/x86-64 反汇编库
[1365星][9d] [Go] cortesi/modd A flexible developer tool that runs processes and responds to filesystem changes
[1363星][2m] [Py] fireeye/flare-floss 自动从恶意代码中提取反混淆后的字符串
- floss
- IDA插件
[1363星][3y] [C++] aslody/turbodex 在内存中快速加载dex
[1362星][1m] grrrdog/java-deserialization-cheat-sheet The cheat sheet about Java Deserialization vulnerabilities
[1361星][7m] [Py] vulnerscom/getsploit Command line utility for searching and downloading exploits
[1361星][6m] [C++] phpv8/v8js V8 Javascript Engine for PHP — This PHP extension embeds the Google V8 Javascript Engine
[1359星][2m] [C] googleprojectzero/winafl A fork of AFL for fuzzing Windows binaries
[1355星][10m] [HTML] thelinuxchoice/blackeye The most complete Phishing Tool, with 32 templates +1 customizable
[1354星][2d] [Py] mitre/caldera 自动化 adversary emulation 系统
[1352星][3y] [Py] joaomatosf/jexboss Jboss (and Java Deserialization Vulnerabilities) verify and EXploitation Tool
[1351星][3m] [C++] raspberrypi/tools
[1350星][4m] [C] taviso/ctftool Interactive CTF Exploration Tool
[1349星][3y] [Py] ddevault/evilpass Slightly evil password strength checker
[1349星][19d] [C++] rikkaapps/riru Inject zygote process by replace libmemtrack
[1349星][5m] [Py] lijiejie/githack git泄露利用脚本，通过泄露的.git文件夹下的文件，重建还原工程源代码
[1348星][10m] rebeyond/behinder “冰蝎”动态二进制加密网站管理客户端
[1347星][11m] [Rust] das-labor/panopticon A libre cross-platform disassembler.
[1346星][2y] [HTML] daxeel/blockshell 用于学习区块链技术概念的命令行工具, 例如 likechaining, mining，proof of work 等
[1345星][25d] [C] x64dbg/x64dbgpy Automating x64dbg using Python, Snapshots:
[1345星][12d] [Go] securitywithoutborders/hardentools 禁用许多有危险的Windows功能
[1344星][23d] [Go] microcosm-cc/bluemonday a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS
[1343星][23d] [Py] s0md3v/arjun HTTP parameter discovery suite.
[1342星][12m] [C] luke-jr/bfgminer Modular ASIC/FPGA miner written in C, featuring overclocking, monitoring, fan speed control and remote interface capabilities.
[1342星][2m] [Go] davrodpin/mole cli app to create ssh tunnels
[1342星][1y] [Py] carmaa/inception 利用基于PCI的DMA实现物理内存的操纵与Hacking，可以攻击FireWire，Thunderbolt，ExpressCard，PC Card和任何其他PCI / PCIe硬件接口
[1341星][3m] [Py] maratyszcza/peachpy x86-64 assembler embedded in Python
[1341星][1y] [XSLT] api0cradle/lolbas Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
[1340星][1y] kirikira/vtemplate v2ray的模板们
[1340星][7m] [Py] feeicn/gsil GitHub敏感信息泄露监控，几乎实时监控，发送警告
[1339星][6y] [Perl] intelisecurelabs/linux_exploit_suggester Linux Exploit Suggester; based on operating system release number
[1338星][1m] [CSS] undeadsec/socialfish 网络钓鱼培训与信息收集
[1337星][1y] [C] madeye/proxydroid Global Proxy for Android
[1336星][3m] [HTML] thehive-project/thehive a Scalable, Open Source and Free Security Incident Response Platform
[1335星][2m] [C++] mfontanini/libtins High-level, multiplatform C++ network packet sniffing and crafting library.
[1334星][4y] mengskysama/shadowsocks A fast tunnel proxy that helps you bypass firewalls
[1333星][1y] [C] gamelinux/passivedns A network sniffer that logs all DNS server replies for use in a passive DNS setup
[1328星][2d] [C++] purplei2p/i2pd a full-featured C++ implementation of I2P client
[1328星][1y] [Py] marten4n6/evilosx An evil RAT (Remote Administration Tool) for macOS / OS X.
[1328星][2y] [CoffeeScript] atmos/camo all about making insecure assets look secure
[1327星][7m] [Go] ssllabs/ssllabs-scan A command-line reference-implementation client for SSL Labs APIs, designed for automated and/or bulk testing.
[1327星][3d] [C] intel/haxm Intel 开源的英特尔硬件加速执行管理器，通过硬件辅助的虚拟化引擎，加速 Windows/macOS 主机上的 IA emulation（(x86/ x86_64) ）
[1327星][10m] [C#] cenmrev/v2rayw GUI for v2ray-core on Windows
[1325星][21d] [C] dtag-dev-sec/tpotce 创建多蜜罐平台T-Pot ISO 镜像

[1324星][1y] [C++] rehints/hexrayscodexplorer 反编译插件, 多功能

查看详情

  - 自动类型重建
  - 虚表识别/导航(反编译窗口)
  - C-tree可视化与导出
  - 对象浏览
  </details>

[1323星][2d] [Go] xiaoming2028/freenet 科学上网/梯子/自由上网/翻墙 SS/SSR/V2Ray/Brook 搭建教程
[1323星][2m] jaredthecoder/awesome-vehicle-security
[1322星][3d] [C] oisf/suricata a network IDS, IPS and NSM engine
[1319星][2y] [Py] worawit/ms17-010 MS17-010
[1317星][1y] mortenoir1/virtualbox_e1000_0day VirtualBox E1000 Guest-to-Host Escape
[1316星][3m] [PS] peewpw/invoke-psimage Encodes a PowerShell script in the pixels of a PNG file and generates a oneliner to execute
[1314星][10m] [C] fancycode/memorymodule Library to load a DLL from memory.
[1311星][1m] [C++] shadowsocks/libqtshadowsocks A lightweight and ultra-fast shadowsocks library written in C++14 with Qt framework
[1309星][12m] [Py] xyntax/poc-t 脚本调用框架，用于渗透测试中采集|爬虫|爆破|批量PoC 等需要并发的任务
[1309星][3m] [Lua] scipag/vulscan Nmap 模块，将 Nmap 转化为高级漏洞扫描器
[1307星][19d] [Py] consensys/mythril Security analysis tool for EVM bytecode. Supports smart contracts built for Ethereum, Quorum, Vechain, Roostock, Tron and other EVM-compatible blockchains.
[1307星][27d] [C] boywhp/fcn free connect your private network from anywhere
[1304星][17d] nikitavoloboev/privacy-respecting PrivacyRespecting 服务和软件列表
[1304星][7d] [C] cisco-talos/pyrebox 逆向沙箱，基于QEMU，Python Scriptable
[1303星][4m] [C++] klee/klee 基于 LLVM 的 symbolic 虚拟机
[1300星][1y] [Shell] dana-at-cp/backdoor-apk backdoor-apk is a shell script that simplifies the process of adding a backdoor to any Android APK file. Users of this shell script should have working knowledge of Linux, Bash, Metasploit, Apktool, the Android SDK, smali, etc. This shell script is provided as-is without warranty of any kind and is intended for educational purposes only.
[1299星][6d] [Go] hacklcx/hfish 扩展企业安全测试主动诱导型开源蜜罐框架系统，记录黑客攻击手段
[1298星][1y] [Go] evilsocket/xray 自动化执行一些信息收集、网络映射的初始化工作
[1293星][4y] [C++] microsoft/microsoft-pdb Microsoft提供的有关PDB格式的信息
[1293星][5m] [JS] feross/spoof Easily spoof your MAC address in macOS, Windows, & Linux!
[1293星][29d] [Java] android-hacker/exposed A library to use Xposed without root or recovery(or modify system image etc..).
[1291星][6d] [C] traviscross/mtr Official repository for mtr, a network diagnostic tool
[1291星][2y] [Go] malfunkt/hyperfox 在局域网上代理和记录 HTTP 和 HTTPs 通信

fengjixuchui / sec-tool-list Goto Github PK

sec-tool-list's Introduction

说明

工具列表

sec-tool-list's People

Contributors

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent