Security

A tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the Opcode Database, shellcode archive and related research.

A Linux packet crafting tool.

Scapy: the python-based interactive packet manipulation program & library.

Pompem is an open source tool, which is designed to automate the search for exploits in major databases. Developed in Python, has a system of advanced search, thus facilitating the work of pentesters and ethical hackers. In its current version, performs searches in databases: Exploit-db, 1337day, Packetstorm Security...

Amass performs DNS subdomain enumeration by scraping the largest number of disparate data sources, recursive brute forcing, crawling of web archives, permuting and altering names, reverse DNS sweeping and other techniques.

The most powerful UDP-based load generator, written in Rust.

A coroutines-driven Low & Slow traffic generator, written in Rust.

Open source semi-automated discovery and reconnaissance network penetration testing framework.

Enterprise-grade web vulnerability scanner with 60+ attack modules, built in Rust for penetration testing and security assessments.

Fast subdomains enumeration tool for penetration testers

Faster Nmap scanning with Rust. Take a 17 minute Nmap scan down to 19 seconds.

Fuzzing engine and fuzz testing framework.

Very flexible and fast interactive HTTP enumeration/fuzzing.

Discover internet-wide misconfigurations, using zgrab2 and others.

Apache v2, powerful runtime vulnerability scanner for kubernetes, virtual machines and serverless.

Find secrets and passwords in container images and file systems.

CLI tool to pentest Cognito AWS instance. It implements three attacks: unwanted account creation, account oracle and identity pool escalation

Open source API for security and compliance audit logging.

A tool to collect DNS records passively to aid Incident handling, Network Security Monitoring (NSM) and general digital forensics. PassiveDNS sniffs traffic from an interface or reads a pcap-file and outputs the DNS-server answers to a log file. PassiveDNS can cache/aggregate duplicate DNS answers in-memory, limiting the amount of data in the logfile without loosing the essens in the DNS answer.

Fibratus is a tool for exploration and tracing of the Windows kernel. It is able to capture the most of the Windows kernel activity - process/thread creation and termination, file system I/O, registry, network activity, DLL loading/unloading and much more. Fibratus has a very simple CLI which encapsulates the machinery to start the kernel event stream collector, set kernel event filters or run the lightweight Python modules called filaments.

OpenSnitch is a GNU/Linux port of the Little Snitch application firewall

Substation is a cloud native data pipeline and transformation toolkit written in Go.

A repository of all SIGMA rules converted to KQL that runs on a weekly schedule to update the repository and align with the up to date version of the SIGMA rules repository.

A repository of all SIGMA rules converted to SPL that runs on a weekly schedule to update the repository and align with the up to date version of the SIGMA rules repository.

A repository of all SIGMA rules converted to Microsoft Sentinel Terraform Scheduled analytic resources. The repository runs on a weekly schedule to update the repository and align with the up to date version of the SIGMA rules repository. Proper entity mapping is completed for the rules to ensure the repo is plug-and-play.

Wazuh is a free, open source and enterprise-ready security monitoring solution for threat detection, integrity monitoring, incident response and compliance. It works with tons of data supported by an OpenSearch fork and custom WUI.

Fast Incident Response, a cybersecurity incident management platform.

Open Source SIEM (Security Information and Event Management system).

An open source tool to convert Zeek logs to Elastic/OpenSearch. You can also output pure JSON from Zeek's TSV logs!

IPS for SSH similar to DenyHosts written in Python. It also can gather information about attacker during the attack in a log.

CrowdSec is a free, modern & collaborative behavior detection engine, coupled with a global IP reputation network. It stacks on Fail2Ban's philosophy but is IPV6 compatible and 60x faster (Go vs Python), uses Grok patterns to parse logs and YAML scenario to identify behaviors. CrowdSec is engineered for modern Cloud / Containers / VM based infrastructures (by decoupling detection and remediation). Once detected, you can remedy threats with various bouncers (firewall block, nginx http 403, Captchas, etc.) while the aggressive IPs can be sent to CrowdSec for curation before being shared among all users to further strengthen the community

HoneyPy is a low to medium interaction honeypot. It is intended to be easy to: deploy, extend functionality with plugins, and apply custom configurations.

Amun Python-based low-interaction Honeypot.

Kippo is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker.

HonSSH is a high-interaction Honey Pot solution. HonSSH will sit between an attacker and a honey pot, creating two separate SSH connections between them.

This script will install T-Pot 16.04/17.10 on a fresh Ubuntu 16.04.x LTS (64bit). It is intended to be used on hosted servers, where an Ubuntu base image is given and there is no ability to install custom ISO images. Successfully tested on vanilla Ubuntu 16.04.3 in VMware.

tcpflow is a program that captures data transmitted as part of TCP connections (flows), and stores the data in a way that is convenient for protocol analysis and debugging. Each TCP flow is stored in its own file. Thus, the typical TCP flow will be stored in two files, one for each direction. tcpflow can also process stored 'tcpdump' packet flows.

High-performance remote packet capture and collection tool, distributed tcpdump for cloud native environments.

Moloch is an open source, large scale IPv4 packet capturing (PCAP), indexing and database system. A simple web interface is provided for PCAP browsing, searching, and exporting. APIs are exposed that allow PCAP data and JSON-formatted session data to be downloaded directly. Simple security is implemented by using HTTPS and HTTP digest password support or by using apache in front. Moloch is not meant to replace IDS engines but instead work along side them to store and index all the network traffic in standard PCAP format, providing fast access. Moloch is built to be deployed across many systems and can scale to handle multiple gigabits/sec of traffic.

Dshell is a network forensic analysis framework. Enables rapid development of plugins to support the dissection of network packet captures.

Stenographer is a packet capture solution which aims to quickly spool all packets to disk, then provide simple, fast access to subsets of those packets.

Open-source VPN server and egress firewall for Linux built on WireGuard that makes it simple to manage secure remote access to your company’s private networks. Firezone is easy to set up (all dependencies are bundled thanks to Chef Omnibus), secure, performant, and self hostable.

Advanced transparent Tor proxy with kernel-level iptables routing, post-quantum encryption (Kyber768), kill switch, steganography mode, and AI-powered circuit selection.

PFQ is a functional networking framework designed for the Linux operating system that allows efficient packets capture/transmission (10G and beyond), in-kernel functional processing and packets steering across sockets/end-points.

Fast, free and open-source spam filtering system.

docker-compose -d up

docker-compose build && docker-compose up

An awesome list of honeypot resources.

A collection of android security related resources.

A curated list of ARM exploitation resources.

A curated list of CTF frameworks, libraries, resources and software.

A curated list of hacking environments where you can train your cyber skills legally and safely.

A curated list of digital security and privacy tips, with links to further resources.

A curated list of awesome Hacking tutorials, tools and resources.

A curated list of awesome malware analysis tools and resources.

A curated list of awesome newsletters to keep up to date on security news via e-mail.

A collection of tools developed by other researchers in the Computer Science area to process network traces.

A collection of awesome penetration testing resources, tools and other shiny things.

A curated list of privacy-respecting software and services.

A curated list of awesome Linux Containers frameworks, libraries and software.

A curated list of resources for incident response.

This list is for anyone wishing to learn about web application security but do not have a starting point.

A curated list of awesome resources about Electron.js (in)security

A curated list of threat intelligence resources.

A curated list of Threat Modeling resources.

Collection of the cheat sheets useful for pentesting

A curated list of resources related to Industrial Control System (ICS) security.

A curated list of awesome YARA rules, tools, and people.

A curated list of awesome threat detection and hunting resources.

A curated list of awesome resources related to container building and runtime security

A curated list of cryptography papers, articles, tutorials and howtos.

A collection of interesting, funny, and depressing search queries to plug into Shodan.io.

A collection of fascinating and bizarre Censys Search Queries.

A collection of awesome tools used to counter forensics activities.

A curated list of awesome security talks, organized by year and then conference.

A curated list of Bluetooth security resources.

A curated list of WebSocket security resources.

A curated list of security related acronyms and concepts

A curated Cyber "Security Orchestration, Automation and Response (SOAR)" resources list.

A collection of awesome security hardening guides, best practices, checklists, benchmarks, tools and other resources.

Fast customisable cross-platform suspicious file finder. Supports md5/sha1/sha256 hashs, litteral/wildcard strings, regular expressions and YARA rules. Can easily be packed to be deployed on any windows / linux host.

Simple Indicators of Compromise and Incident Response Scanner

An open-source Content Disarm & Reconstruct software sanitizing Office, PDF and RTF Documents.

Fleet is the lightweight, programmable telemetry platform for servers and workstations. Get comprehensive, customizable data from all your devices and operating systems.

The Google Authenticator project includes implementations of one-time passcode generators for several mobile platforms, as well as a pluggable authentication module (PAM). One-time passcodes are generated using open standards developed by the Initiative for Open Authentication (OATH) (which is unrelated to OAuth). These implementations support the HMAC-Based One-time Password (HOTP) algorithm specified in RFC 4226 and the Time-based One-time Password (TOTP) algorithm specified in RFC 6238. Tutorials: How to set up two-factor authentication for SSH login on Linux

Securely assign Digital Authenticity to any written text

A comprehensive manual for mobile app security testing and reverse engineering.

A collection of OSX and iOS security resources

High-level multi-platform cryptographic framework for protecting sensitive data: secure messaging with forward secrecy and secure data storage (AES256GCM), suits for building end-to-end encrypted applications.

A tool for reverse engineering Android apk files.

Command line and GUI tools for produce Java source code from Android Dex and Apk files.

A tool for translating Dalvik bytecode to equivalent Java bytecode.

A tool to extract local data storage of an Android application in one click.

An Obfuscation-Neglect Android Malware Scoring System.

Hardened allocator designed for modern systems. It has integration into Android's Bionic libc and can be used externally with musl and glibc as a dynamic library for use on other Linux-based platforms. It will gain more portability / integration over time.

AMExtractor can dump out the physical content of your Android device even without kernel source code.

Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.

Android Malware Behavior Editor.

Flutter Reverse Engineering Framework

GRR Rapid Response is an incident response framework focused on remote live forensics.

Python based memory extraction and analysis framework.

ir-rescue is a Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.

CLI utility and Python API for analyzing log files and other data.

PowerShell-based Windows artifact collection for threat hunting and incident response.

The Rekall Framework is a completely open collection of tools, implemented in Python under the Apache and GNU General Public License, for the extraction and analysis of digital artifacts computer systems.

Linux Memory Extractor

Maigret collect a dossier on a person by username only, checking for accounts on a huge number of sites and gathering all the available information from web pages.

BunkerWeb is a full-featured open-source web server with ModeSecurity WAF, HTTPS with transparent Let's Encrypt renewal, automatic ban of strange behaviors based on HTTP codes, bot and bad IPs block, connection limits, state-of-the-art security presets, Web UI and much more.

NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX, NAXSI means Nginx Anti Xss & Sql Injection.

SQL Firewall Extension for PostgreSQL

IronBee is an open source project to build a universal web application security sensor. IronBee as a framework for developing a system for securing web applications - a framework for building a web application firewall (WAF).

Curiefense adds a broad set of automated web security tools, including a WAF to Envoy Proxy.

open-appsec is an open source machine-learning security engine that preemptively and automatically prevents threats against Web Application & APIs.

Recon-ng is a full-featured Web Reconnaissance framework written in Python. Recon-ng has a look and feel similar to the Metasploit Framework.

The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.

A semi automatic pen testing tool for mapping/pen-testing networks. Simulates a human attacker.

ACSTIS helps you to scan certain web applications for AngularJS Client-Side Template Injection (sometimes referred to as CSTI, sandbox escape or sandbox bypass). It supports scanning a single request but also crawling the entire web application for the AngularJS CSTI vulnerability.

padding-oracle-attacker is a CLI tool and library to execute padding oracle attacks (which decrypts data encrypted in CBC mode) easily, with support for concurrent network requests and an elegant UI.

finds publicly known security vulnerabilities in a website's frontend JavaScript libraries.

Full-featured C2 framework which silently persists on webserver via evil PHP oneliner. Built for stealth persistence, with many privilege-escalation & post-exploitation features.

Keyscope is an extensible key and secret validation for checking active secrets against multiple SaaS vendors built in Rust

The Cyclops is a web browser with XSS detection feature, it is chromium-based xss detection that used to find the flows from a source to a sink.

Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report. Currently supports: PHP, Java, Scala, Python, Ruby, Javascript, GO, Secret Scanning, Dependency Confusion, Trojan Source, Open Source and Proprietary Checks (total ca. 1000 checks)

a fast Rust based CLI that uses SQL to query over files, code, or malware with content classification and processing for security experts

The ultimate web application security testing tool for CakePHP-based web applications. CakeFuzzer employs a predefined set of attacks that are randomly modified before execution. Leveraging its deep understanding of the Cake PHP framework, Cake Fuzzer launches attacks on all potential application entry points.

URL security scanner with WHOIS, SSL, threat intelligence (URLhaus, PhishTank, Spamhaus), and 40+ scam/phishing pattern detection. Includes optional AI analysis via Ollama. (Demo)

Detect CVE-2025-55182 (React2Shell) RCE vulnerability in React Server Components. Scans React 19.x and Next.js projects for critical remote code execution flaws.

Detect indicators of compromise from the Shai Hulud 2.0 npm supply chain attack that compromised 796+ packages. Performs comprehensive security checks for malicious files, hashes, and patterns.

A modular vulnerability scanner with automatic report generation capabilities.

awesome- or -awesome lists.

The definitive list of (awesome) lists curated on GitHub.

A curated list of movies every hacker & cyberpunk must watch.