  • C

    • codewarrior - code-searching tool and static analysis - Beta, at construction
    • DBProxy
    • ip2region - 准确率99.9%的ip地址定位库,0.0x毫秒级查询,数据库文件大小只有1.5M,提供了java,php,c,python,nodejs,golang查询绑定和Binary,B树,内存三种查询算法,妈妈再也不用担心我的ip地址定位!
    • seafile - File syncing and sharing software with file encryption and group sharing, emphasis on reliability and high performance.
    • naxsi - NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX
    • GmSSL - 支持国密SM2/SM3/SM4算法的OpenSSL分支
    • sha1collisiondetection - Library and command line tool to detect SHA-1 collision in a file
    • alfred-workflows - Collection of Alfred workflows
    • adbi - Android Dynamic Binary Instrumentation Toolkit
    • radare2 - unix-like reverse engineering framework and commandline tools
    • zmap - ZMap is a fast single packet network scanner designed for Internet-wide network surveys.
    • masscan - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
    • post-exploitation - Post Exploitation Collection
    • goaccess - GoAccess is a real-time web log analyzer and interactive viewer that runs in a terminal in *nix systems or through your browser.
    • exploit-database - The official Exploit Database repository
    • yara - The pattern matching swiss knife
  • C++

    • electron - Build cross platform desktop apps with JavaScript, HTML, and CSS
    • vnpy - 基于python的开源量化交易平台开发框架
    • tensorflow - Computation using data flow graphs for scalable machine learning
    • 52g - Index leaked password data with bloom filter.
    • tesseract - Tesseract Open Source OCR Engine (main repository)
  • Java

    • BurpUnlimited - This project EXTENDS BurpLoader's license. It is NOT intended to replace BurpLoader.
    • yodaqa - A Question Answering system built on top of the Apache UIMA framework.
    • java-design-patterns - Design patterns implemented in Java
    • druid - :hotsprings: 为监控而生的数据库连接池!阿里云DRDS( )、阿里巴巴TDDL 连接池powered by Druid
    • weixin-java-tools - 可能是目前最好最全的微信Java开发工具包,支持包括微信支付、开放平台、小程序、企业号和公众号等的开发
    • weixin-java-tools - 微信公众号、企业号Java SDK
    • best-pay-sdk
    • tutorials - The "REST With Spring" Course:
    • segmentfault-lessons - Segment Fault 在线讲堂 代码工程
    • metron - Mirror of Apache Metron
    • jwt-spring-security-demo - A small demo for using JWT (Json Web Token) with Spring Security and Spring Boot 2
    • spotbugs - SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.
    • threadfix - ThreadFix is a software vulnerability aggregation and management system that helps organizations aggregate vulnerability data, generate virtual patches, and interact with software defect tracking systems.
    • dependency-check-sonar-plugin - Integrates Dependency-Check reports into SonarQube
    • sonarqube - Continuous Inspection
    • zaproxy - The OWASP ZAP core project
    • VirtualApp - An open source Virtual Engine for Android
    • find-sec-bugs - The FindBugs plugin for security audits of Java web applications and Android applications. (Also work with Groovy and Scala projects)
    • Android_Code_Arbiter - 针对Android Studio的源码扫描工具
    • ApkToolPlus - ApkToolPlus 是一个 apk 逆向分析工具(a apk analysis tools)。
    • Brida - The new bridge between Burp Suite and Frida!
    • BadIntent - Intercept, modify, repeat and attack Android's Binder transactions using Burp Suite
    • ud851-Exercises
    • ud851-Sunshine
    • drools - Drools Expert is the rule engine and Drools Fusion does complex event processing (CEP).
    • android-backup-extractor - Android backup extractor
    • Inspeckage - Android Package Inspector - dynamic analysis with api hooks, start unexported activities and more. (Xposed Module)
    • elasticsearch - Open Source, Distributed, RESTful Search Engine
    • data-algorithms-book - MapReduce, Spark, Java, and Scala for Data Algorithms Book
    • sqlmap4burp - sqlmap embed in burpsuite
    • S2-046-PoC - S2-046-PoC
    • SecurityShepherd - Web and mobile application security training platform
    • TheFatRat - Thefatrat a massive exploiting tool : Easy tool to generate backdoor and easy tool to post exploitation attack like browser attack,dll . This tool compiles a malware with popular payload and then the compiled malware can be execute on windows, android, mac . The malware that created with this tool also have an ability to bypass most AV software protection .
    • SikuliX-2014 - SikuliX version 1.1.2 (until February 2018)
    • DependencyCheck - OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
    • coverity-security-library - Coverity Security Library (CSL) is a lightweight set of escaping routines for fixing cross-site scripting (XSS), SQL injection, and other security defects in Java web applications.
    • ysoserial - A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
    • Android-InsecureBankv2 - Vulnerable Android application for developers and security enthusiasts to learn about Android insecurities
    • bypasswaf - Add headers to all Burp requests to bypass some WAF products
    • OWASP-GoatDroid-Project - OWASP GoatDroid is a fully functional and self-contained training environment for educating developers and testers on Android security. GoatDroid requires minimal dependencies and is ideal for both Android beginners as well as more advanced users. The project currently includes two applications: FourGoats, a location-based social network, and Herd Financial, a mobile banking application. There are also several feature that greatly simplify usage within a training environment or for absolute beginners who want a good introduction to working with the Android platform. Download the built version here:
    • jadx - Dex to Java decompiler
    • AndroidPinning - A standalone library project for certificate pinning on Android.
    • VulnWebView
    • dex2jar - Tools to work with android .dex and java .class files
    • Introspy-Android - Security profiling for blackbox Android
    • burpbuddy - burpbuddy exposes Burp Suites's extender API over the network through various mediums, with the goal of enabling development in any language without the restrictions of the JVM
    • ideavim - Vim emulation plug-in for IDEs based on the IntelliJ platform.
    • idea-gitignore - .ignore support plugin for IntelliJ IDEA
    • intellij-bootstrap - Bootstrap 3 and Bootstrap 4 plugin for IntelliJ
    • JustTrustMe - An xposed module that disables SSL certificate checking for the purposes of auditing an app with cert pinning
    • PokemonGoDecoderForBurp - A simpe decoder to decode requests/responses made by PokemonGo in burp
    • android - cSploit - The most complete and advanced IT security professional toolkit on Android.
  • JavaScript

    • 30-seconds-of-code - Curated collection of useful Javascript snippets that you can understand in 30 seconds or less.
    • faker.js - generate massive amounts of fake data in Node.js and the browser
    • minui - 基于规范的小程序 UI 组件库,自定义标签组件,简洁、易用、工具化
    • validator.js - String validation
    • examples - Store all egg examples in one place
    • insight - 洞察-宜信集应用系统资产管理、漏洞全生命周期管理、安全知识库管理三位一体的平台。
    • sawtooth-supply-chain - Sawtooth Supply Chain
    • awesome-blockchain-cn - 收集所有区块链(BlockChain)技术开发相关资料,包括Fabric和Ethereum开发资料
    • Building-Blockchain-Projects - Code repository for Building Blockchain Projects, published by Packt
    • web3.js - Ethereum JavaScript API
    • ganache-cli - Fast Ethereum RPC client for testing and development
    • lodash - A modern JavaScript utility library delivering modularity, performance, & extras.
    • spark-notebook - Interactive and Reactive Data Science using Scala and Spark.
    • core-js - Standard Library
    • charts - Simple, responsive, modern SVG Charts with zero dependencies
    • passport - Simple, unobtrusive authentication for Node.js.
    • mongoose - MongoDB object modeling designed to work in an asynchronous environment.
    • pug - Pug – robust, elegant, feature rich template engine for Node.js
    • standard - 🌟 JavaScript Style Guide, with linter & automatic code fixer
    • zanui-weapp - 高颜值、好用、易扩展的微信小程序 UI 库,Powered by 有赞
    • weapp-demo - 微信小程序示例教程(豆瓣电影),WeChat App Demo,新版本请移步至:
    • weRequest - 解决繁琐的小程序会话管理,一款自带登录态管理的网络请求组件。
    • wx-charts-demo - demos for wxCharts
    • BaiduExporter - Assistant for Baidu to export download links to aria2/aria2-rpc
    • wepy-plugin-axios - 在 wepy 中使用 axios
    • egg-weapp-sdk - Egg的微信小程序登录会话管理SDK
    • weapp-24time - A Twitter-like news and social app for Weapp. 微信小程序社区全栈解决方案
    • egg-24time - A Twitter-like news and social server for Egg. 微信小程序社区全栈解决方案
    • wepy - 小程序组件化开发框架
    • machinist-client - machinist-client
    • naivechain - A blockchain implementation in 200 lines of code
    • zeppelin-solidity - OpenZeppelin, a framework to build secure smart contracts on Ethereum
    • truffle - The most popular Ethereum development framework
    • js-xlsx - :green_book: SheetJS Community Edition -- Spreadsheet Parser and Writer
    • fks - 前端技能汇总 Frontend Knowledge Structure
    • egg - Born to build better enterprise frameworks and apps with Node.js & Koa
    • node-schedule - A cron-like and not-cron-like job scheduler for Node.
    • puppeteer - Headless Chrome Node API
    • cheerio - Fast, flexible, and lean implementation of core jQuery designed specifically for the server.
    • vue - 🖖 A progressive, incrementally-adoptable JavaScript framework for building UI on the web.
    • elasticsearch-rtf - elasticsearch中文发行版,针对中文集成了相关插件,方便新手学习测试.
    • elasticsearch-head - A web front end for an elastic search cluster
    • WebGoat - WebGoat 8.0
    • SRCMS - SRCMS企业应急响应与缺陷管理系统
    • tamperchrome - Tamper Chrome is a Chrome extension that allows you to modify HTTP requests on the fly and aid on web security testing. Tamper Chrome works across all operating systems (including Chrome OS).
    • juice-shop - OWASP Juice Shop is an intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws.
    • frida-scripts - A collection of my instrumentation scripts to facilitate reverse engineering of mobile apps.
    • openrasp - Open source RASP solution
    • appmon - Documentation:
    • XposedBridge - The Java part of the Xposed framework.
    • jumpserver - Jumpserver是全球首款完全开源的堡垒机,是符合 4A 的专业运维审计系统。
    • md2googleslides - Generate Google Slides from markdown
    • beef - The Browser Exploitation Framework Project
    • H5SC - HTML5 Security Cheatsheet - A collection of HTML5 related XSS attack vectors
    • wept - 微信小程序 web 端实时运行工具
    • MiniApp-TouTiao - 微信小程序-仿今日头条
    • functional-javascript-workshop - A functional javascript workshop. No libraries required (i.e. no underscore), just ES5.
    • javascript - JavaScript Style Guide
    • es6tutorial - 《ECMAScript 6入门》是一本开源的 JavaScript 语言教程,全面介绍 ECMAScript 6 新增的语法特性。
    • weapp-weipiao - 微信小程序-微票
    • awesome-wechat-weapp - 微信小程序开发资源汇总 :100:
    • react-demos - a collection of simple demos of React.js
    • raptor - Web-based Source Code Vulnerability Scanner
    • examples - Home for Elasticsearch examples available to everyone. It's a great way to get started.
    • mkdocs - Project documentation with Markdown.
    • webot-cli - command line interface for weixin-robot
    • webpack - A bundler for javascript and friends. Packs many modules into a few bundled assets. Code Splitting allows to load parts for the application on demand. Through "loaders," modules can be CommonJs, AMD, ES6 modules, CSS, Images, JSON, Coffeescript, LESS, ... and your custom stuff.
    • async - Async utilities for node and the browser
    • electronic-wechat - :speech_balloon: A better WeChat on macOS and Linux. Built with Electron by Zhongyi Tong.
    • sequelize - An easy-to-use multi SQL dialect ORM for Node.js
    • superagent - Ajax with less suck - (and node.js HTTP client to match)
    • javascripting - Learn JavaScript by adventuring around in the terminal.
    • incubator-superset - Apache Superset (incubating) is a modern, enterprise-ready business intelligence web application
    • hain - An 'alt+space' launcher for Windows, built with Electron
    • cash - Cross-platform Linux commands in ES6
    • fingerprintjs2 - Modern & flexible browser fingerprinting library
    • HackMyResume - Generate polished résumés and CVs in HTML, Markdown, LaTeX, MS Word, PDF, plain text, JSON, XML, YAML, smoke signal, and carrier pigeon.
    • hashids.js - A small JavaScript library to generate YouTube-like ids from numbers. Use it when you don't want to expose your database ids to the user.
    • Introspy-Analyzer
    • appium - :iphone: Automation for iOS, Android, and Windows Apps.
    • Content-generator-sketch-plugin - Sketch app plugin for generating dummy data such as avatars, names, photos, geo data etc
    • material-design-color-palette - Sketch app plugin for displaying Google Material Design color palette.
    • materialize - Materialize, a CSS Framework based on Material Design
    • alfred-workflows - Alfred Workflows for Developers
    • book-example - Example code for my book on TDD with Python
    • Chart.js - Simple HTML5 Charts using the <canvas> tag
    • nvd3 - A reusable charting library written in d3.js
    • d3 - Bring data to life with SVG, Canvas and HTML. :bar_chart::chart_with_upwards_trend::tada:
    • wechat - 微信公共平台消息接口服务中间件
  • Makefile

    • awesome-django - Repository mirror of GitLab:
    • TheSevenWeapons - 安卓动态调试七种武器
    • frida - Clone this repo to build Frida
  • PHP

    • awesome-appsec - A curated list of resources for learning about application security
    • 1book - 《Web安全之机器学习入门》
    • labs - This is a collection of tutorials for learning how to use Docker with various tools. Contributions welcome.
    • alfred-workflow-qshell - 七牛开发者工具 qshell
    • wp-acceleration-for-china - 替换Google CDN文件、Gravatar头像链接,加快WordPress打开速度,为WordPress中国用户提供加速
    • php-malware-finder - Detect potentially malicious PHP files
    • webshell - This is a webshell open source project
    • wooyun_public - 乌云公开漏洞、知识库爬虫和搜索 crawl and search for public bug(vulnerability) and drops
    • xvwa - XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security.
    • SecLists - SecLists is the security tester's companion. It is a collection of multiple types of lists used during security assessments. List types include usernames, passwords, URLs, sensitive data grep strings, fuzzing payloads, and many more.
    • alfred-github-workflow - Searching Github repos.
    • Alfred-Workflows - Make your Alfred more powerful. (include Workflows, Extensions and Themes)
  • Python

    • git-dependency - 扫描GIT仓库Java依赖库
    • Struts2_045-Poc - Struts2-045 POC
    • BaiDuPan - 百度网盘自动添加资源脚本
    • awesome-machine-learning - A curated list of awesome Machine Learning frameworks, libraries and software.
    • awesome-honeypots - an awesome list of honeypot resources
    • awesome-python - A curated list of awesome Python frameworks, libraries, software and resources
    • starred - creating your own Awesome List used GitHub stars!
    • THULAC-Python - An Efficient Lexical Analyzer for Chinese
    • Agriculture_KnowledgeGraph - 农业知识图谱(KG):农业领域的信息检索,命名实体识别,关系抽取,分类树构建,数据挖掘
    • QA - 使用深度学习算法实现的中文问答系统
    • SpoofMAC - :briefcase: Change your MAC address for debugging
    • jd-autobuy - Python爬虫,京东自动登录,在线抢购商品
    • ItChat - A complete and graceful API for Wechat. 微信个人号接口、微信机器人及命令行微信,三十行即可自定义个人号机器人。
    • WeixinBot - 网页版微信API,包含终端版微信及微信机器人
    • - Webkit based scriptable web browser for python.
    • GSIL - GitHub Sensitive Information Leakage(GitHub敏感信息泄露)
    • core-scrapy - python-scrapy demo
    • splash - Lightweight, scriptable browser as a service with an HTTP API
    • schedule - Python job scheduling for humans.
    • xadmin - Drop-in replacement of Django admin comes with lots of goodies, fully extensible with plugin support, pretty UI based on Twitter Bootstrap.
    • xmltodict - Python module that makes working with XML feel like you are working with JSON
    • scrapy-redis - Redis-based components for Scrapy.
    • tushare - TuShare is a utility for crawling historical data of China stocks
    • sparta - Network Infrastructure Penetration Testing Tool
    • pythem - pentest framework
    • XssPy - XssPy - Web Application XSS Scanner
    • shimit - A tool that implements the Golden SAML attack
    • xssfork
    • passmaker - 可以自定义规则的密码字典生成器,支持图形界面 A password-generator that base on the rules that you specified
    • dpark - Python clone of Spark, a MapReduce alike framework in Python
    • mininet - Emulator for rapid prototyping of Software Defined Networks
    • bitcoinbook - Mastering Bitcoin 2nd Edition - Programming the Open Blockchain
    • electrum - Electrum; Bitcoin thin client
    • zipline - Zipline, a Pythonic Algorithmic Trading Library
    • wifiphisher - The Rogue Access Point Framework
    • algo - Set up a personal IPSEC VPN in the cloud
    • macOS-Security-and-Privacy-Guide - A practical guide to securing macOS.
    • angr - The next-generation binary analysis platform from UC Santa Barbara's Seclab!
    • owasp-masvs - The Mobile Application Security Verification Standard (MASVS) is a standard for mobile app security.
    • enjarify
    • BurpSmartBuster - A Burp Suite content discovery plugin that add the smart into the Buster!
    • enjarify
    • weakfilescan - 动态多线程敏感信息泄露检测工具
    • GitPrey - Searching sensitive files and contents in GitHub associated to company name or other key words
    • GitMiner - Tool for advanced mining for content on Github
    • ffmpeg-avi-m3u-xbin
    • sklearn-pandas - Pandas integration with sklearn
    • scipy-lecture-notes - Tutorial material on the scientific Python ecosystem
    • tensorflow_template_application - TensorFlow template application for deep learning
    • keras - Deep Learning for humans
    • tflearn - Deep learning library featuring a higher-level API for TensorFlow.
    • theZoo - A repository of LIVE malwares for your own joy and pleasure
    • Sharly
    • Apriori - Python Implementation of Apriori Algorithm for finding Frequent sets and Association Rules
    • SublimeTableEditor - This package is no more supported. I moved to vim.
    • GourdScanV2 - 被动式漏洞扫描系统
    • Mobile-Security-Framework-MobSF - Mobile Security Framework is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing framework capable of performing static analysis, dynamic analysis, malware analysis and web API testing.
    • cobra - Source Code Security Audit (源代码安全审计)
    • passive_scan - 基于http代理的web漏洞扫描器的实现
    • python-xss-filter - Based on native Python module HTMLParser purifier of HTML, To Clear all javascript in html
    • tensorflow-101 - learn code with tensorflow
    • django-DefectDojo - DefectDojo is an open-source defect tracking application
    • xunfeng - 巡风是一款适用于企业内网的漏洞快速应急,巡航扫描系统。
    • shadowsocks-py-mu - A fast tunnel proxy server for multiple users
    • edx-platform - The Open edX platform, the software that powers edX!
    • mooder - Mooder是一款开源、安全、简洁、强大的团队内部知识分享平台。
    • WechatSogou - 基于搜狗微信搜索的微信公众号爬虫接口
    • mac-setup - Installing Development environment on macOS
    • web_develop - 《Python Web开发实战》书中源码
    • django-rest-framework-jwt - JSON Web Token Authentication support for Django REST Framework
    • dymerge - 🔓 A dynamic dictionary merger for successful dictionary based attacks.
    • SublimeJEDI - awesome Python autocompletion with SublimeText
    • sublime-jekyll - A Sublime Text package for Jekyll static sites.
    • locust - Scalable user load testing tool written in Python
    • multi-mechanize - Performance Test Framework in Python
    • django-axes - Keep track of failed login attempts in Django-powered sites.
    • django-security - A collection of models, views, middlewares, and forms to help secure a Django project.
    • gt-python-sdk - GtWeb Python Sdk
    • Webcam - Raspberry Pi Web Camera
    • SeleniumLibrary - Web testing library for Robot Framework
    • robotframework - Generic test automation framework.
    • kippo - Kippo - SSH Honeypot
    • serializekiller - Mass scanner for the Java serialize bug
    • channels-example - An example Channels app
    • SIPI - Simple IP Information Tools for Reputation Data Analysis
    • zhao - 【编程随想】整理的《太子党关系网络》,专门揭露赵国的权贵
    • wafw00f - WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.
    • faraday - Collaborative Penetration Test and Vulnerability Management Platform
    • django-admin-honeypot - :honey_pot: A fake Django admin login screen page.
    • changeme - A default credential scanner.
    • Pocsuite - Pocsuite is an open-sourced remote vulnerability testing framework developed by the Knownsec Security Team.
    • python3-cookbook - 《Python Cookbook》 3rd Edition Translation
    • youtube-dl - Command-line program to download videos from and other video sites
    • interpy-zh - 📘《Python进阶》(Intermediate Python 中文版)
    • you-get - :arrow_double_down: Dumb downloader that scrapes the web
    • django-compressor - Compresses linked and inline javascript or CSS into a single cached file.
    • django-allauth - Integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (social) account authentication.
    • django-excel - A Django middleware to read, manipulate and write data in different excel formats: csv, ods, xls, xlsx and xlsm.
    • pyexcel - Single API for reading, manipulating and writing data in csv, ods, xls, xlsx and xlsm files
    • django-dynamic-scraper - Creating Scrapy scrapers via the Django admin interface
    • viewflow - Reusable workflow library for Django
    • django_quiz - This is a configurable quiz app for Django.
    • django-ratelimit - Cache-based rate-limiting for Django
    • django-ipware - A Django application to retrieve client's IP address
    • CAPTCHA-breaking
    • simple-captcha-solver - simple CAPTCHA solver in python :snake:
    • captcha-decoder - An elementary captcha decoder writen in python
    • cintruder - Captcha Intruder (CIntruder) is an automatic pentesting tool to bypass captchas.
    • wechat-python-sdk - 微信公众平台 Python 开发包 [DEPRECATED]
    • pyminifier - Pyminifier is a Python code minifier, obfuscator, and compressor.
    • pyautogui - A cross-platform GUI automation Python module for human beings. Used to programmatically control the mouse & keyboard.
    • sushigoroundbot - A bot that plays the Sushi Go Round flash game using PyAutoGUI.
    • faker - Faker is a Python package that generates fake data for you.
    • snownlp - Python library for processing Chinese text
    • jedi - Awesome autocompletion and static analysis library for python.
    • responses - A utility for mocking out the Python Requests library.
    • DashDoc - Dash integration for Sublime Text
    • splinter - splinter - python test framework for web applications
    • gittle - Pythonic Git for Humans
    • python-qrcode - Python QR Code image generator
    • yapf - A formatter for Python files
    • raspberry_pwn - A Raspberry Pi pentesting suite by Pwnie Express
    • weevely3 - Weaponized web shell
    • gevent - Coroutine-based concurrency library for Python
    • data-science-ipython-notebooks - Data science Python notebooks: Deep learning (TensorFlow, Theano, Caffe, Keras), scikit-learn, Kaggle, big data (Spark, Hadoop MapReduce, HDFS), matplotlib, pandas, NumPy, SciPy, Python essentials, AWS, and various command lines.
    • click - Python composable command line utility
    • clint - Python Command-line Application Tools
    • - A public Collection of Alfred Workflows.
    • pyspider - A Powerful Spider(Web Crawler) System in Python.
    • scrapy-examples - Multifarious Scrapy examples. Spiders for alexa / amazon / douban / douyu / github / linkedin etc.
    • credmap - The Credential Mapper
    • spiderfoot - SpiderFoot, the open source footprinting and intelligence-gathering tool.
    • mimic - [ab]using Unicode to create tragedy
    • Pytesser - Python wrapper for the tesseract OCR engine. The module is based on OpenCV
    • Autorize - Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests
    • shadowsocks
    • htpwdScan - A python HTTP weak pass scanner
    • TangScan - TangScan
    • dpkt - fast, simple packet creation / parsing, with definitions for the basic TCP/IP protocols
    • jira - Python JIRA Library is the easiest way to automate JIRA.
    • docopt - Pythonic command line arguments parser, that will make you smile
    • scikit-learn - scikit-learn: machine learning in Python
    • hands-on-analysis-python - PyCon 2015
    • patator - Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.
    • django-wiki - A wiki system with complex functionality for simple integration and a superb interface. Store your knowledge with style: Use django models.
    • hashids-python - Implementation of hashids ( in Python. Compatible with Python 2 and Python 3
    • Beebeeto-framework - Beebeeto FrameWork
    • docker_practice - Learn and understand Docker technologies, with real DevOps practice!
    • androguard - Reverse engineering, Malware and goodware analysis of Android applications ... and more (ninja !)
    • mitmproxy - An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
    • ptf - The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.
    • SPF - SpeedPhishing Framework
    • Panoptic - Panoptic is an open source penetration testing tool that automates the process of search and retrieval of content for common log and config files through path traversal vulnerabilities.
    • Responder - Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
    • pysqli - Python SQL injection framework
    • wphardening - Fortify the security of any WordPress installation.
    • fbht - Facebook Hacking Tool
    • xsscrapy - XSS spider - 66/66 wavsep XSS detected
    • mwebfp - LNHG - Mass Web Fingerprinter
    • zarp - Network Attack Tool
    • Pompem - Find exploit tool
    • sparty - Sparty - MS Sharepoint and Frontpage Auditing Tool [Unofficial]
    • crowbar - Crowbar is brute forcing tool that can be used during penetration tests. It is developed to support protocols that are not currently supported by thc-hydra and other popular brute forcing tools.
    • CapTipper - Malicious HTTP traffic explorer
    • PhEmail - PhEmail is a python open source phishing email tool that automates the process of sending phishing emails as part of a social engineering test
    • dirsearch - Web path scanner
    • XSSYA-V-2.0
    • net-creds - Sniffs sensitive data from interface or pcap
    • commix - Automated All-in-One OS command injection and exploitation tool.
    • instarecon - Automated digital reconnaissance
    • wig - WebApp Information Gatherer
    • jexboss - JexBoss: Jboss (and Java Deserialization Vulnerabilities) verify and EXploitation Tool
    • creepy - A geolocation OSINT tool. Offers geolocation information gathering through social networking platforms.
    • wfuzz - Web application fuzzer
    • theHarvester - E-mails, subdomains and names Harvester - OSINT
    • MITMf - Framework for Man-In-The-Middle attacks
    • wifite
    • shadowsocks
    • pyauto - 《python自动化运维:技术与最佳实践》书中示例及案例源码
    • cupp - Common User Passwords Profiler (CUPP)
    • pymetasploit - A full-fledged msfrpc library for Metasploit framework.
    • social-engineer-toolkit - The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.
    • sqlmap - Automatic SQL injection and database takeover tool
    • owtf - Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient @owtfp
    • cookiecutter - A command-line utility that creates projects from cookiecutters (project templates). E.g. Python package projects, jQuery plugin projects.
    • grr - GRR Rapid Response: remote live forensics for incident response
    • pyringe - Debugger capable of attaching to and injecting code into python processes.
    • paramgmt - A parallel SSH-based remote machine management system
    • nogotofail - An on-path blackbox network traffic security testing tool
    • django-crontab - dead simple crontab powered job scheduling for django.
    • paramiko - The leading native Python SSHv2 protocol library.
    • jieba - 结巴中文分词
    • requests - Python HTTP Requests for Humans™ ✨🍰✨
    • httpbin - HTTP Request & Response Service, written in Python + Flask.
    • django-jsonview - Return Python objects, always get JSON.
    • django-model-utils - Django model mixins and utilities.
    • django-fagungis - DJANGO + FAbric + GUnicorn + NGInx + Supervisor deployment
    • django-nvd3 - Django wrapper for nvd3 - It's time for beautiful charts
    • django-simple-captcha - Django Simple Captcha is an extremely simple, yet highly customizable Django application to add captcha images to any Django form.
    • django-extensions - This is a repository for collecting global custom management extensions for the Django Framework.
    • httpie - Modern command line HTTP client – user-friendly curl alternative with intuitive UI, JSON support, syntax highlighting, wget-like downloads, extensions, etc.
    • pandas - Flexible and powerful data analysis / manipulation library for Python, providing labeled data structures similar to R data.frame objects, statistical functions, and much more
    • raspberrypi_cookbook - The source code from the book 'The Raspberry Pi Cookbook' by Simon Monk.
    • sslyze - Current development of SSLyze now takes place on a separate repository
    • scrapy - Scrapy, a fast high-level web crawling & scraping framework for Python.
    • fabric - Simple, Pythonic remote execution and deployment.
    • envoy - Python Subprocesses for Humans™.
    • presentations - Presentations from various conferences.
    • pygeoip - Pure Python API for Maxmind's binary GeoIP databases
    • MachineLearning - Machine Learning in Action(机器学习实战)
    • QA - 使用深度学习算法实现的中文问答系统
    • king-phisher - Phishing Campaign Toolkit
    • needle - The iOS Security Testing Framework
    • scipy-lecture-notes - Tutorial material on the scientific Python ecosystem
    • bandit - Python AST-based static analyzer from OpenStack Security Group
    • robotframework-requests - Robot Framework keyword library wrapper for requests
    • routersploit - The Router Exploitation Framework
    • wagtaildemo - Old example site implemented with Wagtail. Please see for the current demo site
    • pycrypto - The Python Cryptography Toolkit
    • drozer - The Leading Security Assessment Framework for Android.
    • redis-py - Redis Python Client
    • django-recaptcha - Django reCAPTCHA form field/widget integration app.
    • WeRoBot - WeRoBot 是一个微信公众号开发框架
    • IPProxyPool - IPProxyPool代理池项目,提供代理ip
    • fshell - 基于机器学习的分布式webshell检测系统
    • django-defender - A simple super fast django reusable app that blocks people from brute forcing login attempts
    • django-cors-headers - Django app for handling the server headers required for Cross-Origin Resource Sharing (CORS)
    • Some-PoC-oR-ExP - 各种漏洞poc、Exp的收集或编写
    • django-downloadview - Serve files with Django.
    • http-prompt - HTTPie + prompt_toolkit = an interactive command-line HTTP client featuring autocomplete and syntax highlighting
    • cookiecutter-django - Cookiecutter Django is a framework for jumpstarting production-ready Django projects quickly.
  • Shell

    • mhn - Modern Honey Network
    • streisand - Streisand sets up a new server running your choice of L2TP/IPsec, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, sslh, Stunnel, a Tor bridge, and WireGuard. It also generates custom instructions for all of these services. At the end of the run you are given an HTML file with instructions that can be shared with friends, family members, and fellow activists.
    • SpringCloudLearning - project for spring cloud learning
    • git-secrets - Prevents you from committing secrets and credentials into git repositories
    • vulhub - Docker-Compose file for vulnerability environment
    • docker-elk - The ELK stack powered by Docker and Compose.
    • datascience-sp14 - Repository for data science course Spring 14
    • docker-vulnerability-environment - Use the docker to build a vulnerability environment
    • rules - Repository of yara rules
    • smartcd - Alter your bash (or zsh) environment as you cd
    • ctf-tools - Some setup scripts for security research tools.
    • discover - For use with Kali Linux. Custom bash scripts used to automate various pentesting tasks.
    • cheat-sheets - Various Cheat Sheets related to development and security
    • rbenv - Groom your app’s Ruby environment
    • exploit-database-papers - exploit-database-papers
  • Swift

    • SwiftyJSON - The better way to deal with JSON data in Swift
    • SQLite.swift - A type-safe, Swift-language layer over SQLite3.
    • Alamofire - Elegant HTTP Networking in Swift
    • awesome-ios - A curated list of awesome iOS ecosystem, including Objective-C and Swift Projects
    • cleartext-mac - A text editor that will help you write clearer and simpler
    • json-swift - A basic library for working with JSON in Swift.
    • SwiftData - Simple and Effective SQLite Handling in Swift
    • iOS-8-Swift-Programming-Cookbook - This is the GitHub repository of O'Reilly's iOS 8 Swift Programming Cookbook
    • SwiftGuide - 这份指南汇集了Swift语言主流学习资源,并以开发者的视角整理编排。
  • Batchfile

    • python-guide - Python best practices guidebook, written for Humans.
  • CSS

  • Clojure

  • CoffeeScript

  • Go

    • yulong-hids - 一款由 YSRC 开源的主机入侵检测系统
    • go-ethereum - Official Go implementation of the Ethereum protocol
    • pouch - Pouch is an open-source project created to promote the container technology movement.
    • blockchain_go - A simplified blockchain implementation in Golang
    • blockchain_guide - Introduce blockchain related technologies, from theory to practice with bitcoin, ethereum and hyperledger.
    • ruler - A tool to abuse Exchange services
    • sshhipot - High-interaction MitM SSH honeypot
    • frp - A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
    • beats - :tropical_fish: Beats - Lightweight shippers for Elasticsearch & Logstash
    • alfred-font-awesome-workflow - :tophat: Font Awesome Workflow for Alfred 3
  • HTML

    • 30-seconds-of-css - A curated collection of useful CSS snippets.
    • js-xss - Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist
    • portia - Visual scraping for Scrapy
    • Email-Boilerplate - The email boilerplate for sending out nicely formatted messages.
    • python-goose - Html Content / Article Extractor, web scrapping lib in Python
    • swagger-codegen - swagger-codegen contains a template-driven engine to generate documentation, API clients and server stubs in different languages by parsing your OpenAPI / Swagger definition.
    • gophish - Open-Source Phishing Toolkit
    • qark - Tool to look for several security related Android application vulnerabilities
    • owasp-mstg - The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security testing and reverse engineering.
    • elasticsearch-definitive-guide - The Definitive Guide to Elasticsearch
    • - Xuanwu Lab Blog
    • skf-flask - Security Knowledge Framework (SKF) Python Flask / Angular project
    • git-it-electron - :computer: :mortar_board: Git-it is a (Mac, Win, Linux) Desktop App for Learning Git and GitHub
    • learnyounode - Learn You The Node.js For Much Win! An intro to Node.js via a set of self-guided workshops.
    • git-it - :computer: :mortar_board: Learn Git and GitHub. Try the new desktop version →
    • behave.example - Examples and Tutorials for "behave" to simplify use for new developers.
    • mana - Our mana toolkit for wifi rogue AP attacks and MitM - see hostapd-mana too
    • post-exploitation-wiki - Post Exploitation Wiki
    • - PwnWiki - The notes section of the pentesters mind.
    • django-grappelli - A jazzy skin for the Django Admin-Interface (official repository).
    • - Full Stack Python source with Pelican, Bootstrap and Markdown.
    • django-admin-bootstrapped - A Django admin theme using Twitter Bootstrap. It doesn't need any kind of modification on your side, just add it to the installed apps.
    • Top10 - Official OWASP Top 10 Document Repository
  • Jupyter Notebook

    • Play-with-Machine-Learning-Algorithms - Code of my MOOC Course <Play with Machine Learning Algorithms>. Updated contents and practices are also included. 我在慕课网上的课程《Python3 入门机器学习》示例代码。课程的更多更新内容及辅助练习也将逐步添加进这个代码仓。
    • pytudes - Python programs to practice or demonstrate skills.
    • zheye - 者也 - 知乎 倒立的文字 汉字验证码识别程序
    • python3-in-one-pic - Learn python3 in one picture.
    • Python-Machine-Learning-Blueprints - Code repository for Python Machine Learning Blueprints, published by Packt
    • ThinkStats2 - Text and supporting code for Think Stats, 2nd Edition
    • handson-ml - A series of Jupyter notebooks that walk you through the fundamentals of Machine Learning and Deep Learning in python using Scikit-Learn and TensorFlow.
    • PythonDataScienceHandbook - Python Data Science Handbook: full text in Jupyter Notebooks
    • sklearn_tutorial - Materials for my scikit-learn tutorial
    • TensorFlow-Examples - TensorFlow Tutorial and Examples for Beginners with Latest APIs
    • python-scraping - Code samples from the book Web Scraping with Python
    • pydata-book - Materials and IPython notebooks for "Python for Data Analysis" by Wes McKinney, published by O'Reilly Media
  • Kotlin

  • Lua

    • VeryNginx - A very powerful and friendly nginx base on lua-nginx-module( openresty ) which provide WAF, Control Panel, and Dashboards.
    • ngx_lua_waf - ngx_lua_waf是一个基于lua-nginx-module(openresty)的web应用防火墙
  • Nginx

  • Objective-C

    • aria2gui - Aria2GUI for MAC OS X
    • drive-ios-quickeditor - [MOVED] A sample text editor for iOS illustrating how to open and save files with the Google Drive API
    • spectacle - Spectacle allows you to organize your windows without using a mouse.
    • XcodeGhost - "XcodeGhost" Source
    • shuttle - A simple SSH shortcut menu for macOS
  • Perl

    • nikto - Nikto web server scanner
  • PowerShell

    • PowerShellArsenal - A PowerShell Module Dedicated to Reverse Engineering
    • PowerSploit - PowerSploit - A PowerShell Post-Exploitation Framework
  • Ruby

  • Scala

    • gatling - Async Scala-Akka-Netty based Load Test Tool
    • AndroidZipArbitrage - Exploit for Android Zip bugs: 8219321, 9695860, and 9950697
  • Tcl

    • mosquito - XSS exploitation tool - access victims through HTTP proxy
  • TeX

  • TypeScript

    • chromeless - 🖥 Chrome automation made simple. Runs locally or headless on AWS Lambda.
    • wechaty - Bot for WeChat. Powered by Puppeteer / Node.js / TypeScript / Docker
  • Vue

    • Hawkeye - GitHub 泄露监控系统(GitHub Sensitive Information Leakage Monitor)
  • XSLT

  • Rust

    • parity - Fast, light, robust Ethereum implementation.