![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?v=4&size=40){kind=avatar}
Table of Contents →
- AI Security
- Cloud
- Courses
- Cybersecurity
- Infrastructure Security
- Mobile Security
- Productivity & QoL
- Web Security
| Name | Description |
|---|---|
| Awesome Prompt Engineering | GitHub - promptslab/Awesome-Prompt-Engineering: This repository contains a hand-curated resources for Prompt Engineering with a focus on Generative Pre-trained Transformer (GPT), ChatGPT, PaLM etc |
| Awesome LLM | GitHub - Hannibal046/Awesome-LLM: Awesome-LLM: a curated list of Large Language Model |
| OffSecML | Welcome to the Offensive ML Playbook - OffSecML Playbook |
| Awesome LLMOps | GitHub - tensorchord/Awesome-LLMOps: An awesome & curated list of best LLMOps tools for developers |
| Prompt Injection Defenses | GitHub - tldrsec/prompt-injection-defenses: Every practical and proposed defense against prompt injection. |
| Name | Description |
|---|---|
| AI Goat | vulnerable LLM CTF challenges setup locally |
| AI Goat | GitHub - orcasecurity-research/AIGoat: AIGoat: A deliberately Vulnerable AI Infrastructure. Learn AI security through solving our challenges. |
| Name | Description |
|---|---|
| Awesome Cloud Labs | GitHub - iknowjason/Awesome-CloudSec-Labs: Awesome free cloud native security learning labs. Includes CTF, self-hosted workshops, guided vulnerability labs, and research labs. |
| Cloud Middleware Dataset | GitHub - wiz-sec-public/cloud-middleware-dataset; project contains cloud middleware (i.e. agents installed by Cloud providers) used across the major cloud service providers (Azure, AWS and GCP). |
| HackTricks Cloud | HackTricks Cloud - HackTricks Cloud |
| Security Wiki - Cloud | Cloud Wiki | CloudWiki |
| Cloud Wiki | Cloud Wiki | Cloud Wiki |
| Hacking The Cloud | Hacking The Cloud |
| Offensive Cloud TTPs | GitHub - lutzenfried/OffensiveCloud: Offensive security and Penetration Testing TTP for Cloud based environment (AWS / Azure / GCP) |
| CloudSecDocs | Welcome to CloudSecDocs - CloudSecDocs |
| Awesome Cloud Sec | GitHub - RyanJarv/awesome-cloud-sec: Awesome list for cloud security related projects |
| Name | Description |
|---|---|
| FWD CloudSec - Known AWS Accounts | GitHub - fwdcloudsec/known_aws_accounts: List of known AWS accounts |
| AWS Break Glass Role | GitHub - awslabs/aws-break-glass-role: Create a break glass role for emergency use in order to limit AWS production account access. Configure automatic alerts and logging of activities in the role to secure its use in production environments. |
| Sensitive IAM Actions List | GitHub - primeharbor/sensitive_iam_actions: Crowdsourced list of sensitive IAM Actions |
| Security Reference Architecture Examples | GitHub - aws-samples/aws-security-reference-architecture-examples: Example solutions demonstrating how to implement patterns within the AWS Security Reference Architecture guide using CloudFormation (including Customizations for AWS Control Tower) and Terraform. |
| AWS Public Account IDs | GitHub - rupertbg/aws-public-account-ids: Publicly-listed AWS account IDs for easy lookup. Great for cleaning up false positives from unknown Account IDs in Cloudtrail |
| AWS SCP Examples | GitHub - aws-samples/service-control-policy-examples: Example AWS Service control policies to get started or mature your usage of AWS SCPs. |
| AWS Security Survival Kit | GitHub - zoph-io/aws-security-survival-kit: Bare minimum AWS Security Alerting and Configuration |
| AWS Permissions Reference | Permissions Reference for AWS IAM | aws.permissions.cloud |
| Awesome SCPs | GitHub - houey/awesome-service-control-policies: Listing of resources for example AWS Service Control Policies (SCPs) |
| AWS Centralized Logs | GitHub - aidansteele/centralized-logs: Centralizing AWS CloudWatch log forwarding via EventBridge and Step Functions |
| AWS Cheat Sheet | GitHub - invictus-ir/aws-cheatsheet: A cheatsheet containing AWS CloudTrail events that can be used for Incident Response purposes or Detection Engineering. |
| Arsenal of AWS Security Tools | GitHub - toniblyx/my-arsenal-of-aws-security-tools: List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc. |
| AWS Security Resource Dump | AWS security resources |
| Name | Description |
|---|---|
| flAWS 2 Cloud | AWS lab exercise for attacker and defender paths to exploit misconfigurations |
| flAWS Cloud | AWS basic security misconfigurations lab exercises |
| IAM Vulnerable | GitHub - BishopFox/iam-vulnerable: Use Terraform to create your own vulnerable by design AWS IAM privilege escalation playground. |
| Sad Cloud | GitHub - nccgroup/sadcloud: A tool for standing up (and tearing down!) purposefully insecure cloud infrastructure |
| Cloud Goat | GitHub - RhinoSecurityLabs/cloudgoat: CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool |
| AWS Goat | GitHub - ine-labs/AWSGoat: AWSGoat : A Damn Vulnerable AWS Infrastructure |
| CloudCommotion | Causes commotion in the cloud using Terraform and AWS to simulate attacks and misconfigurations. |
| Name | Description |
|---|---|
| TrackIAM | GitHub - glassechidna/trackiam: A project to collate IAM actions, AWS APIs and managed policies from various public sources. |
| CloudSploit | GitHub - aquasecurity/cloudsploit: Cloud Security Posture Management (CSPM) |
| SCP Kit | GitHub - aquia-inc/scpkit: SCP management tool |
| IAM Access Key Report | GitHub - aws-samples/iam-access-key-report |
| AWS List Resources | GitHub - welldone-cloud/aws-list-resources |
| AWS IAM CTL | GitHub - aws-samples/aws-iamctl |
| AWS Consoler | GitHub - NetSPI/aws_consoler: A utility to convert your AWS CLI credentials into AWS console access. |
| EC2 Metadata Mock | GitHub - aws/amazon-ec2-metadata-mock: A tool to simulate Amazon EC2 instance metadata |
| Cloudformation Guard | GitHub - aws-cloudformation/cloudformation-guard: Guard offers a policy-as-code domain-specific language (DSL) to write rules and validate JSON- and YAML-formatted data such as CloudFormation Templates, K8s configurations, and Terraform JSON plans/configurations against those rules. Take this survey to provide feedback about cfn-guard: https://amazonmr.au1.qualtrics.com/jfe/form/SV_bpyzpfoYGGuuUl0 |
| GuardDuty Tester | GitHub - awslabs/amazon-guardduty-tester: This script is used to generate some basic detections of the GuardDuty service |
| AirIAM | GitHub - bridgecrewio/AirIAM: Least privilege AWS IAM Terraformer |
| Invictus AWS | GitHub - invictus-ir/Invictus-AWS |
| Antiope | GitHub - turnerlabs/antiope: AWS Inventory and Compliance Framework |
| PACU | GitHub - RhinoSecurityLabs/pacu: The AWS exploitation framework, designed for testing the security of Amazon Web Services environments. |
| IAMbic | GitHub - noqdev/iambic: IAMbic is Version-Control for IAM. It centralizes and simplifies cloud access and permissions. It maintains an eventually consistent, human-readable, bi-directional representation of IAM in Git. |
| IAM Live | GitHub - iann0036/iamlive: Generate an IAM policy from AWS, Azure, or Google Cloud (GCP) calls using client-side monitoring (CSM) or embedded proxy |
| IAMSpy | This is the repository containing IAMSpy, a library that utilises the Z3 prover to attempt to answer questions about AWS IAM. It can load a variety of IAM policies and convert them to generate Z3 constraints and a model, from which queries can be made on identifying whether actions are allowed or not. |
| Undocumented AWS API Hunter | A tool to uncover undocumented APIs from the AWS Console. |
| CloudSplaining | GitHub - salesforce/cloudsplaining: Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report. |
| AWS Policy Evaluator (APE) | APE takes all of your AWS IAM policies attached to a User, Group, or Role object, and presents you with a single policy, summarizing all of their actual permissions. Taking into account permissions, denials, inherited permissions and permission boundaries! |
| CloudFox | GitHub - BishopFox/cloudfox: Automating situational awareness for cloud penetration tests. |
| RepoKid | GitHub - Netflix/repokid: AWS Least Privilege for Distributed, High-Velocity Deployment |
| Bucket Loot | GitHub - redhuntlabs/BucketLoot: BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets, flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text. |
| Policy Universe | GitHub - Netflix-Skunkworks/policyuniverse: Parse and Process AWS IAM Policies, Statements, ARNs, and wildcards. |
| AWS CLI Multi Account Sessions | GitHub - alestic/aws-cli-multi-account-sessions: bash functions to help run aws-cli commands across roles in multiple accounts with MFA |
| AWS SSO Reported | GitHub - onemorepereira/aws-sso-reporter: AWS SSO Reporter. It reports what users have access to what accounts as long as they are setup in AWS SSO. |
| Name | Description |
|---|---|
| Microsoft Portals Reference | 🖥 Home | [cmd.ms] | List of Microsoft Portals, their links, and use cases. |
| Azure Security Survival Kit | GitHub - O3-Cyber/azure-security-survival-kit |
| Awesome Azure Pentest | GitHub - Kyuu-Ji/Awesome-Azure-Pentest: A collection of resources, tools and more for penetration testing and securing Microsofts cloud platform Azure. |
| Name | Description |
|---|---|
| PurpleCloud Azure | GitHub - iknowjason/PurpleCloud: A little tool to play with Azure Identity - Azure Active Directory lab creation tool |
| Azure Goat | a vulnerable environment, with some significant misconfigurations |
| Name | Description |
|---|---|
| ScubaGear | GitHub - cisagov/ScubaGear: Automation to assess the state of your M365 tenant against CISA's baselines |
| GraphRunner | GitHub - dafthack/GraphRunner: A Post-exploitation Toolset for Interacting with the Microsoft Graph API |
| Azure Storage Reverse Shell | GitHub - offensive-actions/azure-storage-reverse-shell: This GitHub Action sends a reverse shell from a runner via Azure Storage Account blobs |
| Az Recon | GitHub - iknowjason/azrecon: Az Enum & Recon Cheat Sheet |
| RoleCrawl | GitHub - sleeptok3n/RoleCrawl |
| PowerZure | GitHub - hausec/PowerZure: PowerShell framework to assess Azure security |
| Monkey 365 | GitHub - silverhack/monkey365: Monkey365 provides a tool for security consultants to easily conduct not only Microsoft 365, but also Azure subscriptions and Microsoft Entra ID security configuration reviews. |
| AzureHound | GitHub - BloodHoundAD/AzureHound: Azure Data Exporter for BloodHound |
| Name | Description |
|---|---|
| CICD Goat | GitHub - cider-security-research/cicd-goat: A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges. |
| GHA Goat | GitHub - step-security/github-actions-goat: GitHub Actions Goat: Deliberately Vulnerable GitHub Actions CI/CD Environment |
| GHA-Hazmat | A menagerie of insecure and exploitable GitHub Actions workflows and action definitions |
| Name | Description |
|---|---|
| GitGot | GitHub - BishopFox/GitGot: Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets. |
| NORD Stream | GitHub - synacktiv/nord-stream: Nord Stream is a tool that allows you to extract secrets stored inside CI/CD environments by deploying malicious pipelines. It currently supports Azure DevOps, GitHub and GitLab. |
| GitGat | GitHub - scribe-public/gitgat: Evaluate source control (GitHub) security posture |
| GATO | GitHub - praetorian-inc/gato: GitHub Actions Pipeline Enumeration and Attack Tool |
| Driftwood | GitHub - trufflesecurity/driftwood: Private key usage verification. Driftwood is a tool that can enable you to lookup whether a private key is used for things like TLS or as a GitHub SSH key for a user. |
| Name | Description |
|---|---|
| GCP Permissions Reference | Permissions Reference for Google Cloud IAM | gcp.permissions.cloud |
| Awesome GCP Security | GitHub - Littlehack3r/awesome-gcp-pentesting: Tools and blogs I use to perform GCP red teams |
| Name | Description |
|---|---|
| GCP CTF Workshop | GCP goat environment for BSides NY 2024 workshop |
| GCP Goat | GitHub - JOSHUAJEBARAJ/GCP-GOAT: GCP GOAT is the vulnerable application for learn the GCP Security |
| Thunder CTF Cloud | Thunder CTF allows players to practice attacking vulnerable cloud projects on Google Cloud Platform (GCP). |
| Name | Description |
|---|---|
| GCP IAM Privilege Escalation | GitHub - RhinoSecurityLabs/GCP-IAM-Privilege-Escalation: A collection of GCP IAM privilege escalation methods documented by the Rhino Security Labs team. |
| GCP Enum Script | GitLab.com / GitLab Security Department / Security Operations Department / Red Team / Red Team Public / Scripts and PoCs / gcp_enum · GitLab |
| GCP Scanner | GitHub - google/gcp_scanner: A comprehensive scanner for Google Cloud |
| GCPwn | Enumeration/exploit/analysis/download/etc pentesting framework for GCP; modeled like Pacu for AWS; a product of numerous hours via @WebbinRoot |
| GCP Open Resource Enum | Files · master · GitLab.com / GitLab Security Department / Security Operations Department / Red Team / Red Team Public / Scripts and PoCs / gcp_misc · GitLab |
| GCP IAM Privescs | GitHub - RhinoSecurityLabs/GCP-IAM-Privilege-Escalation: A collection of GCP IAM privilege escalation methods documented by the Rhino Security Labs team. |
| Name | Description |
|---|---|
| Pulumi Examples | GitHub - pulumi/examples: Infrastructure, containers, and serverless apps to AWS, Azure, GCP, and Kubernetes... all deployed with Pulumi |
| Federator | Terraform templates for CI/CD to Cloud federation and Cloud2Cloud IAM federations |
| Entra ID Terraform | Examples of various Entra ID scenarios in Terraform |
| Terraform Examples | GitHub - futurice/terraform-examples: Terraform samples for all the major clouds you can copy and paste. The future, co-created. |
| OpenTofu | Open source fork of Terraform |
| Name | Description |
|---|---|
| Checkov | GitHub - bridgecrewio/checkov: Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew. |
| Name | Description |
|---|---|
| KubeCTL Cheat Sheet | kubectl Quick Reference | Kubernetes |
| Container Security Checklist | GitHub - krol3/container-security-checklist: Checklist for container security - devsecops practices |
| EKS Best Practices | Introduction - EKS Best Practices Guides |
| Kubernetes Bad Pods | GitHub - BishopFox/badPods: A collection of manifests that will create pods with elevated privileges. |
| Kubernetes the Hard Way | GitHub - kelseyhightower/kubernetes-the-hard-way: Bootstrap Kubernetes the hard way on Google Cloud Platform. No scripts. |
| Cloud Native Security Talks | Cloud Native Security Talks |
| Falco Bypasses | GitHub - blackberry/Falco-bypasses: Research on various techniques to bypass default falco ruleset (based on falco v0.28.1). |
| Kubernetes Pentesting | Kubernetes Pentesting - HackTricks Cloud |
| Pentesting Docker | 2375, 2376 Pentesting Docker - HackTricks |
| Name | Description |
|---|---|
| Kubernetes Goat | GitHub - madhuakula/kubernetes-goat: Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀 |
| K8s Lan Party | A CTF designed to challenge your Kubernetes hacking skills through a series of critical network vulnerabilities and misconfigurations. |
| EKS Cluster Games | challenges are based on real EKS misconfigurations and security issues |
| Simulator | GitHub - controlplaneio/simulator: Kubernetes Security Training Platform - focusing on security mitigation |
| Name | Description |
|---|---|
| Skopeo | GitHub - containers/skopeo: Work with remote images registries - retrieving information, images, signing content |
| KubeAudit | GitHub - Shopify/kubeaudit: kubeaudit helps you audit your Kubernetes clusters against common security controls |
| Peirates | GitHub - inguardians/peirates: Peirates - Kubernetes Penetration Testing tool |
| KubiScan | GitHub - cyberark/KubiScan: A tool to scan Kubernetes cluster for risky permissions |
| KubeHound | GitHub - DataDog/KubeHound: Kubernetes Attack Graph |
| DEEPCE | GitHub - stealthcopter/deepce: Docker Enumeration, Escalation of Privileges and Container Escapes (DEEPCE) |
| Dockle | GitHub - goodwithtech/dockle: Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start |
| Managed Kubernetes Audit Toolkit | GitHub - DataDog/managed-kubernetes-auditing-toolkit: All-in-one auditing toolkit for identifying common security issues in managed Kubernetes environments. Currently supports Amazon EKS. |
| KubeStriker | GitHub - vchinnipilli/kubestriker: A Blazing fast Security Auditing tool for Kubernetes |
| Kubernetes Explorer | GitHub - iximiuz/kexp: k'exp - Kubernetes Explorer |
| DockerScan | GitHub - cr0hn/dockerscan: Docker security analysis & hacking tools |
| Cloud Container Attack Tool | GitHub - RhinoSecurityLabs/ccat: Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments. |
| Kubefuzz | GitHub - avolens/kubefuzz: Generative and mutative fuzzer for Kubernetes admission controller chains by automatically parsing the cluster api specification. |
| Name | Description |
|---|---|
| Terragoat | GitHub - bridgecrewio/terragoat: TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments. |
| CNAPP-Goat | GitHub - ermetic-research/cnappgoat: CNAPPgoat is an open source project designed to modularly provision vulnerable-by-design components in cloud environments. |
| Name | Description |
|---|---|
| Trivy | GitHub - aquasecurity/trivy: Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more |
| CloudQuery | GitHub - cloudquery/cloudquery: The open source high performance data integration platform built for developers. |
| CNQuery | GitHub - mondoohq/cnquery: open source, cloud-native, graph-based asset inventory |
| Edge | GitHub - iknowjason/edge: Recon tool for cloud provider attribution. Supports AWS, Azure, Google, Cloudflare, and Digital Ocean. |
| Prowler | GitHub - prowler-cloud/prowler: Prowler is an Open Source Security tool for AWS, Azure and GCP to perform Cloud Security best practices assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more. |
| Cloudlist | GitHub - projectdiscovery/cloudlist: Cloudlist is a tool for listing Assets from multiple Cloud Providers. |
| Halbred | GitHub - vectra-ai-research/Halberd: Security testing tool to proactively assess cloud security by executing a comprehensive array of attack techniques across multiple surfaces via a simple web interface. |
| Cloud Enum | GitHub - initstring/cloud_enum: Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud. |
| ScoutSuite | GitHub - nccgroup/ScoutSuite: Multi-Cloud Security Auditing Tool |
| Name | Description |
|---|---|
| CKSS Resources | GitHub - walidshaari/Certified-Kubernetes-Security-Specialist: Curated resources help you prepare for the CNCF/Linux Foundation CKS 2021 "Kubernetes Certified Security Specialist" Certification exam. Please provide feedback or requests by raising issues, or making a pull request. All feedback for improvements are welcome. thank you. |
| BurpSuite Certified Practitioner | GitHub - botesjuan/Burp-Suite-Certified-Practitioner-Exam-Study: Burp Suite Certified Practitioner Exam Study |
| Modern BinExp | GitHub - RPISEC/MBE: Course materials for Modern Binary Exploitation by RPISEC |
| Nightmare BinExp | Nightmare - Nightmare - binary exploitation course |
| System Design Primer | GitHub - donnemartin/system-design-primer: Learn how to design large-scale systems. Prep for the system design interview. Includes Anki flashcards. |
| Hands-on ML | GitHub - ageron/handson-ml3: A series of Jupyter notebooks that walk you through the fundamentals of Machine Learning and Deep Learning in Python using Scikit-Learn, Keras and TensorFlow 2. |
| Kubernetes Learning Path | GitHub - techiescamp/kubernetes-learning-path: A roadmap to learn Kubernetes from scratch (Beginner to Advanced level) |
| Name | Description |
|---|---|
| Digital Forensics Lab | GitHub - frankwxu/digital-forensics-lab: Free hands-on digital forensics labs for students and faculty |
| Name | Description |
|---|---|
| Hacking EBooks | GitHub - yeahhub/Hacking-Security-Ebooks: Top 100 Hacking & Security E-Books (Free Download) |
| Hacker Roadmap | GitHub - msrkp/hacker-roadmap: Roadmap to get started in Infosec for absolute begineer |
| Roadmaps for Study | Roadmaps for a variety of different studies and fields |
| AppSec Interview Questions | |
| Application Security Engineer Interview Questions · AppSec Enthusiast |
| | Tech Interview Handbook | Technical Interview Guide for Busy Engineers | Tech Interview Handbook |
| Name | Description |
|---|---|
| Dorks Collection | GitHub - cipher387/Dorks-collections-list: List of Github repositories and articles with list of dorks for different search engines |
| Static Analysis Tools | GitHub - analysis-tools-dev/static-analysis: ⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality. |
| Name | Description |
|---|---|
| AD Pentesting Cheatsheet | Active directory pentesting: cheatsheet and beginner guide |
| AD Pentesting Guide | GitHub - AD-Attacks/Active-Directory-Penetration-Testing |
| WADComs | WADComs |
| AAD Internals | Documentation |
| LOLBAS | LOLBAS |
| Name | Description |
|---|---|
| Under the Wire | UTW – Under the Wire… PowerShell Training for the People |
| Name | Description |
|---|---|
| Linux Syscalls 64-bit | Linux Syscall Reference |
| Linux Syscalls 32-bit | Linux Syscall Reference |
| GTFOBins | GTFOBins |
| Name | Description |
|---|---|
| Pentesting BIBLE | Pentesting Bible by blacckhathaceekr |
| Pentesting Resources | GitHub - wtsxDev/Penetration-Testing: List of awesome penetration testing resources, tools and other shiny things |
| Awesome Pentest | GitHub - enaqx/awesome-pentest: A collection of awesome penetration testing resources, tools and other shiny things |
| Privesc Cheatsheet | GitHub - Ignitetechnologies/Privilege-Escalation: This cheasheet is aimed at the CTF Players and Beginners to help them understand the fundamentals of Privilege Escalation with examples. |
| OSCP Resources | OSCP resources |
| Offsec Handbook | 0xffsec Handbook: The Pentester's Guide | 0xffsec Handbook |
| Pentesting Contracts | GitHub - cure53/Contracts: A small collection of potentially useful contract templates |
| VulnHub Writeups | GitHub - Ignitetechnologies/Vulnhub-CTF-Writeups: This cheasheet is aimed at the CTF Players and Beginners to help them sort Vulnhub Labs. This list contains all the writeups available on hackingarticles. |
| The Hacker Recipes | Resources for pentesting and environment security assessments |
| HackTricks | HackTricks - HackTricks |
| Practical Ethical Hacking Resources | GitHub - TCM-Course-Resources/Practical-Ethical-Hacking-Resources: Compilation of Resources from TCM's Practical Ethical Hacking Udemy Course |
| PayloadsAllTheThings | GitHub - swisskyrepo/PayloadsAllTheThings: A list of useful payloads and bypass for Web Application Security and Pentest/CTF |
| Name | Description |
|---|---|
| Shodan Guide | Shodan Pentesting Guide – TurgenSec Community |
| Guardicore - Infection Monkey | GitHub - guardicore/monkey: Infection Monkey - An open-source adversary emulation platform |
| HTTP Screenshot | GitHub - breenmachine/httpscreenshot |
| NoseyParker | GitHub - praetorian-inc/noseyparker: Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history. |
| GoBuster | GitHub - OJ/gobuster: Directory/File, DNS and VHost busting tool written in Go |
| VulnHuntr | A tool to identify remotely exploitable vulnerabilities using LLMs and static code analysis. |
| Insider | GitHub - insidersec/insider: Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js). |
| Flan | GitHub - cloudflare/flan: A pretty sweet vulnerability scanner |
| ShiftLeft SAST | GitHub - ShiftLeftSecurity/sast-scan: Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly. |
| SecretBench | GitHub - setu1421/SecretBench: SecretBench is a dataset consisting of different secret types collected from public open-source repositories. |
| HTTPX | GitHub - projectdiscovery/httpx: httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library. |
| EyeWitness | GitHub - RedSiege/EyeWitness: EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible. |
| LC - GetAllUrls | GitHub - lc/gau: Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl. |
| HakTLDExtract | GitHub - hakluke/haktldextract: Extract domains/subdomains from URLs en masse |
| DASH | GitHub - DataDog/HASH: HASH (HTTP Agnostic Software Honeypot) |
| GoWitness | GitHub - sensepost/gowitness: 🔍 gowitness - a golang, web screenshot utility using Chrome Headless |
| BlackWidow | GitHub - 1N3/BlackWidow: A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website. |
| HTTProbe | GitHub - tomnomnom/httprobe: Take a list of domains and probe for working HTTP and HTTPS servers |
| Hakrevdns | GitHub - hakluke/hakrevdns: Small, fast tool for performing reverse DNS lookups en masse. |
| AssetFinder | GitHub - tomnomnom/assetfinder: Find domains and subdomains related to a given domain |
| PWN-cat | GitHub - cytopia/pwncat: pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE) |
| TestSSL.sh | GitHub - drwetter/testssl.sh: Testing TLS/SSL encryption anywhere on any port |
| Shootback | GitHub - aploium/shootback: a reverse TCP tunnel let you access target behind NAT or firewall |
| Naabu | GitHub - projectdiscovery/naabu: A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests |
| FingerprintX | GitHub - praetorian-inc/fingerprintx: Standalone utility for service discovery on open ports! |
| SimpleHTTPServer | GitHub - projectdiscovery/simplehttpserver: Go alternative of python SimpleHTTPServer |
| InteractSH | GitHub - projectdiscovery/interactsh: An OOB interaction gathering server and client library |
| GoTunnel | GitHub - opencoff/go-tunnel: TLS/SSL Tunnel - A modern STunnel replacement written in golang |
| Uncover | GitHub - projectdiscovery/uncover: Quickly discover exposed hosts on the internet using multiple search engines. |
| GoST | GitHub - ginuerzh/gost: GO Simple Tunnel - a simple tunnel written in golang |
| SMAP | GitHub - s0md3v/Smap: a drop-in replacement for Nmap powered by shodan.io |
| Nuclei | GitHub - projectdiscovery/nuclei: Fast and customizable vulnerability scanner based on simple YAML based DSL. |
| Tiny Check | GitHub - KasperskyLab/TinyCheck: TinyCheck allows you to easily capture network communications from a smartphone or any device which can be associated to a Wi-Fi access point in order to quickly analyze them. This can be used to check if any suspect or malicious communication is outgoing from a smartphone, by using heuristics or specific Indicators of Compromise (IoCs). In order to make it working, you need a computer with a Debian-like operating system and two Wi-Fi interfaces. The best choice is to use a Raspberry Pi (2+) a Wi-Fi dongle and a small touch screen. This tiny configuration (for less than $50) allows you to tap any Wi-Fi device, anywhere. |
| WSTunnel | GitHub - erebe/wstunnel: Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available |
| SubFinder | GitHub - projectdiscovery/subfinder: Fast passive subdomain enumeration tool. |
| DNSX | GitHub - projectdiscovery/dnsx: dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers. |
| Amass | GitHub - owasp-amass/amass: In-depth attack surface mapping and asset discovery |
| MiTMProxy | GitHub - mitmproxy/mitmproxy: An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers. |
| ASN | GitHub - nitefood/asn: ASN / RPKI validity / BGP stats / IPv4v6 / Prefix / URL / ASPath / Organization / IP reputation / IP geolocation / IP fingerprinting / Network recon / lookup API server / Web traceroute server |
| Chisel | GitHub - jpillora/chisel: A fast TCP/UDP tunnel over HTTP |
| PcapPlusPlus | GitHub - seladb/PcapPlusPlus: PcapPlusPlus is a multiplatform C++ library for capturing, parsing and crafting of network packets. It is designed to be efficient, powerful and easy to use. It provides C++ wrappers for the most popular packet processing engines such as libpcap, Npcap, WinPcap, DPDK and PF_RING. |
| CrossLinked | GitHub - m8sec/CrossLinked: LinkedIn enumeration tool to extract valid employee names from an organization through search engine scraping |
| PowerShell for AD | GitHub - g3han/PowerShell-For-Active-Directory: PowerShell Script for AD Security Assessment |
| BlueHound | GitHub - zeronetworks/BlueHound: BlueHound - pinpoint the security issues that actually matter |
| Spoofy | GitHub - MattKeeley/Spoofy: Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records. |
| PowerSploit | GitHub - PowerShellMafia/PowerSploit: PowerSploit - A PowerShell Post-Exploitation Framework |
| BloodHound Python | GitHub - dirkjanm/BloodHound.py: A Python based ingestor for BloodHound |
| Snaffler | GitHub - SnaffCon/Snaffler: a tool for pentesters to help find delicious candy, by @l0ss and @Sh3r4 ( Twitter: @/mikeloss and @/sh3r4_hax ) |
| ManSpider | GitHub - blacklanternsecurity/MANSPIDER: Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported! |
| KerBrute | GitHub - ropnop/kerbrute: A tool to perform Kerberos pre-auth bruteforcing |
| LDAPRelayScan | GitHub - zyn3rgy/LdapRelayScan: Check for LDAP protections regarding the relay of NTLM authentication |
| Certipy | GitHub - ly4k/Certipy: Tool for Active Directory Certificate Services enumeration and abuse |
| CrackMapExec | Page not found · GitHub · GitHub |
| GoPhish | GitHub - gophish/gophish: Open-Source Phishing Toolkit |
| Osmedeus | GitHub - j3ssie/osmedeus: A Workflow Engine for Offensive Security |
| Sn1per | GitHub - 1N3/Sn1per: Attack Surface Management Platform |
| MetaBigOr | GitHub - j3ssie/metabigor: OSINT tools and more but without API key |
| Beelzebub | GitHub - mariocandela/beelzebub: A secure low code honeypot framework, leveraging AI for System Virtualization. |
| Deepfake Offensive Toolkit | GitHub - sensity-ai/dot: The Deepfake Offensive Toolkit |
| CVEMap | GitHub - projectdiscovery/cvemap: Navigate the CVE jungle with ease. |
| EvilGinx2 | GitHub - kgretzky/evilginx2: Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication |
| Red Team Public Group | Red Team Public · GitLab |
| Tsunami Scanner | GitHub - google/tsunami-security-scanner: Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence. |
| Ciphey | GitHub - Ciphey/Ciphey: ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡ |
| Fennec | GitHub - AbdulRhmanAlfaifi/Fennec: Artifact collection tool for *nix systems |
| Name | Description |
|---|---|
| Frida Codeshare | Frida CodeShare |
| MASTG | OWASP MASTG - OWASP Mobile Application Security |
| Name | Description |
|---|---|
| OWASP iGoat | GitHub - OWASP/igoat: OWASP iGoat - A Learning Tool for iOS App Pentesting and Security by Swaroop Yermalkar |
| Damn Vulnerable Web App | GitHub - digininja/DVWA: Damn Vulnerable Web Application (DVWA) |
| DIVA Android | GitHub - payatu/diva-android: DIVA Android - Damn Insecure and vulnerable App for Android |
| Frida Labs | GitHub - DERE-ad2001/Frida-Labs: The repo contains a series of challenges for learning Frida for Android Exploitation. |
| Name | Description |
|---|---|
| JADX | GitHub - skylot/jadx: Dex to Java decompiler |
| Frida iOS Dump | GitHub - AloneMonkey/frida-ios-dump: pull decrypted ipa from jailbreak device |
| Objection | GitHub - sensepost/objection: 📱 objection - runtime mobile exploration |
| Frida | Frida • A world-class dynamic instrumentation toolkit | Observe and reprogram running programs on Windows, macOS, GNU/Linux, iOS, watchOS, tvOS, Android, FreeBSD, and QNX |
| Mobile Security Framework | GitHub - MobSF/Mobile-Security-Framework-MobSF: Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. |
| GrapeFruit | GitHub - ChiChou/grapefruit: (WIP) Runtime Application Instruments for iOS. Previously Passionfruit |
| Name | Description |
|---|---|
| Security Tools Reviews | Cloudwards.net | Software & Online Security Tools Reviewed |
| Personal Security and Privacy | Security List 🔐 |
| Personal Security Checklist | Lissy93/personal-security-checklist: 🔒 A compiled checklist of 300+ tips for protecting digital security and privacy in 2024 |
| Privacy Tools IO | Best Privacy Tools & Software Guide in in 2024 |
| Oh Shit Git | Oh Shit, Git!?! |
| TinyWow | Free AI Writing, PDF, Image, and other Online Tools - TinyWow |
| ToS;DR | Frontpage -- Terms of Service; Didn't Read |
| DoNotPay | DoNotPay - Your AI Consumer Champion |
| Untools | Tools for better thinking | Untools |
| Grep App | grep.app | code search |
| CodeGrepper | Grepper | The Query & Answer System for the Coder Community |
| Name | Description |
|---|---|
| Bug Bounty Reference | GitHub - ngalongc/bug-bounty-reference: Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature |
| Bug Bounty Writeups | GitHub - devanshbatham/Awesome-Bugbounty-Writeups: A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference |
| OWASP CheatSheets | Index Alphabetical - OWASP Cheat Sheet Series |
| Name | Description |
|---|---|
| Fuzzing Blog | Fuzz Testing for blackbox security analysis | Bishop Fox |
| Fuzzing 101 | GitHub - antonio-morales/Fuzzing101: An step by step fuzzing tutorial. A GitHub Security Lab initiative |
| Name | Description |
|---|---|
| HackTricks - GraphQL | Pentesting GraphQL - HackTricks |
| Awesome GraphQL | GitHub - chentsulin/awesome-graphql: Awesome list of GraphQL |
| GraphQL Threat Matrix | built for bug bounty hunters, security researchers and hackers to assist with uncovering vulnerabilities across multiple GraphQL implementations. |
| Name | Description |
|---|---|
| GraphQL Labs | GitHub - righettod/poc-graphql: Research on GraphQL from an AppSec point of view. |
| Web Goat | GitHub - WebGoat/WebGoat: WebGoat is a deliberately insecure application |
| Damn Vulnerable GraphQL App | GitHub - dolevf/Damn-Vulnerable-GraphQL-Application: Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security. |
| JSON Interop Lab | GitHub - BishopFox/json-interop-vuln-labs: Companion labs to "An Exploration of JSON Interoperability Vulnerabilities" |
| Name | Description |
|---|---|
| Reaper | GitHub - ghostsecurity/reaper: 💀 Don't fear the Reaper 👻 - Web security assessment tool |
| GraphQL Clairvoyance | GitHub - nikitastupin/clairvoyance: Obtain GraphQL API schema even if the introspection is disabled |
| KeyHacks | GitHub - streaak/keyhacks: Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid. |
| Katana | GitHub - projectdiscovery/katana: A next-generation crawling and spidering framework. |
| FFuF | GitHub - ffuf/ffuf: Fast web fuzzer written in Go |
| DalFox | GitHub - hahwul/dalfox: 🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation. |
| GraphQL Map | GitHub - swisskyrepo/GraphQLmap: GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. - Do not use for illegal testing ;) |
| SnallyGaster | GitHub - hannob/snallygaster: Tool to scan for secret files on HTTP servers |
| SubJS | GitHub - lc/subjs: Fetches javascript file from a list of URLS or subdomains. |
| RetireJS | GitHub - RetireJS/retire.js: scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds. |
| GraphQL Path Enum | This is a tool that lists the different ways of reaching a given type in a GraphQL schema. |
| JWT Tool | jwt_tool.py is a toolkit for validating, forging, scanning and tampering JWTs (JSON Web Tokens). |
| Jaeles | GitHub - jaeles-project/jaeles: The Swiss Army knife for automated Web Application Testing |
| URO | GitHub - s0md3v/uro: declutters url lists for crawling/pentesting |
| Route Detect | GitHub - mschwager/route-detect: Find authentication (authn) and authorization (authz) security bugs in web application routes. |
| H2C Smuggler | GitHub - BishopFox/h2csmuggler: HTTP Request Smuggling over HTTP/2 Cleartext (h2c) |
| InQL | GitHub - doyensec/inql: InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration. |
| Hakrawler | GitHub - hakluke/hakrawler: Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application |
| Elastic Burp | GitHub - PortSwigger/elastic-burp: The Web Audit Search Engine - Index and Search HTTP Requests and Responses in Web Application Audits with ElasticSearch |
| HoppScotch | Hoppscotch • Open source API development ecosystem |
| GraphQL Voyager | GitHub - graphql-kit/graphql-voyager: 🛰️ Represent any GraphQL API as an interactive graph |
| GraphQL Cop | small Python utility to run common security tests against GraphQL APIs |
| SQL Map | GitHub - sqlmapproject/sqlmap: Automatic SQL injection and database takeover tool |
| HakOriginFinder | GitHub - hakluke/hakoriginfinder: Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs! |
| Proxify | GitHub - projectdiscovery/proxify: A versatile and portable proxy for capturing, manipulating, and replaying HTTP/HTTPS traffic on the go. |
| SubJack | GitHub - haccer/subjack: Subdomain Takeover tool written in Go |
| AWS API Gateway IP Rotator | GitHub - Ge0rg3/requests-ip-rotator: A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing. |
| SubOver | GitHub - Ice3man543/SubOver: A Powerful Subdomain Takeover Tool |
| YSoSerial | GitHub - frohoff/ysoserial: A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. |
| Az Token Finder | GitHub - HackmichNet/AzTokenFinder. It simply opens the processes you provide and searches through the memory for JWT like looking data and extracts them. |