List of mine starred repositories, this list was pre-generated by generator.py

• Joxit/docker-registry-ui
  • The simplest and most complete UI for your private docker registry v2 and v3
• n8n-io/n8n
  • Fair-code workflow automation platform with native AI capabilities. Combine visual building with custom code, self-host or cloud, 400+ integrations.
• uber-go/mock
  • GoMock is a mocking framework for the Go programming language.
• agno-agi/agno
  • Multi-agent framework, runtime and control plane. Built for speed, privacy, and scale.
• pingcap/ossinsight
  • Analysis, Comparison, Trends, Rankings of Open Source Software, you can also get insight from more than 7 billion with natural language (powered by OpenAI). Follow us on Twitter: https://twitter.com/ossinsight
• chaoss/augur
  • Python library and web service for Open Source Software Health and Sustainability metrics & data collection. You can find our documentation and new contributor information easily here: https://oss-augur.readthedocs.io/en/main/
• gofiber/fiber
  • ⚡️ Express inspired web framework written in Go
• evrone/go-clean-template
  • Clean Architecture template for Golang services
• juanfont/headscale
  • An open source, self-hosted implementation of the Tailscale control server
• naughtygopher/goapp
  • An opinionated guideline to structure & develop a Go web application/service
• dwarvesf/hidden
  • An ultra-light MacOS utility that helps hide menu bar icons
• dqzboy/Docker-Proxy
  • 🔥 🔥 🔥 自建Docker镜像加速服务，基于官方Docker Registry 一键部署Docker、K8s、Quay、Ghcr、Mcr、Nvcr等镜像加速\管理服务。支持免服务器部署到 ClawCloud\Render\Koyeb
• DaoCloud/public-image-mirror
  • 很多镜像都在国外。比如 gcr 。国内下载很慢，需要加速。致力于提供连接全世界的稳定可靠安全的容器镜像服务。
• shadcnio/react-shadcn-components
  • Production-ready React components following shadcn/ui principles. TypeScript-first, Tailwind-styled, Radix-powered. Beautiful defaults with complete customization freedom. The frontend UI toolkit for vibecoders who ship fast and own their code.
• xzhih/one-key-hidpi
  • Enable macOS HiDPI and have a native setting.
• MikeWang000000/FakeSIP
  • Disguise your UDP traffic as SIP protocol to evade DPI detection, using Netfilter Queue (NFQUEUE).
• k3d-io/k3d
  • Little helper to run CNCF's k3s in Docker
• strapi/strapi
  • 🚀 Strapi is the leading open-source headless CMS. It’s 100% JavaScript/TypeScript, fully customizable, and developer-first.
• Steam-Headless/docker-steam-headless
  • A Headless Steam Docker image supporting NVIDIA GPU and accessible via Web UI
• DefectDojo/django-DefectDojo
  • Open-Source Unified Vulnerability Management, DevSecOps & ASPM
• pymumu/smartdns
  • A local DNS server to obtain the fastest website IP for the best Internet experience, support DoT, DoH, DoQ. 一个本地DNS服务器，获取最快的网站IP，获得最佳上网体验，支持DoH，DoT，DoQ。
• infobyte/faraday
  • Open Source Vulnerability Management Platform
• NVIDIA/gpu-operator
  • NVIDIA GPU Operator creates, configures, and manages GPUs in Kubernetes
• docker-mailserver/docker-mailserver
  • Production-ready fullstack but simple mail server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) running inside a container.
• comfyanonymous/ComfyUI
  • The most powerful and modular diffusion model GUI, api and backend with a graph/nodes interface.
• roundcube/roundcubemail
  • The Roundcube Webmail suite
• Wan-Video/Wan2.1
  • Wan: Open and Advanced Large-Scale Video Generative Models
• exo-explore/exo
  • Run your own AI cluster at home with everyday devices 📱💻 🖥️⌚
• anthropics/claude-code-security-review
  • An AI-powered security review GitHub Action using Claude to analyze code changes for security vulnerabilities.
• cncsnet1/jadx-gui-ai
  • jadx-gui反编译工具二次开发，接入AI赋能。
• jd-opensource/joyagent-jdgenie
  • 开源的端到端产品级通用智能体
• hadriansecurity/subwiz
  • A lightweight GPT model, trained to discover subdomains.
• mozillazg/ptcpdump
  • Process-aware, eBPF-based tcpdump
• testcontainers/testcontainers-go
  • Testcontainers for Go is a Go package that makes it simple to create and clean up container-based dependencies for automated integration/smoke tests. The clean, easy-to-use API enables developers to programmatically define containers that should be run as part of a test and clean up those resources when the test is done.
• gothinkster/realworld
  • "The mother of all demo apps" — Exemplary fullstack Medium.com clone powered by React, Angular, Node, Django, and many more
• hatchet-dev/hatchet
  • 🪓 Run Background Tasks at Scale
• riverqueue/river
  • Fast and reliable background jobs in Go
• hibiken/asynq
  • Simple, reliable, and efficient distributed task queue in Go
• triggerdotdev/trigger.dev
  • Trigger.dev – build and deploy fully‑managed AI agents and workflows
• bee-san/Ciphey
  • ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
• apple/container
  • A tool for creating and running Linux containers using lightweight virtual machines on a Mac. It is written in Swift, and optimized for Apple silicon.
• JSQLParser/JSqlParser
  • JSqlParser parses an SQL statement and translate it into a hierarchy of Java classes. The generated hierarchy can be navigated using the Visitor Pattern
• uiuc-kang-lab/cve-bench
  • CVE-Bench: A Benchmark for AI Agents’ Ability to Exploit Real-World Web Application Vulnerabilities
• iris-sast/iris
  • A neurosymbolic framework for vulnerability detection in code
• microsoft/AI-Red-Teaming-Playground-Labs
  • AI Red Teaming playground labs to run AI Red Teaming trainings including infrastructure.
• yt-dlp/yt-dlp
  • A feature-rich command-line audio/video downloader
• androguard/androguard
  • Reverse engineering and pentesting for Android applications
• peass-ng/PEASS-ng
  • PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
• sayan011/Immunefi-bug-bounty-writeups-list
  • curation of all(most) immunefi bug bounty writeups I could find(till now)
• 53n4d/executor
• gethomepage/homepage
  • A highly customizable homepage (or startpage / application dashboard) with Docker and service API integrations.
• openai/whisper
  • Robust Speech Recognition via Large-Scale Weak Supervision
• smacke/ffsubsync
  • Automagically synchronize subtitles with video.
• Huanshere/VideoLingo
  • Netflix-level subtitle cutting, translation, alignment, and even dubbing - one-click fully automated AI video subtitle team | Netflix级字幕切割、翻译、对齐、甚至加上配音，一键全自动视频搬运AI字幕组
• xdavidhu/awesome-google-vrp-writeups
  • 🐛 A list of writeups from the Google VRP Bug Bounty program
• slowmist/MCP-Security-Checklist
  • A comprehensive security checklist for MCP-based AI tools. Built by SlowMist to safeguard LLM plugin ecosystems.
• xnl-h4ck3r/waymore
  • Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan, VirusTotal & Intelligence X!
• yeswehack/PwnFox
  • PwnFox is a Firefox/Burp extension that provide usefull tools for your security audit.
• MetaCubeX/metacubexd
  • Mihomo Dashboard, The Official One, XD
• a2aproject/A2A
  • An open protocol enabling communication and interoperability between opaque agentic applications.
• patrickfav/uber-apk-signer
  • A cli tool that helps signing and zip aligning single or multiple Android application packages (APKs) with either debug or provided release certificates. It supports v1, v2 and v3 Android signing scheme has an embedded debug keystore and auto verifies after signing.
• httptoolkit/frida-interception-and-unpinning
  • Frida scripts to rewrite mobile applications at runtime to directly MitM all HTTPS traffic
• PortSwigger/bambdas
  • Bambdas collection for Burp Suite Professional and Community.
• kubeshark/kubeshark
  • The API traffic analyzer for Kubernetes providing real-time K8s protocol-level visibility, capturing and monitoring all traffic and payloads going in, out and across containers, pods, nodes and clusters. Inspired by Wireshark, purposely built for Kubernetes
• firerpa/lamda
  • The most powerful Android RPA agent framework, next generation of mobile automation robots.
• remote-android/redroid-doc
  • redroid (Remote-Android) is a multi-arch, GPU enabled, Android in Cloud solution. Track issues / docs here
• 123f321/datacon24_vuln_wp
  • datacon比赛2024年漏洞分析赛道解题框架与运行镜像压缩包
• langgenius/dify
  • Production-ready platform for agentic workflow development.
• narfindustries/http-garden
  • Differential testing framework for HTTP implementations
• mobile-dev-inc/Maestro
  • Painless E2E Automation for Mobile and Web
• microsoft/prompty
  • Prompty makes it easy to create, manage, debug, and evaluate LLM prompts for your AI applications. Prompty is an asset class and format for LLM prompts designed to enhance observability, understandability, and portability for developers.
• infiniflow/ragflow
  • RAGFlow is a leading open-source Retrieval-Augmented Generation (RAG) engine that fuses cutting-edge RAG with Agent capabilities to create a superior context layer for LLMs
• 1ndianl33t/Gf-Patterns
  • GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grep
• open-webui/open-webui
  • User-friendly AI Interface (Supports Ollama, OpenAI API, ...)
• Mintplex-Labs/anything-llm
  • The all-in-one Desktop & Docker AI application with built-in RAG, AI agents, No-code agent builder, MCP compatibility, and more.
• dmayboroda/minima
  • On-premises conversational RAG with configurable containers
• BewlyBewly/BewlyBewly
  • Just make a few small changes to your Bilibili homepage. (English | 简体中文 | 正體中文 | 廣東話)
• Acmesec/theAIMythbook
  • Ai迷思录（应用与安全指南）
• SagerNet/serenity
  • The configuration generator for sing-box
• lewish/asciiflow
  • ASCIIFlow
• zeyu2001/codecure
  • CodeCure is an AI-powered static code analysis platform that helps developers write more secure code.
• 0xHamy/zerodayf
  • Zerodayf is an advanced code analysis platform that leverages artificial intelligence & SAST to identify vulnerabilities within source code.
• fingerprintjs/fingerprintjs
  • The most advanced open-source browser fingerprinting library
• eteran/edb-debugger
  • edb is a cross-platform AArch32/x86/x86-64 debugger.
• Acmesec/PromptJailbreakManual
  • Prompt越狱手册
• CaiJimmy/hugo-theme-stack
  • Card-style Hugo theme designed for bloggers
• AmruthPillai/Reactive-Resume
  • A one-of-a-kind resume builder that keeps your privacy in mind. Completely secure, customizable, portable, open-source and free forever. Try it out today!
• alipay/ant-application-security-testing-benchmark
  • xAST评价体系，让安全工具不再“黑盒”. The xAST evaluation benchmark makes security tools no longer a "black box".
• laramies/theHarvester
  • E-mails, subdomains and names Harvester - OSINT
• gitleaks/gitleaks
  • Find secrets with Gitleaks 🔑
• ddzipp/AutoAudit
  • AutoAudit—— the LLM for Cyber Security 网络安全大语言模型
• API-Security/APIKit
  • APIKit：Discovery, Scan and Audit APIs Toolkit All In One.
• glitchedgitz/cook
  • A wordlist framework to fullfill your kinks with your wordlists. For security researchers, bug bounty and hackers.
• jaeles-project/gospider
  • Gospider - Fast web spider written in Go
• OpenVPN/openvpn
  • OpenVPN is an open source VPN daemon
• Quitten/Autorize
  • Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests
• k4yt3x/wg-meshconf
  • WireGuard full mesh configuration generator.
• RhinoSecurityLabs/pacu
  • The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
• xmdhs/clash2sfa
  • 将 Clash.Meta 格式的订阅链接转换为 sing-box 格式的订阅，用于 SFA
• 844704781/auto-video
  • 推文工具: 图片音频批量合成视频
• shubhamrooter/ShodanSpider
  • ShodanSpider is an open-source tool for interacting with Shodan. It lets you search and extract data from Shodan without an API key, offering a simple command-line interface. Premium users can integrate their API key for more results. Ideal for penetration testers and cybersecurity researchers.
• Codennnn/Green-Wall
  • ⬜🟩 GitHub Contributions Graph Generator.
• projectdiscovery/naabu
  • A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests
• edoardottt/scilla
  • Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration
• Qftm/Information_Collection_Handbook
  • Handbook of information collection for penetration testing and src
• chaitin/xapp
• ClickHouse/ClickHouse
  • ClickHouse® is a real-time analytics database management system
• advanced-security/codeql-development-toolkit
  • The CodeQL Development toolkit is a tool for making common CodeQL development workflows easier.
• oasis-tcs/sarif-spec
  • OASIS SARIF TC: Repository for development of the draft standard, where requests for modification should be made via Github Issues
• advanced-security/sample-codeql-pipeline-config
  • Integrate CodeQL into CI/CD pipelines, using the CodeQL CLI Bundle for Automated Code Scanning
• pytorch/serve
  • Serve, optimize and scale PyTorch models in production
• lutzroeder/netron
  • Visualizer for neural network, deep learning and machine learning models
• apache/avro
  • Apache Avro is a data serialization system.
• protectai/modelscan
  • Protection against Model Serialization Attacks
• wazuh/wazuh
  • Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
• CreditTone/hooker
  • 🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL unpinning for all apps.
• r0oth3x49/ghauri
  • An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws
• mpv-player/mpv
  • 🎥 Command line media player
• zenml-io/zenml
  • ZenML 🙏: One AI Platform from Pipelines to Agents. https://zenml.io.
• yeahx/KubeAPI-Inspector
  • A tool specifically designed for Kubernetes environments aims to efficiently and automatically discover hidden vulnerable APIs within clusters.
• lnxd/docker-github-backup
  • A backup script for GitHub repositories
• bit4woo/domain_hunter_pro
  • domain_hunter的高级版本，SRC挖洞、HW打点之必备！自动化资产收集；快速Title获取；外部工具联动；等等
• N1nEmAn/Sevnup
  • a tools to run qemu automatically for simulate firmware of IoT
• Ackites/KillWxapkg
  • 自动化反编译微信小程序，小程序安全评估工具，发现小程序安全问题，自动解密，解包，可还原工程目录，支持Hook，小程序修改
• reqable/reqable-app
  • Reqable issue track repo
• pyenv-win/pyenv-win
  • pyenv for Windows. pyenv is a simple python version management tool. It lets you easily switch between multiple versions of Python. It's simple, unobtrusive, and follows the UNIX tradition of single-purpose tools that do one thing well.
• pyenv/pyenv
  • Simple Python version management
• Az0x7/vulnerability-Checklist
  • This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter
• PacktPublishing/Malware-Development-for-Ethical-Hackers
  • Malware Development for Ethical Hackers, published by Packt
• chebuya/sastsweep
  • tool designed for identifying vulnerabilities in open source codebases at scale. It can gather and filter on key repository metrics such as popularity and project size
• asterinas/asterinas
  • Asterinas is a secure, fast, and general-purpose OS kernel, written in Rust and providing Linux-compatible ABI.
• frida/frida
  • Clone this repo to build Frida
• Hack-with-Github/Awesome-Hacking
  • A collection of various awesome lists for hackers, pentesters and security researchers
• cbeuw/Cloak
  • A censorship circumvention tool to evade detection by authoritarian state adversaries
• mullvad/udp-over-tcp
  • Proxy UDP traffic over a TCP stream
• dndx/phantun
  • Transforms UDP stream into (fake) TCP streams that can go through Layer 3 & Layer 4 (NAPT) firewalls/NATs.
• angristan/wireguard-install
  • WireGuard VPN installer for Linux servers
• wg-easy/wg-easy
  • The easiest way to run WireGuard VPN + Web-based Admin UI.
• hwdsl2/wireguard-install
  • WireGuard VPN server installer for Ubuntu, Debian, AlmaLinux, Rocky Linux, CentOS, Fedora, openSUSE and Raspberry Pi OS
• xubiaolin/docker-zerotier-planet
  • 一分钟私有部署zerotier-planet服务
• kaaass/ZerotierFix
  • An unofficial Zerotier Android client patched from official client
• MuiseDestiny/zotero-style
  • Ethereal Style for Zotero
• windingwind/zotero-pdf-translate
  • Translate PDF, EPub, webpage, metadata, annotations, notes to the target language. Support 20+ translate services.
• mwarning/zerotier-openwrt
  • A OpenWrt package for ZeroTier One - Pull requests are welcome!
• usememos/memos
  • An open-source, self-hosted note-taking service. Your thoughts, your data, your control — no tracking, no ads, no subscription fees.
• shawnkhall/Tools
• duckdb/duckdb
  • DuckDB is an analytical in-process SQL database management system
• Bearer/bearer
  • Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
• wireghoul/graudit
  • grep rough audit - source code auditing tool
• MobSF/Mobile-Security-Framework-MobSF
  • Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
• ciiiii/cloudflare-docker-proxy
  • A docker registry proxy run on cloudflare worker.
• allanlw/svg-cheatsheet
  • A cheatsheet for exploiting server-side SVG processors.
• nieheyong/logcat-in-devtools
  • View android adb logcat logs in chrome devtools console
• protectai/vulnhuntr
  • Zero shot vulnerability discovery using LLMs
• nollium/CVE-2024-9264
  • Exploit for Grafana arbitrary file-read and RCE (CVE-2024-9264)
• grafana/grafana
  • The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.
• vectra-ai-research/Halberd
  • Halberd : Multi-Cloud Agentic Attack Tool
• ben-manes/caffeine
  • A high performance caching library for Java
• posquit0/Awesome-CV
  • 📄 Awesome CV is LaTeX template for your outstanding job application
• VoorivexTeam/BugBountyTips
• spyboy-productions/CloakQuest3r
  • Uncover the true IP address of websites safeguarded by Cloudflare & Others
• Asperis-Security/xssFuzz
  • 🚀 XSSFUZZ - A tool for detecting XSS vulnerabilities in web applications.
• projectdiscovery/subfinder
  • Fast passive subdomain enumeration tool.
• zzzteph/sheye
  • Opensource assets and vulnerability scanning tool
• hahwul/dalfox
  • 🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
• KathanP19/Gxss
  • A tool to check a bunch of URLs that contain reflecting params.
• s0md3v/uro
  • declutters url lists for crawling/pentesting
• lyc8503/UptimeFlare
  • ✔ Free and serverless uptime monitoring / status page on Cloudflare Workers, with Geo-specific checks
• nuxt/nuxt
  • The Progressive Web Framework.
• shuanx/BurpAPIFinder
  • 攻防演练过程中，我们通常会用浏览器访问一些资产，但很多未授权/敏感信息/越权隐匿在已访问接口过html、JS文件等，该插件能让我们发现未授权/敏感信息/越权/登陆接口等。
• google/security-research
  • This project hosts security advisories and their accompanying proof-of-concepts related to research conducted at Google which impact non-Google owned code.
• OpenCTI-Platform/opencti
  • Open Cyber Threat Intelligence Platform
• githubXiaowangzi/NP-Manager
  • Apk控制流混淆；Apk-Dex2C；Res资源混淆；Dex、jar、smali文件的相互转换； Dex、Pdf文件合并； Apk、dex、jar混淆和字符串加密； Apk签名、共存； Res资源混淆； Dex、AXML、ARSC文件编辑及翻译；字符串加密(Apk、dex)； 一键添加Xposed检测，一键添加弹窗、对话框； axml反编译/回编译； 一键LOG添加； 一键添加字符串解密LOG，Dex文件换包名； 一键添加禁止截屏，一键添加Apk崩溃日志记录； Apk超级混淆3.0--高效率直接对dex混淆，支持混淆四大组件，支持多dex； Apk功能--DEX混淆对抗；屏幕取色器；屏幕标尺。
• UndeadSec/DockerSpy
  • DockerSpy searches for images on Docker Hub and extracts sensitive information such as authentication secrets, private keys, and more.
• TheAlgorithms/Java
  • All Algorithms implemented in Java
• GTFOBins/GTFOBins.github.io
  • GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems
• Magisk-Modules-Repo/MagiskHidePropsConf
  • This tool is now dead...
• winsw/winsw
  • A wrapper executable that can run any executable as a Windows service, in a permissive license.
• Palatis/XAppDebug
  • toggle app debuggable
• APKLab/APKLab
  • Android Reverse-Engineering Workbench for VS Code
• RSSNext/Folo
  • 🧡 Folo is the AI Reader
• pxb1988/dex2jar
  • Tools to work with android .dex and java .class files
• LSPosed/LSPosed
  • LSPosed Framework
• newbit1/rootAVD
  • Script to root AVDs running with QEMU Emulator from Android Studio
• ZJ595/AndroidReverse
  • 《安卓逆向这档事》
• gojue/ecapture
  • Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64.
• Dr-TSNG/ZygiskNext
  • Standalone implementation of Zygisk
• NVISOsecurity/AlwaysTrustUserCerts
  • A Magisk/KernelSU module that automatically adds user certificates to the system root CA store
• angr/angr
  • A powerful and user-friendly binary analysis platform!
• topjohnwu/Magisk
  • The Magic Mask for Android
• iBotPeaches/Apktool
  • A tool for reverse engineering Android apk files
• Genymobile/scrcpy
  • Display and control your Android device
• Spikhalskiy/zerotier-unraid-docker
  • Zerotier docker for unRaid
• typst/typst
  • A markup-based typesetting system that is powerful and easy to learn.
• lc/gau
  • Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.
• gh0stkey/CaA
  • CaA - Collector and Analyzer, Insight into information, exploring with intelligence in a thousand ways.
• TideSec/TscanPlus
  • 一款综合性网络安全检测和运维工具，旨在快速资产发现、识别、检测，构建基础资产信息库，协助甲方安全团队或者安全运维人员有效侦察和检索资产，发现存在的薄弱点和攻击面。
• l3yx/Choccy
  • GitHub项目监控 && CodeQL自动扫描 (GitHub project monitoring && CodeQL automatic analysis)
• Lakr233/NotchDrop
  • Use your MacBook's notch like Dynamic Island for temporary storing files and AirDrop
• CrossPaste/crosspaste-desktop
  • Universal Pasteboard Across Devices
• ventoy/Ventoy
  • A new bootable USB solution.
• dani-garcia/vaultwarden
  • Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs
• Blue-Team-CN/Data-sharing
  • 资料分享
• xcanwin/CVE-2024-4577-PHP-RCE
  • [漏洞复现] 全球首款利用PHP默认环境（XAMPP）的CVE-2024-4577 PHP-CGI RCE 漏洞 EXP。
• cowrie/cowrie
  • Cowrie SSH/Telnet Honeypot https://docs.cowrie.org/
• rshipp/awesome-malware-analysis
  • Defund the Police.
• fabrimagic72/malware-samples
  • A collection of malware samples caught by several honeypots i manage
• qi4L/JYso
  • JNDIExploit or a ysoserial.
• tabby-sec/tabby-intellij-plugin
  • A IntelliJ Plugin for Tabby to Find Vulnerabilities Easily
• BytecodeDL/graphdb-intellij-plugin
  • neo4j plugin of ByteCodeDL for the IntelliJ Platform. ByteCodeDL-Neo4j-IDEA-Plugin
• kafbat/kafka-ui
  • Open-Source Web UI for managing Apache Kafka clusters
• apache/kafka
  • Mirror of Apache Kafka
• veracode-research/rogue-jndi
  • A malicious LDAP server for JNDI injection attacks
• alienator88/Pearcleaner
  • A free, source-available and fair-code licensed mac app cleaner
• exelban/stats
  • macOS system monitor in your menu bar
• pen4uin/java-echo-generator
  • 一款支持自定义的 Java 回显载荷生成工具｜A customizable Java echo payload generation tool.
• pen4uin/java-memshell-generator
  • 一款支持自定义的 Java 内存马生成工具｜A customizable Java in-memory webshell generation tool.
• artsploit/ysoserial
  • A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
• microsoft/rusty-radamsa
  • Radamsa fuzzer ported to rust lang
• HavocFramework/Havoc
  • The Havoc Framework
• threatexpress/malleable-c2
  • Cobalt Strike Malleable C2 Design and Reference Guide
• gloxec/CrossC2
  • generate CobaltStrike's cross-platform payload
• Peithon/JustC2file
  • Burp插件，Malleable C2 Profiles生成器；可以通过Burp代理选中请求，生成Cobalt Strike的profile文件(CSprofile)
• clash-verge-rev/clash-verge-rev
  • A modern GUI client based on Tauri, designed to run in Windows, macOS and Linux for tailored proxy experience
• rclone/rclone
  • "rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Drive, Swift, Hubic, Wasabi, Google Cloud Storage, Azure Blob, Azure Files, Yandex Files
• siduck/chadwm
  • Making dwm as beautiful as possible!
• vxCrypt0r/Voidgate
  • A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfvenom) by performing on-the-fly decryption of individual encrypted assembly instructions, thus rendering memory scanners useless for that specific memory page.
• L-codes/Neo-reGeorg
  • Neo-reGeorg is a project that seeks to aggressively refactor reGeorg
• esrrhs/pingtunnel
  • Pingtunnel is a tool that send TCP/UDP traffic over ICMP
• GoogleCloudPlatform/osconfig
• tangxiaofeng7/Security_Q-A
  • 安全面试题
• zhuima/awesome-cloudflare
  • ⛅️ 精选的 Cloudflare 工具、开源项目、指南、博客和其他资源列表。/ ⛅️ A curated list of Cloudflare tools, open source projects, guides, blogs and other resources.
• rthalley/dnspython
  • a powerful DNS toolkit for python
• key-networks/ztncui
  • ZeroTier network controller UI
• AstroNvim/astrocommunity
  • A community repository of common plugin specifications
• distribution/distribution
  • The toolkit to pack, ship, store, and deliver container content
• OpenNMS/opennms
  • Enterprise-Grade Open-Source Network Management Platform
• projectdiscovery/nuclei-burp-plugin
  • Nuclei plugin for BurpSuite
• Notselwyn/CVE-2024-1086
  • Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4% in KernelCTF images.
• mouadk/Insomnihack2024
  • Insomnihack2024
• whocansee/FilelessAgentMemShell
  • 无需文件落地Agent内存马生成器
• elttam/semgrep-rules
• lijiejie/swagger-exp
  • A Swagger API Exploit
• 0xless/slip
  • Slip is a CLI tool to create malicious archive files containing path traversal payloads. It supports zip, tar, 7z and zip-like (jar, war, apk, ipa, ...) archives
• ollama/ollama
  • Get up and running with OpenAI gpt-oss, DeepSeek-R1, Gemma 3 and other models.
• rtcatc/Packer-Fuzzer
  • Packer Fuzzer is a fast and efficient scanner for security detection of websites constructed by javascript module bundler such as Webpack.
• devblackops/Terminal-Icons
  • A PowerShell module to show file and folder icons in the terminal
• GitHubSecurityLab/CodeQL-Community-Packs
  • Collection of community-driven CodeQL query, library and extension packs
• GitHubSecurityLab/gh-mrva
  • Run CodeQL queries at scale using Multi-Repository Variant Analysis (MRVA)
• juice-shop/juice-shop
  • OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
• 0xacb/recollapse
  • REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications
• open-telemetry/opentelemetry-ebpf-profiler
  • The production-scale datacenter profiler (C/C++, Go, Rust, Python, Java, NodeJS, .NET, PHP, Ruby, Perl, ...)
• alibaba/arthas
  • Alibaba Java Diagnostic Tool Arthas/Alibaba Java诊断利器Arthas
• Ignitetechnologies/BurpSuite-For-Pentester
  • This cheatsheet is built for the Bug Bounty Hunters and penetration testers in order to help them hunt the vulnerabilities from P4 to P1 solely and completely with "BurpSuite".
• mitmproxy/mitmproxy
  • An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
• projectdiscovery/httpx
  • httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
• aboul3la/Sublist3r
  • Fast subdomains enumeration tool for penetration testers
• projectdiscovery/nuclei-templates
  • Community curated list of templates for the nuclei engine to find security vulnerabilities.
• apache/cxf
  • Apache CXF
• lanbinleo/bili2text
  • Bilibili视频转文字，一步到位，输入链接即可使用
• kelvinBen/AppInfoScanner
  • 一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具，可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如：Title、Domain、CDN、指纹信息、状态信息等。
• GerbenJavado/LinkFinder
  • A python script that finds endpoints in JavaScript files
• elkokc/reflector
  • Burp plugin able to find reflected XSS on page in real-time while browsing on site
• CTF-MissFeng/bayonet
  • bayonet是一款src资产管理系统，从子域名、端口服务、漏洞、爬虫等一体化的资产管理系统
• EdgeSecurityTeam/EHole
  • EHole(棱洞)3.0 重构版-红队重点攻击系统指纹探测工具
• biggerduck/RedTeamNotes
  • 红队笔记
• Micropoor/Micro8
  • Gitbook
• gh0stkey/HaE
  • HaE - Highlighter and Extractor, Empower ethical hacker for efficient operations.
• fishaudio/Bert-VITS2
  • vits2 backbone with multilingual-bert
• ggreer/the_silver_searcher
  • A code-searching tool similar to ack, but faster.
• tomnomnom/gf
  • A wrapper around grep, to help you grep for things
• gogf/gf
  • A powerful framework for faster, easier, and more efficient project development.
• reddelexc/hackerone-reports
  • Top disclosed reports from HackerOne
• wux1an/wxapkg
  • 微信小程序反编译工具，.wxapkg 文件扫描 + 解密 + 解包工具
• nicocha30/ligolo-ng
  • An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.
• CodeIntelligenceTesting/jazzer
  • Coverage-guided, in-process fuzzing for the JVM
• binaryai/sdk
  • Get results of binaryai.cn using our SDK
• github/codeql-variant-analysis-action
• OI-wiki/OI-wiki
  • 🌟 Wiki of OI / ICPC for everyone. （某大型游戏线上攻略，内含炫酷算术魔法）
• microsoft/IoT-For-Beginners
  • 12 Weeks, 24 Lessons, IoT for All!
• h4x0r-dz/Leaked-Credentials
  • how to look for Leaked Credentials !
• altair-graphql/altair
  • ✨⚡️ A feature-rich GraphQL Client for all platforms.
• andriyor/ghtopdep
  • ⭐ CLI tool for sorting dependents repo by stars
• quarkusio/quarkus
  • Quarkus: Supersonic Subatomic Java.
• dogsheep/github-to-sqlite
  • Save data from GitHub to a SQLite database
• momosecurity/FindSomething
  • 基于chrome、firefox插件的被动式信息泄漏检测工具
• danielmiessler/SecLists
  • SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
• k1nd0ne/VolWeb
  • A centralized and enhanced memory analysis platform
• yoryio/CVE-2024-20767
  • Exploit for CVE-2024-20767 - Adobe ColdFusion
• BishopFox/sj
  • A tool for auditing endpoints defined in exposed (Swagger/OpenAPI) definition files.
• OWASP/mastg
  • The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWASP Mobile Security Weakness Enumeration (MASWE) weaknesses, which are in alignment with the OWASP MASVS.
• ganeshrvel/openmtp
  • OpenMTP - Advanced Android File Transfer Application for macOS
• hehehai/x-hiring
  • 🤗 每日最新招聘信息，使用 Google AI 提取摘要
• yhy0/github-cve-monitor
  • 实时监控github上新增的cve、自定义关键字、安全工具更新、大佬仓库监控，并多渠道推送通知
• opencve/opencve
  • Vulnerability Intelligence Platform
• thombergs/code-examples
  • A collection of code examples from blog posts etc.
• lz520520/railgun
• trailofbits/vscode-weaudit
  • Create code bookmarks and code highlights with a click.
• lobehub/lobe-chat
  • 🤯 LobeHub - an open-source, modern design AI Agent Workspace. Supports multiple AI providers, Knowledge Base (file upload / RAG ), one click install MCP Marketplace and Artifacts / Thinking. One-click FREE deployment of your private AI Agent application.
• LyleMi/Learn-Web-Hacking
  • Study Notes For Web Hacking / Web安全学习笔记
• satan1a/TheRoadOfSO
  • 学习安全运营的记录 | The knowledge base of security operation
• projectdiscovery/katana
  • A next-generation crawling and spidering framework.
• wgpsec/ENScan_GO
  • 一款基于各大企业信息API的工具，解决在遇到的各种针对国内企业信息收集难题。一键收集控股公司ICP备案、APP、小程序、微信公众号等信息聚合导出。支持MCP接入
• chaitin/rad
• maurosoria/dirsearch
  • Web path scanner
• obheda12/GitDorker
  • A Python program to scrape secrets from GitHub through usage of a large repository of dorks.
• FeeiCN/GSIL
  • GitHub Sensitive Information Leakage（GitHub敏感信息泄露监控）
• sensepost/gowitness
  • 🔍 gowitness - a golang, web screenshot utility using Chrome Headless
• synacktiv/QLinspector
  • Finding Java gadget chains with CodeQL
• owasp-amass/amass
  • In-depth attack surface mapping and asset discovery
• fransr/postMessage-tracker
  • A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon
• nickboucher/trojan-source
  • Trojan Source: Invisible Vulnerabilities
• tdragon6/Supershell
  • Supershell C2 远控平台，基于反向SSH隧道获取完全交互式Shell
• nitrojs/nitro
  • Next Generation Server Toolkit. Create web servers with everything you need and deploy them wherever you prefer.
• Everduin94/better-commits
  • A CLI for creating better commits following the conventional commits specification
• trailofbits/testing-handbook
  • Trail of Bits Testing Handbook
• trailofbits/semgrep-rules
  • Semgrep queries developed by Trail of Bits.
• yarrick/iodine
  • Official git repo for iodine dns tunnel
• apache/answer
  • A Q&A platform software for teams at any scales. Whether it's a community forum, help center, or knowledge management platform, you can always count on Apache Answer.
• SagerNet/sing-box
  • The universal proxy platform
• cncf/foundation
  • ☁️♮🏛 This repo contains several documents related to the operation of the CNCF. File non-technical issues related to CNCF here.
• nickvourd/Windows-Local-Privilege-Escalation-Cookbook
  • Windows Local Privilege Escalation Cookbook
• chainreactors/gogo
  • 面向红队的, 高性能高度自由可拓展的自动化扫描引擎 | A highly controllable and extensionable automated scanning engine for red teams
• bodhiye/paste
  • 代码便利贴，在线代码分享平台~
• codecrafters-io/build-your-own-x
  • Master programming by recreating your favorite technologies from scratch.
• char/noverify-hackery
  • Force-disabling the JVM bytecode verifier
• ExpLangcn/NucleiTP
  • 自动整合全网Nuclei的漏洞POC，实时同步更新最新POC！
• HackTricks-wiki/hacktricks
  • Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
• ossf/scorecard
  • OpenSSF Scorecard - Security health metrics for Open Source
• ossf/malicious-packages
  • A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerability (OSV) format.
• jetify-com/devbox
  • Instant, easy, and predictable development environments
• scopt/scopt
  • command line options parsing for Scala
• protocolbuffers/protobuf
  • Protocol Buffers - Google's data interchange format
• practical-tutorials/project-based-learning
  • Curated list of project-based tutorials
• xhycccc/Struts2-Vuln-Demo
  • Struts2漏洞实例源码
• ossf/alpha-omega
  • Our mission is to catalyze sustainable improvements to critical open source software projects and ecosystems.
• advanced-security/codeql-queries
  • [Deprecated] GitHub's Field Team's CodeQL Custom Queries, Suites, and Configurations. See GitHubSecurityLab/CodeQL-Community-Packs instead
• ossf/criticality_score
  • Gives criticality score for an open source project
• github/codeql-dubbo-workshop
• koekeishiya/yabai
  • A tiling window manager for macOS based on binary space partitioning
• 0xdea/semgrep-rules
  • A collection of my Semgrep rules to facilitate vulnerability research.
• github/codeql-action
  • Actions for running CodeQL analysis
• apache/tinkerpop
  • Apache TinkerPop - a graph computing framework
• ShiftLeftSecurity/overflowdb-codegen
• cytoscape/cytoscape.js
  • Graph theory (network) library for visualisation and analysis
• ShiftLeftSecurity/overflowdb
  • ShiftLeft OverflowDB
• plume-oss/plume
  • Plume is a code representation benchmarking library with options to extract the AST from Java bytecode and store the result in various graph databases.
• ShiftLeftSecurity/codepropertygraph
  • Code Property Graph: specification, query language, and utilities
• fmbenhassine/jql
  • Java code analysis and linting with SQL
• INRIA/spoon
  • Spoon is a metaprogramming library to analyze and transform Java source code. 🥄 is made with ❤️, 🍻 and ✨. It parses source files to build a well-designed AST with powerful analysis and transformation API.
• find-sec-bugs/find-sec-bugs
  • The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
• spotbugs/spotbugs
  • SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.
• joernio/joern
  • Open-source code analysis platform for C/C++/Java/Binary/Javascript/Python/Kotlin based on code property graphs. Discord https://discord.gg/vv4MH284Hc
• GetStream/Winds
  • A Beautiful Open Source RSS & Podcast App Powered by Getstream.io
• yang991178/fluent-reader
  • Modern desktop RSS reader built with Electron, React, and Fluent UI
• go-gost/gost
  • GO Simple Tunnel - a simple tunnel written in golang
• devsecopsguides/devsecopsguides.github.io
  • DevSecOpsGuides
• vulncheck-oss/go-exploit
  • A Go-based Exploit Framework
• ginuerzh/gost
  • GO Simple Tunnel - a simple tunnel written in golang
• Osmose/firefox-cert-override
  • Python library and CLI for reading and writing cert_override.txt files.
• zerotier/zeronsd
  • A DNS server for ZeroTier users
• jassics/security-study-plan
  • Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...
• sottlmarek/DevSecOps
  • Ultimate DevSecOps library
• caddyserver/caddy
  • Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS
• BuilderIO/gpt-crawler
  • Crawl a site to generate knowledge files to create your own custom GPT from a URL
• Jonnyan404/zerotier-planet
  • 一分钟自建zerotier-planet
• ZhuriLab/Yi
  • 项目监控工具 以及 Codeql 自动运行
• ticarpi/jwt_tool
  • 🐍 A toolkit for testing, tweaking and cracking JSON Web Tokens
• rwv/docker-zerotier-moon
  • 🐳 A docker image to create ZeroTier moon in one step.
• wangyu-/udp2raw
  • A Tunnel which Turns UDP Traffic into Encrypted UDP/FakeTCP/ICMP Traffic by using Raw Socket,helps you Bypass UDP FireWalls(or Unstable UDP Environment)
• kmahyyg/ztncui-aio
  • Licensed Under GPL v3
• librespeed/speedtest
  • Self-hosted Speed Test for HTML5 and more. Easy setup, examples, configurable, mobile friendly. Supports PHP, Node, Multiple servers, and more
• zerotier/ZeroTierOne
  • A Smart Ethernet Switch for Earth
• auth0/docs
  • Auth0 documentation
• silentsignal/rsa_sign2n
  • Deriving RSA public keys from message-signature pairs
• wallarm/jwt-secrets
• Cryin/JavaID
  • java source code static code analysis and danger function identify prog
• danuk/k8s-webdav
  • Kubernetes Helm chart for WebDav
• web-platform-tests/wpt
  • Test suites for Web platform specs — including WHATWG, W3C, and others
• bagder/docs
  • Internet protocols and tools related documentation
• jbranchaud/til
  • 📝 Today I Learned
• microsoft/inshellisense
  • IDE style command line auto complete
• hakluke/hakrevdns
  • Small, fast tool for performing reverse DNS lookups en masse.
• hahwul/DevSecOps
  • ♾️ Collection and Roadmap for everyone who wants DevSecOps. Hope your DevOps are more safe 😎
• neo4j-examples/movies-java-spring-data-neo4j
  • Neo4j Movies Example with Spring Data Neo4j
• noidsirius/SootTutorial
  • A step-by-step tutorial for Soot (a Java static analysis framework)
• PortSwigger/turbo-intruder
  • Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
• coredns/coredns
  • CoreDNS is a DNS server that chains plugins
• bitnami/charts
  • Bitnami Helm Charts
• pascal-lab/Tai-e
  • An easy-to-learn/use static analysis framework for Java
• knownsec/KCon
  • KCon is a famous Hacker Con powered by Knownsec Team.
• rancher/local-path-provisioner
  • Dynamically provisioning persistent local storage with Kubernetes
• oracle/oci-cloud-controller-manager
  • Kubernetes Cloud Controller Manager implementation for Oracle Cloud Infrastructure
• TideSec/TideFinger_Go
  • 一个Go版(更强大)的TideFinger指纹识别工具，可对web和主机指纹进行识别探测，整合梳理互联网指纹2.3W余条，在效率和指纹覆盖面方面进行了平衡和优化。
• oracle/cluster-api-provider-oci
  • Kubernetes Cluster API Provider for Oracle Cloud Infrastructure
• chasays/newsletter-list
  • 有趣，免费的 newsletter，欢迎推荐
• flannel-io/flannel
  • flannel is a network fabric for containers, designed for Kubernetes
• projectcalico/calico
  • Cloud native networking and network security
• containernetworking/cni
  • Container Network Interface - networking for Linux containers
• kantega/notsoserial
  • Java Agent which mitigates deserialisation attacks by making certain classes unserializable
• n0a/telegram-get-remote-ip
  • Get IP address on other side audio call in Telegram.
• aquasecurity/kube-bench
  • Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark
• zfdang/Android-Touch-Helper
  • 开屏跳过-安卓系统的开屏广告自动跳过助手
• ansible/ansible
  • Ansible is a radically simple IT automation platform that makes your applications and systems easier to deploy and maintain. Automate everything from code deployment to network configuration to cloud management, in a language that approaches plain English, using SSH, with no agents to install on remote systems. https://docs.ansible.com.
• honeytrap/honeytrap
  • Advanced Honeypot framework.
• telekom-security/tpotce
  • 🍯 T-Pot - The All In One Multi Honeypot Platform 🐝
• containerd/containerd
  • An open and reliable container runtime
• Feysh-Group/corax-community
  • Corax for Java: A general static analysis framework for java code checking.
• seal-io/walrus
  • Walrus is an open-source application management platform based on IaC tools including OpenTofu, Terraform and others. It helps platform engineers build golden paths for developers and empowers developers with self-service capabilities.
• kubernetes-sigs/kubespray
  • Deploy a Production Ready Kubernetes Cluster
• c0ny1/FastjsonExploit
  • Fastjson vulnerability quickly exploits the framework（fastjson漏洞快速利用框架）
• safe6Sec/Fastjson
  • Fastjson姿势技巧集合
• orangetw/My-Presentation-Slides
  • Collections of Orange Tsai's public presentation slides.
• WebGoat/WebGoat
  • WebGoat is a deliberately insecure application
• kamranahmedse/developer-roadmap
  • Interactive roadmaps, guides and other educational content to help developers grow in their careers.
• wala/WALA
  • T.J. Watson Libraries for Analysis, with front ends for Java, Android, and JavaScript, and many common static program analyses.
• soot-oss/SootUp
  • A new version of Soot with a completely overhauled architecture
• AdguardTeam/AdGuardHome
  • Network-wide ads & trackers blocking DNS server
• typecho/typecho
  • A PHP Blogging Platform. Simple and Powerful.
• mipmip/github-action-markdown-link-extract-to-json
  • Extracts link from a section inside a markdown file and stores them into a json file
• j3ers3/Hello-Java-Sec
  • ☕️ Java Security，安全编码和代码审计
• jeecgboot/JeecgBoot
  • 🔥AI低代码平台，助力企业快速实现低代码开发和构建AI应用！前后端分离架构 SpringBoot3，SpringCloud、MybatisPlus，Ant Design&Vue3、TS+vite！强大代码生成器实现前后端一键生成，无需手写代码! 引领AI低代码开发模式：AI生成→在线编码→代码生成→手工合并，解决Java项目80%重复工作，提升效率，节省成本，兼顾灵活性~
• hacklcx/HFish
  • 安全、可靠、简单、免费的企业级蜜罐
• joonspk-research/generative_agents
  • Generative Agents: Interactive Simulacra of Human Behavior
• mgeeky/Penetration-Testing-Tools
  • A collection of more than 170+ tools, scripts, cheatsheets and other loots that I've developed over years for Red Teaming/Pentesting/IT Security audits purposes.
• tsl0922/ttyd
  • Share your terminal over the web
• novnc/websockify
  • Websockify is a WebSocket to TCP proxy/bridge. This allows a browser to connect to any application/server/service.
• moonD4rk/HackBrowserData
  • Extract and decrypt browser data, supporting multiple data types, runnable on various operating systems (macOS, Windows, Linux).
• umijs/dumi
  • 📖 Static Site Generator for component library development
• vastxie/Happy-ChatGPT
  • ChatGPT 国粹版，和 GPT 一起学习地道的中国话吧
• j2ekim/Pentest_Project
  • 整理渗透测试、内网渗透、应急响应、密码字典、漏洞库、代码审计、渗透测试面试题相关项目
• projectdiscovery/nuclei
  • Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.
• ossf/fuzz-introspector
  • Fuzz Introspector -- introspect, extend and optimise fuzzers
• kyo-w/router-router
  • Java web路由内存分析工具
• snyk/aether-demo
  • Aether project repository (aether-demo)
• fatedier/frp
  • A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
• tom0li/collection-document
  • Collection of quality safety articles. Awesome articles.
• LGUG2Z/komorebi
  • A tiling window manager for Windows 🍉
• netmikey/mvncloner
  • Clone / mirror all or part of a remote maven repository into another one
• yaklang/yaklang
  • A programming language exclusively designed for cybersecurity
• arangodb/arangodb
  • 🥑 ArangoDB is a native multi-model database with flexible data models for documents, graphs, and key-values. Build high performance applications using a convenient SQL-like query language or JavaScript extensions.
• sonatype/nexus-public
  • Sonatype Nexus Repository Open-source codebase mirror
• xl7dev/WebShell
  • Webshell && Backdoor Collection
• jar-analyzer/jar-analyzer-v1-cli
  • 本项目可以把一个或多个Jar包构建成数据库，用户连接数据库后通过SQL语句任意搜索需要的内容，例如类和方法信息，方法调用关系等
• CVEProject/cvelist
  • Pilot program for CVE submission through GitHub. CVE Record Submission via Pilot PRs ending 6/30/2023
• google/deps.dev
  • Resources for the deps.dev API
• buresdv/Cork
  • A fast GUI for Homebrew written in SwiftUI
• huggingface/transformers
  • 🤗 Transformers: the model-definition framework for state-of-the-art machine learning models in text, vision, audio, and multimodal models, for both inference and training.
• JoyChou93/java-sec-code
  • Java web common vulnerabilities and security code which is base on springboot and spring security
• DeltaJordan/BotW-Save-Manager
  • BOTW Save Manager for Switch and Wii U
• zserge/awfice
  • The world smallest office suite
• blabla1337/skf-flask
  • Security Knowledge Framework (SKF) Python Flask / Angular project
• apache/seatunnel
  • SeaTunnel is a multimodal, high-performance, distributed, massive data integration tool.
• mheath/netty-mysql-codec
  • A Netty Codec for the MySQL/MariaDB protocol
• hoverbike1/TOTK-Mods-collection
  • Mod repo for Tears of The Kingdom (TOTK) for Switch and Switch Emulation
• chaitin/xpoc
  • 为供应链漏洞扫描设计的快速应急响应工具 [快速应急] [漏洞扫描] [端口扫描] [xray2.0进行时] A fast emergency response tool designed for supply chain vulnerability scanning.
• mysql/mysql-connector-python
  • MySQL Connector/Python is implementing the MySQL Client/Server protocol completely in Python. No MySQL libraries are needed, and no compilation is necessary to run this Python DB API v2.0 compliant driver. Documentation & Download: http://dev.mysql.com/doc/connector-python/en
• xelabs/go-mysqlstack
  • MySQL protocol library implementing in Go (golang)
• Gifts/Rogue-MySql-Server
  • Rogue MySql Server
• fnmsd/MySQL_Fake_Server
  • MySQL Fake Server use to help MySQL Client File Reading and JDBC Client Java Deserialize
• su18/JDBC-Attack
  • JDBC Connection URL Attack
• ncipollo/release-action
  • An action which manages a github release
• mikepenz/release-changelog-builder-action
  • A GitHub action that builds your release notes / changelog fast, easy and exactly the way you want.
• trganda/obsidian-attachment-management
  • Attachment Management of Obsidian
• aquasecurity/trivy
  • Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
• sindresorhus/awesome-chatgpt
  • 🤖 Awesome list for ChatGPT — an artificial intelligence chatbot developed by OpenAI
• Enveloppe/obsidian-enveloppe
  • Enveloppe helps you to publish your notes on a GitHub repository from your Obsidian Vault, for free!
• caido/caido
  • 🚀 Caido releases, wiki and roadmap
• microsoft/ML-For-Beginners
  • 12 weeks, 26 lessons, 52 quizzes, classic Machine Learning for all
• ast-grep/ast-grep
  • ⚡A CLI tool for code structural search, lint and rewriting. Written in Rust
• Mr-xn/BLACKHAT_Asia2023
  • Black Hat Asia 2023 PDF Public
• yaklang/yakit
  • Cyber Security ALL-IN-ONE Platform
• ozntel/oz-clear-unused-images-obsidian
  • Obsidian plugin to clear the images that are not used in note files anymore
• RUCAIBox/LLMSurvey
  • The official GitHub page for the survey paper "A Survey of Large Language Models".
• jamiebrynes7/obsidian-todoist-plugin
  • Materialize Todoist tasks in Obsidian notes
• jackyzha0/quartz
  • 🌱 a fast, batteries-included static-site generator that transforms Markdown content into fully functional websites
• zzwlpx/JNDIExploit
  • A malicious LDAP server for JNDI injection attacks
• synercys/annotated_latex_equations
  • Examples of how to create colorful, annotated equations in Latex using Tikz.
• AnubisNekhet/AnuPpuccin
  • Personal theme for Obsidian
• slsa-framework/slsa-github-generator
  • Language-agnostic SLSA provenance generation for Github Actions
• in-toto/attestation
  • in-toto Attestation Framework
• DIYgod/RSSHub
  • 🧡 Everything is RSSible
• google/gvisor
  • Application Kernel for Containers
• google/oss-fuzz
  • OSS-Fuzz - continuous fuzzing for open source software.
• gobysec/Weblogic
  • WebLogic vulnerability exploration from beginner to expert.
• arch3rPro/Pentest-Windows
  • ⚔️Windows11 Penetration Suite Toolkit 🔰 The First Windows Penetration Testing Environment on Mac M Chips
• AstroNvim/AstroNvim
  • AstroNvim is an aesthetic and feature-rich neovim config that is extensible and easy to use with a great set of plugins
• greshake/llm-security
  • New ways of breaking app-integrated LLMs
• Stability-AI/StableLM
  • StableLM: Stability AI Language Models
• hyprwm/Hyprland
  • Hyprland is an independent, highly customizable, dynamic tiling Wayland compositor that doesn't sacrifice on its looks.
• kessejones/term.nvim
  • A neovim plugin to open terminal in floating window.
• chaitin/SafeLine
  • SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.
• deepspeedai/DeepSpeed
  • DeepSpeed is a deep learning optimization library that makes distributed training and inference easy, efficient, and effective.
• guacsec/guac
  • GUAC aggregates software security metadata into a high fidelity graph database.
• connordeckers/tmux-navigator.nvim
  • Inspired by christoomey/vim-tmux-navigator, and built with Lua.
• mermaid-js/mermaid
  • Generation of diagrams like flowcharts or sequence diagrams from text in a similar manner as markdown
• Crossbell-Box/xLog
  • 🪽 An open-source creative community written on the blockchain.
• microsoft/JARVIS
  • JARVIS, a system to connect LLMs with ML community. Paper: https://arxiv.org/pdf/2303.17580.pdf
• xworldcraft/jq-live
  • Support using jq command in vscode and support live show result.
• warpdotdev/Warp
  • Warp is the agentic development environment, built for coding with multiple AI agents.
• zai-org/GLM-130B
  • GLM-130B: An Open Bilingual Pre-Trained Model (ICLR 2023)
• nomic-ai/gpt4all
  • GPT4All: Run Local LLMs on Any Device. Open-source and available for commercial use.
• binary-husky/gpt_academic
  • 为GPT/GLM等LLM大语言模型提供实用化交互接口，特别优化论文阅读/润色/写作体验，模块化设计，支持自定义快捷按钮&函数插件，支持Python和C++等项目剖析&自译解功能，PDF/LaTex论文翻译&总结功能，支持并行问询多种LLM模型，支持chatglm3等本地模型。接入通义千问, deepseekcoder, 讯飞星火, 文心一言, llama2, rwkv, claude2, moss等。
• lwch/natpass
  • 🔥居家办公，远程开发神器
• sashabaranov/go-openai
  • OpenAI ChatGPT, GPT-5, GPT-Image-1, Whisper API clients for Go
• mautrix/go
  • A Golang Matrix framework.
• pac4j/pac4j
  • Security engine for Java (authentication, authorization, multi frameworks): OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...
• epinna/tplmap
  • Server-Side Template Injection and Code Injection Detection and Exploitation Tool
• nkanaev/yarr
  • yet another rss reader
• rmb122/rogue_mysql_server
  • A rouge mysql server supports reading files from most mysql libraries of multiple programming languages.
• reewardius/bbFuzzing.txt
• NH-RED-TEAM/RustHound
  • Active Directory data ingestor for BloodHound Legacy written in Rust. 🦀
• TalEliyahu/awesome-security-newsletters
  • Periodic cyber security newsletters that capture the latest news, summaries of conference talks, research, best practices, tools, events, vulnerabilities, and analysis of trending threats and attacks
• A-poc/BlueTeam-Tools
  • Tools and Techniques for Blue Team / Incident Response
• teamssix/awesome-cloud-security
  • awesome cloud security 收集一些国内外不错的云安全资源，该项目主要面向国内的安全人员
• x1337loser/Dependency-Confusion
  • All About Dependency Confusion Attack, (Detecting, Finding, Mitigating)
• anchore/syft
  • CLI tool and library for generating a Software Bill of Materials from container images and filesystems
• ffuf/ffuf
  • Fast web fuzzer written in Go
• trickster0/OffensiveRust
  • Rust Weaponization for Red Team Engagements.
• LasCC/HackTools
  • The all-in-one browser extension for offensive security professionals 🛠
• google/comprehensive-rust
  • This is the Rust course used by the Android team at Google. It provides you the material to quickly teach Rust.
• HackJava/HackJava
  • 《Java安全-只有Java安全才能拯救宇宙》Only Java Security Can Save The Universe.
• mastodon/mastodon
  • Your self-hosted, globally interconnected microblogging community
• corkami/pics
  • File formats dissections and more...
• kleiton0x00/Advanced-SQL-Injection-Cheatsheet
  • A cheat sheet that contains advanced queries for SQL Injection of all types.
• google/osv-scanner
  • Vulnerability scanner written in Go which uses the data provided by https://osv.dev
• raphw/byte-buddy
  • Runtime code generation for the Java virtual machine.
• projectnessie/cel-java
  • Common Expression Language for Java
• bytedance/Elkeid
  • Elkeid is an open source solution that can meet the security requirements of various workloads such as hosts, containers and K8s, and serverless. It is derived from ByteDance's internal best practices.
• qazbnm456/awesome-web-security
  • 🐶 A curated list of Web Security materials and resources.
• coteditor/CotEditor
  • Lightweight Plain-Text Editor for macOS
• Tikam02/DevOps-Guide
  • DevOps Guide - Development to Production all configurations with basic notes to debug efficiently.
• PKUFlyingPig/cs-self-learning
  • 计算机自学指南
• urbanadventurer/WhatWeb
  • Next generation web scanner
• hudangwei/codemillx
  • codemillx is a tool for CodeQL, extract the comments in the code and generate codeql module. 强化Go开源项目安全检测(内含开源项目漏洞挖掘方法)
• trailofbits/vast
  • VAST is an experimental compiler pipeline designed for program analysis of C and C++. It provides a tower of IRs as MLIR dialects to choose the best fit representations for a program analysis or further program abstraction.
• csujedihy/proximac
  • An open-source alternative to proxifier
• ElegantLaTeX/ElegantPaper
  • Elegant LaTeX Template for Working Papers
• souffle-lang/souffle
  • Soufflé is a variant of Datalog for tool designers crafting analyses in Horn clauses. Soufflé synthesizes a native parallel C++ program from a logic specification.
• OWASP/crAPI
  • completely ridiculous API (crAPI)
• TriliumNext/Trilium
  • Build your personal knowledge base with Trilium Notes
• NafisiAslH/KnowledgeSharing
• edoardottt/awesome-hacker-search-engines
  • A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
• ex0dus-0x/fuzzable
  • Framework for Automating Fuzzable Target Discovery with Static Analysis.
• cider-security-research/top-10-cicd-security-risks
• s0md3v/Arjun
  • HTTP parameter discovery suite.
• qtc-de/remote-method-guesser
  • Java RMI Vulnerability Scanner
• Mr-xn/BLACKHAT_USA2022
  • BLACKHAT USA2022 PDF Public
• w181496/Web-CTF-Cheatsheet
  • Web CTF CheatSheet 🐈
• jenv/jenv
  • Manage your Java environment
• Caplost/PHP-extensions-learning-document
  • 个人学习php扩展做的一些小总结。可能会有不少错误。希望给大伙提供一个辅助的作用。
• tadwhitaker/Security_Engineer_Interview_Questions
  • Every Security Engineer Interview Question From Glassdoor.com
• gmh5225/awesome-game-security
  • awesome game security [Welcome to PR]
• akullpp/awesome-java
  • A curated list of awesome frameworks, libraries and software for the Java programming language.
• DependencyTrack/dependency-track
  • Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
• java-native-access/jna
  • Java Native Access
• Col-E/Recaf
  • The modern Java bytecode editor
• ax1sX/SecurityList
  • A list for Web Security and Code Audit
• golang/vulndb
  • [mirror] The Go Vulnerability Database
• neargle/re0-kubernetes-sec-archive
  • [WIP] 整理过去我和K8s、容器、虚拟化相关的分享 🧐
• MisterBooo/LeetCodeAnimation
  • Demonstrate all the questions on LeetCode in the form of animation.（用动画的形式呈现解LeetCode题目的思路）
• hluk/CopyQ
  • Clipboard manager with advanced features
• antonio-morales/Fuzzing101
  • An step by step fuzzing tutorial. A GitHub Security Lab initiative
• RangerNJU/Static-Program-Analysis-Book
  • Getting started with static program analysis. 静态程序分析入门教程。
• RicoloveFeng/SPA-Freestyle-Guidance
  • 带你畅游《软件分析》
• veo/vscan
  • 开源、轻量、快速、跨平台 的网站漏洞扫描工具，帮助您快速检测网站安全隐患。功能 端口扫描(port scan) 指纹识别(fingerprint) 漏洞检测(nday check) 智能爆破 (admin brute) 敏感文件扫描(file fuzz)
• mandiant/route-sixty-sink
  • Link sources to sinks in C# applications.
• alexbieber/Bug_Bounty_writeups
  • BUG BOUNTY WRITEUPS - OWASP TOP 10 🔴🔴🔴🔴✔
• assetnote/jira-mobile-ssrf-exploit
  • Exploit code for Jira Mobile Rest Plugin SSRF (CVE-2022-26135)
• shadow1ng/fscan
  • 一款内网综合扫描工具，方便一键自动化、全方位漏扫扫描。
• Ormicron/chatViewTool
  • 基于Java实现的图形化微信聊天记录解密查看器
• veo/wsMemShell
  • WebSocket 内存马/Webshell，一种新型内存马/WebShell技术
• R0X4R/Garud
  • An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.
• Vineflower/vineflower
  • Modern Java decompiler aiming to be as accurate as possible, with an emphasis on output quality. Fork of the Fernflower decompiler.
• jacob-greenfield/UnrealGPUPatcher
  • Patch out the GPU checks for any x86-64 macOS Unreal Engine-based game
• Ascotbe/Medusa
  • 🐈Medusa是一个红队武器库平台，目前包括XSS平台、协同平台、CVE监控、免杀生成、DNSLOG、钓鱼邮件、文件获取等功能，持续开发中
• xfiftyone/STS2G
  • Struts2漏洞扫描利用工具 - Golang版. Struts2 Scanner Written in Golang
• SexyBeast233/SecBooks
  • 安全类各家文库大乱斗
• cilium/ebpf
  • ebpf-go is a pure-Go library to read, modify and load eBPF programs and attach them to various hooks in the Linux kernel.
• x64dbg/x64dbg
  • An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
• hypn0s/AJPy
• shimohq/chinese-programmer-wrong-pronunciation
  • 中国程序员容易发音错误的单词
• molnarg/ascii-zip
  • A deflate compressor that emits compressed data that is in the [A-Za-z0-9] ASCII byte range.
• offensive-security/exploitdb-bin-sploits
  • The legacy Exploit Database repository - New repo located at https://gitlab.com/exploit-database/exploitdb-bin-sploits
• joaomatosf/JavaDeserH2HC
  • Sample codes written for the Hackers to Hackers Conference magazine 2017 (H2HC).
• go-telegram-bot-api/telegram-bot-api
  • Golang bindings for the Telegram Bot API
• TangBean/understanding-the-jvm
  • 《深入理解 Java 虚拟机》阅读笔记
• RongleXie/java-books-collections
  • 📚Java编程书籍收集分享。Java programming books collection to share.🚀
• TangBean/OnlineExecutor
  • 基于 Spring Boot 的在线 Java IDE
• javaparser/javaparser
  • Java 1-21 Parser and Abstract Syntax Tree for Java with advanced analysis functionalities.
• shining1984/PL-Compiler-Resource
  • 程序语言与编译技术相关资料（持续更新中）
• Marcono1234/codeql-jdk-docker
  • Unofficial Dockerfile and scripts for building CodeQL databases for the OpenJDK
• knownsec/404StarLink
  • 404StarLink - 推荐优质、有意义、有趣、坚持维护的安全开源项目
• CriticalPathSecurity/Public-Intelligence-Feeds
  • Standard-Format Threat Intelligence Feeds
• github/securitylab
  • Resources related to GitHub Security Lab
• BytecodeDL/ByteCodeDL
  • A declarative static analysis tool for jvm bytecode based Datalog like CodeQL
• JackOfMostTrades/gadgetinspector
  • A byte code analyzer for finding deserialization gadget chains in Java applications
• ikkisoft/SerialKiller
  • Look-Ahead Java Deserialization Library
• excalidraw/excalidraw
  • Virtual whiteboard for sketching hand-drawn like diagrams
• triggerdotdev/jsonhero-web
  • JSON Hero is an open-source, beautiful JSON explorer for the web that lets you browse, search and navigate your JSON files at speed. 🚀. Built with 💜 by the Trigger.dev team.
• notkmhn/CVE-2022-21449-TLS-PoC
  • CVE-2022-21449 Proof of Concept demonstrating its usage with a client running on a vulnerable Java version and a malicious TLS server
• ryanoasis/nerd-fonts
  • Iconic font aggregator, collection, & patcher. 3,600+ icons, 50+ patched fonts: Hack, Source Code Pro, more. Glyph collections: Font Awesome, Material Design Icons, Octicons, & more
• ed-asriyan/lottie-converter
  • Converts Lottie Animations (.json / .lottie) and Telegram stickers (*.tgs) to GIF / PNG / APNG / WEBP / WEBM
• hakivvi/CVE-2022-29464
  • WSO2 RCE (CVE-2022-29464) exploit and writeup.
• golang-standards/project-layout
  • Standard Go Project Layout
• Al1ex/CVE-2020-17530
  • S2-061 CVE-2020-17530
• Wrin9/CVE-2021-31805
  • S2-062 (CVE-2021-31805) / S2-061 / S2-059 RCE
• threedr3am/learnjavabug
  • Java安全相关的漏洞和技术demo，原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security Manager绕过、Dubbo-Hessian2安全加固等等实践代码。
• l1nk3rlin/php_code_audit_project
  • 该项目用来记录，我用来练手的PHP代码审计项目。
• microsoft/playwright
  • Playwright is a framework for Web Testing and Automation. It allows testing Chromium, Firefox and WebKit with a single API.
• chromedp/chromedp
  • A faster, simpler way to drive browsers supporting the Chrome DevTools Protocol.
• tebeka/selenium
  • Selenium/Webdriver client for Go
• Le0nsec/SecCrawler
  • 一个方便安全研究人员获取每日安全日报的爬虫和推送程序，目前爬取范围包括先知社区、安全客、Seebug Paper、跳跳糖、奇安信攻防社区、棱角社区以及绿盟、腾讯玄武、天融信、360等实验室博客，持续更新中。
• matthiaskaiser/jmet
  • Java Message Exploitation Tool
• leibnitz27/cfr
  • This is the public repository for the CFR Java decompiler
• rhwayfun/spring-boot-learning-examples
  • Spring Boot工程实践，快速上手Spring Boot开发必备。最全的Spring Boot使用案例！
• githubsatelliteworkshops/codeql
  • GitHub Satellite 2020 workshops on finding security vulnerabilities with CodeQL for Java/JavaScript.
• Bashfuscator/Bashfuscator
  • A fully configurable and extendable Bash obfuscation framework. This tool is intended to help both red team and blue team.
• trganda/dockerv
  • Vulnerability Environment Build with Dockerfile -> Docker Hub
• osixia/docker-phpLDAPadmin
  • phpLDAPadmin container image 🐳🌴
• secretsquirrel/the-backdoor-factory
  • Patch PE, ELF, Mach-O binaries with shellcode new version in development, available only to sponsors
• 527515025/springBoot
  • springboot 框架与其它组件结合如 jpa、mybatis、websocket、security、shiro、cache等
• urfave/cli
  • A declarative, simple, fast, and fun package for building command line tools in Go
• Y4tacker/JavaSec
  • a rep for documenting my study, may be from 0 to 0.1
• apache/karaf
  • Apache Karaf, the enterprise modulith runtime
• nomi-sec/PoC-in-GitHub
  • 📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
• Anduin2017/HowToCook
  • 程序员在家做饭方法指南。Programmer's guide about how to cook at home (Simplified Chinese only).
• jamf/CVE-2020-0796-RCE-POC
  • CVE-2020-0796 Remote Code Execution POC
• byoungd/English-level-up-tips
  • An advanced guide to learn English which might benefit you a lot 🎉 . 离谱的英语学习指南/英语学习教程。
• arthepsy/CVE-2021-4034
  • PoC for PwnKit: Local Privilege Escalation Vulnerability in polkit’s pkexec (CVE-2021-4034)
• Konloch/bytecode-viewer
  • A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)
• mstrobel/procyon
  • Procyon is a suite of Java metaprogramming tools, including a rich reflection API, a LINQ-inspired expression tree API for runtime code generation, and a Java decompiler.
• asticode/go-astilectron
  • Build cross platform GUI apps with GO and HTML/JS/CSS (powered by Electron)
• PowerShell/Win32-OpenSSH
  • Win32 port of OpenSSH
• estesp/manifest-tool
  • Command line tool to create and query container image manifest list/indexes
• 99designs/gqlgen
  • go generate based graphql server library
• apache/skywalking-java
  • The Java agent for Apache SkyWalking
• apache/skywalking
  • APM, Application Performance Monitoring System
• tklengyel/drakvuf
  • DRAKVUF Black-box Binary Analysis
• snyk/cli
  • Snyk CLI scans and monitors your projects for security vulnerabilities.
• snyk/zip-slip-vulnerability
  • Zip Slip Vulnerability (Arbitrary file write through archive extraction)
• sunface/rust-course
  • “连续八年成为全世界最受喜爱的语言，无 GC 也无需手动内存管理、极高的性能和安全性、过程/OO/函数式编程、优秀的包管理、JS 未来基石" — 工作之余的第二语言来试试 Rust 吧。本书拥有全面且深入的讲解、生动贴切的示例、德芙般丝滑的内容，这可能是目前最用心的 Rust 中文学习教程 / Book
• davisjam/vuln-regex-detector
  • Detect vulnerable regexes in your project. REDOS, catastrophic backtracking.
• HXSecurity/DongTai
  • Dongtai IAST is an open-source Interactive Application Security Testing (IAST) tool that enables real-time detection of common vulnerabilities in Java applications and third-party components through passive instrumentation. It is particularly suitable for use in the testing phase of the development pipeline.
• awesome-selfhosted/awesome-selfhosted
  • A list of Free Software network services and web applications which can be hosted on your own servers
• olist213/Information_Security_Books
  • 信息安全方面的书籍
• superhuman/rxxr2
• DrunkenShells/Disclosures
  • Public Disclosures
• wfus/WebAssembly-Taint
  • Implementing taint tracking in WebAssembly as a part of the V8 Javascript Engine.
• iluwatar/java-design-patterns
  • Design patterns implemented in Java
• wavestone-cdt/abaddon
• javaweb-sec/javaweb-sec
• lexburner/oauth2-demo
  • Re：从零开始的Spring Security Oauth2
• LandGrey/SpringBootVulExploit
  • SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 check list
• rabbitstack/fibratus
  • Adversary tradecraft detection, protection, and hunting
• 0x240x23elu/CVE-2020-28948-and-CVE-2020-28949
• scottrogowski/code2flow
  • Pretty good call graphs for dynamic languages
• peewpw/Invoke-PSImage
  • Encodes a PowerShell script in the pixels of a PNG file and generates a oneliner to execute
• eugenp/tutorials
  • Getting Started with Spring Boot 3:
• pwntester/codeql_grehack_workshop
  • GreHack 2021 CodeQL for Java workshop
• linkedin/school-of-sre
  • At LinkedIn, we are using this curriculum for onboarding our entry-level talents into the SRE role.
• google/sanitizers
  • AddressSanitizer, ThreadSanitizer, MemorySanitizer
• semgrep/semgrep
  • Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
• welk1n/JNDI-Injection-Exploit
  • JNDI注入测试工具（A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc）
• SummerSec/ShiroAttack2
  • shiro反序列化漏洞综合利用,包含（回显执行命令/注入内存马）修复原版中NoCC的问题 https://github.com/j1anFen/shiro_attack
• kastellanos/CVE-2018-7602
• YfryTchsGD/Log4jAttackSurface
• Sh0ckFR/log4j-CVE-2021-44228-Public-IoCs
  • Public IoCs about log4j CVE-2021-44228
• NationalSecurityAgency/ghidra
  • Ghidra is a software reverse engineering (SRE) framework
• RedDrip7/Log4Shell_CVE-2021-44228_related_attacks_IOCs
• turben/poc
  • 漏洞复现以及poc
• adamyordan/cve-2019-1003000-jenkins-rce-poc
  • Jenkins RCE Proof-of-Concept: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative)
• GossiTheDog/HiveNightmare
  • Exploit allowing you to read registry hives as non-admin on Windows 10 and 11
• microsoft/restler-fuzzer
  • RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services.
• jasperla/CVE-2020-11651-poc
  • PoC exploit of CVE-2020-11651 and CVE-2020-11652
• github/vscode-codeql-starter
  • Starter workspace to use with the CodeQL extension for Visual Studio Code.
• silentsignal/WebSphere-WSIF-gadget
  • CVE-2020-4464 / CVE-2020-4450
• thewhiteh4t/cve-2020-10977
  • GitLab 12.9.0 Arbitrary File Read
• docker/buildx
  • Docker CLI plugin for extended build capabilities with BuildKit
• vadimcn/codelldb
  • A native debugger extension for VSCode based on LLDB
• Qihoo360/safe-rules
  • 详细的C/C++编程规范指南，由360质量工程部编著，适用于桌面、服务端及嵌入式软件系统。
• knqyf263/CVE-2021-3129
  • PoC for CVE-2021-3129 (Laravel)
• 0vercl0k/CVE-2021-31166
  • Proof of concept for CVE-2021-31166, a remote HTTP.sys use-after-free triggered remotely.
• x41sec/advisories
• laixintao/tokei-pie
  • Render tokei's output to interactive sunburst chart.
• RedTeamPentesting/CVE-2020-13935
  • Exploit for WebSocket Vulnerability in Apache Tomcat
• mogwailabs/mjet
  • MOGWAI LABS JMX exploitation toolkit
• Maskhe/CVE-2020-15148-bypasses
  • 几条关于CVE-2020-15148（yii2反序列化）的绕过
• soot-oss/soot
  • Soot - A Java optimization framework
• tabby-sec/tabby
  • A CAT called tabby ( Code Analysis Tool )
• github/codeql
  • CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
• docker-archive-public/docker.labs
  • This is a collection of tutorials for learning how to use Docker with various tools. Contributions welcome.
• cube0x0/CVE-2021-1675
  • C# and Impacket implementation of PrintNightmare CVE-2021-1675/CVE-2021-34527
• cckuailong/vulbase
  • 各大漏洞文库合集
• zhisheng17/flink-learning
  • flink learning blog. http://www.54tianzhisheng.cn/ 含 Flink 入门、概念、原理、实战、性能调优、源码解析等内容。涉及 Flink Connector、Metrics、Library、DataStream API、Table API & SQL 等内容的学习案例，还有 Flink 落地应用的大型项目案例（PVUV、日志存储、百亿数据实时去重、监控告警）分享。欢迎大家支持我的专栏《大数据实时计算引擎 Flink 实战与性能优化》
• chipik/SAP_EEM_CVE-2020-6207
  • PoC for CVE-2020-6207 (Missing Authentication Check in SAP Solution Manager)
• saltstack/salt
  • Software to automate the management and configuration of infrastructure and applications at scale.
• github/codeql-cli-binaries
  • Binaries for the CodeQL CLI
• Security-Onion-Solutions/securityonion
  • Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, detections, and case management. It also includes other tools such as osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, and Zeek.
• YinWC/2021hvv_vul
  • 2021hvv漏洞汇总
• Al1ex/CVE-2021-22205
  • CVE-2021-22205& GitLab CE/EE RCE
• convisolabs/CVE-2021-22204-exiftool
  • Python exploit for the CVE-2021-22204 vulnerability in Exiftool
• OneSecCyber/JPEG_RCE
  • Exiftool bug which leads to RCE
• Ridter/CVE-2019-1040
  • CVE-2019-1040 with Exchange
• Ridter/Intranet_Penetration_Tips
  • 2018年初整理的一些内网渗透TIPS，后面更新的慢，所以整理出来希望跟小伙伴们一起更新维护~
• payloadbox/xxe-injection-payload-list
  • 🎯 XML External Entity (XXE) Injection Payload List
• alsotang/node-lessons
  • 📕《Node.js 包教不包会》 by alsotang
• SummerSec/learning-codeql
  • CodeQL Java 全网最全的中文学习资料
• proudwind/struts2_vulns
  • Struts2 vuln env
• motikan2010/CVE-2020-5398
  • CVE-2020-5398 - RFD(Reflected File Download) Attack for Spring MVC
• wuyouzhuguli/SpringAll
  • 循序渐进，学习Spring Boot、Spring Boot & Shiro、Spring Batch、Spring Cloud、Spring Cloud Alibaba、Spring Security & Spring Security OAuth2，博客Spring系列源码：https://mrbird.cc
• 0x727/SpringBootExploit
  • 项目是根据LandGrey/SpringBootVulExploit清单编写，目的hvv期间快速利用漏洞、降低漏洞利用门槛。
• yaunsky/CVE-2020-13937
  • Apache Kylin API未授权访问漏洞;CVE-2020-13937;Apache Kylin漏洞
• Al1ex/CVE-2020-13937
  • Apache Kylin API Unauthorized Access
• jweny/shiro-cve-2020-17523
  • shiro-cve-2020-17523 漏洞的两种绕过姿势分析 以及配套的漏洞环境
• ForbiddenProgrammer/CVE-2021-21315-PoC
  • CVE 2021-21315 PoC
• PetrusViet/CVE-2021-39115
  • Template Injection in Email Templates leads to code execution on Jira Service Management Server
• salesforce/ja3
  • JA3 is a standard for creating SSL client fingerprints in an easy to produce and shareable way.
• duc-nt/RCE-0-day-for-GhostScript-9.50
  • RCE 0-day for GhostScript 9.50 - Payload generator
• fofapro/vulfocus
  • 🚀Vulfocus 是一个漏洞集成平台，将漏洞环境 docker 镜像，放入即可使用，开箱即用。
• NickstaDB/SerializationDumper
  • A tool to dump Java serialization streams in a more human readable form.
• S3cur3Th1sSh1t/WinPwn
  • Automation for internal Windows Penetrationtest / AD-Security
• pwnesia/dnstake
  • DNSTake — A fast tool to check missing hosted DNS zones that can lead to subdomain takeover
• kovidgoyal/kitty
  • If you live in the terminal, kitty is made for you! Cross-platform, fast, feature-rich, GPU based.
• benoitc/http-parser
  • HTTP request/response parser for python in C
• mattn/go-sqlite3
  • sqlite3 driver for go using database/sql
• sqlitebrowser/sqlitebrowser
  • Official home of the DB Browser for SQLite (DB4S) project. Previously known as "SQLite Database Browser" and "Database Browser for SQLite". Website at:
• woodpecker-framework/woodpecker-framework-release
  • 高危漏洞精准检测与深度利用框架
• GrrrDog/Java-Deserialization-Cheat-Sheet
  • The cheat sheet about Java Deserialization vulnerabilities
• pwntester/ysoserial.net
  • Deserialization payload generator for a variety of .NET formatters
• youngyangyang04/leetcode-master
  • 《代码随想录》LeetCode 刷题攻略：200道经典题目刷题顺序，共60w字的详细图解，视频难点剖析，50余张思维导图，支持C++，Java，Python，Go，JavaScript等多语言版本，从此算法学习不再迷茫！🔥🔥 来看看，你会发现相见恨晚！🚀
• halfrost/LeetCode-Go
  • ✅ Solutions to LeetCode by Go, 100% test coverage, runtime beats 100% / LeetCode 题解
• aalhour/awesome-compilers
  • 😎 Curated list of awesome resources on Compilers, Interpreters and Runtimes
• DoctorWkt/acwj
  • A Compiler Writing Journey
• greyireland/algorithm-pattern
  • 算法模板，最科学的刷题方式，最快速的刷题路径，你值得拥有~
• longld/peda
  • PEDA - Python Exploit Development Assistance for GDB
• rastersoft/autovala
  • A program that automatically generates CMake and Meson configuration files for your Vala project
• Qv2ray/Qv2ray
  • ⭐ Linux / Windows / macOS 跨平台 V2Ray 客户端 | 支持 VMess / VLESS / SSR / Trojan / Trojan-Go / NaiveProxy / HTTP / HTTPS / SOCKS5 | 使用 C++ / Qt 开发 | 可拓展插件式设计 ⭐
• mandiant/red_team_tool_countermeasures
• ToruNiina/toml11
  • TOML for Modern C++
• sass/dart-sass
  • The reference implementation of Sass, written in Dart.
• Candinya/Kratos-Rebirth
  • 一个可爱而现代的 Hexo 主题
• gonzaarcr/Fildem
  • Fildem global menu
• MathewSachin/Captura
  • Capture Screen, Audio, Cursor, Mouse Clicks and Keystrokes
• chjj/compton
  • A compositor for X11.
• taielab/Taie-Bugbounty-killer
  • 挖掘国内外漏洞平台必备的自动化捡钱赏金技巧，看了并去做了捡钱如喝水。
• bfritscher/carnac
  • A utility to give some insight into how you use your keyboard
• justinfrankel/licecap
  • LICEcap simple animated screen capture tool for Windows and OS X
• evilc0deooo/PentesterSpecialDict
  • 构建优化高效的渗透 fuzz 字典合集
• dillonzq/LoveIt
  • ❤️A clean, elegant but advanced blog theme for Hugo 一个简洁、优雅且高效的 Hugo 主题
• beefproject/beef
  • The Browser Exploitation Framework Project
• DavidBuchanan314/dlinject
  • Inject a shared library (i.e. arbitrary code) into a live linux process, without ptrace
• LoRexxar/Kunlun-M
  • KunLun-M是一个完全开源的静态白盒扫描工具，支持PHP、JavaScript的语义扫描，基础安全、组件安全扫描，Chrome Ext\Solidity的基础扫描。
• FeeiCN/Cobra
  • Source Code Security Audit (源代码安全审计)
• CHYbeta/Web-Security-Learning
  • Web-Security-Learning
• m57/dnsteal
  • DNS Exfiltration tool for stealthily sending files over DNS requests.
• threedr3am/gadgetinspector
  • 一个利用ASM对字节码进行污点传播分析的静态代码审计应用（添加了大量代码注释，适合大家进行源码学习）。也加入了挖掘Fastjson反序列化gadget chains和SQLInject（JdbcTemplate、MyBatis、JPA、Hibernate、原生jdbc等）静态检测功能。并且加入了很多功能以方便进行漏洞自动化挖掘。
• mbechler/marshalsec
• gohugoio/hugo
  • The world’s fastest framework for building websites.
• zhangkaitao/shiro-example
  • 跟我学Shiro（我的公众号：kaitao-1234567，我的新书：《亿级流量网站架构核心技术》）
• vulhub/vulhub
  • Pre-Built Vulnerable Environments Based on Docker-Compose
• iwanttobefreak/docker-weblogic1036
• paralax/awesome-honeypots
  • an awesome list of honeypot resources
• ph4ntonn/Stowaway
  • 👻Stowaway -- Multi-hop Proxy Tool for pentesters
• joewalnes/websocketd
  • Turn any program that uses STDIN/STDOUT into a WebSocket server. Like inetd, but for WebSockets.
• 7hang/--Java
  • 代码审计知识点整理-Java
• LandGrey/webshell-detect-bypass
  • 绕过专业工具检测的Webshell研究文章和免杀的Webshell
• adonovan/gopl.io
  • Example programs from "The Go Programming Language"
• SFML/SFML
  • Simple and Fast Multimedia Library
• amhndu/SimpleNES
  • An NES emulator in C++
• beefsack/webify
  • Turn shell commands into web services
• frohoff/ysoserial
  • A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
• golang-china/gopl-zh
  • 📚 Go语言圣经中文版
• gobysec/Goby
  • Attack surface mapping
• SummerSec/JavaLearnVulnerability
  • Java漏洞学习笔记 Deserialization Vulnerability
• knownsec/404StarLink-Project
  • Focus on promoting the evolution of tools in different aspects of security research.专注于推动安全研究各个领域工具化.(项目收录逐步迁移至 https://github.com/knownsec/404StarLink)
• cglib/cglib
  • cglib - Byte Code Generation Library is high level API to generate and transform Java byte code. It is used by AOP, testing, data access frameworks to generate dynamic proxy objects and intercept field access.
• knownsec/ksubdomain
  • 无状态子域名爆破工具
• mi1k7ea/My-Security-Small-Tools
  • My Security Small Tools. The project is updated from time to time.
• zhuifengshaonianhanlu/pikachu
  • 一个好玩的Web安全-漏洞测试平台
• github/archive-program
  • The GitHub Archive Program & Arctic Code Vault
• BeichenDream/Godzilla
  • 哥斯拉
• tbeu/matio
  • MATLAB MAT File I/O Library
• aemkei/jsfuck
  • Write any JavaScript with 6 Characters: !+
• cn-panda/JavaCodeAudit
  • Getting started with java code auditing 代码审计入门的小项目
• MoLeft/WebKnife
  • 一个全AJAX的php程序安全测试程序
• wireghoul/dotdotpwn
  • DotDotPwn - The Directory Traversal Fuzzer
• Snailclimb/JavaGuide
  • 「Java学习+面试指南」一份涵盖大部分 Java 程序员所需要掌握的核心知识。准备 Java 面试，首选 JavaGuide！
• winterbe/java8-tutorial
  • Modern Java - A Guide to Java 8
• webanalyzer/rules
  • 通用的指纹识别规则
• shmilylty/OneForAll
  • OneForAll是一款功能强大的子域收集工具
• TheRook/subbrute
  • A DNS meta-query spider that enumerates DNS records, and subdomains.
• pmiaowu/BurpShiroPassiveScan
  • 一款基于BurpSuite的被动式shiro检测插件
• w-digital-scanner/w13scan
  • Passive Security Scanner (被动式安全扫描器)
• jmdx/TLS-poison
• LCTT/TranslateProject
  • Linux中国翻译项目
• Maskhe/javasec
  • 自己学习java安全的一些总结，主要是安全审计相关
• CleverProgrammers/tiktok-clone
  • A clone of TikTok built by Sonny & Qazi 👉 https://tik-tok-clone-eb635.web.app/
• petoolse/petools
  • PE Tools - Portable executable (PE) manipulation toolkit
• 80vul/phpcodz
  • Php Codz Hacking
• phpinternalsbook/PHP-Internals-Book
  • PHP Internals Book
• neverlovelynn/chrome_headless_xss
  • A plugin to check xss by using chrome_headless
• infosecn1nja/AD-Attack-Defense
  • Attack and defend active directory using modern post exploitation adversary tradecraft activity
• laruence/taint
  • Taint is a PHP extension, used for detecting XSS codes
• 0xn0ne/weblogicScanner
  • weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力：CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551、CVE-2020-14750、CVE-2020-14882、CVE-2020-14883
• qiyeboy/kill_webshell_detect
  • 总结了免杀webshell的方法论
• ambionics/phpggc
  • PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.
• Ivan1ee/NET-Deserialize
  • 总结了20+.Net反序列化文章，持续更新
• amix/vimrc
  • The ultimate Vim configuration (vimrc)
• mikesiko/PracticalMalwareAnalysis-Labs
  • Binaries for the book Practical Malware Analysis
• alpha1e0/kiwi
  • kiwi：安全源码审计工具
• belong2yourself/vulnerabilities
  • Issues found along the way
• f1tz/cnseay
  • Seay源代码审计系统
• chenjj/CORScanner
  • 🎯 Fast CORS misconfiguration vulnerabilities scanner
• aptnotes/data
  • APTnotes data
• EdOverflow/bugbountyguide
  • Bug Bounty Guide is a launchpad for bug bounty programs and bug bounty hunters.
• preempt/rdpy
  • Remote Desktop Protocol in Twisted Python
• xbl3/awesome-cve-poc_qazbnm456
• ruppde/rdg_scanner_cve-2020-0609
  • Scanning for Remote Desktop Gateways (Potentially unpatched CVE-2020-0609 and CVE-2020-0610)
• BlackMathIT/Esteemaudit-Metasploit
  • Porting for Metasploit of the infamous Esteemaudit RDP Exploit
• Wh0ale/SRC-experience
  • 工欲善其事，必先利其器
• openssl/openssl
  • TLS/SSL and crypto library
• justjanne/powerline-go
  • A beautiful and useful low-latency prompt for your shell, written in go
• CyC2018/CS-Notes
  • 📚 技术面试必备基础知识、Leetcode、计算机操作系统、计算机网络、系统设计
• timwhitez/crawlergo_x_XRAY
  • 360/0Kee-Team/crawlergo动态爬虫结合长亭XRAY扫描器的被动扫描功能
• swisskyrepo/PayloadsAllTheThings
  • A list of useful payloads and bypass for Web Application Security and Pentest/CTF
• jiangxufeng/v2rayL
  • v2ray linux GUI客户端，支持订阅、vemss、ss等协议，自动更新订阅、检查版本更新
• silverf0x/RpcView
  • RpcView is a free tool to explore and decompile Microsoft RPC interfaces
• Mr-xn/Penetration_Testing_POC
  • 渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
• cbwang505/CVE-2020-0787-EXP-ALL-WINDOWS-VERSION
  • Support ALL Windows Version
• shawarkhanethicalhacker/BruteXSS-1
  • BruteXSS - Cross-Site Scripting Bruteforcer
• lijiejie/GitHack
  • A .git folder disclosure exploit
• sbp/gin
  • Git index file parser, using python3
• Tuhinshubhra/CMSeeK
  • CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and over 180 other CMSs
• google/fuzzing
  • Tutorials, examples, discussions, research proposals, and other resources related to fuzzing
• kbandla/APTnotes
  • Various public documents, whitepapers and articles about APT campaigns
• evilcos/cookiehacker
  • Chrome extension, very easy to use. Cookies from: JavaScript document.cookie/Wireshark Cookies etc.
• evilcos/xssor2
  • XSS'OR - Hack with JavaScript.
• wpscanteam/wpscan
  • WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via [email protected]
• JeffXue/web-log-parser
  • An open source analysis web log tool
• gevent/gevent
  • Coroutine-based concurrency library for Python
• fofapro/Hosts_scan
  • 这是一个用于IP和域名碰撞匹配访问的小工具，旨意用来匹配出渗透过程中需要绑定hosts才能访问的弱主机或内部系统。
• xmendez/wfuzz
  • Web application fuzzer
• Threezh1/JSFinder
  • JSFinder is a tool for quickly extracting URLs and subdomains from JS files on a website.
• lijiejie/subDomainsBrute
  • A fast sub domain brute tool for pentesters
• ring04h/wydomain
  • to discover subdomains of your target domain
• nameoverflow/hexo-theme-icalm
  • Monochrome theme for hexo
• epsylon/xsser
  • Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.
• k8gege/Ladon
  • Ladon大型内网渗透扫描器，PowerShell、Cobalt Strike插件、内存加载、无文件扫描。含端口扫描、服务识别、网络资产探测、密码审计、高危漏洞检测、漏洞利用、密码读取以及一键GetShell，支持批量A段/B段/C段以及跨网段扫描，支持URL、主机、域名列表扫描等。网络资产探测32种协议(ICMP\NBT\DNS\MAC\SMB\WMI\SSH\HTTP\HTTPS\Exchange\mssql\FTP\RDP)或方法快速获取目标网络存活主机IP、计算机名、工作组、共享资源、网卡地址、操作系统版本、网站、子域名、中间件、开放服务、路由器、交换机、数据库、打印机等，大量高危漏洞检测模块MS17010、Zimbra、Exchange
• rebeyond/Behinder
  • “冰蝎”动态二进制加密网站管理客户端
• heroanswer/XSS_Cheat_Sheet_2020_Edition
  • xss漏洞模糊测试payload的最佳集合 2020版
• the1812/Bilibili-Evolved
  • 强大的哔哩哔哩增强脚本
• mefistotelis/ida-pro-loadmap
  • Plugin for IDA Pro disassembler which allows loading .map files.
• YajS/NikPEViewer
  • NikPEViewer a PE viewer source code
• mantvydasb/RedTeaming-Tactics-and-Techniques
  • Red Teaming Tactics and Techniques
• EmpireProject/Empire
  • Empire is a PowerShell and Python post-exploitation agent.
• gentilkiwi/mimikatz
  • A little tool to play with Windows security
• PowerShellMafia/PowerSploit
  • PowerSploit - A PowerShell Post-Exploitation Framework
• NickeManarin/ScreenToGif
  • 🎬 ScreenToGif allows you to record a selected area of your screen, edit and save it as a gif or video.
• java-decompiler/jd-gui
  • A standalone Java Decompiler GUI
• chaitin/xray
  • 一款长亭自研的完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档
• Qianlitp/crawlergo
  • A powerful browser crawler for web vulnerability scanners
• winsiderss/systeminformer
  • A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Brought to you by Winsider Seminars & Solutions, Inc. @ http://www.windows-internals.com
• SecWiki/CMS-Hunter
  • CMS漏洞测试用例集合
• soroushchehresa/awesome-coronavirus
  • 🦠 Huge collection of useful projects and resources for COVID-19 (2019 novel Coronavirus)
• jiji262/wooyun_articles
  • drops.wooyun.org 乌云Drops文章备份
• TheWover/donut
  • Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters
• skyblueee/sqli-labs-php7
  • update sqli-labs sources to adapte to php7(use mysqli_xxx functions to replace mysql_xxx ones)
• wangdoc/bash-tutorial
  • Bash 教程
• chyyuu/os_kernel_lab
  • OS kernel labs based on Rust/C Lang & RISC-V 64/X86-32
• 78778443/xssplatform
  • 一个经典的XSS渗透管理平台
• CTFd/CTFd
  • CTFs as you need them
• Mr-xn/hackbar2.1.3
  • the free firefox extions of hackbar v2.1.3 v2.2.9 v2.3.1,hackbar 插件未收费的免费版本。适用于chrome浏览器的HackBar-v2.2.6.zip,HackBar-v2.3.1.zip
• agalwood/Motrix
  • A full-featured download manager.
• romkatv/powerlevel10k
  • A Zsh theme
• ToutyRater/toutyrater.github.io
• 0xAX/linux-insides
  • A book-in-progress about the Linux kernel and its insides.
• alphaSeclab/shellcode-resources
  • Resources About Shellcode
• v2ray/v2ray-core
  • A platform for building proxies to bypass network restrictions.
• warengonzaga/wifi-passview
  • An open source batch script based WiFi Passview for Windows!
• llamasoft/polyshell
  • A Bash/Batch/PowerShell polyglot!
• Molunerfinn/PicGo
  • 🚀A simple & beautiful tool for pictures uploading built by vue-cli-electron-builder
• jsdelivr/jsdelivr
  • A free, fast, and reliable Open Source CDN for npm, GitHub, Javascript, and ESM
• acmesh-official/acme.sh
  • A pure Unix shell script implementing ACME client protocol
• wulabing/Xray_onekey
  • Xray 基于 Nginx 的 VLESS + XTLS 一键安装脚本
• google/bbr
• hashcat/hashcat
  • World's fastest and most advanced password recovery utility
• huiyadanli/RevokeMsgPatcher
  • A hex editor for WeChat/QQ/TIM - PC版微信/QQ/TIM防撤回补丁（我已经看到了，撤回也没用了）
• gfwlist/gfwlist
  • The one and only one gfwlist here
• aircrack-ng/aircrack-ng
  • WiFi security auditing tools suite
• kimocoder/wifite2
  • Rewrite of the popular wireless network auditor, "wifite" - original by @derv82
• TheKingOfDuck/fuzzDicts
  • You Know, For WEB Fuzzing ! 日站用的字典。
• aff3ct/aff3ct
  • Fast multi-thread FEC simulator & library of efficient digital communication algorithms for SDR.
• c0ny1/vulstudy
  • 使用docker快速搭建各大漏洞靶场，目前可以一键搭建17个靶场。
• ohmyzsh/ohmyzsh
  • 🙃 A delightful community-driven (with 2,400+ contributors) framework for managing your zsh configuration. Includes 300+ optional plugins (rails, git, macOS, hub, docker, homebrew, node, php, python, etc), 140+ themes to spice up your morning, and an auto-update tool that makes it easy to keep up with the latest updates from the community.
• c0ny1/upload-labs
  • 一个想帮你总结所有类型的上传漏洞的靶场
• jerryc127/hexo-theme-butterfly
  • 🦋 A Hexo Theme: Butterfly