Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

Security

Cybersecurity (security) includes controlling physical access to hardware as well as protection from attacks that come via network access, data injection, and code injection.

https://github.com/cisagov/Malcolm

Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.

arkime cybersecurity infosec network-security network-traffic-analysis networksecurity networktrafficanalysis opensearch opensearch-dashboards pcap security suricata zeek

Last synced: 30 Mar 2025

https://github.com/zhzyker/dismap

Asset discovery and identification tools 快速识别 Web 指纹信息,定位资产类型。辅助红队快速定位目标资产信息,辅助蓝队发现疑似脆弱点

cybersecurity detection fingerprint fingerprint-scanner golang-tools identification pentest-tool pentest-tools redteam redteam-tools security security-scan security-tools webscan

Last synced: 15 May 2025

https://github.com/kadenzipfel/smart-contract-vulnerabilities

A collection of smart contract vulnerabilities along with prevention methods

blockchain ethereum security solidity

Last synced: 14 May 2025

https://github.com/megamansec/ssh-snake

SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.

bash cybersecurity exploitation exploitation-tool hacking hacking-tools pentesting post-exploitation redteam scanner security security-tools shell ssh ssh-hacking vulnerability-scanner worm

Last synced: 15 May 2025

https://github.com/salesforce/cloudsplaining

Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report.

aws aws-iam aws-security cloud cloud-security hacktoberfest iam salesforce security

Last synced: 16 May 2025

https://github.com/BishopFox/CloudFox

Automating situational awareness for cloud penetration tests.

aws cloud cloud-security golang penetration-testing-tools security

Last synced: 07 May 2025

https://github.com/arthaud/git-dumper

A tool to dump a git repository from a website

git security web

Last synced: 13 May 2025

https://github.com/cncf/tag-security

🔐CNCF Security Technical Advisory Group -- secure access, policy control, privacy, auditing, explainability and more!

access-control assessment cloud-native cncf safety secure-access security

Last synced: 02 Jan 2026

https://github.com/walidshaari/certified-kubernetes-security-specialist

Curated resources help you prepare for the CNCF/Linux Foundation CKS 2021 "Kubernetes Certified Security Specialist" Certification exam. Please provide feedback or requests by raising issues, or making a pull request. All feedback for improvements are welcome. thank you.

apparmor certification cks ckss exam-objectives falco kernel-hardening kube-bench kube-hunter kubernetes kubernetes-security mitre-attack open-policy-agent os-footprint pod pod-security-policy policy seccomp security trivy

Last synced: 15 May 2025

https://github.com/cider-security-research/cicd-goat

A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.

appsec cicd ctf devops devsecops gitlab infosec jenkins security

Last synced: 04 Apr 2025

https://github.com/walidshaari/Certified-Kubernetes-Security-Specialist

Curated resources help you prepare for the CNCF/Linux Foundation CKS 2021 "Kubernetes Certified Security Specialist" Certification exam. Please provide feedback or requests by raising issues, or making a pull request. All feedback for improvements are welcome. thank you.

apparmor certification cks ckss exam-objectives falco kernel-hardening kube-bench kube-hunter kubernetes kubernetes-security mitre-attack open-policy-agent os-footprint pod pod-security-policy policy seccomp security trivy

Last synced: 08 May 2025

https://github.com/awslabs/aws-well-architected-labs

Hands on labs and code to help you learn, measure, and build using architectural best practices.

aws cost lab reliability reliability-engineering resilience resiliency security well-architected wellarchitected

Last synced: 09 Jan 2026

https://github.com/ghostunnel/ghostunnel

A simple SSL/TLS proxy with mutual authentication for securing non-TLS services.

crypto go hsm keychain pkcs11 proxy security ssl stunnel tls tunnel

Last synced: 13 May 2025

https://github.com/0xbug/hawkeye

GitHub 泄露监控系统(GitHub Sensitive Information Leakage Monitor Spider)

github leakage security

Last synced: 25 Oct 2025

https://github.com/0xbug/Hawkeye

GitHub 泄露监控系统(GitHub Sensitive Information Leakage Monitor Spider)

github leakage security

Last synced: 26 Mar 2025

https://github.com/ttlequals0/autovpn

Create On Demand Disposable OpenVPN Endpoints on AWS.

autovpn aws openvpn openvpn-configuration openvpn-endpoints privacy security vpn vpn-server

Last synced: 08 Apr 2025

https://github.com/netflix-skunkworks/stethoscope

Personalized, user-focused recommendations for employee information security.

education security user-focused-security

Last synced: 15 May 2025

https://github.com/Netflix-Skunkworks/stethoscope

Personalized, user-focused recommendations for employee information security.

education security user-focused-security

Last synced: 02 Apr 2025

https://github.com/Dliv3/Venom

Venom - A Multi-hop Proxy for Penetration Testers

ctf golang pentest-tool pentesting port-forward port-reuse proxy redteam security socks5 ssh-tunnel tunnel venom

Last synced: 30 Mar 2025

https://github.com/dliv3/venom

Venom - A Multi-hop Proxy for Penetration Testers

ctf golang pentest-tool pentesting port-forward port-reuse proxy redteam security socks5 ssh-tunnel tunnel venom

Last synced: 15 May 2025

https://github.com/sensiolabs/security-checker

PHP frontend for security.symfony.com

composer php security

Last synced: 05 Oct 2025

https://github.com/nikitavoloboev/privacy-respecting

Curated List of Privacy Respecting Services and Software

curated-list privacy security security-tools self-hosted

Last synced: 25 Mar 2025

https://github.com/6mile/devsecops-playbook

This is a step-by-step guide to implementing a DevSecOps program for any size organization

devsecops playbook security

Last synced: 25 Aug 2025

https://github.com/someengineering/fixinventory

Fix Inventory helps you identify and remove the most critical risks in AWS, GCP, Azure and Kubernetes.

aws cnapp cspm cybersecurity digitalocean gcp infrastructure-as-code policy-as-code security security-audit security-automation

Last synced: 23 Oct 2025

https://github.com/6mile/DevSecOps-Playbook

This is a step-by-step guide to implementing a DevSecOps program for any size organization

devsecops playbook security

Last synced: 10 Apr 2025

https://github.com/ankit0183/wifi-hacking

Cyber Security Tool For Hacking Wireless Connections Using Built-In Kali Tools. Supports All Securities (WEP, WPS, WPA, WPA2/TKIP/IES)

crack-handshake hackathon hacking-tool python security wifi-hacking wp8 wps

Last synced: 25 Feb 2025

https://github.com/cossacklabs/themis

Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

asymmetric-cryptography authentication cryptography cryptography-library encryption golang ios java javascript objective-c owasp php python ruby rust secure-messenger secure-storage security swift symmetric-cryptography

Last synced: 12 Jan 2026

https://github.com/KadenZipfel/smart-contract-attack-vectors

A collection of smart contract vulnerabilities along with prevention methods

blockchain ethereum security solidity

Last synced: 10 Apr 2025

https://github.com/lirantal/is-website-vulnerable

finds publicly known security vulnerabilities in a website's frontend JavaScript libraries

hacktoberfest lighthouse nodejs scan security security-vulnerabilities vulnerabilities

Last synced: 14 May 2025

https://github.com/gitguardian/apisecuritybestpractices

Resources to help you keep secrets (API keys, database credentials, certificates, ...) out of source code and remediate the issue in case of a leaked API key. Made available by GitGuardian.

api keys leaked security security-tools

Last synced: 30 Jun 2025

https://github.com/BishopFox/cloudfox

Automating situational awareness for cloud penetration tests.

aws cloud cloud-security golang penetration-testing-tools security

Last synced: 02 Apr 2025

https://github.com/pirate/sites-using-cloudflare

:broken_heart: Archived list of domains using Cloudflare DNS at the time of the CloudBleed announcement.

cdn cloudflare dns https passwords security ssl

Last synced: 27 Sep 2025

https://github.com/praetorian-inc/noseyparker

Nosey Parker is a command-line tool that finds secrets and sensitive information in textual data and Git history.

credentials devsecops noseyparker penetration-testing rust scanner secrets secrets-detection security security-tools

Last synced: 14 May 2025

https://github.com/pyupio/safety

Safety checks Python dependencies for known security vulnerabilities and suggests the proper remediations for vulnerabilities detected.

cicd dependency-management devsecops open-source-security package-management python security security-vulnerability travis vulnerability-detection vulnerability-scanners

Last synced: 12 Nov 2025

https://github.com/GitGuardian/APISecurityBestPractices

Resources to help you keep secrets (API keys, database credentials, certificates, ...) out of source code and remediate the issue in case of a leaked API key. Made available by GitGuardian.

api keys leaked security security-tools

Last synced: 09 Jul 2025

https://github.com/jkornev/hidden

🇺🇦 Windows driver with usermode interface which can hide processes, file-system and registry objects, protect processes and etc

driver kernel malware-analysis rce registry rootkit security windows

Last synced: 15 May 2025

https://github.com/Checkmarx/kics

Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.

appsec cloudnative devsecops golang hacktoberfest iac infrastructure-as-code open-policy-agent security security-tools vulnerability-detection vulnerability-scanners

Last synced: 14 Mar 2025

https://github.com/checkmarx/kics

Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.

appsec cloudnative devsecops golang hacktoberfest iac infrastructure-as-code open-policy-agent security security-tools vulnerability-detection vulnerability-scanners

Last synced: 09 Jan 2026

https://github.com/bytedance/android-inline-hook

:fire: ShadowHook is an Android inline hook library which supports thumb, arm32 and arm64.

android androidinlinehook arm arm64 hook inline inlinehook jni ndk security thumb

Last synced: 14 May 2025

https://github.com/moul/sshportal

:tophat: simple, fun and transparent SSH (and telnet) bastion server

bastion devops fun security ssh ssh-server

Last synced: 14 May 2025

https://github.com/phith0n/javathings

Share Things Related to Java - Java安全漫谈笔记相关内容

java security

Last synced: 15 May 2025

https://github.com/owtf/owtf

Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp

framework kali-linux owasp owtf pentest python security web-application-security

Last synced: 17 Dec 2025

https://github.com/h3xduck/triplecross

A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.

backdoor ebpf kernel libbpf rootkit security

Last synced: 15 May 2025

https://github.com/ankit0183/Wifi-Hacking

Cyber Security Tool For Hacking Wireless Connections Using Built-In Kali Tools. Supports All Securities (WEP, WPS, WPA, WPA2/TKIP/IES)

crack-handshake hackathon hacking-tool python security wifi-hacking wp8 wps

Last synced: 12 Jul 2025

https://github.com/x676f64/secureum-mind_map

Central Repository for the Epoch 0 coursework and quizzes. Contains all the content, cross-referenced and linked.

blockchain ethereum evm security solidity web3

Last synced: 15 May 2025

https://github.com/HotCakeX/Harden-Windows-Security

Harden Windows Safely, Securely using Official Supported Microsoft methods and proper explanation | Always up-to-date and works with the latest build of Windows | Provides tools and Guides for Personal, Enterprise, Government and Military security levels | Read The Rationale https://github.com/HotCakeX/Harden-Windows-Security/blob/main/Rationale.md

1st-party-security applicationcontrol bitlocker defender encryption enterprise-security firewall-configuration harden module operation-system-security powershell powershell-script proactive security security-hardening tpm2 wdac windows windows11 windowsdefender

Last synced: 09 Apr 2025

https://github.com/h3xduck/TripleCross

A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.

backdoor ebpf kernel libbpf rootkit security

Last synced: 30 Mar 2025

https://github.com/josephzhu1983/java-common-mistakes

书籍《Java 开发坑点解析:从根因分析到最佳实践》 & 极客时间专栏《Java业务开发常见错误100例》源码

design-patterns java jvm mistake pitfalls security spring troubleshooting

Last synced: 15 May 2025

https://github.com/brunofacca/zen-rails-security-checklist

Checklist of security precautions for Ruby on Rails applications.

checklist rails ruby ruby-on-rails security security-vulnerability

Last synced: 08 Apr 2025

https://github.com/JosephZhu1983/java-common-mistakes

书籍《Java 开发坑点解析:从根因分析到最佳实践》 & 极客时间专栏《Java业务开发常见错误100例》源码

design-patterns java jvm mistake pitfalls security spring troubleshooting

Last synced: 24 Mar 2025

https://github.com/kozmer/log4j-shell-poc

A Proof-Of-Concept for the CVE-2021-44228 vulnerability.

cve-2021-44228 java log4j security

Last synced: 28 Sep 2025

https://github.com/parsiya/Hacking-with-Go

Golang for Security Professionals

go security

Last synced: 07 May 2025

https://github.com/securitytxt/security-txt

A proposed standard that allows websites to define security policies.

ietf ietf-rfcs infosec internet-draft issue-tracker policy security standard

Last synced: 08 Jul 2025

https://github.com/bitbrute/evillimiter

Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.

hacking hacking-tool linux networking penetration-testing pentest-tool pentesting python security security-tools

Last synced: 09 Oct 2025

https://github.com/ffffffff0x/dork-admin

盘点近年来的数据泄露、供应链污染事件

data-breach data-leakage ffffffff0x list privacy security

Last synced: 28 Sep 2025

https://github.com/ffffffff0x/Dork-Admin

盘点近年来的数据泄露、供应链污染事件

data-breach data-leakage ffffffff0x list privacy security

Last synced: 02 Apr 2025

https://github.com/GrrrDog/weird_proxies

Reverse proxies cheatsheet

cheatsheet pentesting reverse-proxy security

Last synced: 12 Mar 2025

https://github.com/grrrdog/weird_proxies

Reverse proxies cheatsheet

cheatsheet pentesting reverse-proxy security

Last synced: 27 Jul 2025

https://github.com/Sh1Yo/x8

Hidden parameters discovery suite

bugbounty content-discovery recon rust security web

Last synced: 28 Mar 2025

https://github.com/p3nt4/powershdll

Run PowerShell with rundll32. Bypass software restrictions.

applocker powershell security

Last synced: 16 May 2025

https://github.com/newlifex/x

Core basic components: log (file / network), configuration (XML / JSON / HTTP), cache (memory / redis), network (TCP / UDP / HTTP), RPC framework, serialization (binary / XML / JSON), APM performance tracking. 核心基础组件,日志(文件/网络)、配置(XML/Json/Http)、缓存(内存/Redis)、网络(Tcp/Udp/Http)、RPC框架、序列化(Binary/XML/Json)、APM性能追踪。

api network newlife reflection rpc security serialize server service thread

Last synced: 14 May 2025

https://github.com/NewLifeX/X

Core basic components: log (file / network), configuration (XML / JSON / HTTP), cache (memory / redis), network (TCP / UDP / HTTP), RPC framework, serialization (binary / XML / JSON), APM performance tracking. 核心基础组件,日志(文件/网络)、配置(XML/Json/Http)、缓存(内存/Redis)、网络(Tcp/Udp/Http)、RPC框架、序列化(Binary/XML/Json)、APM性能追踪。

api network newlife reflection rpc security serialize server service thread

Last synced: 01 Apr 2025

https://github.com/p3nt4/PowerShdll

Run PowerShell with rundll32. Bypass software restrictions.

applocker powershell security

Last synced: 10 Apr 2025

https://github.com/p4-team/ctf

Ctf solutions from p4 team

capture-the-flag ctf security writeup

Last synced: 24 Feb 2025

https://github.com/HolyBugx/HolyTips

A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

api api-security bugbounty bugbounty-writeups bugbountytips checklist pentest pentesting security web webapp websecurity writeups

Last synced: 11 Jul 2025

https://github.com/authorizerdev/authorizer

Your data, your control. Fully open source, authentication and authorization. No lock-ins. Deployment in Railway in 120 seconds || Spin a docker image as a micro-service in your infra. Built in login page and Admin panel out of the box.

2fa auth authentication authorization docker golang graphdb graphql hacktoberfest magic-link microservice nosql oauth2 role-based-access-control security social-logins sql typescript user-privileges

Last synced: 25 Apr 2025

https://github.com/HummerRisk/HummerRisk

HummerRisk 是云原生安全平台,包括混合云安全治理和云原生安全检测。

cloud-custodian cloud-native cloud-native-security compliance compliance-as-code cspm k8s-security kubernetes-security prowler sbom security trivy vulnerability

Last synced: 01 May 2025

Security Awesome Lists
the-book-of-secret-knowledge 74 Awesome-Hacking 85 awesome-security 330 awesome-web-security 405 awesome-ctf 220 awesome-hacker-search-engines 545 android-security-awesome 224 awesome-privacy 1,419 awesome-incident-response 218 Awesome-WAF 173 DevSecOps 182 awesome-security-hardening 204 awesome-infosec 215 awesome-cybersecurity-blueteam 252 WebHackersWeapons 429 awesome-sec-talks 264 backend-cheats 961 awesome-vehicle-security 220 awesome-api-security 202 awesome-nodejs-security 203 awesome-game-security 92 awesome-iot-hacks 70 awesome-cloud-security 153 alternative-frontends 119 awesome-embedded-and-iot-security 131 awesome-iam 249 DevSecOps 48 awesome-golang-security 34 Awesome-FL 2,808 Awesome-Cybersecurity-Datasets 54 awesome-windows-domain-hardening 70 Crypto-OpSec-SelfGuard-RoadMap 473 awesome-azure-architecture 297 osx-and-ios-security-awesome 56 awesome-executable-packing 691 awesome-llm-security 101 awesome-aws-security 167 awesome-ethereum-security 81 awesome-vulnerable-apps 89 awesome-he 90 awesome-lists 737 Awesome-Jailbreak-on-LLMs 352 MobileHackersWeapons 73 security-apis 112 awesome-security-GRC 81 awesome-anti-forensic 143 awesome-python-security 35 graph-adversarial-learning-literature 314 awesome-opa 220 awesome-runners 36
Security Categories
Uncategorized 4,273 fl in top-tier journal 3,038 :books: Literature 2,268 Tools 1,385 fl in top ml conference and journal 1,227 Pentesting 1,170 Operating Systems 1,074 Attack 1,014 Other Lists 762 Papers 516 Weapons 506 Threat Hunting: 480 Resources 480 fl in top ai conference and journal 460 **Мероприятия** 458 Official 451 Blue Team 400 Defense 396 Adversarial Examples for Machine Learning 393 IR Tools Collection 386