Security

🕵️‍♂️ Collect a dossier on a person by username from 3000+ sites

Shannon Lite is an autonomous, white-box AI pentester for web applications and APIs. It analyzes your source code, identifies attack vectors, and executes real exploits to prove vulnerabilities before they reach production.

A collection of various awesome lists for hackers, pentesters and security researchers

Autonomous Hacking Agent for Red Team

Force Remove Copilot, Recall and More in Windows 11

Open Cyber Threat Intelligence Platform

OpenVPN is an open source VPN daemon

Lonkero - Wraps around your attack surface. Professional-grade scanner for real penetration testing. Fast. Modular. Rust.

Open-source AI hackers to find and fix your app’s vulnerabilities.

Open source AI terminal for cloud and infrastructure management, enabling you to deploy, troubleshoot, and automate services using natural language and intelligent agents.

754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platforms · 26 security domains · Apache 2.0

Test your prompts, agents, and RAGs. Red teaming/pentesting/vulnerability scanning for AI. Compare performance of GPT, Claude, Gemini, DeepSeek, and more. Simple declarative configs with command line and CI/CD integration. Used by OpenAI and Anthropic.

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

A FREE comprehensive reverse engineering tutorial covering x86, x64, 32-bit/64-bit ARM, 8-bit AVR and 32-bit RISC-V architectures.

Infisical is the open-source platform for secrets, certificates, and privileged access management.

Hunt down social media accounts by username across social networks

List of Computer Science courses with video lectures.

Cyber Security ALL-IN-ONE Platform

SimpleX - the first messaging network operating without user identifiers of any kind - 100% private by design! iOS, Android and desktop apps 📱!

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

Internet-scale OpenID Certified™ OpenID Connect and OAuth2.1 provider that integrates with your user management through headless APIs. Solve OIDC/OAuth2 user cases over night. Consume as a service on Ory Network or self-host. Trusted by OpenAI and many others for scale and security. Written in Go.

Find secrets with Gitleaks 🔑

WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via contact@wpscan.com

KeePassXC is a cross-platform community-driven port of the Windows application “KeePass Password Safe”.

Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS

Declare your digital independence

Find, verify, and analyze leaked credentials

Enterprise AI bastion host for secure AI API and MCP access, with unified proxying, RBAC, audit logs, rate limiting, and cost tracking across OpenAI, Anthropic, Gemini, and self-hosted LLMs.

Prowler is the world’s most widely used open-source cloud security platform that automates security and compliance across any cloud environment.

Weighs the soul of incoming HTTP requests to stop AI crawlers

The authentication glue you need.

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.

Manage your dotfiles across multiple diverse machines, securely.

A full-stack AI Red Teaming platform securing AI ecosystems via OpenClaw Security Scan, Agent Scan, Skills Scan, MCP scan, AI Infra scan and LLM jailbreak evaluation.

Comfortably monitor your Internet traffic 🕵️‍♂️

🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.

The recursive internet scanner for hackers. 🧡

CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI.

An ArchLinux based distribution for penetration testers and security researchers.

Kanidm: A simple, secure, and fast identity management platform

Fast passive subdomain enumeration tool.

SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.

Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

Kata Containers is an open source project and community working to build a standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs. https://katacontainers.io/

ARL 资产侦察灯塔系统（可运行，添加指纹，提高并发，升级工具及系统，无限制修改版） | ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

🔒 Consolidating and extending hosts files from several well-curated sources. Optionally pick extensions for porn, social media, and other categories.

An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

CISO Assistant is a one-stop-shop GRC platform for Risk Management, AppSec, Compliance & Audit, TPRM, BIA, Privacy, and Reporting. It supports 150+ global frameworks with automatic control mapping, including ISO 27001, NIST CSF, SOC 2, CIS, PCI DSS, NIS2, DORA, GDPR, HIPAA, CMMC, and more.

Fast web fuzzer written in Go

Bitcoin Core integration/staging tree

Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

The Single Sign-On Multi-Factor portal for web apps, now OpenID Certified™

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

🕵️‍♂️ All-in-one OSINT tool for analysing any website

A vulnerability scanner for container images and filesystems

Cryptomator for Windows, macOS, and Linux: Secure client-side encryption for your cloud storage, ensuring privacy and control over your data.

🧱 secure, local and programmable sandboxes for AI agents

open-source agentic AI data assistant for the next generation of AI + Data products.

一款内网综合扫描工具，方便一键自动化、全方位漏扫扫描。(An intranet comprehensive scanning tool, enabling one-click automated, all-round vulnerability scanning)

Private photo vault for Android

World's most advanced database DevSecOps solution for Developer, Security, DBA and Platform Engineering teams. The GitHub/GitLab for database DevSecOps.

Claude Skills for Governance, Risk, & Compliance (GRC): Expert-level compliance guidance for ISO 27001, SOC 2, FedRAMP, GDPR, HIPAA, NIST CSF, PCI DSS, EU AI Act, ISO 42001, ISO 27701, DORA, CSRD, India's DPDPA, CMMC 2.0, NIST AI Risk, SWIFT, Australia's ISM, EU NIS2, and CCPA/CPRA. Benchmark 96% (with skills) vs 82% (without skills).

Website, courses, documentation, blog and youtube video tracker.

Simple and flexible tool for managing secrets

Network recon framework. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, build your taylor-made EASM tool, collect and analyse network intelligence from your sensors, and much more! Uses Nmap, Masscan, Zeek, p0f, ProjectDiscovery tools, etc.

Daemon to ban hosts that cause multiple authentication errors

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

Protect your SSH keys with your Mac's Secure Enclave

Automatic SQL injection and database takeover tool

Open source vulnerability DB and triage service.

🤖 The Modern Port Scanner 🤖

🐊 Policy Controller for Kubernetes

A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Brought to you by Winsider Seminars & Solutions, Inc. @ http://www.windows-internals.com

An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.

Community curated list of templates for the nuclei engine to find security vulnerabilities.

Directory/File, DNS and VHost busting tool written in Go

eBPF-based Security Observability and Runtime Enforcement

Cerbos is the open core, language-agnostic, scalable authorization solution that makes user permissions and authorization simple to implement and manage by writing context-aware access control policies for your application resources.

⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

The ZAP by Checkmarx Core project

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers.

Firefox user.js for optimal privacy and security. Your favorite browser, but better.

The Swiss Army knife for 802.11, BLE, HID, CAN-bus, IPv4 and IPv6 networks reconnaissance and MITM attacks.

Monero: the secure, private, untraceable cryptocurrency

A secure* runtime for autonomous AI agents. Policy from plain-English constitutions. (*https://ironcurtain.dev)

A collection & lists of intel and usernames scraped from various cybercrime sources & forums. DarkForums, HackForums, Patched, Cracked, BreachForums, OGUser, XSS, Dread, & more

Open-source security automation platform for teams and AI agents

Extract and decrypt browser data, supporting multiple data types, runnable on various operating systems (macOS, Windows, Linux).

Enterprise-ready zero-trust access platform built on WireGuard®.

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, detections, and case management. It also includes other tools such as osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, and Zeek.

eBPF-based Networking, Security, and Observability

SWE-agent takes a GitHub issue and tries to automatically fix it, using your LM of choice. It can also be employed for offensive cybersecurity or competitive coding challenges. [NeurIPS 2024]

Cloud Native Runtime Security

Open-Source Unified Vulnerability Management, DevSecOps & ASPM

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.

Find zero-days while you sleep. DeepZero is an automated vulnerability research framework that parses, decompiles, and analyzes thousands of Windows kernel drivers for exploitable IOCTLs natively using AI agents.

An auto-updating list of shodan dorks with info on the amount of results they return!

Threat Intel Platform for T-POTs