125 repositorios
Utilities for identifying vulnerabilities and securing data.
Explore 125 awesome GitHub repositories matching part of an awesome list · Security Tools. Refine with filters or upvote what's useful.
Este proyecto es un repositorio centralizado de acceso abierto que sirve como directorio estructurado para la educación técnica y el desarrollo profesional. Funciona como una base de conocimientos impulsada por la comunidad, agregando materiales de aprendizaje de alta calidad para apoyar la accesibilidad global a los recursos de ciencias de la computación e ingeniería de software. La plataforma se distingue por un modelo de gobernanza colaborativa que utiliza flujos de trabajo revisados por pares para todas las adiciones y modificaciones de contenido. Al aprovechar archivos de texto estructurados y control de versiones descentralizado, el repositorio mantiene un índice legible por humanos y buscable que se actualiza y categoriza continuamente mediante el etiquetado de metadatos impulsado por la comunidad. La colección abarca una amplia gama de activos educativos, incluyendo literatura técnica completa, cursos en línea estructurados y tutoriales de programación interactivos. Los usuarios pueden acceder a recursos para la adquisición de habilidades, preparación de entrevistas y referencia rápida de sintaxis, con contenido organizado por lenguaje de programación, dominio técnico y lenguaje humano para facilitar el estudio autodirigido.
Listed in the “Security Tools” section of the Awesome Hacking awesome list.
Sherlock is a command-line automation tool designed to orchestrate software build, execution, and deployment workflows. It functions as an ephemeral runtime orchestrator that executes applications directly from source code, bypassing the need for persistent system-wide installations or manual dependency management. By providing a unified, containerized development environment, it ensures that application dependencies and infrastructure configurations remain consistent across diverse host operating systems. The project distinguishes itself through its ability to synthesize container images dec
Hunt down social media accounts by username.
This project is a comprehensive, community-sourced knowledge base designed for security professionals and researchers. It functions as a centralized repository of offensive security techniques, providing a structured collection of exploit payloads, attack vectors, and methodologies for conducting vulnerability assessments and penetration testing. The repository distinguishes itself through a cross-platform payload taxonomy that categorizes exploitation methods by vulnerability type and target environment, enabling rapid lookup during security assessments. It maintains high standards of data i
Listed in the “Security Tools” section of the Awesome Hacking awesome list.
Ghidra is a software reverse engineering suite designed to analyze compiled binaries and reconstruct program logic without access to original source code. It provides an interactive environment for disassembly and decompilation, utilizing a platform-independent intermediate representation to maintain consistency across diverse hardware architectures. The framework supports automated binary analysis through programmatic routines, enabling the investigation of complex code patterns and security indicators. The platform distinguishes itself through a modular architecture that allows for extensiv
Software reverse engineering framework.
This project is an automated security testing suite designed to detect and exploit database vulnerabilities. It functions as a command-line utility that streamlines the identification, verification, and exploitation of web application flaws by automating the injection of malicious payloads into input parameters. The tool provides a comprehensive framework for database enumeration, allowing users to extract schema information, user data, and system configurations from identified injection points. What distinguishes this tool is its sophisticated engine for dynamic payload adaptation and heuris
Automatic SQL injection and database takeover tool
This project is a community-driven directory that serves as a comprehensive index of command-line tools, frameworks, and resources. It functions as a curated knowledge base designed to help users discover software for enhancing terminal environments and streamlining daily development tasks. The collection is maintained through an open-source contribution model, where community members manually verify and organize resources into structured categories. This collaborative approach ensures the directory remains a reliable reference for finding specialized utilities, alternative shell implementati
Listed in the “Security Tools” section of the Awesome Hacking awesome list.
The OWASP Cheat Sheet Series is a comprehensive, community-driven repository of concise security best practices and defensive coding patterns. It serves as a centralized knowledge base for developers and security professionals, providing actionable guidance to secure applications across the entire software development lifecycle. The project covers a vast array of security domains, ranging from fundamental web application hardening and authentication protocols to specialized controls for modern infrastructure and artificial intelligence systems. What distinguishes this project is its decentral
Listed in the “Security Tools” section of the Awesome Hacking awesome list.
This project is a comprehensive API security audit checklist and vulnerability audit framework. It provides a structured guide of security countermeasures for designing, testing, and deploying secure APIs across various protocols. The framework includes specialized guides for securing OAuth 2.0 authorization flows, implementing zero trust networking for service-to-service communication, and protecting GraphQL endpoints from resource exhaustion and information leakage. It also provides standards for integrating static analysis, dynamic scanning, and secret detection into CI/CD delivery pipelin
Listed in the “Security Tools” section of the Awesome Hacking awesome list.
Mimikatz is a security research suite designed for auditing Windows authentication and managing system security configurations. It provides a comprehensive framework for extracting sensitive credentials, manipulating process privileges, and managing digital identity assets directly from system memory or offline memory dumps. The project distinguishes itself through advanced system-level exploitation techniques, including runtime process injection, API hooking, and the ability to bypass cryptographic export restrictions. It features a specialized toolkit for Kerberos protocol operations, allow
Tool for exploring and testing Windows security.
Vulhub is a collection of pre-configured, containerized applications designed to serve as a standardized platform for security research, vulnerability testing, and educational exploitation exercises. It functions as an orchestration framework that enables users to deploy isolated software environments for the purpose of practicing penetration testing and analyzing common security flaws in a controlled setting. The project utilizes an infrastructure-as-code pattern to define complex, multi-service software stacks, ensuring that testing targets remain consistent and reproducible. By leveraging
Listed in the “Security Tools” section of the Awesome Hacking awesome list.
This project is a secure container runtime that provides strong isolation for application workloads by implementing a userspace kernel. By intercepting system calls and executing them within a memory-safe, restricted environment, it minimizes the attack surface exposed to the host kernel. It functions as a drop-in engine for standard container orchestration platforms, ensuring compatibility with industry-standard runtime specifications while maintaining a hardened execution boundary. The runtime distinguishes itself through its ability to virtualize core system resources, including an indepen
Sandboxed container runtime for secure workload isolation.
XSStrike is a security tool designed to detect cross-site scripting vulnerabilities through parameter fuzzing and web response analysis. It functions as a web application fuzzer and vulnerability scanner that identifies injection points and security flaws. The project includes a specialized utility for detecting blind XSS, where payloads execute asynchronously or on separate pages. It also features a JavaScript library auditor to identify outdated libraries with known vulnerabilities and a dedicated tool for identifying and bypassing web application firewalls using various evasion techniques.
Advanced detection and exploitation suite for cross-site scripting.
The Social-Engineer Toolkit is a social engineering framework and penetration testing suite designed to simulate human-centric security attacks. It serves as a phishing simulation tool and credential harvesting utility to evaluate personnel awareness and organizational resilience. The toolkit provides specialized tooling for phishing campaign testing and credential theft simulation. It enables the creation of deceptive emails and landing pages to identify vulnerabilities in how users handle sensitive account information. The system includes capabilities for security awareness training and br
Framework for social engineering and penetration testing
XSStrike is an automated security scanning engine designed for web application discovery, input
Advanced XSS detection and exploitation suite.
Hacker101 is a cybersecurity education platform and web security training portal. It serves as a structured collection of lessons and resources designed to teach students about vulnerability research and penetration testing through guided modules. The platform operates as a static site generator and markdown-based content manager. It uses plain text files with structured metadata to define the hierarchy and properties of educational lessons, transforming this content into pre-rendered HTML files for delivery. The curriculum covers a broad domain of security education, including specialized c
Listed in the “Security Tools” section of the Awesome Hacking awesome list.
Amass is an attack surface management tool designed to identify, map, and inventory an organization's internet-facing digital assets. It functions as a security asset discovery engine that systematically expands an organization's known infrastructure footprint through recursive domain name resolution and the collection of intelligence from diverse public data sources. The platform distinguishes itself by utilizing a graph-based modeling approach to organize discovered resources. By maintaining a persistent graph database, it tracks the relationships between infrastructure components and norma
Tool for in-depth domain reconnaissance
Pwntools is a Python-based framework designed for rapid prototyping and automation in binary exploitation, reverse engineering, and security research. It serves as a comprehensive toolkit for interacting with local and remote processes, providing the primitives necessary to manage complex exploit workflows and streamline security analysis tasks. The framework distinguishes itself through its specialized capabilities for binary manipulation and automated exploit construction. It includes dedicated utilities for parsing executable file formats, assembling and disassembling machine code, and gen
CTF framework and exploit development library.
Routersploit is a penetration testing framework designed for the security assessment of embedded network devices and routers. It functions as a comprehensive tool for auditing hardware configurations and testing network protocols to identify and verify security vulnerabilities. The framework utilizes a modular plugin architecture that allows for the dynamic loading of exploit and scanner modules. It provides a centralized command interface that manages target state and executes controlled payloads, enabling the automation of security testing across diverse network hardware. The platform cove
Exploitation framework for embedded devices.
This project serves as a comprehensive cybersecurity training platform and resource repository focused on web application security. It functions as a centralized hub for security practitioners, providing both a curated collection of technical documentation and research, and a system for deploying isolated, containerized environments to practice security analysis and exploitation techniques. The platform distinguishes itself by integrating automated data aggregation with hands-on, container-based orchestration. It maintains a current knowledge base of industry research and digital threats whil
Listed in the “Security Tools” section of the Awesome Hacking awesome list.
Photon is a command-line web crawler designed for security reconnaissance and information gathering. It systematically traverses websites to discover URLs, map domain infrastructure, and identify associated subdomains by retrieving DNS records. The tool distinguishes itself through its ability to perform deep content analysis, including the extraction of sensitive data such as API keys and authentication tokens using user-defined regular expressions. It supports offline inspection by cloning crawled web content to the local filesystem, allowing for structural analysis without additional netwo
Incredibly fast crawler designed for OSINT.