Thanks to visit codestin.com
Credit goes to github.com

Skip to content

marksowell/stars

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

60,208 Commits
.github/workflows
.github/workflows
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
_config.yml
_config.yml
 
 

Repository files navigation

Awesome Stars Awesome

A curated list of my GitHub stars! Generated by starred.

Contents

ai

  • 0x4m4/hexstrike-ai - HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug boun
  • ghostsecurity/reaper - 💀 Don't fear the Reaper 👻
  • The-Art-of-Hacking/h4cker - This repository is maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), AI security, vu

android

  • patrickfav/uber-apk-signer - A cli tool that helps signing and zip aligning single or multiple Android application packages (APKs) with either debug or provided release certificates. It supports v1, v2 and v3 Android signing sche
  • ReversecLabs/drozer - The Leading Security Assessment Framework for Android.
  • androguard/androguard - Reverse engineering and pentesting for Android applications
  • AzeemIdrisi/PhoneSploit-Pro - An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.
  • iBotPeaches/Apktool - A tool for reverse engineering Android apk files
  • wasabeef/awesome-android-ui - A curated list of awesome Android UI/UX libraries
  • Hack-with-Github/Awesome-Hacking - A collection of various awesome lists for hackers, pentesters and security researchers
  • appwrite/appwrite - Appwrite® - The developers' cloud
  • Solido/awesome-flutter - An awesome list that curates the best Flutter libraries, tools, tutorials, articles and more.
  • flutter/flutter - Flutter makes it easy and fast to build beautiful apps for mobile and beyond
  • skylot/jadx - Dex to Java decompiler
  • B3nac/InjuredAndroid - A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.
  • OWASP/mastg - The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWASP
  • n1nj4sec/pupy - Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C
  • rustdesk/rustdesk - An open-source remote desktop application designed for self-hosting, as an alternative to TeamViewer.

angular

api

aspnet

  • bitwarden/server - Bitwarden infrastructure/backend (API, database, Docker, etc).

automation

awesome

awesome-list

aws

azure

  • prowler-cloud/prowler - Prowler is the world’s most widely used open-source cloud security platform that automates security and compliance across any cloud environment.
  • cloud-custodian/cloud-custodian - Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
  • SpecterOps/AzureHound - Azure Data Exporter for BloodHound
  • nccgroup/ScoutSuite - Multi-Cloud Security Auditing Tool

bash

  • atuinsh/atuin - ✨ Magical shell history
  • MegaManSec/SSH-Snake - SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.
  • runmedev/vscode-runme - DevOps Notebooks Built with Markdown - VS Code extension
  • nvm-sh/nvm - Node Version Manager - POSIX-compliant bash script to manage multiple active node.js versions
  • royalapplications/toolbox - This repository contains various automation scripts for Royal TS (for Windows) and Royal TSX (for macOS). Also included are dynamic folder samples. This collection consists of scripts by the Royal App
  • RealityNet/ios_triage - Bash script to extract data from a "chekcra1ned" iOS device
  • hyperupcall/autoenv - Directory-based environments.
  • v1s1t0r1sh3r3/airgeddon - This is a multi-use bash script for Linux systems to audit wireless networks.
  • peass-ng/PEASS-ng - PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

bootstrap

c

chrome

chrome-extension

cli

code-quality

code-review

  • Cyber-Buddy/APKHunt - APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security testers,

cpp

  • microsoft/vcpkg - C++ Library Manager for Windows, Linux, and MacOS
  • bee-san/Ciphey - ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

csharp

  • bitwarden/server - Bitwarden infrastructure/backend (API, database, Docker, etc).
  • dnSpyEx/dnSpy - Unofficial revival of the well known .NET debugger and assembly editor, dnSpy
  • Aetsu/OffensivePipeline - OfensivePipeline allows you to download and build C# tools, applying certain modifications in order to improve their evasion for Red Team exercises.
  • peass-ng/PEASS-ng - PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

css

cybersecurity

  • clickswave/voyage - Voyage is a stateful subdomain enumeration tool that combines passive and active techniques, user-specific databases, and fine-grained control built for efficient and reliable subdomain reconnaissance
  • fr0gger/Awesome-GPT-Agents - A curated list of GPT agents for cybersecurity
  • MegaManSec/SSH-Snake - SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.
  • MattKeeley/Spoofy - Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
  • t3l3machus/Villain - Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share them
  • infobyte/faraday - Open Source Vulnerability Management Platform
  • AzeemIdrisi/PhoneSploit-Pro - An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.
  • AlecBlance/S3BucketList - Chrome and Firefox extension that lists Amazon S3 Buckets while browsing
  • jymcheong/AutoTTP - Automated Tactics Techniques & Procedures
  • ForbiddenProgrammer/conti-pentester-guide-leak - Leaked pentesting manuals given to Conti ransomware crooks
  • RoseSecurity/Anti-Virus-Evading-Payloads - During the exploitation phase of a pen test or ethical hacking engagement, you will ultimately need to try to cause code to run on target system computers. Here is a simple way to evade anti-virus sof
  • Liodeus/swaggerHole - A python3 script searching for secret on swaggerhub
  • noraj/rawsec-cybersecurity-inventory - An inventory of tools and resources about CyberSecurity that aims to help people to find everything related to CyberSecurity.
  • aress31/jwtcat - A CPU-based JSON Web Token (JWT) cracker and - to some extent - scanner.
  • future-architect/vuls - Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
  • The-Art-of-Hacking/h4cker - This repository is maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), AI security, vu
  • mitre/caldera - Automated Adversary Emulation Platform

dart

  • flutter/flutter - Flutter makes it easy and fast to build beautiful apps for mobile and beyond
  • rustdesk/rustdesk - An open-source remote desktop application designed for self-hosting, as an alternative to TeamViewer.

database

devops

  • containrrr/watchtower - A process for automating Docker container base image updates.
  • infobyte/faraday - Open Source Vulnerability Management Platform
  • runmedev/runme - DevOps Notebooks Built with Markdown
  • runmedev/vscode-runme - DevOps Notebooks Built with Markdown - VS Code extension
  • trimstray/the-book-of-secret-knowledge - A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
  • CISOfy/lynis - Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

docker

documentation

dotnet

  • bitwarden/server - Bitwarden infrastructure/backend (API, database, Docker, etc).
  • dnSpyEx/dnSpy - Unofficial revival of the well known .NET debugger and assembly editor, dnSpy

electron

express

firebase

firefox

flutter

  • macosui/macos_ui - Flutter widgets and themes implementing the current macOS design language.
  • appwrite/appwrite - Appwrite® - The developers' cloud
  • Solido/awesome-flutter - An awesome list that curates the best Flutter libraries, tools, tutorials, articles and more.
  • flutter/flutter - Flutter makes it easy and fast to build beautiful apps for mobile and beyond
  • B3nac/InjuredAndroid - A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.
  • rustdesk/rustdesk - An open-source remote desktop application designed for self-hosting, as an alternative to TeamViewer.

framework

git

github

go

golang

graphql

hacking

  • blacklanternsecurity/bbot - The recursive internet scanner for hackers. 🧡
  • six2dez/reconftw - reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
  • r4ulcl/WiFiChallengeLab-docker - Virtualized WiFi pentesting laboratory without the need for physical Wi-Fi cards, using mac80211_hwsim. Docker version of WiFiChallenge Lab with modifications in the challenges and improved stability.
  • Pennyw0rth/NetExec - The Network Execution Tool
  • MegaManSec/SSH-Snake - SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.
  • summitt/Nope-Proxy - TCP/UDP Non-HTTP Proxy Extension (NoPE) for Burp Suite.
  • six2dez/pentest-book -
  • t3l3machus/Villain - Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share them
  • infosecn1nja/Red-Teaming-Toolkit - This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
  • AzeemIdrisi/PhoneSploit-Pro - An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.
  • ghostsecurity/reaper - 💀 Don't fear the Reaper 👻
  • LasCC/HackTools - The all-in-one browser extension for offensive security professionals 🛠
  • Hack-with-Github/Awesome-Hacking - A collection of various awesome lists for hackers, pentesters and security researchers
  • dolevf/Black-Hat-GraphQL - The Black Hat GraphQL Book Repository
  • t3l3machus/toxssin - An XSS exploitation command-line interface and payload generator.
  • nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters - A list of resources for those interested in getting started in bug bounties
  • OWASP/mastg - The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWASP
  • codingo/NoSQLMap - Automated NoSQL database enumeration and web application exploitation tool.
  • trimstray/the-book-of-secret-knowledge - A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
  • RoseSecurity/Anti-Virus-Evading-Payloads - During the exploitation phase of a pen test or ethical hacking engagement, you will ultimately need to try to cause code to run on target system computers. Here is a simple way to evade anti-virus sof
  • chenjj/espoofer - An email spoofing testing tool that aims to bypass SPF/DKIM/DMARC and forge DKIM signatures.🍻
  • BiZken/PhishMailer - Generate Professional Phishing Emails Fast And Easy
  • yogeshojha/rengine - reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous mon
  • j3ssie/osmedeus - A Workflow Engine for Offensive Security
  • HackTricks-wiki/hacktricks - Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
  • SpiderLabs/HostHunter - HostHunter a recon tool for discovering hostnames using OSINT techniques.
  • bee-san/Ciphey - ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
  • diego-treitos/linux-smart-enumeration - Linux enumeration tool for pentesting and CTFs with verbosity levels
  • Hackplayers/evil-winrm - The ultimate WinRM shell for hacking/pentesting
  • maurosoria/dirsearch - Web path scanner
  • v1s1t0r1sh3r3/airgeddon - This is a multi-use bash script for Linux systems to audit wireless networks.
  • samratashok/nishang - Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
  • bee-san/RustScan - 🤖 The Modern Port Scanner 🤖
  • juice-shop/juice-shop - OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
  • The-Art-of-Hacking/h4cker - This repository is maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), AI security, vu
  • 0x00-0x00/ShellPop - Pop shells like a master.
  • swisskyrepo/PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
  • mitre/caldera - Automated Adversary Emulation Platform

hacktoberfest

  • pglombardo/PasswordPusher - 🔐 Securely share sensitive information with automatic expiration & deletion after a set number of views or duration. Track who, what and when with full audit logs.
  • prowler-cloud/prowler - Prowler is the world’s most widely used open-source cloud security platform that automates security and compliance across any cloud environment.
  • gitleaks/gitleaks - Find secrets with Gitleaks 🔑
  • containrrr/watchtower - A process for automating Docker container base image updates.
  • AzeemIdrisi/PhoneSploit-Pro - An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.
  • projectdiscovery/dnsx - dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers.
  • shellhub-io/shellhub - 💻 Get seamless remote access to any Linux device. Centralized SSH for the edge and cloud computing
  • pypa/pipx - Install and Run Python Applications in Isolated Environments
  • swisskyrepo/GraphQLmap - GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. - Do not use for illegal testing ;)
  • projectdiscovery/notify - Notify is a Go-based assistance package that enables you to stream the output of several tools (or read from a file) and publish it to a variety of supported platforms.
  • realm/SwiftLint - A tool to enforce Swift style and conventions.
  • badges/shields - Concise, consistent, and legible badges in SVG and raster format
  • requestly/requestly - Free and open-source API Client & Interceptor.
  • OWASP/crAPI - completely ridiculous API (crAPI)
  • akto-api-security/tests-library - Community generated list of API security tests to find OWASP top10, HackerOne top 10 vulnerabilities
  • akto-api-security/akto - Proactive, Open source API security → API discovery, API Security Posture, Testing in CI/CD, Test Library with 1000+ Tests, Add custom tests, Sensitive data exposure
  • avelino/awesome-go - A curated list of awesome Go frameworks, libraries and software
  • altair-graphql/altair - ✨⚡️ A feature-rich GraphQL Client for all platforms.
  • projectdiscovery/katana - A next-generation crawling and spidering framework.
  • rahuldkjain/github-profile-readme-generator - 🚀 Generate GitHub profile README easily with the latest add-ons like visitors count, GitHub stats, etc using minimal UI.
  • kyleboe/zoom_rb - Ruby REST API Wrapper for zoom.us API
  • radareorg/radare2 - UNIX-like reverse engineering framework and command-line toolset
  • mineek/sunst0rm - iOS Tether Downgrader
  • BC-SECURITY/Starkiller - Starkiller is a Frontend for PowerShell Empire.
  • BC-SECURITY/Empire - Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.
  • sharkdp/bat - A cat(1) clone with wings.
  • codingo/NoSQLMap - Automated NoSQL database enumeration and web application exploitation tool.
  • hahwul/dalfox - 🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
  • epi052/feroxbuster - A fast, simple, recursive content discovery tool written in Rust.
  • projectdiscovery/nuclei - Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the int
  • noraj/rawsec-cybersecurity-inventory - An inventory of tools and resources about CyberSecurity that aims to help people to find everything related to CyberSecurity.
  • FlareSolverr/FlareSolverr - Proxy server to bypass Cloudflare protection
  • horsicq/Detect-It-Easy - Program for determining types of files for Windows, Linux and MacOS.
  • projectdiscovery/interactsh - An OOB interaction gathering server and client library
  • lc/gau - Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.
  • bee-san/Ciphey - ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
  • zaproxy/zap-extensions - ZAP Add-ons
  • obsproject/obs-websocket - Remote-control of OBS Studio through WebSocket
  • rapid7/metasploit-framework - Metasploit Framework
  • bee-san/RustScan - 🤖 The Modern Port Scanner 🤖
  • juice-shop/juice-shop - OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
  • sinfulz/JustTryHarder - JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)
  • swisskyrepo/PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
  • mitre/caldera - Automated Adversary Emulation Platform
  • secdev/scapy - Scapy: the Python-based interactive packet manipulation program & library.

homebridge

html

http

  • rofl0r/proxychains-ng - proxychains ng (new generation) - a preloader which hooks calls to sockets in dynamically linked programs and redirects it through one or more socks/http proxies. continuation of the unmaintained prox
  • vapor/vapor - 💧 A server-side Swift HTTP web framework.
  • projectdiscovery/interactsh - An OOB interaction gathering server and client library
  • carlospolop/fuzzhttpbypass - This tool use fuuzzing to try to bypass unknown authentication methods, who knows...

ios

  • palera1n/palera1n - Jailbreak for A8 through A11, T2 devices, on iOS/iPadOS/tvOS 15.0, bridgeOS 5.0 and higher.
  • RealityNet/ios_triage - Bash script to extract data from a "chekcra1ned" iOS device
  • vsouza/awesome-ios - A curated list of awesome iOS ecosystem, including Objective-C and Swift Projects
  • appwrite/appwrite - Appwrite® - The developers' cloud
  • Solido/awesome-flutter - An awesome list that curates the best Flutter libraries, tools, tutorials, articles and more.
  • flutter/flutter - Flutter makes it easy and fast to build beautiful apps for mobile and beyond
  • noobpk/frida-ios-hook - A tool that helps you easy trace classes, functions, and modify the return values of methods on iOS platform
  • airsquared/blobsaver - A cross-platform GUI and CLI app for automatically saving SHSH blobs
  • AloneMonkey/frida-ios-dump - pull decrypted ipa from jailbreak device
  • nabla-c0d3/ssl-kill-switch2 - Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS and macOS applications.
  • OWASP/mastg - The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWASP
  • ChiChou/grapefruit - (WIP) Runtime Application Instruments for iOS. Previously Passionfruit
  • libimobiledevice/libimobiledevice - A cross-platform protocol library to communicate with iOS devices
  • rustdesk/rustdesk - An open-source remote desktop application designed for self-hosting, as an alternative to TeamViewer.
  • utmapp/UTM - Virtual machines for iOS and macOS

java

javascript

jekyll

  • pages-cms/pages-cms - The No-Hassle CMS for Static Sites Generators
  • just-the-docs/just-the-docs - A modern, high customizable, responsive Jekyll theme for documentation with built-in search.
  • jekyll/jekyll-seo-tag - A Jekyll plugin to add metadata tags for search engines and social networks to better index and display your site's content.

kotlin

  • B3nac/InjuredAndroid - A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.

kubernetes

  • openappsec/openappsec - open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.

latex

library

linux

  • shellhub-io/shellhub - 💻 Get seamless remote access to any Linux device. Centralized SSH for the edge and cloud computing
  • royalapplications/toolbox - This repository contains various automation scripts for Royal TS (for Windows) and Royal TSX (for macOS). Also included are dynamic folder samples. This collection consists of scripts by the Royal App
  • n1nj4sec/pupy - Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C
  • rustdesk/rustdesk - An open-source remote desktop application designed for self-hosting, as an alternative to TeamViewer.
  • trimstray/the-book-of-secret-knowledge - A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
  • htr-tech/nexphisher - Advanced Phishing tool
  • calebstewart/pwncat - Fancy reverse and bind shell handler
  • mzfr/gtfo - Search gtfobins and lolbas files from your terminal
  • v1s1t0r1sh3r3/airgeddon - This is a multi-use bash script for Linux systems to audit wireless networks.
  • CISOfy/lynis - Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
  • future-architect/vuls - Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
  • GTFOBins/GTFOBins.github.io - GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems
  • peass-ng/PEASS-ng - PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

lua

machine-learning

  • SoftDesLab/PIRANHA - Project for Software Design Laboratory -- Topic: Detecting Phishing Website with Machine Learning

macos

  • marksowell/hammerspoon-menu-bar - Lightweight Hammerspoon scripts that add real-time system indicators to the macOS menu bar. Includes battery and CPU alerts with ultra-low overhead.
  • jordanbaird/Ice - Powerful menu bar manager for macOS
  • sieren/WidgetToggler - macOS Sonoma Widget Toggler for the Tray Bar - Easily Show and Hide Widgets
  • Hammerspoon/hammerspoon - Staggeringly powerful macOS desktop automation with Lua
  • royalapplications/toolbox - This repository contains various automation scripts for Royal TS (for Windows) and Royal TSX (for macOS). Also included are dynamic folder samples. This collection consists of scripts by the Royal App
  • macosui/macos_ui - Flutter widgets and themes implementing the current macOS design language.
  • jaywcjlove/awesome-mac -  Now we have become very big, Different from the original idea. Collect premium software in various categories.
  • flutter/flutter - Flutter makes it easy and fast to build beautiful apps for mobile and beyond
  • nabla-c0d3/ssl-kill-switch2 - Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS and macOS applications.
  • sickcodes/Docker-OSX - Run macOS VM in a Docker! Run near native OSX-KVM in Docker! X11 Forwarding! CI/CD for OS X Security Research! Docker mac Containers.
  • sethmlarson/truststore - Verify certificates using OS trust stores
  • rustdesk/rustdesk - An open-source remote desktop application designed for self-hosting, as an alternative to TeamViewer.
  • utmapp/UTM - Virtual machines for iOS and macOS
  • macports/macports-ports - The MacPorts ports tree

markdown

material-design

mobile

  • ReversecLabs/drozer - The Leading Security Assessment Framework for Android.
  • Solido/awesome-flutter - An awesome list that curates the best Flutter libraries, tools, tutorials, articles and more.
  • flutter/flutter - Flutter makes it easy and fast to build beautiful apps for mobile and beyond
  • ChiChou/grapefruit - (WIP) Runtime Application Instruments for iOS. Previously Passionfruit

mongodb

monitoring

  • Security-Onion-Solutions/securityonion - Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, detections, a

mysql

nextjs

  • magicuidesign/magicui - UI Library for Design Engineers. Animated components and effects you can copy and paste into your apps. Free. Open Source.
  • pages-cms/pages-cms - The No-Hassle CMS for Static Sites Generators
  • NextAdminHQ/nextjs-admin-dashboard - Next.js admin dashboard template and UI components that come with pre-built elements, components, pages, high-quality design, integrations, and much more.
  • appwrite/appwrite - Appwrite® - The developers' cloud

nodejs

  • nvm-sh/nvm - Node Version Manager - POSIX-compliant bash script to manage multiple active node.js versions
  • sindresorhus/awesome-nodejs - ⚡ Delightful Node.js packages and resources
  • q-nick/npm-gui - Tired of the package.json dependency juggle? Meet npm-gui! We seamlessly integrate with npm, pnpm, or yarn. Managing, installing, and updating dependencies is as easy as it gets. Try npm-gui today and
  • expressjs/express - Fast, unopinionated, minimalist web framework for node.
  • abhijithvijayan/stargazed - 📋 Creating your own Awesome List of GitHub stars!
  • lmammino/jwt-cracker - Simple HS256, HS384 & HS512 JWT token brute force cracker.

nosql

npm

  • q-nick/npm-gui - Tired of the package.json dependency juggle? Meet npm-gui! We seamlessly integrate with npm, pnpm, or yarn. Managing, installing, and updating dependencies is as easy as it gets. Try npm-gui today and

objective-c

open-source

  • gitleaks/gitleaks - Find secrets with Gitleaks 🔑
  • t3l3machus/Villain - Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share them
  • requestly/requestly - Free and open-source API Client & Interceptor.
  • commixproject/commix - Automated All-in-One OS Command Injection Exploitation Tool.
  • SpiderLabs/HostHunter - HostHunter a recon tool for discovering hostnames using OSINT techniques.

others

p2p

  • fatedier/frp - A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
  • rustdesk/rustdesk - An open-source remote desktop application designed for self-hosting, as an alternative to TeamViewer.
  • syncthing/syncthing - Open Source Continuous File Synchronization

package-manager

  • microsoft/vcpkg - C++ Library Manager for Windows, Linux, and MacOS
  • q-nick/npm-gui - Tired of the package.json dependency juggle? Meet npm-gui! We seamlessly integrate with npm, pnpm, or yarn. Managing, installing, and updating dependencies is as easy as it gets. Try npm-gui today and
  • macports/macports-ports - The MacPorts ports tree

perl

  • royalapplications/toolbox - This repository contains various automation scripts for Royal TS (for Windows) and Royal TSX (for macOS). Also included are dynamic folder samples. This collection consists of scripts by the Royal App

php

powershell

  • marksowell/nosleep - No Sleep is a simple PowerShell script that prevents a Windows virtual machine (or physical machine) from entering sleep mode. It's useful for ensuring continuous uptime during long-running tasks, tes
  • royalapplications/toolbox - This repository contains various automation scripts for Royal TS (for Windows) and Royal TSX (for macOS). Also included are dynamic folder samples. This collection consists of scripts by the Royal App
  • jymcheong/AutoTTP - Automated Tactics Techniques & Procedures
  • byt3bl33d3r/CrackMapExec - A swiss army knife for pentesting networks
  • Hackplayers/evil-winrm - The ultimate WinRM shell for hacking/pentesting
  • get-get-get-get/PowerProxy - PowerShell SOCKS proxy with reverse proxy capabilities
  • samratashok/nishang - Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

pwa

python

python3

raspberry-pi

  • shellhub-io/shellhub - 💻 Get seamless remote access to any Linux device. Centralized SSH for the edge and cloud computing

react

  • magicuidesign/magicui - UI Library for Design Engineers. Animated components and effects you can copy and paste into your apps. Free. Open Source.
  • ant-design/ant-design - An enterprise-class UI design language and React UI library
  • q-nick/npm-gui - Tired of the package.json dependency juggle? Meet npm-gui! We seamlessly integrate with npm, pnpm, or yarn. Managing, installing, and updating dependencies is as easy as it gets. Try npm-gui today and
  • styled-components/styled-components - Visual primitives for the component age. Use the best bits of ES6 and CSS to style your apps without stress 💅
  • appwrite/appwrite - Appwrite® - The developers' cloud
  • rahuldkjain/github-profile-readme-generator - 🚀 Generate GitHub profile README easily with the latest add-ons like visitors count, GitHub stats, etc using minimal UI.

react-native

reactjs

  • dsternlicht/RESTool - RESTool is an open source UI tool for managing RESTful APIs. It could save you time developing your own internal tools. A live example:

rest-api

  • kyleboe/zoom_rb - Ruby REST API Wrapper for zoom.us API
  • dsternlicht/RESTool - RESTool is an open source UI tool for managing RESTful APIs. It could save you time developing your own internal tools. A live example:

ruby

  • pglombardo/PasswordPusher - 🔐 Securely share sensitive information with automatic expiration & deletion after a set number of views or duration. Track who, what and when with full audit logs.
  • kyleboe/zoom_rb - Ruby REST API Wrapper for zoom.us API
  • jekyll/jekyll-sitemap - Jekyll plugin to silently generate a sitemaps.org compliant sitemap for your Jekyll site
  • Hackplayers/evil-winrm - The ultimate WinRM shell for hacking/pentesting

rust

security

  • six2dez/reconftw - reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
  • RedTeamPentesting/pretender - Your MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS, LLMNR and NetBIOS-NS spoofing.
  • P0cL4bs/wifipumpkin3 - Powerful framework for rogue access point attack.
  • wifiphisher/wifiphisher - The Rogue Access Point Framework
  • Pennyw0rth/NetExec - The Network Execution Tool
  • pglombardo/PasswordPusher - 🔐 Securely share sensitive information with automatic expiration & deletion after a set number of views or duration. Track who, what and when with full audit logs.
  • prowler-cloud/prowler - Prowler is the world’s most widely used open-source cloud security platform that automates security and compliance across any cloud environment.
  • Security-Onion-Solutions/securityonion - Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, detections, a
  • gitleaks/gitleaks - Find secrets with Gitleaks 🔑
  • GitGuardian/ggshield - Detect and validate 500+ types of hardcoded secrets with advanced checks. Use it as a pre-commit hook, GitHub Action, or CLI for proactive secret detection and security.
  • praetorian-inc/noseyparker - Nosey Parker is a command-line tool that finds secrets and sensitive information in textual data and Git history.
  • netwrix/pingcastle - PingCastle - Get Active Directory Security at 80% in 20% of the time
  • ReversecLabs/drozer - The Leading Security Assessment Framework for Android.
  • MegaManSec/SSH-Snake - SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.
  • six2dez/pentest-book -
  • MattKeeley/Spoofy - Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
  • infobyte/faraday - Open Source Vulnerability Management Platform
  • sensepost/gowitness - 🔍 gowitness - a golang, web screenshot utility using Chrome Headless
  • EdOverflow/can-i-take-over-xyz - "Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
  • ghostsecurity/reaper - 💀 Don't fear the Reaper 👻
  • AlecBlance/S3BucketList - Chrome and Firefox extension that lists Amazon S3 Buckets while browsing
  • pwndoc/pwndoc - Pentest Report Generator
  • marksowell/Clickjacking-POC - A Python package for creating a clickjacking proof of concept (POC).
  • OWASP/API-Security - OWASP API Security Project
  • inonshk/31-days-of-API-Security-Tips - This challenge is Inon Shkedy's 31 days API Security Tips.
  • HolyBugx/HolyTips - A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.
  • akto-api-security/tests-library - Community generated list of API security tests to find OWASP top10, HackerOne top 10 vulnerabilities
  • akto-api-security/akto - Proactive, Open source API security → API discovery, API Security Posture, Testing in CI/CD, Test Library with 1000+ Tests, Add custom tests, Sensitive data exposure
  • Hack-with-Github/Awesome-Hacking - A collection of various awesome lists for hackers, pentesters and security researchers
  • Cyber-Buddy/APKHunt - APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security testers,
  • dependency-check/DependencyCheck - OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
  • radareorg/radare2 - UNIX-like reverse engineering framework and command-line toolset
  • nabla-c0d3/ssl-kill-switch2 - Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS and macOS applications.
  • dradis/dradis-ce - Dradis Framework: Collaboration and reporting for IT Security teams
  • byt3bl33d3r/WitnessMe - Web Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to make life easier.
  • trufflesecurity/trufflehog - Find, verify, and analyze leaked credentials
  • shieldfy/API-Security-Checklist - Checklist of the most important security countermeasures when designing, testing, and releasing your API
  • uber-common/metta - An information security preparedness tool to do adversarial simulation.
  • hahwul/dalfox - 🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
  • haccer/subjack - Subdomain Takeover tool written in Go
  • nccgroup/ScoutSuite - Multi-Cloud Security Auditing Tool
  • trimstray/the-book-of-secret-knowledge - A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
  • projectdiscovery/nuclei - Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the int
  • chenjj/espoofer - An email spoofing testing tool that aims to bypass SPF/DKIM/DMARC and forge DKIM signatures.🍻
  • CanIPhish/Phishious - An open-source Secure Email Gateway (SEG) evaluation toolkit designed for red-teamers.
  • noraj/rawsec-cybersecurity-inventory - An inventory of tools and resources about CyberSecurity that aims to help people to find everything related to CyberSecurity.
  • OWASP/Nettacker - Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
  • j3ssie/osmedeus - A Workflow Engine for Offensive Security
  • evilsocket/xray - XRay is a tool for recon, mapping and OSINT gathering from public networks.
  • MojtabaTajik/Robber - Robber is open source tool for finding executables prone to DLL hijacking
  • projectdiscovery/interactsh - An OOB interaction gathering server and client library
  • cisagov/log4j-scanner - log4j-scanner is a project derived from other members of the open-source community by CISA to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities.
  • google/oss-fuzz - OSS-Fuzz - continuous fuzzing for open source software.
  • OWASP/CheatSheetSeries - The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
  • WithSecureLabs/chainsaw - Rapidly Search and Hunt through Windows Forensic Artefacts
  • threat9/routersploit - Exploitation Framework for Embedded Devices
  • lc/gau - Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.
  • lmammino/jwt-cracker - Simple HS256, HS384 & HS512 JWT token brute force cracker.
  • zaproxy/zap-extensions - ZAP Add-ons
  • cddmp/enum4linux-ng - A next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for security professionals and CTF players.
  • EnableSecurity/sipvicious - SIPVicious OSS is a VoIP security testing toolset. It helps security teams, QA and developers test SIP-based VoIP systems and applications. This toolset is useful in simulating VoIP hacking attacks ag
  • wpscanteam/wpscan - WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via [email protected]
  • maurosoria/dirsearch - Web path scanner
  • andresriancho/w3af - w3af: web application attack and audit framework, the open source web vulnerability scanner.
  • v1s1t0r1sh3r3/airgeddon - This is a multi-use bash script for Linux systems to audit wireless networks.
  • gophish/gophish - Open-Source Phishing Toolkit
  • samratashok/nishang - Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
  • bee-san/RustScan - 🤖 The Modern Port Scanner 🤖
  • michenriksen/aquatone - A Tool for Domain Flyovers
  • juice-shop/juice-shop - OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
  • scipag/vulscan - Advanced vulnerability scanning with Nmap NSE
  • future-architect/vuls - Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
  • swisskyrepo/PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
  • secdev/scapy - Scapy: the Python-based interactive packet manipulation program & library.

server

serverless

shell

  • atuinsh/atuin - ✨ Magical shell history
  • MegaManSec/SSH-Snake - SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.
  • runmedev/vscode-runme - DevOps Notebooks Built with Markdown - VS Code extension
  • nvm-sh/nvm - Node Version Manager - POSIX-compliant bash script to manage multiple active node.js versions
  • zsh-users/zsh-autosuggestions - Fish-like autosuggestions for zsh
  • n1nj4sec/pupy - Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C
  • hyperupcall/autoenv - Directory-based environments.
  • Hackplayers/evil-winrm - The ultimate WinRM shell for hacking/pentesting
  • CISOfy/lynis - Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
  • 0x00-0x00/ShellPop - Pop shells like a master.
  • peass-ng/PEASS-ng - PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

sql

swift

telegram

  • projectdiscovery/notify - Notify is a Go-based assistance package that enables you to stream the output of several tools (or read from a file) and publish it to a variety of supported platforms.

terminal

  • marksowell/kautolog - Automatic terminal session logging for Bash and Zsh. Captures every command, prompt, and output in real time, with per-session files, replay support, and optional cloud sync. Ideal for security exams,
  • sharkdp/bat - A cat(1) clone with wings.
  • hyperupcall/autoenv - Directory-based environments.
  • asciinema/asciinema - Terminal session recorder, streamer and player 📹
  • htr-tech/nexphisher - Advanced Phishing tool

testing

typescript

  • magicuidesign/magicui - UI Library for Design Engineers. Animated components and effects you can copy and paste into your apps. Free. Open Source.
  • ant-design/ant-design - An enterprise-class UI design language and React UI library
  • NextAdminHQ/nextjs-admin-dashboard - Next.js admin dashboard template and UI components that come with pre-built elements, components, pages, high-quality design, integrations, and much more.
  • Milkdown/milkdown - 🍼 Plugin driven WYSIWYG markdown editor framework.
  • runmedev/vscode-runme - DevOps Notebooks Built with Markdown - VS Code extension

unity

  • dnSpyEx/dnSpy - Unofficial revival of the well known .NET debugger and assembly editor, dnSpy

vagrant

  • uber-common/metta - An information security preparedness tool to do adversarial simulation.

vue

web

webapp

  • HolyBugx/HolyTips - A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

windows

  • marksowell/nosleep - No Sleep is a simple PowerShell script that prevents a Windows virtual machine (or physical machine) from entering sleep mode. It's useful for ensuring continuous uptime during long-running tasks, tes
  • Pennyw0rth/NetExec - The Network Execution Tool
  • microsoft/vcpkg - C++ Library Manager for Windows, Linux, and MacOS
  • royalapplications/toolbox - This repository contains various automation scripts for Royal TS (for Windows) and Royal TSX (for macOS). Also included are dynamic folder samples. This collection consists of scripts by the Royal App
  • flutter/flutter - Flutter makes it easy and fast to build beautiful apps for mobile and beyond
  • bitsadmin/wesng - Windows Exploit Suggester - Next Generation
  • n1nj4sec/pupy - Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C
  • sethmlarson/truststore - Verify certificates using OS trust stores
  • rustdesk/rustdesk - An open-source remote desktop application designed for self-hosting, as an alternative to TeamViewer.
  • byt3bl33d3r/CrackMapExec - A swiss army knife for pentesting networks
  • calebstewart/pwncat - Fancy reverse and bind shell handler
  • WithSecureLabs/chainsaw - Rapidly Search and Hunt through Windows Forensic Artefacts
  • itm4n/PrivescCheck - Privilege Escalation Enumeration Script for Windows
  • mzfr/gtfo - Search gtfobins and lolbas files from your terminal
  • ohpe/juicy-potato - A sugared version of RottenPotatoNG, with a bit of juice, i.e. another Local Privilege Escalation tool, from a Windows Service Accounts to NT AUTHORITY\SYSTEM.
  • SecWiki/windows-kernel-exploits - windows-kernel-exploits Windows平台提权漏洞集合
  • Aetsu/OffensivePipeline - OfensivePipeline allows you to download and build C# tools, applying certain modifications in order to improve their evasion for Red Team exercises.
  • peass-ng/PEASS-ng - PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

wordpress

  • wpscanteam/wpscan - WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via [email protected]

License

CC0

To the extent possible under law, marksowell has waived all copyright and related or neighboring rights to this work.

About

A curated list of my GitHub stars!

Resources

Readme

License

CC0-1.0 license
Activity

Stars

6 stars

Watchers

1 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •