Pentest, defense, crypto
100 repositories
Open-source AI penetration testing tool to find and fix your app’s vulnerabilities.
817 structured cybersecurity skills for AI agents · Mapped to 6 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND, NIST AI RMF & MITRE F3 (Fight Fraud) · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platforms · 29 security domains · Apache 2.0
A comprehensive collection of AI development patterns for building software with AI assistance, organized by implementation maturity and development lifecycle phases. Includes Foundation, Development, and Operations patterns with practical examples and anti-patterns.
Cyber Security ALL-IN-ONE Platform
SimpleX - the first messaging network operating without user identifiers of any kind - 100% private by design! iOS, Android and desktop apps 📱!
One place for all the default credentials to assist the Blue/Red teamers identifying devices with default password 🛡️
OpenSnitch is a GNU/Linux interactive application firewall inspired by Little Snitch.
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Single Sign-On for Your Self-Hosted Universe
🕵️♂️ Collect a dossier on a person by username from 3000+ sites
DianXing - AI-Driven End-to-End Code Security Auditing
基于 AI Agent + MCP 工具链 + 渗透 Skill 编排, 配合大语言模型, 自然语言输入 → 自动完成「信息收集 → 漏洞发现 → 漏洞利用 → 报告生成」全流程。
Hunt down social media accounts by username across social networks
State-of-the-art native debugging tools
有关burpsuite的插件(非商店),文章以及使用技巧的收集(此项目不再提供burpsuite破解文件,如需要请在博客mrxn.net下载)---Collection of burpsuite plugins (non-stores), articles and tips for using Burpsuite, no crack version file
List of Computer Science courses with video lectures.
Test your prompts, agents, and RAGs. Red teaming/pentesting/vulnerability scanning for AI. Compare performance of GPT, Claude, Gemini, DeepSeek, and more. Simple declarative configs with command line and CI/CD integration. Used by OpenAI and Anthropic.
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Building 70 Projects ranging from beginner to advanced so anyone can — learn from, build upon, use as a reference, or even copy directly. Gamified Cybersecurity learning 👇
📡 Comprehensive collection of OSINT tools for cybersecurity professionals, researchers, and bug bounty hunters. Topics: information gathering, reverse search, red team, trust & safety, AI.
Weighs the soul of incoming HTTP requests to stop AI crawlers
Skills for threat modeling, scanning, triage, patching, plus an autonomous scanning harness you can /customize
Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.
Shannon is an autonomous, white-box AI pentester for web applications and APIs. It analyzes your source code, identifies attack vectors, and executes real exploits to prove vulnerabilities before they reach production.
Harden Windows Safely, Securely using Official Supported Microsoft methods and proper explanation | Always up-to-date and works with the latest build of Windows | Provides tools and Guides for Personal, Enterprise, Government and Military security levels | SLSA Level 3 Compliant for Secure Development and Build Process | Apps Available on MS Store✨
Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS
Open source vulnerability DB and triage service.
KeePassXC is a cross-platform community-driven port of the Windows application “KeePass Password Safe”.
Malicious traffic detection system
A Claude Code skill bundle for bug hunting and external red-team work — 71 skills, 15 slash commands, 681 disclosed-report patterns curated across 24 core vulnerability classes, plus enterprise identity + infrastructure attack matrices.
Get Android app updates straight from the source.
Comfortably monitor your Internet traffic 🕵️♂️
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
Find secrets with Gitleaks 🔑
A full-stack AI Red Teaming platform securing AI ecosystems via OpenClaw Security Scan, Agent Scan, Skills Scan, MCP scan, AI Infra scan and LLM jailbreak evaluation.
Infisical is the open-source platform for secrets, certificates, and privileged access management.
The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWASP Mobile Security Weakness Enumeration (MASWE) weaknesses, which are in alignment with the OWASP MASVS.
Manage your dotfiles across multiple diverse machines, securely.
Cybersecurity oriented awesome list
🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.
A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Brought to you by Winsider Seminars & Solutions, Inc. @ https://windows-internals.com
Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
Bitcoin Core integration/staging tree
An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
A FREE comprehensive reverse engineering tutorial covering x86, x64, 32-bit/64-bit ARM, 8-bit AVR and 32-bit RISC-V architectures.
Free and Open Source Reverse Engineering Platform powered by rizin
Antivirus software written in Python and C++ that blocks threats through Machine Learning and behavioral monitoring!
Automatic SQL injection and database takeover tool
Autonomous Hacking Agent for Red Team
Pre-built, deduplicated Pi-hole blocklists merged from 35 curated sources — a 2.4M+ domain master list plus advertising, tracking, malware/phishing, suspicious, and NSFW categories. Hosts format, rebuilt weekly.
CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI.
802.11 Attack Tool
eBPF-based Networking, Security, and Observability
🧱 easy, fast and local-first microVM runtime
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
A binary and file access authorization system for macOS.
Hacking EN-XGSFPP-OMAC, XG-99S, LTF-7263-BH+LTF-7267-BH+
OpenVPN is an open source VPN daemon
Extract and decrypt browser data, supporting multiple data types, runnable on various operating systems (macOS, Windows, Linux).
AI-powered OSINT agent with interactive REPL, MCP server, and CLI. 16 tools. Works with Claude, GPT-4, or local models. For authorized security research only.
open-source agentic AI data assistant for the next generation of AI + Data products.
Daemon to ban hosts that cause multiple authentication errors
AI-safe .env files: Schemas for agents, Secrets for humans.
A AI general-purpose state-space search engine, validated first on autonomous penetration testing.
The authentication glue you need.
🕵️♂️ All-in-one OSINT tool for analysing any website
一款内网综合扫描工具,方便一键自动化、全方位漏扫扫描。(An intranet comprehensive scanning tool, enabling one-click automated, all-round vulnerability scanning)
An HTTP toolkit for security research.
Kata Containers is an open source project and community working to build a standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs. https://katacontainers.io/
The Single Sign-On Multi-Factor portal for web apps, now OpenID Certified™
The Swiss Army knife for 802.11, BLE, HID, CAN-bus, IPv4 and IPv6 networks reconnaissance and MITM attacks.
Find, verify, and analyze leaked credentials
Simple and flexible tool for managing secrets
☁️ Ultra-fast, secure & lightweight self-hosted cloud storage — your files, photos, calendars & contacts, all in one place. Built in Rust.
🤖 The Modern Port Scanner 🤖
Perform data science on data that remains in someone else's server
The easiest, and most secure way to access and protect all of your infrastructure.
Directory/File, DNS and VHost busting tool written in Go
SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
Custom bash scripts used to automate various penetration testing tasks including recon, scanning, enumeration, and malicious payload creation using Metasploit. For use with Kali Linux and Ubuntu.
Low code web framework for real world applications, in Python and Javascript
Cryptomator for Windows, macOS, and Linux: Secure client-side encryption for your cloud storage, ensuring privacy and control over your data.
Aya is an eBPF library for the Rust programming language, built with a focus on developer experience and operability.
Fast passive subdomain enumeration tool.
Monero: the secure, private, untraceable cryptocurrency
Firefox user.js for optimal privacy and security. Your favorite browser, but better.
eBPF-based Security Observability and Runtime Enforcement
Open-source AI-powered Security Operations Center — alert fusion, purple-team drills, agent-assisted triage, MITRE ATT&CK investigation. MIT-licensed, self-hostable.
AI-native red-team workbench for authorized penetration testing and vulnerability research, with specialist agents, sandboxed tooling, evidence records, and replayable timelines.
Lonkero - Wraps around your attack surface. Professional-grade scanner for real penetration testing. Fast. Modular. Rust.
Open device management
A vulnerability scanner for container images and filesystems
⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
Open-Source Unified Vulnerability Management, DevSecOps & ASPM
Network recon framework. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, build your taylor-made EASM tool, collect and analyse network intelligence from your sensors, and much more! Uses Nmap, Masscan, Zeek, p0f, ProjectDiscovery tools, etc.
The Github home of Orbot: Tor on Android (Also available on gitlab!)
World's most advanced database DevSecOps solution for Developer, Security, DBA and Platform Engineering teams. The GitHub/GitLab for database DevSecOps.
A modern TLS library in Rust