Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

Security

Cybersecurity (security) includes controlling physical access to hardware as well as protection from attacks that come via network access, data injection, and code injection.

https://github.com/seandragon/protools

历经开发周期多年,并且应用过千万级别项目的工具箱

date decimal http jdk8 netty okhttp security tool util

Last synced: 15 May 2025

https://github.com/chainreactors/spray

最好用最智能最可控的目录爆破工具 | The most powerful, user-friendly, intelligent, and precise HTTP buster.

redteam security security-tools

Last synced: 15 May 2025

https://github.com/michelin/chopchop

ChopChop is a CLI to help developers scanning endpoints and identifying exposition of sensitive services/files/folders.

devsecops scanning security

Last synced: 13 Apr 2025

https://github.com/SeanDragon/protools

历经开发周期多年,并且应用过千万级别项目的工具箱

date decimal http jdk8 netty okhttp security tool util

Last synced: 03 May 2025

https://github.com/kenryu42/claude-code-safety-net

A Claude Code plugin that acts as a safety net, catching destructive git and filesystem commands before they execute.

claude claude-code claude-code-plugin destructive-commands security

Last synced: 13 Jan 2026

https://github.com/spencerdodd/kernelpop

kernel privilege escalation enumeration and exploitation framework

enumeration exploits kernel security tools vulnerabilities

Last synced: 21 Jan 2026

https://github.com/duo-labs/webauthn.io

The source code for webauthn.io, a demonstration of WebAuthn.

authentication demo passkeys python security webauthn

Last synced: 14 May 2025

https://github.com/metnew/uxss-db

🔪Browser logic vulnerabilities :skull_and_crossbones:

browser cve javascript security vulnerability xss

Last synced: 02 Apr 2025

https://github.com/brosck/mantra

「🔑」A tool used to hunt down API key leaks in JS files and pages

api bugbounty files hacking javascript js key leak leaked-secrets pentest security tool

Last synced: 14 Apr 2025

https://github.com/tor2web/Tor2web

Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers

aaron-swartz anonimous-proxies confidentiality digital-human-rights freedom-of-information https networking onion-service privacy proxy python security socks5 streaming tor transparency twisted

Last synced: 31 Mar 2025

https://github.com/bytecodealliance/cap-std

Capability-oriented version of the Rust standard library

rust sandboxing security

Last synced: 13 May 2025

https://github.com/guidovranken/cryptofuzz

Fuzzing cryptographic libraries. Magic bug printer go brrrr.

cryptography fuzzing security testing

Last synced: 17 Jan 2026

https://github.com/RevokeCash/revoke.cash

❌ Revoke or update your token approvals

ethereum security token-approval

Last synced: 18 Jul 2025

https://github.com/insoxin/qrpay

五合一收款码在线生成,40个模板 支持微信支付、支付宝支付、手机QQ支付、京东钱包、百度钱包,PayPal五合一收款,将其二维码合并为一个二维码,无需手续费,支持qq头像,昵称判断(HTML单页版多模板免安装) 腾讯云服务器 https://api.isoyu.com/qrpay/ 腾讯云COS https://qrpay.isoyu.com/

alipay bdpay cos html jdpay lianlianpay paypal qqpay qrcode qrpay security unionpay wxpay wxwidgets-applications

Last synced: 02 Apr 2025

https://github.com/stamparm/identywaf

Blind WAF identification tool

blind inference infosec network security waf

Last synced: 16 May 2025

https://github.com/pallets-eco/flask-security

Quick and simple security for Flask applications

flask flask-security python security

Last synced: 13 May 2025

https://github.com/Decurity/semgrep-smart-contracts

Semgrep rules for smart contracts based on DeFi exploits

defi ethereum security semgrep solidity

Last synced: 10 May 2025

https://github.com/HexHive/retrowrite

RetroWrite -- Retrofitting compiler passes through binary rewriting

aarch64 assembly binary-rewriting disassembler reverse-engineering security x86-64

Last synced: 08 May 2025

https://github.com/securityjoes/MasterParser

MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs

automation cyber cyber-security dfir dfir-automation digital-forensic incident-response infosec ir mdr powershell reporting security soc tools

Last synced: 03 Apr 2025

https://github.com/jpcertcc/emocheck

Emotet detection tool for Windows OS

emotet malware-detection security

Last synced: 04 Apr 2025

https://github.com/initstring/dirty_sock

Linux privilege escalation exploit via snapd (CVE-2019-7304)

linux privilege-escalation security

Last synced: 05 Apr 2025

https://github.com/ossillate-inc/packj

Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain

developer-tools devops devops-tools devsecops dynamic-analysis malware malware-analysis npm pypi python rubygems sandboxing security security-audit security-tools static-analysis supply-chain supply-chain-security vulnerability vulnerability-scanners

Last synced: 07 May 2025

https://github.com/hardik05/Damn_Vulnerable_C_Program

An example C program which contains vulnerable code for common types of vulnerabilities. It can be used to show fuzzing concepts.

afl dynamorio fuzzing honggfuzz jackalope libafl libfuzzer security tinyinst vulnerabilities vulnerability winafl

Last synced: 11 Jul 2025

https://github.com/dwolfhub/zxcvbn-python

Python implementation of Dropbox's realistic password strength estimator

password python-2 python-3 security zxcvbn

Last synced: 14 May 2025

https://github.com/0x4D31/fatt

FATT /fingerprintAllTheThings - a pyshark based script for extracting network metadata and fingerprints from pcap files and live network traffic

fingerprinting honeypot metadata network python quic rdp security ssh threat-hunting tls tshark

Last synced: 24 Mar 2025

https://github.com/taviso/avscript

Avast JavaScript Interactive Shell

reverse-engineering security

Last synced: 19 Mar 2025

https://github.com/0x4d31/fatt

FATT /fingerprintAllTheThings - a pyshark based script for extracting network metadata and fingerprints from pcap files and live network traffic

fingerprinting honeypot metadata network python quic rdp security ssh threat-hunting tls tshark

Last synced: 04 Apr 2025

https://github.com/mufeedvh/pdfrip

A multi-threaded PDF password cracking utility equipped with commonly encountered password format builders and dictionary attacks.

hashcat password password-cracker pdf rust security security-tools

Last synced: 02 Apr 2025

https://github.com/michelin/ChopChop

ChopChop is a CLI to help developers scanning endpoints and identifying exposition of sensitive services/files/folders.

devsecops scanning security

Last synced: 21 Apr 2025

https://github.com/erlef/elixir-secure-coding

An interactive cybersecurity curriculum designed for enterprise use at software companies using Elixir

education-wg elixir elixir-lang elixir-phoenix livebook salus security security-education security-wg sobelow

Last synced: 15 May 2025

https://github.com/nelmio/nelmiosecuritybundle

Adds extra security-related features in your Symfony application

bundle csp hsts https php security symfony xss

Last synced: 13 May 2025

https://github.com/theupdateframework/go-tuf

Go implementation of The Update Framework (TUF)

chain go golang hacktoberfest security software supply supply-chain tuf

Last synced: 14 May 2025

https://github.com/google/go-safeweb

Secure-by-default HTTP servers in Go.

golang http http-server security security-hardening

Last synced: 16 Mar 2025

https://github.com/paul-reed/cloudflare-ufw

Script to update UFW with Cloudflare IPs

cloudflare security ufw-firewall

Last synced: 07 Apr 2025

https://github.com/l-n-s/wireguard-install

WireGuard VPN server installer

networking privacy security self-hosted vpn wireguard

Last synced: 09 Jul 2025

https://github.com/githubixx/ansible-role-wireguard

Ansible role for installing WireGuard VPN. Supports Ubuntu, Debian, Archlinx, Fedora, openSUSE Leap and some Redhat ES variants.

ansible ansible-role linux networking security vpn wireguard

Last synced: 21 Jan 2026

https://github.com/mobsf/mobsfscan

mobsfscan is a static analysis tool that can find insecure code patterns in your Android and iOS source code. Supports Java, Kotlin, Swift, and Objective C Code. mobsfscan uses MobSF static analysis rules and is powered by semgrep and libsast pattern matcher.

android appsec codereview ios java kotlin mobile-sast objective-c sast security static-analysis swift

Last synced: 14 May 2025

https://github.com/veorq/SipHash

High-speed secure pseudorandom function for short messages

c cryptography message-authentication-code pseudorandom-functions security

Last synced: 25 Mar 2025

https://github.com/stamparm/identYwaf

Blind WAF identification tool

blind inference infosec network security waf

Last synced: 13 Mar 2025

https://github.com/decurity/semgrep-smart-contracts

Semgrep rules for smart contracts based on DeFi exploits

defi ethereum security semgrep solidity

Last synced: 07 Apr 2025

https://github.com/stefanberger/swtpm

Libtpms-based TPM emulator with socket, character device, and Linux CUSE interface.

crypto qemu security swtpm tpm tpm2 vtpm

Last synced: 16 May 2025

https://github.com/unipacker/unipacker

Automatic and platform-independent unpacker for Windows binaries based on emulation

debugger dumper emulation packers pefile python reverse-engineering security unicorn-engine unpacker windows

Last synced: 12 Jul 2025

https://github.com/appsecco/dvna

Damn Vulnerable NodeJS Application

dvna hack nodejs owasp owasp-top-10 security testing vulnerable vulnerable-apps

Last synced: 16 Mar 2025

https://github.com/tempesta-tech/tempesta

All-in-one solution for high performance web content delivery and advanced protection against DDoS and web attacks

bots database ddos-protection high-performance http-accelerator http2 linux-kernel load-balancer security tls web-application-firewall web-performance web-security

Last synced: 15 May 2025

https://github.com/MobSF/mobsfscan

mobsfscan is a static analysis tool that can find insecure code patterns in your Android and iOS source code. Supports Java, Kotlin, Swift, and Objective C Code. mobsfscan uses MobSF static analysis rules and is powered by semgrep and libsast pattern matcher.

android appsec codereview ios java kotlin mobile-sast objective-c sast security static-analysis swift

Last synced: 01 Apr 2025

https://github.com/Vu1nT0tal/yarb

方便获取每日安全资讯的爬虫和推送程序

bot rss security

Last synced: 05 Apr 2025

https://github.com/fingerprintjs/external-protocol-flooding

Scheme flooding vulnerability: how it works and why it is a threat to anonymous browsing

browser-fingerprinting exploit fingerprinting identification privacy security vulnerability

Last synced: 14 Apr 2025

https://github.com/dolevf/graphw00f

graphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology is behind a given GraphQL endpoint.

enumeration fingerprinting graphql information-gathering penetration-testing security

Last synced: 08 Oct 2025

https://github.com/Paul-Reed/cloudflare-ufw

Script to update UFW with Cloudflare IPs

cloudflare security ufw-firewall

Last synced: 28 Mar 2025

https://github.com/auth0/simplekeychain

A simple Keychain wrapper for iOS, macOS, tvOS, and watchOS

dx-sdk ios keychain security

Last synced: 14 May 2025

https://github.com/cyberark/fuzzyai

A powerful tool for automated LLM fuzzing. It is designed to help developers and security researchers identify and mitigate potential jailbreaks in their LLM APIs.

ai ai-red-team fuzzing jailbreak jailbreaking llm llm-evaluation llm-security llms security

Last synced: 22 Jul 2025

https://github.com/houbb/sensitive

🔐Sensitive log tool for java, based on java annotation. (基于注解的 java 日志脱敏工具框架,更加优雅的日志打印。支持自定义哈希、支持基于 log4j2 插件的统一脱敏、支持 logback 插件统一脱敏)

dfa fastjson java java-annotation json log log4j2 log4j2-plugin logback security sensitive sensitive-data-security slf4j

Last synced: 12 Apr 2025

https://github.com/coldcard/firmware

❄️ Firmware and simulator for Coldcard Hardware Wallet

bitcoin bitcoin-wallet cryptocurrency cryptography security

Last synced: 15 May 2025

https://github.com/gamemann/xdp-firewall

A firewall that utilizes the Linux kernel's XDP hook. The XDP hook allows for very fast network processing on Linux systems. This is great for dropping malicious traffic from a (D)DoS attack. IPv6 is supported with this firewall! I hope this helps network engineers/programmers interested in utilizing XDP!

anti-ddos bpf ddos ddos-attacks ddos-mitigation ddos-protection denial-of-service distributed-denial-of-service dos dos-attack dos-protection ebpf fast firewall fw kernel linux network security xdp

Last synced: 15 May 2025

https://github.com/netflix-skunkworks/diffy

:no_entry: (DEPRECATED) Diffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.

dfir forensics security

Last synced: 16 May 2025

https://github.com/Netflix-Skunkworks/diffy

:no_entry: (DEPRECATED) Diffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.

dfir forensics security

Last synced: 29 Apr 2025

https://github.com/okta-graveyard/repo-supervisor

Scan your code for security misconfiguration, search for passwords and secrets. :mag:

blueteam redteam secret-management secrets secrets-detection security serverless

Last synced: 02 Oct 2025

https://github.com/Fuzzapi/fuzzapi

Fuzzapi is a tool used for REST API pentesting and uses API_Fuzzer gem

api automation fuzzer rails ruby security security-vulnerability

Last synced: 02 Apr 2025

https://github.com/esapi/esapi-java-legacy

ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications.

java security

Last synced: 13 May 2025

https://github.com/SkipToTheEndpoint/OpenIntuneBaseline

Community-driven baseline to accelerate Intune adoption and learning.

device-config intune microsoft security

Last synced: 10 Apr 2025

https://github.com/electroniccats/catsniffer

CatSniffer is an original multiprotocol and multiband board for sniffing, communicating, and attacking IoT (Internet of Things) devices using the latest radio IoT protocols. It is a highly portable USB stick that integrates TI CC1352, Semtech SX1262, and an RP2040 for V3 or a Microchip SAMD21E17 for V2

ble hardware lora matter rp2040 samd21 security security-tools sidewalk sniffers zigbee

Last synced: 15 May 2025

https://github.com/openmls/openmls

Rust implementation of the Messaging Layer Security (MLS) protocol

mls openmls rust security

Last synced: 06 Apr 2025

https://github.com/jotygill/openpyn-nordvpn

Easily connect to and switch between, OpenVPN servers hosted by NordVPN on Linux (+patch leakes)

autovpn easyvpn nord nord-vpn nordvpn openvpn openvpn-connection privacy security vpn vpn-connections

Last synced: 09 Oct 2025

https://github.com/rewanthtammana/Damn-Vulnerable-Bank

Damn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to assess your android application security hacking skills.

android android-security application-security damn-vulnerable-bank hacking hacktoberfest infosec pentesting security vulnerable-android-apps vulnerable-application

Last synced: 08 Apr 2025

https://github.com/defaultnamehere/cookie_crimes

Read local Chrome cookies without root or decrypting

cookies osx-security security security-tools

Last synced: 05 Apr 2025

https://github.com/axafrance/oidc-client

Light, Secure, Pure Javascript OIDC (Open ID Connect) Client. We provide also a REACT wrapper (compatible NextJS, etc.).

axa context-api front-end-development javascript js library nextjs oauth2 oidc-client ope openid openid-client openid-connect react reactjs redux security

Last synced: 14 May 2025

https://github.com/GoFetchAD/GoFetch

GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.

active-directory blackhat2017 bloodhound gofetch powershell security

Last synced: 13 May 2025

https://github.com/TryCatchHCF/PacketWhisper

PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.

cryptography data-exfiltration dlp exfiltration hacking hacking-tools pentest-tool pentesting red-team security security-tools steganography

Last synced: 30 Mar 2025

https://github.com/hahwul/a2sv

Auto Scanning to SSL Vulnerability

hacking scanner security ssl vulnerability

Last synced: 02 Apr 2025

https://github.com/u21h2/nacs

事件驱动的渗透测试扫描器 Event-driven pentest scanner

cve exploit fofa fscan golang log4j nuclei pentest redteam scanner security shiro xray

Last synced: 11 Jul 2025

https://github.com/trycatchhcf/packetwhisper

PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.

cryptography data-exfiltration dlp exfiltration hacking hacking-tools pentest-tool pentesting red-team security security-tools steganography

Last synced: 13 Mar 2025

https://github.com/mo-xiaoxi/gptsecurity

塑造未来的安全领域智能革命

aigc gpt-4 security wiki

Last synced: 29 Apr 2025

https://github.com/mozilla-lockwise/lockwise-android

Firefox's Lockwise app for Android

android firefox lockwise mozilla passwords security

Last synced: 16 Mar 2025

https://github.com/w3c/trusted-types

A browser API to prevent DOM-Based Cross Site Scripting in modern web applications.

dom javascript polyfill security trusted-types w3c xss

Last synced: 15 May 2025

Security Awesome Lists
the-book-of-secret-knowledge 74 Awesome-Hacking 85 awesome-security 330 awesome-web-security 405 awesome-ctf 220 awesome-hacker-search-engines 546 android-security-awesome 225 awesome-incident-response 218 awesome-privacy 1,419 Awesome-WAF 173 DevSecOps 182 awesome-security-hardening 204 awesome-infosec 215 awesome-cybersecurity-blueteam 252 WebHackersWeapons 429 awesome-sec-talks 264 backend-cheats 961 awesome-vehicle-security 220 awesome-api-security 202 awesome-nodejs-security 203 awesome-game-security 92 awesome-iot-hacks 70 awesome-cloud-security 153 awesome-embedded-and-iot-security 131 alternative-frontends 119 awesome-iam 249 DevSecOps 48 awesome-golang-security 34 Awesome-FL 2,808 Awesome-Cybersecurity-Datasets 54 awesome-windows-domain-hardening 70 Crypto-OpSec-SelfGuard-RoadMap 473 awesome-azure-architecture 297 osx-and-ios-security-awesome 56 awesome-executable-packing 691 awesome-llm-security 101 awesome-aws-security 167 awesome-ethereum-security 81 awesome-vulnerable-apps 89 awesome-he 90 awesome-lists 737 Awesome-Jailbreak-on-LLMs 352 MobileHackersWeapons 73 awesome-security-GRC 81 security-apis 112 awesome-anti-forensic 143 awesome-python-security 35 graph-adversarial-learning-literature 314 awesome-opa 222 awesome-runners 36
Security Categories
Uncategorized 4,235 fl in top-tier journal 3,038 :books: Literature 2,271 Tools 1,403 fl in top ml conference and journal 1,227 Pentesting 1,113 Operating Systems 1,064 Attack 1,023 Other Lists 703 Papers 513 Weapons 509 Resources 488 Threat Hunting: 480 **Мероприятия** 466 fl in top ai conference and journal 460 Official 451 Malware Analysis 427 Defense 407 Blue Team 402 Adversarial Examples for Machine Learning 396